Product Description

An instant success among newcomers, longtime Apple(R) fans and serious Unix(R) users alike, the Mac OS(R) X operating system combines stability, simplicity and elegance, and a stunning user interface. What more could Mac users want or need? The answer, of course, is Mac OS X Panther--a sleek and powerful overhaul of Mac OS X that promises to revitalize your Mac with improved views of the system, significant improvements to favorite applications, and numerous added conveniences. As with its predecessor, Jaguar, Mac OS X Panther offers plenty of new territory to explore. To show the way, O'Reilly's latest Nutshell book, Mac OS X Panther in a Nutshell, 2nd Edition offers all audiences--both longtime Mac users and hardcore Unix users--the most complete guide to this remarkable operating system. The latest edition of this all-purpose reference leads power users through the newly changed landscape of Mac OS X. Mac OS X Panther in a Nutshell, 2nd Edition provides details about the user-interface elements, system and network administration, and scripting and development. If you want to probe more deeply into the BSD Unix side of Mac OS X, there's a section that delves "under the hood." The book also includes the most complete Unix command reference found in print--with each command and option painstakingly tested and checked against Panther. Even the manpages that ship with the system can't compete in accuracy! Mac OS X Panther in a Nutshel, 2nd Edition offers a thorough treatment of Mac OS X Panther, from its BSD Unix foundation to the finer points of its user interface. It familiarizes readers with the Finder' and the Dock, file management, system configuration, network administration issues, and more, including a clear picture of what's new Other topics covered in the book include: Filesystem overview; Running Java(R) applications; System and Network Administration; Directory Services and NetInfo; Scripting on Mac OS X Panther; Using CVS; Unix Command Reference; An overview of the Apple(R) X11 distribution Mac OS X Panther in a Nutshell, 2nd Edition is the indispensable guide for anyone who wants to know Mac OS X Panther inside and out.

Product Details

• Amazon Sales Rank: #1135121 in Books
• Published on: 2004-06-22
• Original language: English
• Number of items: 1
• Binding: Paperback
• 1054 pages

From the Publisher
Mac OS X Panther in a Nutshell, 2nd Edition offers a thorough treatment of Mac OS® X Panther, from its BSD Unix® foundation to the finer points of its user interface. It familiarizes readers with the Finder® and the Dock, file management, system configuration, network administration issues, and more, including a clear picture of what's new. The book also includes the most complete Unix command reference found in print--with each command and option painstakingly tested and checked against Panther.

About the Author
Chuck Toporek cut his teeth on a Mac II system when he got his first job in publishing in 1988, and has been using them ever since. Chuck is a senior editor in charge of the Mac OS X/Apple Developer Connection (ADC) series for O'Reilly & Associates, Inc. He is also the author/editor of the Mac OS X Panther Pocket Guide, co-author of Mac OS X in a Nutshell, and author of the upcoming title, Inside .Mac.

Chris Stone (cjstone@mac.com) is a Senior Systems Administrator (the Mac guy) at O'Reilly & Associates and coauthor of Mac OS X in a Nutshell. He's written several Mac OS X related articles for the O'Reilly MacDevCenter (www.macdevcenter.com), and contributed to Mac OS X: The Missing Manual from Pogue Press. Chris lives in Petaluma, California with his wife, Miho, and two sons, Andrew and Jonathan.

Jason McIntosh lives and works in and around Boston. He has co-authored two O'Reilly books, Mac OS X in a Nutshell and Perl & XML, and writes occasional columns and weblog entries for the O'Reilly Network. His homepage is at http://www.jmac.org.

Excerpted from Mac OS X Panther in a Nutshell by Chuck Toporek, Chris Stone, Scott Gever. Copyright © 2004. Reprinted by permission. All rights reserved.
Chapter 13 - Security Basics

Thanks to the inherent security of its Unix foundation and a secure-by-default configuration, Panther doesn't give its users much to worry about at first boot-up.However, Panther does include several features that help keep out intruders as you accumulate data and customize the default configuration.

Potential threats exist to many elements of an operating system, and, in most cases, Panther's security features address them to a degree greatly surpassing what's required for a typical user. With a bit of additional tightening, Panther can operate with a level of security acceptable for even much more sensitive environments.

General Security
Panther has several general security features that contribute to the protection of the entire system.

Unix Features
As was covered in Chapter 7, Mac OS X's Unix foundation provides for the basic permissions model that keeps system and user files and processes separate and protected. But equally important for security is Panther's open source roots, in the form of Darwin, which allows anyone to scour the source code for potential vulnerabilities and provide (or allow Apple to provide) fixes quickly. Darwinfs source code, corresponding with the open source core that ships with Panther, is available freely through developer.apple.com/darwin. Apple generally makes available new Darwin versions not long after they've been released as part of each new Mac OS X version.

Also, because Mac OS X can run much of the same software available to other Unix platforms, a large amount of additional security-related software is availablefor it as well. See Chapter 27 to learn more about acquiring and installing Unix software.

