Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.sys.mac.apps > #37320 > unrolled thread

Mac OS (X)'s guest accounts can't use other apps beside its Safari?

Back to article view | Back to comp.sys.mac.apps

Contents

  Mac OS (X)'s guest accounts can't use other apps beside its Safari? ANTant@zimage.com (Ant) - 2016-12-09 01:09 -0600
    Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? dempson@actrix.gen.nz (David Empson) - 2016-12-09 23:18 +1300
    Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? Lewis <g.kreme@gmail.com.dontsendmecopies> - 2016-12-10 04:21 +0000
    Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? Alan Browne <alan.browne@freelunchvideotron.ca> - 2016-12-10 10:19 -0500
      Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? "Happy.Hobo" <Happy.Hobo@Spam.Invalid> - 2016-12-10 09:51 -0600
        Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? Alan Browne <alan.browne@freelunchvideotron.ca> - 2016-12-10 10:59 -0500
          Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? nospam <nospam@nospam.invalid> - 2016-12-10 12:40 -0500
            Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? Alan Browne <alan.browne@freelunchvideotron.ca> - 2016-12-10 12:52 -0500
              Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? nospam <nospam@nospam.invalid> - 2016-12-10 13:04 -0500
                Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? Alan Browne <alan.browne@freelunchvideotron.ca> - 2016-12-10 13:23 -0500
                Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? Jolly Roger <jollyroger@pobox.com> - 2016-12-10 21:15 +0000
            Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? Lewis <g.kreme@gmail.com.dontsendmecopies> - 2016-12-10 21:35 +0000
              Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? nospam <nospam@nospam.invalid> - 2016-12-10 16:52 -0500
                Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? Alan Browne <alan.browne@freelunchvideotron.ca> - 2016-12-10 17:42 -0500
                Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? Lewis <g.kreme@gmail.com.dontsendmecopies> - 2016-12-11 01:58 +0000
                  Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? nospam <nospam@nospam.invalid> - 2016-12-11 07:36 -0500
                    Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? Lewis <g.kreme@gmail.com.dontsendmecopies> - 2016-12-11 17:38 +0000
                  Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? Alan Browne <alan.browne@freelunchvideotron.ca> - 2016-12-11 09:23 -0500
              Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? Alan Browne <alan.browne@freelunchvideotron.ca> - 2016-12-10 17:35 -0500
                Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? Lewis <g.kreme@gmail.com.dontsendmecopies> - 2016-12-11 02:13 +0000
                  Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? nospam <nospam@nospam.invalid> - 2016-12-11 07:36 -0500
                  Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? Alan Browne <alan.browne@freelunchvideotron.ca> - 2016-12-11 09:25 -0500
          Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? "Happy.Hobo" <Happy.Hobo@Spam.Invalid> - 2016-12-10 19:09 -0600
            Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? nospam <nospam@nospam.invalid> - 2016-12-10 20:11 -0500
            Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? Lewis <g.kreme@gmail.com.dontsendmecopies> - 2016-12-11 02:15 +0000
            Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? Jolly Roger <jollyroger@pobox.com> - 2016-12-11 02:50 +0000
              Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? "Happy.Hobo" <Happy.Hobo@Spam.Invalid> - 2016-12-11 00:37 -0600
                Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? nospam <nospam@nospam.invalid> - 2016-12-11 07:36 -0500
            Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? Alan Browne <alan.browne@freelunchvideotron.ca> - 2016-12-11 08:41 -0500
      Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? Lewis <g.kreme@gmail.com.dontsendmecopies> - 2016-12-10 21:34 +0000
        Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? Alan Browne <alan.browne@freelunchvideotron.ca> - 2016-12-10 17:32 -0500
          Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? Lewis <g.kreme@gmail.com.dontsendmecopies> - 2016-12-11 02:12 +0000
        Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? "Happy.Hobo" <Happy.Hobo@Spam.Invalid> - 2016-12-10 19:19 -0600

Page 2 of 2 — ← Prev page 1 [2]

#37356

In article <slrno4pdla.27nl.g.kreme@snow.local>, Lewis
<g.kreme@gmail.com.dontsendmecopies> wrote:

> 
> > Encryption/decryption is not a 0 time transformation - it is measurable. 
> >   I posted data about it a few years ago.
> 
> It is close enough to zero that "big performance hit" is not at all true.

on core i5/i7 there is a minor hit because the encryption is done in
hardware. however, on core 2 duo, it's done in software and the
performance hit is very noticeable.

[toc] | [prev] | [next] | [standalone]

#37361

On 2016-12-10 21:13, Lewis wrote:
> In message <xZmdnR9K0c6oHtHFnZ2dnUU7-aWdnZ2d@giganews.com>
>   Alan Browne <alan.browne@freelunchvideotron.ca> wrote:
>> On 2016-12-10 16:35, Lewis wrote:
>>> In message <101220161240349584%nospam@nospam.invalid>
>>>   nospam <nospam@nospam.invalid> wrote:
>>>> In article <UpadnU8KMtXQu9HFnZ2dnUU7-WGdnZ2d@giganews.com>, Alan Browne
>>>> <alan.browne@freelunchvideotron.ca> wrote:
>>>
>>>>>>> The whole "Guest" use account on a Mac is a pretty awful way to allow a
>>>>>>> guest access to your computer so he can browse or check his e-mail or
>>>>>>> some such.  The machine reboots for the guest and has to be re-booted
>>>>>>> again for the 'owner' to get back in.  Tedious, wot.
>>>>>>>
>>>>>>> I have a guest account for such use at home.  It's not special in any
>>>>>>> way but it has no sharing at all of any kind, no backups, no accounts,
>>>>>>> no keychains ...  with that a guest could use all the installed apps.
>>>>>>
>>>>>> Without FileVault, my guest account can use any apps that I haven't as
>>>>>> admin blocked it from.  So apparently the "tedious" way is only if you
>>>>>> turn on FileVault.
>>>>>
>>>>> There is no reason to not turn on Filevault.
>>>
>>>> yes there are.
>>>
>>>> in addition to the guest account issue, two more that come to mind is
>>>> that it's a big performance hit on older macs
>>>
>>> That is entirely false. In no way at all is it true. At all.
>
>> Encryption/decryption is not a 0 time transformation - it is measurable.
>>   I posted data about it a few years ago.
>
> It is close enough to zero that "big performance hit" is not at all true.

I certainly never said big performance hit and all my disks are 
Filevaulted.  See my other post of this am on an i7.  No older machine 
to test with but even then it would not be so huge considering the 
security benefit.  I certainly ran my old Core 2 Duo Filevaulted.


-- 
"If war is God's way of teaching Americans geography, then
recession is His way of teaching everyone a little economics."
   ..Raj Patel, The Value of Nothing.

[toc] | [prev] | [next] | [standalone]

#37346

On 12-10-2016 09:59, Alan Browne wrote:
> There is no reason to not turn on Filevault.

If I were to turn on Filevault, I know from experience that it would not 
be long before I was unable to get to any of my files—in which there is 
NOTHING that would profit anybody.

There is a "wallet" on my computer containing some hundreds of dollars 
worth of bitcoin.  Somehow the password carefully recorded elsewhere is 
not the password and all the similar ones I can think of also don't work.

Good enough reason for me.

-- 

   "To know what you prefer, instead of humbly saying
    Amen to what the world tells you you should prefer,
    is to have kept your soul alive."
                          -- Robert Louis Stevenson

[toc] | [prev] | [next] | [standalone]

#37347

In article <o2i911$1q3r$1@gioia.aioe.org>, Happy.Hobo
<Happy.Hobo@Spam.Invalid> wrote:

> If I were to turn on Filevault, I know from experience that it would not 
> be long before I was unable to get to any of my files‹in which there is 
> NOTHING that would profit anybody.
> 
> There is a "wallet" on my computer containing some hundreds of dollars 
> worth of bitcoin.  Somehow the password carefully recorded elsewhere is 
> not the password and all the similar ones I can think of also don't work.
> 
> Good enough reason for me.

user error

[toc] | [prev] | [next] | [standalone]

#37352

In message <o2i911$1q3r$1@gioia.aioe.org> 
  Happy.Hobo <Happy.Hobo@Spam.Invalid> wrote:
> On 12-10-2016 09:59, Alan Browne wrote:
>> There is no reason to not turn on Filevault.

> If I were to turn on Filevault, I know from experience that it would not 
> be long before I was unable to get to any of my files—in which there is 
> NOTHING that would profit anybody.

You know from a complete lack of experience, you mean?

> There is a "wallet" on my computer containing some hundreds of dollars 
> worth of bitcoin.  Somehow the password carefully recorded elsewhere is 
> not the password and all the similar ones I can think of also don't work.

What does that have to do with FileVault? Oh right, nothing.

-- 
He wasn't good or evil or cruel or extreme in any way but one, which was
that he had elevated greyness to the status of a fine art and cultivated
a mind that was as bleak and pitiless and logical as the slopes of Hell.

[toc] | [prev] | [next] | [standalone]

#37353

On 2016-12-11, Happy.Hobo <Happy.Hobo@Spam.Invalid> wrote:
> On 12-10-2016 09:59, Alan Browne wrote:
>> There is no reason to not turn on Filevault.
>
> If I were to turn on Filevault, I know from experience that it would
> not be long before I was unable to get to any of my files—in which
> there is NOTHING that would profit anybody.

