+8I have some extremely technically savvy users who have tried to skirt organizational requirements by modifying files within the root library. I want to remove the ability for all users except IT staff and our local admin account to open/execute the root library at all.
My issue is that when I test it by being in my user account and attempt to do this via terminal (chmod u-x /Library), terminal tells me that the operation isn't permitted.
What am I missing here?
+35@duffcalifornia Are they admins?
Also, can those settings that they are changing be enforced via a profile instead?
+14I am wondering if you could create a script that would look if /library has been open and then exclude them from a profile. We found removing the wireless profile gets our users attention.
+16If they haven't got admin rights they shouldn't be able to modify much if anything there.
If they are admins, well then they are admins...
+8@CapU - Not that we're aware of. There aren't many of these users who are the combination of "tech savvy enough to mess with things" and "resistant to the idea that we're managing them". We're just trying to be proactive. IT isn't the most trusted or respected department at my org.
@bentoms , @Look - They are, sadly, due to precedent. I'm looking to just modify the permissions for the root Library to rw- as opposed to rwx
@jared_f That's a possibility I suppose, though we'd have to figure out what to take away as not all of our users are on wifi...
+24I sincerely don't think its possible, or recommended to change the permissions on the root Library folder. Many applications need to be able to read support files and other items from those directories that are in the root Library folder, so messing with the permissions is very likely to break stuff on you. The general rule of thumb is, never change the permissions on a directory that is managed and owned by the operating system. I would not do it.
Can you detail some of the concerns you have about what they may mess with, or what you've already seen messed with? That may help us help you come up with a more realistic solution.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.