Mac OS X users manage their authorization rights


Even if you don’t want to enforce strict usage policies, you will still create accounts on Mac OS X for your users. The choices you make regarding user account types are fundamental decisions that have far-reaching implications for the rest of your system deployment because a user’s capability to do things on Mac OS X is directly related to the account type.

In fact, the most basic form of usage management is the “standard” user account type. Users with standard accounts, unlike those with administrator accounts, cannot make substantial changes to the system without administrator authorization. You can exert even more controlover your users by using network-based accounts or client management techniques.

Home Folder Management

To log in and use the Mac OS X interface, a user must have a read/write home folder. The system must have a location to store user items while the user is logged in to the computer. Therefore, all users, even guest users, must have a home folder where they can store their personal items. Just as the choices you make regarding user account types have far-reaching implications, so do your choices for home folder management. In many fullsystem deployments, the contents of the users’ home folders are the only items that vary from system to system and the only items that the users are allowed to modify. Because of the inherent variability in the users’ home folders, a specific management strategy is needed. Mac OS X v10.5 supports home folders stored on the local system drive, on an external storage device, on a mounted network volume, and on a local system and network hybrid known as a synchronized mobile home folder. All these home folder storage options, except for storage on the local system drive, require you to use network-based user accounts and client management techniques.

File System Permissions

Mac OS X uses file system permissions as the primary mechanism for controlling access to files and folders. The default permissions already provide a very secure storage environment. However, you can further restrict user access by adjusting file system permissions to better suit your needs. It’s not uncommon to configure custom permissions as part of a system deployment.

Authorization Management

Mac OS X uses a combination of technologies to manage authorization rights. These systems allow a user to bypass certain file system permissions to perform certain administrative tasks. These technologies include the /etc/authorization database, the /etc/sudoers file, and application of the suid and guid permission settings. Again, the Mac OS X default settings provide a very secure environment, but you can tweak these settings for your system deployment if your needs require.

Client Management

When administrators need to restrict a user’s ability to access features on a computer, their typical approach is client system management. Mac OS X includes a sophisticated set of Managed Client for Mac OS X (MCX) settings. An administrator can centrally manage a wide range of preferences and configurations using MCX settings. Further, MCX settingscan be accessed locally or hosted from a shared network directory service.

Mac OS X can access MCX settings hosted on a Mac OS X server running directory services or any properly configured third-party Lightweight Directory Access Protocol (LDAP) service, including Microsoft’s Active Directory (AD). A major benefit of managing MCX settings from a network directory service is that you can easily change configuration settings after your initial deployment. Planning and implementing this type of client management system is the best way to enforce usage policies and maintain a consistentconfiguration across your deployed systems.

Legal Disclaimer

Our website is not responsible for the information contained by this article. Webworldarticles.com is a free articles resource thus practically any visitor can submit an article. However if you notice any copyrighted material, please contact us and we will remove the article(s) in discussion right away.


This article was sent to us by: George Zenitti at 06242010

Related Articles

1. How to create simple NetBoot images
Many clients can read from the same NetBoot image, but when a client needs to write anything (such as print spools, browser caches, and other temporary files) back to its ...

2. Enabling ARD Remote Management
Apple Remote Desktop (ARD) 3 is the remote control, management, reporting, and deployment tool for Mac OS X systems. Every Mac OS X v10.5 system includes the client-side ...

3. Mac OS X file attributes and permissions
Mac OS X uses a unique file system, the Mac OS Extended format, that provides both perceived simplicity and enhanced metadata attributes. These file system features are r...

4. Printers in Snow Leopard and Gutenprint
Printers come in varying shapes, sizes, and configurations. As the primary output device on your computer, the printer becomes an important tool for converting the digital...

5. The NetBoot service explained in detail
The NetBoot service is most commonly used to provide a temporary operating system. In this article you will learn how to further accelerate the system deployment process b...

6. How to create ZIP archives in Mac OS X
Pros: Mac OS X file elements are retained if encoded and decoded using the correct Mac OS X tools. Multiple items contained in a single file tha...

7. Acessing the Internet if you have Snow Leopard
Internet access refers to the ability of your computer to access the Internet, which allows you to browse web sites, check e-mail, and much more. The method by which you a...

8. What does NetBoot needs to function properly
The requirements for NetBoot to function properly depend on the version of your NetBoot system images and scale of your deployment. If your NetBoot images contain Mac OS ...

9. Find out why Mac OS X has two built in file containers
When Apple moved to Mac OS X, it wanted to avoid the use of resource forks while still retaining the ability to make complex items appear as single icons. Instead of creat...

10. How to Recover Data on Mac OS X
There was a time when once you deleted files from your computer and emptied the Trash folder, your files were gone forever with no hope of return. For today's Mac compute...