Apple Xserve Up Mac OS X Server Specifications Page 133
- Page / 329
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
Chapter 8 Managing User and Group Accounts 133
4 Restrict which administrators are allowed to run the sudo tool by removing the line that
begins with %admin and adding the following entry for each user, substituting the user’s
short name for the word
user
:
user
ALL=(ALL) ALL
Doing this means that any time an administrator is added to a system, the
administrator must be added to the /etc/sudoers file as described above if that
administrator needs to use the sudo tool.
5 Save and quit visudo.
For more information, see the vi and visudo man pages.
Securing Single-User Boot
On Apple computers running Mac OS X, Open Firmware is the software executed
immediately after the computer is powered on. This boot firmware is analogous to the
BIOS on an x86-based PC.
To prevent users from obtaining root access by booting into single user mode or
booting from other disks, alter the Open Firmware settings. For desktop computers, the
Open Firmware security mode should be set to command. To configure the Open
Firmware settings, use the nvram tool.
To set the variable security mode:
$ nvram security-mode=“command”
In command mode, the computer boots from the boot device specified in the
computer’s boot device variable and disallows users from providing boot arguments.
To verify that the computer is in command mode as recommended:
1 Close all applications and choose Restart from the Apple menu.
A confirmation window appears. Restart the computer by clicking the Restart button.
2 Hold down the key combination Command-S while the computer boots.
If the command mode has been set correctly, the computer displays the Mac OS X
login window. Normally, holding down the Command-S key combination while starting
up causes the computer to start up in single-user mode.
3 If the computer started up in single-user mode, restart the computer by issuing the
command reboot; then repeat the previous steps for putting the computer into
command mode.
Open Firmware protection can be violated if the user has physical access to the
computer or if the user changes the physical memory configuration of the computer
and then resets the PRAM 3 times (holding down Option-P-R during boot). This
disables the Open Firmware password.
- Mac OS X Server 1
- Contents 3
- Contents 7 7
- 8 Contents 8
- Contents 9 9
- 10 Contents 10
- Contents 11 11
- 12 Contents 12
- Contents 13 13
- 14 Contents 14
- About This Guide 15
- Using This Guide 16
- Default Settings 17
- Viewing PDF Guides Onscreen 19
- Printing PDF Guides 19
- Getting Documentation Updates 20
- Executing Commands 21
- Specifying Files and Folders 22
- Standard Pipes 23
- Using Environment Variables 24
- Correcting Typing Errors 26
- Repeating Commands 26
- Searching for Text in a File 26
- Terminating Commands 27
- Scheduling Tasks 27
- Viewing Command Information 29
- $ hdiutil help 30
- $ dig -h 30
- $ diff --help 30
- $ sudo serveradmin 30
- Understanding SSH 31
- Updating SSH Key Fingerprints 33
- Using SSH 35
- Using Telnet 36
- Finishing Basic Setup 39
- $ ssh root@ 40
- Automating Server Setup 42
- Creating a Configuration File 43
- Changing Server Settings 49
- Using the serveradmin Tool 50
- Updating Server Software 52
- Moving a Server 53
- Computer 55
- Shutting Down a Computer 56
- Folder Usage 57
- Setting General System 59
- Preferences 59
- Setting Network Preferences 65
- Managing TCP/IP Settings 67
- Enabling TCP/IP 71
- $ ifconfig 73
- bondev 73
- Managing AppleTalk Settings 74
- Managing SNMP Settings 75
- Starting SNMP 76
- Configuring SNMP 76
- Managing Proxy Settings 78
- Managing AirPort Settings 80
- Hostname 81
- Bonjour Name 81
- Changing Network Locations 83
- 85 85
- Displaying Disk Information 86
- Monitoring Disk Space 87
- Using the diskutil Tool 89
- Partitioning a Disk 91
- Labeling a Disk 92
- Formatting a Disk 92
- Troubleshooting Disk Problems 93
- Managing Disk Journaling 93
- Disabling Journaling 94
- Performing Spotlight Searches 95
- Managing RAID Volumes 97
- Managing User and Group 99
- Accounts 99
- Retrieving a User’s GUID 105
- Removing a User Account 106
- Modifying a User Account 108
- Managing Home Folders 109
- Administering Group Accounts 110
- Creating a Group Account 111
- Removing a Group Account 112
- Adding a User to a Group 113
- Removing a User from a Group 114
- ajohnson 115
- Editing Group Records 117
- Creating a Group Folder 117
- Using MCX Extensions 118
- Importing Users and Groups 122
- DSNodePath 123
- StandardUserRecord 124
- StandardGroupRecord 124
- Exporting Users and Groups 127
- Setting Permissions 127
- Viewing Permissions 128
- Value Permission Level 129
- Changing Permissions 130
