In Mac OS X 10.2.4 or later, advanced users can set permissions for files used by the Classic environment. By setting these permissions, you can "protect" system files and local applications used by the Classic environment from being disabled, moved, renamed, or deleted by users that do not have administrative privileges. Users who have an administrator account (members of the admin group) will still have access to these files.
Even after taking these precautions, Classic applications will be able to write into the System Folder used by Classic, but not the "Applications (Mac OS 9)" folder. A scenario in which this could lead to an issue would be a malicious user intentionally saving a document in the System Folder, overwriting an existing system file with the same name.
Determine whether protection already exists (optional)
To verify whether permissions are set correctly, follow these steps. This is an optional section.
1. Select the Mac OS 9 System Folder used by Classic.
2. Choose File > Get Info.
3. Expand "Ownership & Permissions".
Permissions are set correctly, and you do not need to use this document if the permissions on the System Folder are:
Owner: system
Access: Read & Write
Group: admin
Access: Read & Write
Others: Read only
Tip: If you use Terminal instead, correct permissions on System Folder would appear as "drwxrwxr-x root admin".
If permissions appear differently, follow the steps below.
Set permissions for Classic environment files
Mac OS X 10.2 through 10.2.8
1. Make sure the Mac OS 9 System Folder and "Applications (Mac OS 9)" folder used by Classic are located at the root directory ("/") of the Mac OS X volume. Also, make sure these folders use their default names: "System Folder" and "Applications (Mac OS 9)"
2. Update to Mac OS X 10.2.4 or later.
3. Log in with an administrator account. Open Terminal (/Applications/Utilities).
4. Execute the following commands in Terminal:
sudo chown -R root:admin '/System Folder' '/Applications (Mac OS 9)'
sudo chmod -R ug+rw,o-w,a-x,a+X '/System Folder' '/Applications (Mac OS 9)'
You may now stop here. If you wish to further enhance security, you can configure Classic to use preferences from each user's home folder by following the optional steps below in "Configure Classic to use preferences from your home folder (optional)".
Mac OS X 10.3 or later
Open Disk Utility (/Applications/Utilities) and from the
File menu choose
Fix OS 9 Permissions feature.
This will set the proper permissions on System Folder that's currently selected in Classic preferences.
You may now stop here. If you wish to further enhance security, you can configure Classic to use preferences from each user's home folder by following the optional steps below.
Configure Classic to use preferences from your home folder (optional)
Mac OS X 10.3 Panther
See "
Setting up Classic for multiple users".
Mac OS X 10.2 through 10.2.8
Follow these steps to allow Classic to use preferences from your home directory in order to protect these files.
If you do not use Managed Client for Mac OS X
1. Choose Apple Menu > System Preferences.
2. Choose View > Classic.
3. Click the Advanced tab.
4. Configure Classic to use preferences from the user's home folder. For instructions and more information, see "Mac OS X 10.2: About the Classic 'Use Preferences From Home Folder' Feature"
5. Quit System Preferences.
6. For enhanced security, these steps may be repeated for each user account.
If you use Managed Client for Mac OS X
1. Open Workgroup Manager.
2. Choose Workgroup Manager > Preferences.
3. Click Users, Groups, or Computers, then Classic, then Advanced.
4. Choose Always from the "Manage these settings" pop-up menu.
5. Select the "Use preferences from home folder" option.
This forces preference redirection for all users who do not have an administrator account. For each administrator account, follow the steps above for "If you do not use Managed Client for Mac OS X".