Setup guide

b. Uncheck the box for “Cache last user logon for offline operation”

unless it is required.

c. Uncheck the box for “Authenticate in multiple domains” unless it is

required.

d. When the entry is complete, click OK to close the dialog box and

return to the main window.

6. Click the Authentication tab.

a. In the Search: pop-up menu, select Custom path.

b. Click the Add… button to bring up a dialog box.

c. Add only the directories necessary.

7. Click Apply.

3.7 Setting the Global umask

The umask setting determines the permissions of new files and folders created by a

local user. The default umask setting, 022, removes group and world write

permissions. With a umask setting of 027, files and folders created by a user will not

be readable by every other user on the system but will still be readable by members

of his assigned group. The owner of the file or folder can still make it accessible to

others by changing the permissions in the Finder’s Get Info window or by using the

chmod command. The NSUmask setting for all local users can be set to octal 027

(decimal equivalent 23) by issuing the following command in a Terminal window:

sudo defaults write /Library/Preferences/.GlobalPreferences

NSUmask 23

Note that the path above refers to the

domain .GlobalPreferences, not to the

file .GlobalPreferences.plist, which might

accidentally be filled in while using the

shell autocomplete feature.

This command will affect the permissions on files and folders created by programs

that respect the Mac OS X NSUmask settings. Programs should follow the value set

for NSUmask, but there is no guarantee that they will. Also, users can override their

own NSUmask setting at any time. The changes to the umask settings take effect at

next login.

3.8 Securing Initial System Accounts

Two accounts on the system require attention before any further configuration is

done. First, the permissions on the home folder of the initial administrator account

UNCLASSIFIED