- Changing the Owner 130
- Securing System Accounts 131
- Securing Single-User Boot 133
- Setting Password Policy 134
- Working with File Services 137
- Listing Share Points 138
- Creating a Share Point 138
- Modifying a Share Point 140
- Disabling a Share Point 140
- Setting Disk Quotas 140
- Managing AFP Service 141
- Changing AFP Settings 142
- Available AFP Settings 142
- Viewing Connected Users 146
- Disconnecting AFP Users 147
- Canceling a User Disconnect 148
- Viewing AFP Log Files 149
- Managing NFS Service 151
- Managing FTP Service 152
- Changing FTP Service Settings 153
- Viewing the FTP Transfer Log 155
- Managing SMB Service 156
- Changing SMB Service Settings 157
- Viewing SMB User Information 160
- Disconnecting SMB Users 161
- Managing ACLs 162
- Using chmod to Modify ACLs 163
- Parameter Description 164
- The path to the volume 164
- ProcessVolume: processing / 165
- 167 167
- Managing Print Service 172
- Listing Queues 173
- Pausing and Releasing a Queue 173
- Holding and Releasing a Job 174
- Viewing Cover Pages 175
- Working with NetBoot Service 177
- Viewing NetBoot Settings 178
- Changing NetBoot Settings 178
- The Storage Record Array 179
- The Filters Record Array 180
- The Image Record Array 180
- The Port Record Array 181
- Working with System Images 182
- <compressedimage> 184
- <configuration.plist> 184
- Managing Mail Service 185
- /var/spool/imap/ 186
- Mail Service Settings 188
- Mail serveradmin Commands 200
- Viewing Mail Service Logs 201
- Backing Up Mail Files 202
- Obtaining an SSL Certificate 205
- Accessing Server Certificates 206
- Creating a Password File 206
- Configuring Mailboxes 207
- Enabling Sieve Scripting 208
- Sieve Scripting Resources 210
- Configuring and Managing Web 211
- Technologies 211
- Managing Web Service 212
- Changing Web Settings 213
- Viewing Service Statistics 214
- Web serveradmin Commands 214
- Listing Hosted Sites 214
- To view samples: 215
- Tuning Server Performance 217
- Apache Tomcat 218
- The MySQL Database 218
- Configuring and Managing 221
- Network Services 221
- Managing DHCP Service 222
- DHCP Service Settings 223
- DHCP Subnet Settings Array 224
- Adding a DHCP Subnet 226
- Adding a DHCP Static Map 227
- Managing DNS Service 228
- Viewing DNS Service Settings 229
- Changing DNS Service Settings 229
- DNS Service Settings 229
- Configuring IP Forwarding 230
- Managing Firewall Service 231
- Defining Firewall Rules 233
- A unique rule number 235
- Array” on page 236 235
- The ipfilter Rules Array 236
- Firewall serveradmin Commands 236
- Managing NAT Service 237
- Viewing NAT Service Settings 238
- Changing NAT Service Settings 238
- NAT Service Settings 238
- NAT serveradmin Commands 239
- Port Mapping 239
- Managing VPN Service 240
- Viewing VPN Service Settings 241
- Changing VPN Service Settings 241
- Site-to-Site VPN 245
- Configuring Site-to-Site VPN 246
- Setting Up IP Failover 247
- IP Failover Operation 248
- Enabling IP Failover 248
- Configuring IP Failover 249
- Enabling PPP Dial-In 251
- Directory 253
- Using General Directory Tools 254
- Managing OpenLDAP 255
- Idle Rebinding Options 257
- Searching the LDAP Server 257
- Using LDIF Files 260
- /path/to/secure/backup 262
- Using Directory Service Tools 264
- Configuring the RADIUS Server 266
- QuickTime Streaming Server 269
- Performing QTSS Tasks 270
- Changing QTSS Settings 271
- Available QTSS Parameters 271
- Managing QTSS 274
- Viewing QTSS Connections 275
- Viewing QTSS Statistics 275
- Creating an Access File 279
- Accessing Protected Media 280
- Adding or Deleting Groups 281
- Creating Reference Movies 282
- Controlling Podcast Capture 283
- Viewing Cameras and Workflows 284
- Viewing and Clearing Uploads 284
- Binding and Unbinding Cameras 285
- Controlling Cameras 285
- Configuring Workflows 286
- Configuring Cameras 286
- Configuring Properties 287
- Viewing Status Information 287
- Processing Submitted Content 288
- Repository Description 289
- Copy Upload 292
- FTP Upload 293
- HTTPS CGI POST Upload 293
- Service and iChat Service 295
- Configuring iChat Service 296
- System Logging 297
- Local Logging 298
- Remote Logging 299
- PCI RAID Card Command 301
- Reference 301
- Glossary 305
- 306 Glossary 306
- Glossary 307 307
- 308 Glossary 308
- Glossary 309 309
- 310 Glossary 310
- Glossary 311 311
- 312 Glossary 312
- Glossary 313 313
- 314 Glossary 314
- Glossary 315 315
- 316 Glossary 316
- Glossary 317 317
- 318 Glossary 318
- Glossary 319 319
- 320 Glossary 320
- tool 164 323
Related products and manuals for Servers Apple Xserve Up Mac OS X Server
Servers Apple SNOW LEOPARD 10.6 User Manual
(21 pages)
(21 pages)
© 2020, manymanuals.com. All rights reserved. | 0.737 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals