Checking User Acccounts with the dscl Command Utility
On an Apple OS X system, a user's account is distinguished from
other accounts by a
User Identifier (UID), which is a unique
number that identifies a particular user on a system having
a particular login ID. A UID identifies the owner of a file and
controls users' access to files.
OS X assigns some UIDs for special purposes
| Number | Use |
Comment |
|---|
| UID 0 | Reserved for the root user |
Should not be deleted or modified except to change the password
of the root user. |
| UIDs below 100 | Reserved for system use |
Should not be deleted or modified. |
| UIDs 500 - 2,147,483,648 | Users |
Should be unique on the system. If modified, the ownership of files and
directories for the user must be changed. |
A user's name and UID can be viewed with
the dscl command utility.
To list users, within the terminal type:
dscl . list /users
To read a user account, within the terminal type:
dscl . read /users/
[/os/os-x]
permanent link
Services That Should Normally be Disabled
To increase security on an Apple OS X system, the following services should
normally be disabled, unless you have a definite need for them:
- Windows File Sharing (SMB) - allows Windows™
users to access shared folders on your computer
- Personal Web Sharing / Hypertext Transfer Protocol (HTTP) - lets
users of other computers view web pages in the sites folder on your
computer
- Remote Login (SSH) - lets users of other computers access your
computer using Secure Shell (SSH) and allows connection with Simple File
Transfer Protocol (SFTP)
- File Transfer Protocol (FTP Access) - lets users of other computers
exchange files with your computer using FTP applications and provides users
access to all files on the Mac for which they have privileges. FTP transmits
userids and passwords as cleartext, so can could allow someone else on
the network on which your system resides to learn a userid and password for
your system.
- Remote Apple Events - allows applications on other Mac OS X
computers to send Apple Events to your computer
- Printer Sharing / Line Printer Request (LPR) - lets other people
use printers connected to your computer
[/os/os-x]
permanent link
Changing Firewall Settings
The firewall settings can be chaned on a MAC OS X system by taking
the following steps:
- Select the Apple menu
- Select the System Preferences option
- Select the Security option
- Select the Firewall tab
- Review and select options
Turning on a service automatically reconfigures the built-in firewall to open
the appropriate port(s) necessary for that service.
[/os/os-x]
permanent link
Sudo on OS X
The
sudo command is used in the Terminal to execute a command with the
privileges of another user, such as root. On Mac OS X, those with
administrative privileges are allowed to use the sudo command.
On Unix and Linux systems, the su command is used to assume the identity of
another user, typically root. Since the root account is normally disabled
on Mac OS X systems, su will not work. As an alternative to enabling the
root account, you can use sudo to run individual
commands as root, one at a time. If you need a root shell, you can get one by
running sudo -s. The sudo command requires an
administrator password.
[/os/os-x]
permanent link
