Security Spy headless?
AFAIK it is not possible to run Security Spy headless, so I'm looking for other suggestions for how to set it up so that visitors to my home can't get access to my personal account.
I'm running SS on a MacMini which has several server processes (such as Homebridge) running on it.
I'd like to be able to leave the house to a housesitter without worrying about someone rifling through my personal files. ( I realize that I can't completely secure the Mini against a determined attacker with physical access--- I only want to "help honest people stay honest", as they say.)
Most of my servers are set up with homebrew, which by default configures them to start up on login. I managed to move all of them from ~/Library/LaunchAgents to /Library/LaunchDaemons, which causes them to start up at boot time. That way, I can log out of the machine and the servers keep working, and if there's a power failure, the machine can automatically reboot and start the servers again. So I don't have to stay logged in to my personal account.
When I had those server processes all moved and tested and working, I had to smack myself on the forehead: "Oops! Forgot about Security Spy. Can't do that with him!"
So what to do? A few alternatives come to mind.
- Set up a separate account that automatically logs in at boot up. Call it "Camera" for instance, and the only thing it is used for is to host Security Spy. I actually implemented this setup a few years ago and abandoned it because it got to be a PITA to maintain.
- Keep all my personal files in iCloud Drive and sign out of iCloud when I go on vacation, but leave the computer logged in to my account and with automatic signin to my account on reboot.
- Just lock the display and leave the computer logged in to my account. But when the computer is rebooted the display will be visible until the display sleep timeout is reached.
- Combine 2 and 3.
Any other suggestions?
Comments
-
Chetstone,
I have SecuritySpy and other applications like homebridge running on a headless Mac mini. This computer is located in a closet next to the internet router and network switch. I access the Mac mini through VNC / Apple Remote Network.
I don't see a difference between logout from your account and have your account/screen locked. After a reboot all necessary applications are started and the screen is locked. So no access without the password.
More information on automatically locking your Mac see https://www.bensoftware.com/securityspy/helpfaq.html#RunBehindLoginScreen
-
Yes, SecuritySpy can be run on a headless Mac - many users do this.
If this Mac is dedicated to SecuritySpy, then you simply set it up to log in and open SecuritySpy automatically upon boot (with the option to automatically go back to the lock screen after login as mentioned by @pcgaasbeek above). You would enable Screen Sharing under System Preferences > Sharing for admin, or use SecuritySpy's web-based Screen Control feature.
It's unlikely that you will need iCloud on this machine if it's a headless Mac dedicated to SecuritySpy - avoiding this keeps all sensitive personal files off the machine.
I would recommend installing an HDMI dummy monitor dongle on a headless Mac - this keeps the GPU active (otherwise performance can suffer), and often allows a wider choice of screen resolutions that will then be available for screen sharing.
-
Thanks for the comments @pcgaasbeek and @Ben.
It turns out I was using the term "headless" incorrectly. I do normally have a monitor attached to the machine-- it's on the kitchen counter next to the wiring closet and I use it for light web browsing, etc., so I do have iCloud set up. But when leaving town I will replace the monitor with a dongle. And it sounds like your suggestions will do the trick!
Thanks!
