Manualshelf

Setup guide

ManualsBrandsApple ManualsComputer equipmentMac OS X Panther
81828384858687888990
UNCLASSIFIED
UNCLASSIFIED
74
Chapter 6 –
Future Guidance
Overriding the Default umask
The default umask value can be overridden for a particular user, if needed. To do so,
log into the user account to be changed. For example, to set the default umask to
027 (decimal equivalent 23) so that other group members can read files created by a
user, issue the following command in a Terminal window:
defaults write –g NSUmask –int 23
This command will affect the permissions on files and folders created by programs
that respect the Mac OS X NSUmask settings, although there is no guarantee that a
program will respect these settings. The user can also change his default umask
setting at any time. The changes to the umask settings take effect at next login.
Setting Up Keychains for a User Account
Mac OS X provides an application called Keychain Access that allows a user to
manage collections of passwords and certificates, each of which is called a
keychain. Each keychain can hold a collection of credentials and protect them with
a single password. Passwords, certificates, and any other private values (called
secure notes) that a user or application places into a keychain are encrypted.
These values are accessible only by unlocking the keychain using the keychain
password.
A user can create multiple keychains, each of which will appear in a keychain list in
the Keychain Access application. Each keychain can store multiple values; each
value is called an item. A user can create a new item in any keychain. When an
application needs to store an item in a keychain, it will store it in the one designated
as the user’s default. The default is initially the keychain named login, but the user
may change that.
When a user must keep track of a multitude of passwords, he is likely to either make
the passwords identical for all the systems, or keep a written list of all passwords.
Use of keychains can greatly reduce the number of passwords a user must
remember. Since the user no longer has to remember passwords for a multitude of
accounts, the passwords chosen can be very complex and could even be randomly
generated.
One disadvantage of using a keychain, however, is that if the user does not choose a
strong password, or if the password is compromised, then all the accounts protected
by that keychain may be compromised. Another disadvantage is that any application
may make use of the Keychain API to query for passwords. Therefore, care must be
taken in determining which applications are granted access to a keychain.
Despite these disadvantages, keychains provide some additional protection for
passwords, passphrases, certificates, and other credentials stored on the system.
Also, in some cases, such as using a certificate to sign an e-mail message, the