Skip to main content

Cyber essentials and MAMP Pro

An article from ComputerMinds - Building with Drupal in the UK since 2005
28th Nov 2024

Mike Dixon

Senior Mind
Mike Dixon
Hey, you seem to look at this article a lot! Why not Bookmark this article so you can find it easily in the future?

We recently went through the process of applying for Cyber Essentials. Cyber Essentials is a program created by the UK government to help businesses get on top of their Cyber security. It was an interesting process for us to go through, and certainly helped us to formalise and document practices we had been doing for years.

We did hit a bit of a blocker tho for our developers, specifically

A7.6 Use of Administrator Accounts

How does your organisation make sure that separate accounts are used to carry out administrative tasks (such as installing software or making configuration changes)?

We have used many different development workflows and environments over the years, but recently we had semi-standardised on using MAMP Pro. Our previous experiments with other workflows had all been unsuccessful for various reasons, either suffering from poor performance (docker based solutions) or being very fragile and sensitive to OS updates (Valet).

The issue is MAMP Pro cannot start from a non admin account. There are various solutions for attempting to trick it into starting as a non admin user, but we couldn't get any of them to actually work. Instead we came across a post from Studio 24 who made use of a magic app called Privileges as a work around.

The Privileges app worked great, and allowed our developers to quickly elevate themselves to an admin when they needed to start MAMP Pro, and then switch back to a non admin user for the rest of their working day. We had hoped this would be sufficient to tick the box for the Cyber Essentials assessment, but sadly not - it was a hard no from the assessor, and we would need to re-think our workflow.

So, one mild panic and busy weekend later, we made the company wide leap to ddev . And actually, it's been great - we should have done it years ago. Our previous experiences of docker based workflows and painfully slow file system issues have all been resolved. It even has the added bonus of shifting all the (potentially dangerous, and sometimes flakey) npm stuff off the developer machines and into the docker containers.

So - in summary - if you are looking to get Cyber Essentials certified, and you are using MAMP Pro - then your only option is to jump ship, but chances are you'll be pleased you did.

Hi, thanks for reading

ComputerMinds are the UK’s Drupal specialists with offices in Bristol and Coventry. We offer a range of Drupal services including Consultancy, Development, Training and Support. Whatever your Drupal problem, we can help.