Dear Kevin, you wrote:
> >How can I make it available for all users - install it with every > >user individually? > > Not necessary. Put it in /Library/PreferencePanes. It sounds like > you've got it in ~/Library/PreferencePanes for your admin account. > > You'll have to set preferences in each individual account, but you > can lock them so the non-privileged accounts cannot change > preferences without an admin password. Understood - and actually, I found that it was not necessary. As I learned by checking more files everything is perfectly fine, Little Snitch just would need to be activated for every individual user (via admin credentials asked separately for). I still find two interesting things a) It is correct that preferences can be set for each individual account, and also that I can lock them for non-privileged accounts. However, this means that for every single account I got a set of individual preferences files - and not one single preference set for the entire computer which can be desirable. I saw a thread on that in the mail archive but it did not look like a true resolution to me. The following thought occurred to me though: Can't I just remove the preference files in the individal non-privileged accounts and replace the directory containing these files by a symbolic link to the corresponding directory in my admin account (only got one anyway, no need for a second one, really). Since the files there are owned by that admin none of the non-privileged users will be able to change them, but enjoy the benefit of the single preference set for the entire computer. The only side effect I can imagine is that a non-privileged user will not be able to set new rules in case Little Snitch alarms but from a security point of view this is probably not a fault anyway. b) I noticed that in the list of start-up items for my non-privileged users (after I activated Little Snitch for them using admin privileges) Little Snitch shows up. However, I find it rather interesting that I was able to simply remove that entry with just the non-privileged user rights which seems to be odd after it required admin rights to start it. This means that an attack on a non-privileged account can just deactive Little Snitch with no problem at all... this does not sound right to me. Ok, ok, if the attack is successful for an admin account then this does not help but who would connect to any network and work from his admin account in the first place - you wouldn't if you had a light touch of paramoia as I do. Thanks Joachim _______________________________________________ Littlesnitch-talk mailing list [email protected] http://at.obdev.at/mailman/listinfo/littlesnitch-talk