And why would that be? I have turned on FileVault for *many* years
without losing access to *any* of my files. In all this time, I haven't
lost access to a single thing. Pray tell what mysterious all-powerful
force is at play in your household and work environment that is
non-existent in mine?

> There is a "wallet" on my computer containing some hundreds of dollars
> worth of bitcoin.

Should we be somehow impressed by this factoid?

> Somehow the password carefully recorded elsewhere is not the password
> and all the similar ones I can think of also don't work.

You sound extremely confused. Perhaps this whole "computing" thing isn't
for you?

> Good enough reason for me.

Ok then.

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

[toc] | [prev] | [next] | [standalone]

#37354

On 12-10-2016 20:50, Jolly Roger wrote:
> On 2016-12-11, Happy.Hobo <Happy.Hobo@Spam.Invalid> wrote:
>> On 12-10-2016 09:59, Alan Browne wrote:
>>> There is no reason to not turn on Filevault.
>>
>> If I were to turn on Filevault, I know from experience that it would
>> not be long before I was unable to get to any of my files—in which
>> there is NOTHING that would profit anybody.
>
> And why would that be? I have turned on FileVault for *many* years
> without losing access to *any* of my files. In all this time, I haven't
> lost access to a single thing. Pray tell what mysterious all-powerful
> force is at play in your household and work environment that is
> non-existent in mine?

A 62-year-old memory?  What's your point?  You want to convince me that 
I dreamed the whole thing and Alan is correct that there is NEVER a 
reason to not use it?

[toc] | [prev] | [next] | [standalone]

#37357

In article <o2is6g$cmc$1@gioia.aioe.org>, Happy.Hobo
<Happy.Hobo@Spam.Invalid> wrote:

> >>
> >> If I were to turn on Filevault, I know from experience that it would
> >> not be long before I was unable to get to any of my files‹in which
> >> there is NOTHING that would profit anybody.
> >
> > And why would that be? I have turned on FileVault for *many* years
> > without losing access to *any* of my files. In all this time, I haven't
> > lost access to a single thing. Pray tell what mysterious all-powerful
> > force is at play in your household and work environment that is
> > non-existent in mine?
> 
> A 62-year-old memory?  What's your point?  You want to convince me that 
> I dreamed the whole thing and Alan is correct that there is NEVER a 
> reason to not use it?

whatever you did, it's of your own doing and not that of filevault.

[toc] | [prev] | [next] | [standalone]

#37358

On 2016-12-10 20:09, Happy.Hobo wrote:
> On 12-10-2016 09:59, Alan Browne wrote:
>> There is no reason to not turn on Filevault.
>
> If I were to turn on Filevault, I know from experience that it would not
> be long before I was unable to get to any of my files—in which there is
> NOTHING that would profit anybody.
>
> There is a "wallet" on my computer containing some hundreds of dollars
> worth of bitcoin.  Somehow the password carefully recorded elsewhere is
> not the password and all the similar ones I can think of also don't work.

All my BTC and ETH are spinning and safe and accessible.  Did some 
trades yesterday.  No issues at all.  Several backup copies, mind you.

>
> Good enough reason for me.

I've got FileVault2 running on 5 disks.  No issues ever.  Not once.


-- 
"If war is God's way of teaching Americans geography, then
recession is His way of teaching everyone a little economics."
   ..Raj Patel, The Value of Nothing.

[toc] | [prev] | [next] | [standalone]

#37339

In message <1N6dna6mOKGbgNHFnZ2dnUU7-bXNnZ2d@giganews.com> 
  Alan Browne <alan.browne@freelunchvideotron.ca> wrote:
> On 2016-12-09 02:09, Ant wrote:
>> Hello.
>>
>> I noticed Mac OS (X)'s guest accounts only allow Safari with encrypted
>> FileVault SSDs. Is there no way to access other apps like Office for
>> those who need to use it?

> David makes clear the why's and wherefore's.

> The whole "Guest" use account on a Mac is a pretty awful way to allow a 
> guest access to your computer so he can browse or check his e-mail or 
> some such.  The machine reboots for the guest and has to be re-booted 
> again for the 'owner' to get back in.  Tedious, wot.

It only has to be rebooted if you are using File Vault.

> Given such would be used when I am around, I don't consider it to be 
> much of a risk.

It is much more of a risk than having a locked down encrypted disk that
a guest cannot access.

