jonathan.enriquez

Q: How can I stop someone from changing the admin password on my mac by using fsck?

I recently ran into a forum about changing any users password on any machine (MBP, Mini etc) lion and below, have not tested it on mountain lion. It's basically using fsck > making all files rewritable > then changing the password.

 

I know it must have been designed for someone to recover a lost password, but how can a business use Macs when a standard user can rewrite themselves as an admin. Hopefully someone out there has an answer.

Mac mini, Mac OS X (10.7.4)

Posted on Aug 21, 2012 5:41 AM

Close

Q: How can I stop someone from changing the admin password on my mac by using fsck?

  • All replies
  • Helpful answers

Previous Page 2
  • by Limnos,

    Limnos Limnos Aug 21, 2012 11:27 AM in response to Kurt Lang
    Level 9 (54,326 points)
    Mac OS X
    Aug 21, 2012 11:27 AM in response to Kurt Lang

    Yes, but if you search on the web you will find about a million links telling you how to do it so it is a very open secret you will even find on ASC.   The thing is, in your linked article it also indicates how you do it varies with model and for the at least some MacBook Air models you have to take it into the store.

     

    I think the OP needs to assess the situation.  Frankly I don't think somebody is going to sit at their desk and take the computer apart (a very noticeable activity in itself!) in order to hack their way into being able to check their Hotmail on work time.  If they are hacking their way into credit card numbers on another account and have to take apart the computer to do so then the whole security setup should be changed so valuable data are generally more secure. If the employer thinks a person is that untrustworthy and/or the security of the data dictates it, do something like removing the internal drive, only booting from an external, and lock the drive in a safe at night. Even a safe can be broken into.  I recall reading a story where they said safes are not guaranteed unbreakable, they are rated by the time it takes to get into them.  This is similar.  Setting a firmware password adds another layer to deter casual hacking.  If it isn't enough then there are more serious concerns with the work environment or general data security.

  • by baltwo,

    baltwo baltwo Aug 21, 2012 3:55 PM in response to jonathan.enriquez
    Level 9 (62,256 points)
    Aug 21, 2012 3:55 PM in response to jonathan.enriquez

    jonathan.enriquez wrote:

    Thank you Kurt, but I was looking for more of an enterprise solution.

    That is the enterprise solution, but maybe not the one you want to hear about. For more, see SL Security Guide, for getting started. Apparently, Apple doesn't think it's an issue since they've not published one for Lion or ML, so I surmise it's applicable for the newer OSs.

  • by Kurt Lang,

    Kurt Lang Kurt Lang Aug 21, 2012 5:35 PM in response to baltwo
    Level 8 (37,939 points)
    Mac OS X
    Aug 21, 2012 5:35 PM in response to baltwo

    Excellent find, baltwo! I didn't know that PDF existed.

Previous Page 2