From Newsgroup: comp.sys.mac.system

In article <vi0vprg03jg60@corp.supernews.com>,
Gene Tolli <geetee@charter.net> wrote:

I recently upgraded from OS9.2.2 to Jaguar, and so far I've been very >pleased with the new OS. I've been using the Sams TYS OSX book to help
with the transition.

Tonight I was working through Chapter 23: Security Considerations. The >authors recommend disabling shell access for non-admin accounts using
the following scheme:

1. Open a Terminal window.
2. Type cd /bin [return]
3. Type sudo chmod o-x *sh [return]
4. Close the Terminal window.

I was logged in as admin, and typed "logout" before quitting Terminal.

My problem: now I don't seem able to access the command line from *any* >account, even as admin. The Terminal window has the heading "Command >Completed", and contains the message:

[Process exited - exit code 101]

I can't type anything, all I get is an error chime.

Could anyone explain what I've done, and - if possible - how I might
undo it?

Thanks in advance.

You've made it so only user 'root' or a member of of the group 'wheel'
can execute a shell. No shell means no login. I don't know why you'd
want to do such a thing when the Sharing control panel lets you turn off remote logins.

Reboot while holding down Option-S. Type:

cd /bin
chmod o+x *sh
logout

That will undo what you did. Repairing permissions with Disk Utility
might do the trick too.
--- Synchronet 3.18b-Win32 NewsLink 1.113

From Newsgroup: comp.sys.mac.system

On Thu, 24 Jul 2003 19:52:10 -0500, Gene Tolli wrote:

I recently upgraded from OS9.2.2 to Jaguar, and so far I've been very pleased with the new OS. I've been using the Sams TYS OSX book to help
with the transition.

Tonight I was working through Chapter 23: Security Considerations. The authors recommend disabling shell access for non-admin accounts using
the following scheme:

1. Open a Terminal window.
2. Type cd /bin [return]
3. Type sudo chmod o-x *sh [return]
4. Close the Terminal window.

I was logged in as admin, and typed "logout" before quitting Terminal.

My problem: now I don't seem able to access the command line from *any* account, even as admin. The Terminal window has the heading "Command Completed", and contains the message:

[Process exited - exit code 101]

I can't type anything, all I get is an error chime.

Could anyone explain what I've done, and - if possible - how I might
undo it?

Launch NetInfo Manager and authenticate as an administrator.

Select "Enable Root User" from the Security menu. Enter a root password
when asked.

Under "System Preferences" select "Accounts". While you're there, you
might uncheck the box marked "Log in automatically as ...", but I think
this step is not really necessary.

Still under "Accounts", click on the "Login Options" tab and click to
Display Login Window as: Name and Password.

Under the Apple Menu select "Log Out".

When the Login window appears, type "root" as the login name and enter
the password you chose.

In a Terminal window, type "chmod o+x /bin/*sh".

Log out. (Using the Apple menu, not the Terminal command line).

Log in on the Admin Account.

Launch NetInfo Manager, authenticate as an administrator, and select
"Disable Root User" from the Security menu. Ordinarily, you can rely on
"sudo" to carry out all your administrative tasks, but this is a rare exception. From an admin account, you need to get an executable shell in
order to use the "sudo" command in the first place, and you made all your shells non-executable except by "root" or a member of the "wheel" group
(and by default, the only member of the "wheel" group is root).

Finally, get rid of that book.

--
Dave Seaman
Judge Yohn's mistakes revealed in Mumia Abu-Jamal ruling. <http://www.commoncouragepress.com/index.cfm?action=book&bookid=228>
--- Synchronet 3.18b-Win32 NewsLink 1.113

From Newsgroup: comp.sys.mac.system

In article <vi0vprg03jg60@corp.supernews.com>,
Gene Tolli <geetee@charter.net> wrote:

I recently upgraded from OS9.2.2 to Jaguar, and so far I've been very >pleased with the new OS. I've been using the Sams TYS OSX book to help
with the transition.

Tonight I was working through Chapter 23: Security Considerations. The >authors recommend disabling shell access for non-admin accounts using
the following scheme:

1. Open a Terminal window.
2. Type cd /bin [return]
3. Type sudo chmod o-x *sh [return]
4. Close the Terminal window.

I was logged in as admin, and typed "logout" before quitting Terminal.

My problem: now I don't seem able to access the command line from *any* >account, even as admin. The Terminal window has the heading "Command >Completed", and contains the message:

Well, that SHOULD have worked. It's a really dumb "security" measure,
but it still should have worked.

Go to the Finder and "Go To Folder" /bin. Find the 'tcsh' file and
change its owner to you. Start a Terminal; you should get a shell.
Now

type cd /bin
type sudo chmod o+x *sh
type sudo chown root tcsh

--
Matthew T. Russotto mrussotto@speakeasy.net "Extremism in defense of liberty is no vice, and moderation in pursuit
of justice is no virtue." But extreme restriction of liberty in pursuit of
a modicum of security is a very expensive vice.
--- Synchronet 3.18b-Win32 NewsLink 1.113

From Newsgroup: comp.sys.mac.system

<< >My problem: now I don't seem able to access the command line from *any* >account, even as admin. The Terminal window has the heading "Command >Completed", and contains the message:

Well, that SHOULD have worked. It's a really dumb "security" measure,
but it still should have worked. >><BR><BR>


It did. Now the system is safe from someone who doesn't know what they are doing.
--- Synchronet 3.18b-Win32 NewsLink 1.113