-- 
There is a road, no simple highway, between the dawn and the dark of
night

[toc] | [prev] | [next] | [standalone]

#37342

On 2016-12-10 16:34, Lewis wrote:
> In message <1N6dna6mOKGbgNHFnZ2dnUU7-bXNnZ2d@giganews.com>
>   Alan Browne <alan.browne@freelunchvideotron.ca> wrote:
>> On 2016-12-09 02:09, Ant wrote:
>>> Hello.
>>>
>>> I noticed Mac OS (X)'s guest accounts only allow Safari with encrypted
>>> FileVault SSDs. Is there no way to access other apps like Office for
     [1]

>>> those who need to use it?
>
>> David makes clear the why's and wherefore's.
>
>> The whole "Guest" use account on a Mac is a pretty awful way to allow a
>> guest access to your computer so he can browse or check his e-mail or
>> some such.  The machine reboots for the guest and has to be re-booted
>> again for the 'owner' to get back in.  Tedious, wot.
>
> It only has to be rebooted if you are using File Vault.

That is the context.[1]

>
>> Given such would be used when I am around, I don't consider it to be
>> much of a risk.
>
> It is much more of a risk than having a locked down encrypted disk that
> a guest cannot access.

My disk is File Vaulted and I don't want to shut it down just so someone 
can access the web.

The rare instances that guests use my Mac:

- my SO when her laptop is not available (rare).  She uses my account. 
She has the password.

- someone needs to check their e-mail or some web page.  Log in on my 
iMac to my TestMe account (needs a password).  There they can use Chrome 
and various other apps.  This would only happen if I were around.

-- 
"If war is God's way of teaching Americans geography, then
recession is His way of teaching everyone a little economics."
   ..Raj Patel, The Value of Nothing.

[toc] | [prev] | [next] | [standalone]

#37350

In message <xZmdnRxK0c4KH9HFnZ2dnUU7-aXNnZ2d@giganews.com> 
  Alan Browne <alan.browne@freelunchvideotron.ca> wrote:
> On 2016-12-10 16:34, Lewis wrote:
>> In message <1N6dna6mOKGbgNHFnZ2dnUU7-bXNnZ2d@giganews.com>
>>   Alan Browne <alan.browne@freelunchvideotron.ca> wrote:
>>> On 2016-12-09 02:09, Ant wrote:
>>>> Hello.
>>>>
>>>> I noticed Mac OS (X)'s guest accounts only allow Safari with encrypted
>>>> FileVault SSDs. Is there no way to access other apps like Office for
>      [1]

>>>> those who need to use it?
>>
>>> David makes clear the why's and wherefore's.
>>
>>> The whole "Guest" use account on a Mac is a pretty awful way to allow a
>>> guest access to your computer so he can browse or check his e-mail or
>>> some such.  The machine reboots for the guest and has to be re-booted
>>> again for the 'owner' to get back in.  Tedious, wot.
>>
>> It only has to be rebooted if you are using File Vault.

> That is the context.[1]

>>
>>> Given such would be used when I am around, I don't consider it to be
>>> much of a risk.
>>
>> It is much more of a risk than having a locked down encrypted disk that
>> a guest cannot access.

> My disk is File Vaulted and I don't want to shut it down just so someone 
> can access the web.

I generally don't let anyone without an account use my laptop. The only
reason I have the guest account enabled is in case the laptop is lost or
stolen.

> The rare instances that guests use my Mac:

> - my SO when her laptop is not available (rare).  She uses my account. 
> She has the password.

My wife has her own accounts. No reason at all to either make her use
mine (which has a lot of customization and utilities running) or to make
her use a guest account. But in general, she has her own machines.

My rule is generally that anyone who might need to use a computer more
than once I just setup an account on my laptop or on a spare desktop. Of
course, that is slightly more annoying than it used to be, but still not
bad.

But the simple fact is that it's been a ong time since anyone needed to
borrow a computer. Everyone has a smart phone or a laptop or an iPad of
their own they can use.

I do have a couple of computers that have no personal data on them and
do not sync keychains or passwords, so those computers are safe to use
without FileVault.

> - someone needs to check their e-mail or some web page.  Log in on my 
> iMac to my TestMe account (needs a password).  There they can use Chrome 
> and various other apps.  This would only happen if I were around.

I do not do that because details from previous users, possibly even
including logins, cookies, etc are left behind. I could setup a logout
hook to delete the contents of the User's Library folder, but it's not
worth doing.

-- 
Evil is a little man afraid for his job.

[toc] | [prev] | [next] | [standalone]

#37348

On 12-10-2016 15:34, Lewis wrote:
> It is much more of a risk than having a locked down encrypted disk that
> a guest cannot access.

In the sixteen years I've had Macs, no one capable of trying to bypass 
permissions has used a guest account I've set up.

And no one who would have been tempted to try if they had known anything.

And there is nothing on there that could harm me if the above
were not true.

[toc] | [prev] | [standalone]

Page 2 of 2 — ← Prev page 1 [2]

Back to top | Article view | comp.sys.mac.apps

csiph-web