Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Print Service Administration For Version 10.4 or Later
21222324252627282930
Chapter 1 Overview of File Services 25
For example, if you add an ACE for the user Mai and allow her reading permissions and
then add another ACE for a group in which Mai is member and deny the group reading
permissions, Workgroup Manager will reorder the permissions so that the Deny
permission is above the allow permission. The result is that Mac OS X Server applies the
Deny permission for Mai and ignores the Allow permission for Mai’s group.
Allow Permissions Are Cumulative
When evaluating Allow permissions for a user in an ACL, Mac OS X Server defines the
users permissions as the union of all permissions assigned to the user, including
standard POSIX permissions.
Tips and Advice
Mac OS X Server combines both traditional POSIX permissions with ACLs. This
combination provides you with great flexibility and a fine level of granularity in
controlling access to files and folders. But at the same time, these benefits have side
effects. If you’re not careful in how you assign privileges, things will quickly get out of
hand and become very confusing. It’ll be very hard for you to keep track of how
permissions are assigned.
Note: With 17 permissions, you can choose from a staggering 98,304 combinations.
Add to that a complex folder hierarchy, many users and groups, and many exceptions,
and you have a recipe for complete confusion if not disaster.
This section offers useful tips and advice to help you get the most out of access control
in Mac OS X Server and avoid the pitfalls.
Manage Permissions at the Group Level
Assign permissions to groups and assign them only to individual users when there is an
exception. For example, you can assign all teachers in a school district Read and Write
permissions to a certain share point, but deny Miss Buxton, a temporary teacher,
permission to read a certain folder in the share point’s folder hierarchy.
Using groups is the most efficient way of assigning permissions. After creating groups
and assigning them permissions, you can add and remove users from groups without
having to reassign permissions.
Gradually Add Permissions
Assign only necessary permissions and gradually add permissions when needed. As
long as youre using Allow permissions, Mac OS X Server combines the permissions. For
example, you can assign the Students group partial reading permissions on an entire
share point. Then, where appropriate in the folder hierarchy, you can give the group
additional reading and writing permissions.