Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Custom SACL's and ACL's

Anyone heard of the ability or method for adding custom SACL's to Server Admin? Also, I'd like to see the non-osx system directories like /opt/ /sbin etc in WGM window and can't seem to figure out how.

I've also been toying with methods of hand rolling hardened services with ACL's and simulating chroot type environments. I've gotten as far as effectively chroot'ing a user into a single directory and children with a functional bash shell.

My method involves using ktrace, kdump, and otool and just running down everything the user needs. The method seems very scriptable. A wrapper could be made that referred to a yaml file template for each "service" to enable. For example, if you wanted to lock a user into a single directory with only bash, ssh, and vim you could:

$ jail <username> <targetdirecory> service1 service2 service3 ...

Anyway, I'm new to ACL's and especially ACL's on osx so I'm sure this is all old hat to those familiar with them.

Any tips, pointers, do's, don't's...etc?


-james
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden


Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.