Mac OS X Server 10.4 Tiger: Visual QuickPro Guide

Service Access Control Lists (ACLs) are new to Mac OS X Server 10.4. Like the firewall service discussed in the following section, service ACLs are a very powerful security toolbe very careful not to lock yourself out of your server! Service ACLs determine which users or groups have access to the services provided by your server. In previous versions of Mac OS X Server, if a service was enabled for one user, it was enabled for all. Service ACLs are an additional security measure that will limit service usage to only those users you define.

The following task shows you how to restrict people from logging into the server, even if they have access to a keyboard and monitor attached to the server.

To restrict access to the Login window

1.

Launch Server Admin and select your server from the Computers & Services list.

You don't need to authenticate if you have already added your server to the keychain. Leave Server Admin running for the next several exercises.

2.

Click the Settings button and then click the Access tab (Figure 10.4).

Figure 10.4. Using Server Admin to control access to services.

3.

Deselect the "Use same access for all services" check box but select the "Allow only user and groups below" check box.

4.

Select Login Window from the Service list below and click the plus button to open the Users and Groups drawer on the right side of the window.

5.

Click-and-drag your username and any other users from the drawer to the Name list (Figure 10.5).

Figure 10.5. Dragging in users from the user list to restrict access to the Login window.

6.

Click the Save button to save your changes and permit only the selected users to log in via the Login window.

7.

Test access by attempting to log in as a user not included in the access list.

Категории