Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Print Service Administration For Version 10.4 or Later
21222324252627282930
26 Chapter 1 Overview of File Services
Use the Deny Rule Only When You Need To
When Mac OS X Server encounters a Deny permission, it stops evaluating other
permissions the user might have for a file or folder and applies the Deny permission.
Therefore, use Deny permissions only when absolutely necessary. In addition, you
might want to keep a record of these Deny permissions so that you can delete them
when they are not needed.
Always Propagate Permissions
Inheritance is a powerful feature, so take advantage of it. By propagating permissions
down a folder hierarchy, you save yourself the time and effort required to manually
assign permissions to descendants.
Use the Effective Permission Inspector
Frequently use the Effective Permission Inspector to make sure that users have the
appropriate access to important resources. This is especially important after modifying
ACLs. Sometimes, you might inadvertently give someone more or fewer permissions
than they need. The inspector helps you detect these cases. For more information
about this inspector, see “Determining User or Group Permissions to a File or Folder on
page 47.
Protect Applications From Being Modified
If you are sharing applications, make sure that you set permissions for these
applications so that no one, except a trusted few, can modify them. This is a
vulnerability that attackers can exploit to try to introduce viruses or Trojan horses into
your environment.
Keep It Simple
Sometimes, you can unnecessarily complicate file access management if youre not
careful. So just keep it simple. If standard POSIX permissions do the job, then use those.
But if you need to use ACLs, avoid customizing permissions unless you have to.
Also, use simple folder hierarchies as much as possible. A little bit of strategic planning
can help you create effective and manageable shared hierarchies.
File Services Access Control
Server Admin in Mac OS X Server allows you to configure service access control lists
(SACLs), which let you specify which users and groups have access to AFP, FTP, and
Windows file services.