Default Security
Panther is arguably the most secure of any operating system upon initial boot-up. This is mostly due to its conservative default system configuration, which ensures that your Mac will be safe from most security threats without additional configuration on your part. Here are a few things that Mac OS X Panther does by default to help make your Mac secure:

Disabled root account
Typically, an intruder will attempt to access the root account to obtain complete system control, but as long as the root account stays disabled, the attempts will fail. In fact, Panther provides enough alternatives to the legitimate use of the root account that enabling it is usually not necessary even for system administrators. For example, users can instead authenticate in the Finder to access most protected areas or use sudo at the command line to run commands requiring root privileges.

Few open communication ports
A port scan of a new Panther system will find no open TCP ports at all and only two open UDP ports. This makes for a system so secure, in fact, that turning on the firewall at this point adds no further protection (because there are no vulnerable ports that need blocking).

The two open ports are UDP 123 used by ntpd (the Network Time Protocol Daemon), and 5353, used by mDNSResponder, which is part of Rendezvous. Though there are no known vulnerabilities to either daemon, you can turn off the first by unchecking 'Set Date & Time automatically' in the Date & Time preferences panel. To keep mDNSResponder from launching at startup and eliminate most of Rendezvous' functionality, use the chmod command to turn off the executable bit of its StartupItems script, /System/Library/StartupItems/ mDNSResponder/mDNSResponder, and then restart your Mac.

No running network services
With no ports open, then, you'll also find that Panther has none of its network services turned on by default. Furthermore, only administrators can turn on these services, which include all those listed in the Sharing preferences pane.

Software Update
Software Update helps ensure that the latest security updates, as well as the regular OS and application updates, are applied promptly. These updates, typically provided by Apple within days of a vulnerability announcement, can address one or several security issues at a time, involving both Apple software as well any of the included Unix software, such as OpenSSH or Apache.

Installing system software over the Internet has its own security implications, so the Software Update process uses digital signatures to protect against possible deception on the network. Each update package on Apple's Software server contains a digital signature, which when verified by your Software Update client application, guarantees that the source of the update package is indeed Apple Computer and that the package's data hasn't been modified.

Authentication
These authentication-related security features provide additional protection for your computer while still allowing easy and secure verification for authorized users.

Long Passwords
Panther supports account passwords of virtually unlimited length. In practice, however, you shouldn't set a password thatfs longer than youfre willing to type (most authentication windows donft accept pasted text). Also, command-line utilities can have password length limits of their own. For example, the sudo utility doesnft accept passwords longer than 256 characters.

Keychain Access
The Keychain Access application (/Applications/Utilities) has other security-related features in addition to its primary function as a repository for your passwords.

Menu extra
Keychain Access has its own menu extra, shown in Figure 13-1, which is activated by selecting View-Show Status. From the Keychain menu extra, you can lock and unlock your keychains as well as open Keychain Access and the Security preferences pane.

Additionally, by selecting the Lock Screen option from the Keychain menu extra, you can immediately activate a password-protected screensaver. With this optionselected, a password is required to disengage the screensaver, even if you haven't selected to always use one in the Security preferences pane (see the 'Screen Locking' section of this chapter).

Customer Reviews

A lot of useful information, but some omissions
I've been holding back before writing this review, in two minds about the book. The thing is, the information in here is very useful, but I can't escape a feeling of disappointment at what's been left out.

This is a book designed for the "power user", and according to the intro is intended to be complementary to "Mac OS X: The Missing Manual". Having said that, In my opinion it has enough on the basics (general use, the finder, applications, etc.) to mean that someone who has a decent level of competence on Windows, Linux or earlier Mac OS's should start with this book.

It's strength, however, is when it goes beyond basic use to the stuff you need to know if you are going to configure OS X for yourself. There is a section of more than 200 pages on the Unix-side of the operating system (Darwin), including a very useful command reference (with entries that are shorter, but more user-friendly, than the man pages). Then there is a chapter on the file system that, among other things, explains why some standard Unix approaches don't work as they should. Add to this information on working with preference lists and using Net Info Manager. Top it off with chapters on developing software for and in OS X, and installing X-Windows and Linux software, and you have a very useful book.

On the other hand, I feel that there are some fairly serious omissions. One glaring example that I found was that there is no entry for the ipfw command in the command reference, even though such an entry is referred to earlier in the book (ipfw is used to configure the firewall in the Terminal). I also felt that there was a lack of troubleshooting material. For instance, you're told how to set up a network printer, but not what to look for if it doesn't work. Finally, I felt that the chapter on Security (admittedly called Security Basics) was little more than an advertisement for the what a secure operating system OS X is. It is, but I would have preferred some guidance on making it more so.

This is the OS X book that I wish I'd bought when I first got my Mac. I would have made far more rapid progress with it than with the "Teach Yourself... " book I did start out with. However, in my opinion it is not all it could (or should?) have been. I admit that I may be on a quest for the Mac equivalent of a dictionary with all the words I don't know, but that is how I feel.