Information access control – Apple Mac OS X Server (version 10.2.3 or later) User Manual

120

Chapter 3

m A non-Apple LDAP server can be used to validate the password.

Information Access Control

All directories (folders) and files on Mac OS X computers have access privileges for the file’s
owner, a group, and everyone else.

Mac OS X uses a particular data item in a user’s account—the UID—to keep track of directory
and file access privileges.

Directory and File Owner Access

When a directory or file is created, the file system stores the UID of the user who created it.
When a user with that UID accesses the directory or file, he or she has read and write
privileges to it by default. In addition, any process started by the creator has read and write
privileges to any files associated with the creator’s UID.

If you change a user’s UID, the user may no longer be able to modify or even access files and
directories he or she created. Likewise, if the user logs in as a user whose UID is different
from the UID he or she used to create the files and directories, the user will no longer have
owner access privileges for them.

Directory

services

Password Server

Kerberos server

Directory server

User

account

Password provided

can be validated

using value stored

in account.

Password can also

be validated using

value stored on

another server on

the network.

Owner 127 can: Read & Write
Group 2017 can: Read only
Everyone else can: None

MyDoc

LL0395.Book Page 120 Wednesday, November 20, 2002 11:44 AM