Specifications
17
Use this chapter to learn about standard permissions, Access
Control Lists (ACLs), and related security issues.
An important aspect of computer security is the granting and denying of permissions.
A permission is the ability to perform a specic operation, such as gaining access to
data or executing code. Permissions are granted at the level of folders, subfolders, les,
or applications. Use Server Admin to set up le service permissions.
In this guide, the term privileges refers to the combination of ownership and
permissions, while the term permissions refers to the permission settings that each user
category can have (Read & Write, Read Only, Write Only, and None).
Permissions in the Mac OS X Environment
If you’re new to Mac OS X and are not familiar with UNIX, there are dierences in the
way ownership and permissions are handled compared to Windows.
To increase security and reliability, Mac OS X sets many system folders, for example,
/Library/, to be owned by the root user (literally, a user named root). Files and folders
owned by root can’t be changed or deleted by you unless you’re logged in as root.
Be careful—there are few restrictions on what you can do when you log in as root, and
changing system data can cause problems. An alternative to logging in as root is to
use the sudo command.
Note: The Finder calls the root user system.
By default, les and folders are owned by the user who creates them. After they’re
created, items keep their privileges (a combination of ownership and permissions)
even when moved, unless the privileges are explicitly changed by their owners or an
administrator.
2
Setting Up File Service Permissions