NOTE: The following configuration has only been tested on pre-mirrored door G4s.

Deliverable: A highly secure Mac for multiple users. Users will be able to boot into Mac OS 9, or Mac OS X. Each OS will be on a separate drive. Normal users won’t be able to access the OS X partition while booted to OS 9. While booted to OS X, users will have restricted access to OS 9 system files. Open Firmware’s security-mode is set to command. Therefore, the user will not be able to boot from any device except the two internal disks. This includes booting to CD, Firewire, network, single user mode, target disk mode, and misc. startup key commands.

First step: You need to have some open firmware knowledge.

Link 1. One Button Booting from Classic to MacOS X

Link 2. http://www.netneurotic.de/mac/openfirmware.html

Link 3. http://bh.udev.org/filez/mac6100/BootX.pdf

Link 4. http://www.netbsd.org/Ports/macppc/faq.html#ofw

Second step: Start by installing 2 IDE hard drives (same controller/different controller - doesn’t matter). With the OS X 10.2.X disk utility (only tested with 10.2.x, not 10.1.x), create three partitions on the disk you’ll be using for OS 9. Obviously, you’ll want to include the OS 9 drivers. First partition for OS 9, 2nd is a fake boot partition (more on this later), 3rd for files storage. Keep the OS 9 boot partition reasonably small. The 2nd partition (fake boot partition) should be no more than 100 MB, as the fake system doesn’t use much space. The 3rd will be used for common ground file storage (will be read/write from OS 9 and X). Now initialize the second disk as your OS X disk. Make sure NOT to install OS 9 drivers on this disk. This will prevent users from accessing it while in OS 9 (won’t be mounted). Install OS 9 on designated OS 9 partition and OS X on the OS X disk. To save some typing, from now on I’ll refer to these volumes as: OS 9 boot will be vol. A, fake boot disk will be vol. B, storage is vol. C, OS X disk will be vol. D.

Third step: Now we begin the meat and potatoes. Boot into OS X. Log in as root and go to the \System\Library\CoreServices directory. Do a “get info” on both of the Finder files. One will read “Fake Finder” in the version field. Copy this Finder file and the System file (also Fake) to Vol. B. Next, we write a short script. Open a text editor. Copy/paste, if you wish, but replace “Mac 9 HD” with the name of your Vol. A:

#include <stdlib.h>
#include <unistd.h>

main(void)
{
    char *command="/usr/sbin/bless -folder9 '/Volumes/Mac 9 HD/System Folder/' -setOF";
    char *command2="reboot";
    int retrncode;
    setuid(0);
    setgid(0);
    retrncode=system(command);
    retrncode=system(command2);
    return 0;
}

Save as something like switchbless.c. Compile with gcc (you may need dev tools, or download gcc compiler). Command is “gcc switchbless.c”

The binary output is a.out. Put the source code in a safe place, better yet, delete it after testing. Rename a.out to switchbless. Chmod it to 4750; Chown it to root.staff (or other group). This will allow normal users to execute it as root. Move the file to /usr/bin/. You may want to put an Applescript front end on this to make it easier for your users to execute (e.g.: do shell script “/usr/bin/switchbless”). Otherwise, the user will have to go to command line and type “switchbless”. Test and make sure it will boot you to vol A.

Fourth step: Set your startup disk pane to boot to Vol. D (OS X). Boot into Open Firmware. Type printenv boot-device. Hit enter. Write down the numbers just before the first comma (e.g. @0:2). Boot into OS 9. Create a System Folder on Vol. B named something that looks important, like Referral System. Copy the Mac OS ROM file from your Vol. A System Folder to this folder. Also, put the fake System and fake Finder files (you copied them over in step 3) in this folder with the Mac OS ROM file. Now, download BBedit. Launch it. With BBedit, open the Mac OS ROM file you just copied to the Vol. B Referral System folder (use the All Files filter to see it). Look for the BOOT-SCRIPT block. The second line starting with setenv and ending in BootX should be one line. Change the numbers preceding the first comma to the ones gathered earlier this step (e.g. @0:2). The second argument (after comma) points to the OS X bootloader and should be changed to exactly as appears here, if it isn't already. On the second line, type reset-all. Save the ROM file. Do not use Save As - changes file type.

<BOOT-SCRIPT>
setenv boot-device /pci@f2000000/pci-bridge@d/mac-io@ 7/ata -4 @1f000/@ 0:2,\System\Library\CoreServices\BootX
reset-all
</BOOT-SCRIPT>

Fifth step: Should still be in OS 9. Enable Multiple Users. Create a normal user account. Stay logged in as owner. Move the “Applications (Mac OS 9)” folder to “Users:Shared Documents:”. Since normal users will be restricted from using the startup disk control panel, we’ll need to create a script as a workaround, as we did in OS X. This time we use Applescript. You’ll need to download this OSAX written by Eric Grant http://www.eagrant.com/Set-Startup-Disk.sit.hqx. Put it in your Scripting Additions folder. Next, get your hands on an earlier version of the Startup Disk control panel (version 7.7.8 from system 9.0.4 was used in this concoction). Put the control panel in the “Applications (Mac OS 9)” folder. Name it something like “Startup App” (Don’t include in user’s capabilities).  Here is the Applescript:

tell application "Finder"
       set startup disk to (alias "Vol B:Referral System:") using file¬
        "Vol A:Users:Shared Documents:Applications (Mac OS 9):Startup App"
       restart
end tell

Replace Vol A and Vol B with your corresponding volume names. Save it as Run-Only in the “Applications (Mac OS 9)” folder and put the source in a safe place, better yet delete it from this system after testing. Don’t forget to send thanks to Eric Grant for the OSAX.

Step Six: Boot into Open Firmware, set the password, enable security-mode, and set it to “command” (see instructions on pg. 6 of link 3). Now, as a normal user you should be able to switch back and fourth from OS X and OS 9 using the scripts you created. If this is working for you, congratulations! However, you still don’t have a secured system. All you really have is Open Firmware protection and a way to switch startup disks for a normal user.

Final Step : Think like a mischievous normal user trying to bypass security. Where would you start to circumvent the security the way it is now? Open the box, pull the RAM, zap PRAM, and boom you have OF access. So, you need a way to deal with physical security or all the work your doing here is for not. Consider padlocking the case, adhesive tamper evident security seals, a snare, explosives, whatever. Where would you go now, if you can’t get in the case? Perhaps disabling the Multiple Users extension in the OS 9 System Folder while booted into OS X? That’d get you full rights on the OS 9 side. You could then install and run FWSucker, etc. to retrieve the OF password. Therefore, you need to secure the System Folder on vol. A for when users are booted in OS X. I found the only way to do this is to use chflags command line utility with the sappnd flag so only admins can append this volume. You also don’t want the user mucking with the Referral System folder. So, you’ll need to do the same to it too. Keep in mind the user will need Vol. C as a common ground for moving/storage of files between OS 9 & X. In OS 9, I found that copying each user’s folder along with their Documents folder to the Users folder on Vol. C gives them r/w access to this volume per their Documents folder only. Additionally, you’ll want to tweak the user’s capabilities in OS 9 and X so the user can only execute applications that you choose. This will help prevent them from installing additional software that could allow them to compromise the system. At this point, your Mac should be much more secured than it would have been otherwise. This document is meant to get you most of the way to securing a Mac. I’m sure there is still more tweaking and securing to be done. After all, it is a job that is never done... Good luck!

Note: In this configuration, you can expect a slightly irritating OS 9 multiple user bug (see link below). Fortunately, no functionality is actually lost, however:

http://www.macosxhints.com/article.php?story=20030818143101129