Specifications
Chapter 8 Managing User and Group Accounts 131
Changing the Group
To change the group of a file or folder, use the chgrp tool.
$ chgrp
groupname
fileorfolder
To change the group of file1 and file2 to the group ateam:
$ chgrp ateam file1 file2
For more information, see the chgrp man page.
Securing System Accounts
The following sections cover security settings for user accounts.
Securing Initial System Accounts
Two accounts on the computer require attention before further configuration:
 The permissions on the home folder of the initial administrator account should be
changed.
 Necessary modifications to the root account should be performed.
To secure initial system accounts, the permissions on the home folder of the initial
administrator account should be changed to allow only administrator access.
The permissions on the home folder of the just-created administrator account allow
any user who logs in to the computer to browse its contents.
To change permissions on the administrator’s home folder:
$ chmod 700 /Users/
adminname
Replace adminname with the name of the account. The 700 permission setting allows
only the administrator to read and browse files in the administrator’s home folder.
Securing the Root Account
Mac OS X Server includes a root account like other UNIX-based systems. Initially,
its password is set to that of the first administrator account.
Direct root login should not be allowed, because the logs cannot identify which
administrator logged in. Instead, accounts with administrator privileges should be used
for logging in, and then the sudo tool should be used to perform actions with root
privileges.
Parameter Description
groupname
The group that will become associated with the file or folder.
fileorfolder
The name of the file or folder to change.