[Fed-Talk] Snow Leopard Security Guide - Scripts and .plist files
[Fed-Talk] Snow Leopard Security Guide - Scripts and .plist files
- Subject: [Fed-Talk] Snow Leopard Security Guide - Scripts and .plist files
- From: Bob Colbert <email@hidden>
- Date: Thu, 20 May 2010 10:19:39 -0400
- Acceptlanguage: en-US
- Thread-topic: Snow Leopard Security Guide - Scripts and .plist files
Title: Snow Leopard Security Guide - Scripts and .plist files
I am trying to follow the guidelines in the Snow Leopard Security Guide to secure two standalone systems with a few users each. I comprehend most of the settings described in the manual, but since I have to do the same thing to two different systems, I am looking to use the Scripting Approach as outlined in Appendix B rather than wade through the dialog boxes.
Before I got too far into it, I was trying to test a few test scripts to make sure things “took”. One of the simpler things that I was trying to change to test the script methodology was the Dock being ‘hidden’. This preference setting has a section covering it in script listed in Appendix B. So I was running the script with sudo option and in particular the line looks like the following:
# Securing Dock Preferences
# -----------------------------
# Default Setting: # None
# Suggested Setting:
# Automatically hide and show Dock.
sudo defaults write /Library/Preferences/com.apple.dock autohide -bool YES
# Available Settings: # autohide -bool YES # autohide -bool NO
I was running this as a user and I was expecting the Dock to begin Auto-hiding. And then I even tried logging Off/On and Restarting and the dock wouldn’t start to AutoHide. The .plist file referenced above was changed as listed. Then it hit me that the plist file being changed was a plist file in the /Library directory and there is an identical .plist file in /Users/username/Library for this particular setting that takes precedence. Perhaps this should have been obvious, but I was expecting to the settings/commands in the Scripts – Appendix B to be able to modify settings system-wide.
This setting is rather inoculous, however before running this script with all of the potential settings that I would like to change, how do I know if there are certain duplicate settings in a User’s /Library/Preferences folder that would ultimately take precedence?
Since I am sort of at the beginning of setting these systems up, I could easily delete the users and start over. The question that I have then, does the creation of a user and their subsequent first login into the system “copy” the user’s initial settings from the system /Library/Preference folder? Thus I should set all of the types of security settings described in the Security Guide prior to creating any users? Or am I still stuck trying to figure out what particular settings are “user-specific” and run the scripts again to change the settings for each user’s /Library/Preferences directory?
Im not sure if I am clear in my question in what I am trying to accomplish. Maybe the one example setting outlined in the Guide that I chose to “test” is the only one that has a per-user setting option as well?
Thanks,
----
Bob Colbert
DE Technologies
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden