beautypg.com

Administration level security, Setting administration level privileges – Apple Mac OS X Server (Version 10.6 Snow Leopard) User Manual

Page 74

background image

$count = @{[$_ =~ /$match/g]};
if($count > 0) {
$flag = 1;
}
}
close SBUFF;
if($flag == 1) {
"ssh $server -x -o batchmode=yes shutdown -r now"
}
}

Administration Level Security

Mac OS X Server can use another level of access control for added security.
Administrators can be assigned to services they can configure. These limitations are
enacted on a server-by-server basis. This method can be used by an administrator with
no restrictions to assign administrative duties to other admin group users.

This results in a tiered administration model, where some administrators have more
privileges than others for assigned services. This results in a method of access control
for individual server features and services.

For example, Alice (the lead administrator) has control over all services on a given
server and can limit the ability of other admin group users (like Bob and Cathy) to
change settings on the server. She can assign DNS and Firewall service administration
to Bob, while leaving Mail service administration to Cathy.

In this scenario, Cathy can’t change the firewall or any service other than mail. Likewise,
Bob can’t change any services outside of his assigned services.

Tiered administration controls are effective in Server Admin and the serveradmin
command-line tool. They are not effective against modifying UNIX configuration files
throughout the system. Protect UNIX configuration files with POSIX-type permissions
or ACLs.

Setting Administration Level Privileges

Mac OS X Server can use another level of access control for added security.
Administrators can be limited to specific services they can configure. These limitations
are enacted on a server-by-server basis. This method can be used by an administrator
with no restrictions to assign administrative duties to other admin group users.

This results in a tiered administration model, where some administrators have more
privileges than others for their assigned services. This results in a kind of access control
for individual server features and services.

74

Chapter 4

Enhancing Security

See also other documents in the category Apple Software: