Effective Access Controls with Directories, Services and Sharepoints
-
Upload
bronson-tubb -
Category
Technology
-
view
175 -
download
0
Transcript of Effective Access Controls with Directories, Services and Sharepoints
Download Session Presentations http://macpres09.shownets.net
Q&A – MacIT® Conference
We are using Google Moderator to take questions for this session.
1. Go to http://tinyurl.com/633v6e
2. Pick the topic that matches this session
3. Sign in using a Google AccountUser Name: macworldexpo09Password: macworld09
4. Submit the questions you want to ask
5. Vote on others’ questions you want answered
AFPNFS
ACLsPOSIX
Share Points
SACLs
UsersGroups
SMB
Spotlight
Permissions
Authentication
OwnershipAuthorizationSecurity
XATTRs
ACEs DNS
LDAP
Mac OS X Users
Standard
Administrator
Managed with Parental Controls
Sharing
Guest
Root (System Administrator)
POSIX and ACLs
POSIX and ACLs coexist
ACLs evaluated first
POSIX permissions used if no ACE matched
Deny ACEs STILL override
Propagation
Commonly misunderstood
Occurs upon file or folder creation
Occurs when Administrator forces it
Does NOT occur when Inheritance is set
Share Server Performance Tips
One dedicated share server for every 150 remote home directory users
No more than 300 PHDs/server
Monitor Spotlight Indexing on share servers
Use MCXRedirector for ~/Library/Caches
Additional Resources
• http://www.apple.com/server/macosx/resources/Mac OS X Server Resources
• http://images.apple.com/server/macosx/docs/File_Services_Admin_v10.5.pdfMac OS X Server File Services Administration
• http://discussions.apple.com/forum.jspa?forumID=1233Apple Discussions Forum - Mac OS X Server v10.5 Leopard > File Sharing
More Additional Resources
• http://www.afp548.com/article.php?story=MCXRedirectorLeopard's Built-in Network Home Folder Redirector
• http://www.bombich.com/mactips/scripts.htmlBombich’s Service Access Control Lists Utility
• http://www.mikey-san.net/sandbox/Sandbox 2 - Access control lists for Mac OS X Client
Download Session Presentations http://macpres09.shownets.net