Sane User Account Management

   

Sane User Account Management

Like the creation of the tire group , which houses nonadministrative users who are still used for system maintenance, it's very useful to add groups to your system for any logically collected groups of users on your system. The Unix privilege system underlying Mac OS X contains a mechanism to allow groups of users to mutually share access to files within their group, while protecting those files from other users on the same system.

To enable this capability, you must create groups for those users to belong to, and you must add their usernames to the group's users value list. A single user can be a member of any number of groups, and can assign files that he owns to be visible to any one of (or none of) the groups to which he belongs. To make use of this capability, the user must use the command-line group ownership tools, such as chmod , chown , and chgrp , or edit the Ownerships & Permissions information in the Finder.

Another change that you'll probably find useful to make to the groups NetInfo directory is the creation of a users group into which you can assign users who don't logically seem like staff users. Apple's Accounts pane creates users as members of the staff group, and you're welcome to leave them with this default group. There's a logical distinction between staff users and normal users on your other Unix systems, though, so you find it convenient to create yet another group to which to assign new, nonstaff users. On your Mac OS X machines, you create this as gid 99 , with the group name users .


   
Top


Mac OS X Maximum Security
Maximum Mac OS X Security
ISBN: 0672323818
EAN: 2147483647
Year: 2003
Pages: 158

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net