At home we have a Mac Mini for our kids to use as their computer. We want to encourage them to use the computer for edutainment, but worry about all the ickies lurking around every corner on the web.
I’ve taken several precautions to ensure their innocence:
The computer sits in our family room where everyone can see it.
Installed DansGuardian as a content filter that runs along with a proxy server on my home network’s gateway.
Set up separate accounts on the mini – one for each of my children.
Using Apple’s Parental Controls in Snow Leopard, I set up various items such as time limits, IM and email whitelists, and allowed websites.
It’s the allowed websites feature that I want to discuss a bit here today. I wanted to set up a specific list of sites that my kids can see, and the list is relatively long. Apple has set up the Parental Controls such that you have to enter each site one at a time for each account. So, if I want to let all 3 kids get access to www.funbrain.com, for example, I have to add it individually to each account.
This is a pain in my hindquarters, and seemed silly to me to have to do.
So, I took a few minutes to figure out how parental controls work, and discovered that the data for each account is actually stored in Directory Services for each user. A bit of digging revealed that there is a command line interface for Directory Services that can be used to export and import data for a given user.
Armed with this, I went ahead and exported the Directory Service information for the account where I had already entered the website addresses:
dscl . -mcxexport /Users/firstUserName > /export/file/path
This spit out a spiffy xml file which I opened in a text editor. This xml file contains a lot more information that just the websites that the user is allowed to visit, but all 3 of my kids have different settings for things like whether they use the simple finder or not, what times they can use the computer, time limits, etc. The only data I wanted to keep the same everywhere is the list of websites they can visit. So, I edited this XML file to look something like this:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.familycontrols.contentfilter</key> <dict> <key>siteWhitelist</key> <dict> <key>state</key> <string>always</string> <key>value</key> <array> <dict> <key>address</key> <string>http://www.funbrain.com</string> <key>bookmarkPath</key> <string>/Games for Kids/</string> <key>pageTitle</key> <string>Funbrain</string> </dict> <dict> <key>address</key> <string>http://spaceplace.nasa.gov/en/kids</string> <key>bookmarkPath</key> <string>/Games for Kids/</string> <key>pageTitle</key> <string>NASA Space Place</string> </dict> <dict> <key>address</key> <string>http://www.sesamestreet.org</string> <key>bookmarkPath</key> <string>/Games for Kids/</string> <key>pageTitle</key> <string>Sesame Street</string> </dict> </array> </dict> <key>useContentFilter</key> <dict> <key>state</key> <string>always</string> <key>value</key> <false/> </dict> <key>whitelistEnabled</key> <dict> <key>state</key> <string>always</string> <key>value</key> <true/> </dict> </dict> </dict> </plist>
Now, I had a lot more sites in my xml file than this, but I’ve removed most of them so that it’s easier to see the structure without seeing a ton of sites. To add sites, all I needed to do was to add a new dict entry for the site.
Then you can apply the change to whatever account you like by running the following:
/usr/bin/sudo /usr/bin/dscl . -mcximport /Users/userToUpdate /path/to/xmlFile.xml
The next time the user logs in, the changes take effect.
You can put this import command into a shell script that just runs it for each user you wish to update. You can also change different items in the xml file, or use the xml file to manage all your Parental Controls and just update via dscl each time you make a change. As a fan of the shell, this is typically easier for me than using the System Preferences UI.
Enjoy!
Leave a Reply