4

Our team has a small Mac that we use to display an auto-refreshed web page, but it requires an authenticated user be logged into it.

So the question: how can we show the browser, but have the keyboard and mouse locked from any unauthorized access? Password unlock would be best, but forced log-out might be okay.

As a secondary question: if the current user were on vacation that day, how could another user log into the machine?

[Edit]

The machine will also be used for other things several per week: video conferencing, watching the occasional YouTube video, etc.

It's important that the keyboard and mouse can be used when the machine is "unlocked", and highly desirable that the unlocking can be done quickly (<30 seconds)

Improve this question

5 Answers 5

Reset to default
5

Just remove keyboard and mouse altogether and manage the Mac remotely with VNC.

EDIT to remove USB support: You can remove USB support in Terminal with the following commands:

cd /System/Library/Extensions

TO BE SAFE do this code first: 

sudo cp -r IOUSBFamily.kext /Users/<youraccount>/Desktop

Then

sudo rm -r IOUSBFamily.kext

Reboot and USB support is gone. Be sure you have a good VNC or ssh connection first so you can put that .kext file back when you want to be able to use the USB ports again.

Improve this answer
5
  • for added security make sure to disable the external USB ports
    – Xantec
    Commented Nov 23, 2010 at 16:26
  • that wouldn't preclude them from plugging another into the machine. @Xantec if you can elaborate as an answer, I'd appreciate it (and if it works will accept it).
    – NVRAM
    Commented Nov 23, 2010 at 16:57
  • @NVRAM see edit...
    – CaseyIT
    Commented Nov 23, 2010 at 17:58
  • Wow. I love this answer!
    – msanford
    Commented Nov 23, 2010 at 22:02
  • Thanks, but it sounds like this won't help me: I guess I hadn't stressed that we need to use the kbd somewhat frequently. Mucking with system files and rebooting sounds too slow, and too likely to make the machine unusable.
    – NVRAM
    Commented Nov 25, 2010 at 0:10
1

You could always set up a new account that uses Mac OS X's parental controls to lock down everything. Don't give them access to any files outside their user folder, only let them run the browser, only let them access your particular webpage and have a launchd script set up to keep the browser alive (see TextEdit example here). People would still be able to use the mouse and keyboard, but they wouldn't be able to do much with them.

Improve this answer
1

I'm a bit confused—it sounds like you want some extra software on top of the system to catch all keystrokes until someone authenticates. I'm not convinced this is possible or necessary.

I would still suggest removing USB support and/or physically locking down the USB ports and then remote controlling the computer with VNC as @CaseyIT suggested, but it sounds like you don't want to give up the ability to physically control the machine. What is it you gain from this, exactly? VNC on a LAN is perfectly fast enough for all the control uses you mentioned, AND you can control which accounts can access the machine.

The best alternative I can think of is similar to @Scott's, but rather than running a limited user account, you would instead run a browser like Opera in kiosk mode on a regular user account, and set it to activate on login. To allow normal use of the computer (assuming there's no authenticated exiting feature from the kiosk browser) (also, this is where it gets crazy) set up a locally hosted page on the machine (bookmark that page in the kiosk browser), that will run a server-side shell script that kills the kiosk browser itself upon authentication from a privileged user.

Improve this answer
1

Had the same problem! Type this into your terminal:

sudo kextunload /System/Library/Extensions/AppleUSBTopCase.kext/Contents/PlugIns/AppleUSBTCKeyboard.kext/

And enter your password, press enter. This will disable the internal keyboard temporarily. To restore the keyboard just restart your Mac or type this into the terminal but be sure to copy in a linebreak:

sudo kextload /System/Library/Extensions/AppleUSBTopCase.kext/Contents/PlugIns/AppleUSBTCKeyboard.kext/

External keyboards will still work. It give me this error but it still works:

S~D~macbook-pro:~ SD$ sudo kextunload /System/Library/Extensions/AppleUSBTopCase.kext/Contents/PlugIns/AppleUSBTCKeyboard.kext/
(kernel) Can't unload kext com.apple.driver.AppleUSBTCKeyboard; classes have instances:
(kernel)     Kext com.apple.driver.AppleUSBTCKeyboard class AppleUSBTCKeyboard has 2 instances.
Failed to unload com.apple.driver.AppleUSBTCKeyboard - (libkern/kext) kext is in use or retained (cannot unload).

Enjoy - I have to use this all the time and just keep a text doc on my desktop with the commands.

Improve this answer
0

Maybe MollyGuard is an option:

http://mollyguard.infinitemonkeytheory.com

It looks mouse and keyboard by a shortcut.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .