Thread 'OSX client and unnamed user accounts'

Message boards : BOINC client : OSX client and unnamed user accounts
Message board moderation

To post messages, you must log in.

AuthorMessage
Profilecmosentine

Send message
Joined: 10 Dec 11
Posts: 10
United States
Message 41549 - Posted: 10 Dec 2011, 1:35:42 UTC

Hi all: I am new to te OSX client and have noticed that the installer creates two unnamed user accounts which are given smb sharing privileges. This seems rather odd to me that they would be unnamed. I have confirmed they are created by the BOINC installer.

Is this normal behavior? Can the accounts be altered to give them names? I don't consider this terribly good form.

Tanks, Chris.
ID: 41549 · Report as offensive
ProfileJord
Volunteer tester
Help desk expert
Avatar

Send message
Joined: 29 Aug 05
Posts: 15542
Netherlands
Message 41560 - Posted: 10 Dec 2011, 14:11:59 UTC - in response to Message 41549.  

Please read the ReadMe file that comes with the BOINC installer on the Mac. In it, it says:
Security:

Since version 5.5.4, BOINC Manager for the Macintosh has featured new, stricter security measures. This additional security helps protect your computer data from potential theft or accidental or malicious damage by limiting BOINC projects' access to your system and data.

The installer sets special permission for the BOINCManager and Client, which allows them to write to the shared BOINC Data regardless of which user is logged in. If you copy BOINCManager or the BOINC core client without using the installer, it will not run properly.

However, you can safely move the BOINC Manager within the same disk drive or partition. If you need multiple copies, run the installer again after moving BOINC Manager; this will create a fresh copy in the /Applications folder.

BOINC verifies that ownership and permissions are set properly each time it is launched. It will tell you to re-install BOINC if there is a problem.

The new safeguards use the basic security protections built into UNIX (the base underlying Mac OS X): permissions and ownership.

The administrator (usually the owner) of each computer creates one or more users who can log in, can create private files, and can share other files. Some of these users are given administrative privileges, some may not have these privileges.

There are also groups, which have one or more users as members. For example, users with administrative privileges are usually members of the "admin" group.

In addition to these "visible" users and groups, the operating system contains a number of "hidden" users and groups which are used for various purposes. A person cannot log in as one of these "hidden" users.

This structure of users and groups is used to provide security by restricting what data and operations each person or application can use. For example, many files belong to user "system" (also called "root") and group "wheel" so that non-privileged users can't modify them, thus protecting the computer system from accidental or malicious harm.

Starting with version 5.5.4 of the BOINC Manager for the Macintosh, the BOINC installer creates 2 new "hidden" users boinc_master and boinc_project, and two new "hidden" groups, also named boinc_master and boinc_project (unless they were created by a previous installation of BOINC.)

The installer automatically gives administrators (users who are members of the "admin" group) membership in the two new groups, so that they can easily manipulate BOINC files. The installer asks you if you would like non-admin users to be able to run the BOINC Manager and to have access to these files. This is particularly useful where many people have access to the computer, as in a school computer lab.

BOINC projects are given permission to access only project files, protecting your computer in the event someone downloads bad software from a bogus project, or in the unlikely case that a legitimate project's server is infiltrated by a cracker.

For technical details of the implementation, please see http://boinc.berkeley.edu/trac/wiki/SandboxUser and http://boinc.berkeley.edu/sandbox.php

ID: 41560 · Report as offensive
Profilecmosentine

Send message
Joined: 10 Dec 11
Posts: 10
United States
Message 41564 - Posted: 10 Dec 2011, 15:28:33 UTC - in response to Message 41560.  

Thanks for pointing that out, but is this not a bit of security through obscurity? It's my computer, I can enable root and gain access to this data, and so could anyone else on my computer with admin rights. Unless the BOINC client breaks some basic unix security, I don't see the need.
ID: 41564 · Report as offensive
ProfileJord
Volunteer tester
Help desk expert
Avatar

Send message
Joined: 29 Aug 05
Posts: 15542
Netherlands
Message 41572 - Posted: 10 Dec 2011, 21:12:32 UTC - in response to Message 41564.  

Perhaps that you don't see the need, but you're hardly the only person running BOINC on his Mac. There's plenty more, including companies and schools/universities, who will want/require that level of security.
ID: 41572 · Report as offensive

Message boards : BOINC client : OSX client and unnamed user accounts

Copyright © 2024 University of California.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.