A SERVICE OF

logo

Open as PDF
next previous
Chapter 4 Enhancing Security 55
Most transport encryption requires the participation of both parties in the transaction.
Some services (such as SMTP mail service) can’t reliably use such techniques, so
encrypting the le itself is the only method of reliably securing the le content.
To learn more about le encryption, see “About File Encryption” on page 55.
About File Security
By default, les and folders are owned by the user who creates them. After they’re
created, items keep their privileges (a combination of ownership and permissions)
even when moved, unless the privileges are explicitly changed by their owners or
an administrator. Therefore, les and folders you create are not accessible if they are
created in a folder that the users don’t have privileges for.
When setting up share points, make sure that items allow appropriate access privileges
for the users you want to share them with.
File and Folder Permissions
Mac OS X Server supports the following le and folder permissions:
Standard Portable Operating System Interface (POSIX) permissions Â
Access Control Lists (ACLs) Â
POSIX permissions let you control access to les and folders based on three categories
of users: Owner, Group, and Everyone Else.
Although these permissions control who can access a le or a folder, they lack the
exibility and granularity that many organizations require to deal with elaborate user
environments.
ACL permissions provide an extended set of permissions for les or folders and allow
you to set multiple users and groups as owners. In addition, ACLs are compatible with
Windows Server 2003 and Windows XP, giving you added exibility in a multiplatform
environment.
For more information about le permissions, see the online help and Mac OS X Server
Resources website at www.apple.com/server/macosx/resources/
About File Encryption
Mac OS X has a number of technologies that can perform le encryption, including:
 FileVault: FileVault performs on-the-y encryption on each user’s home folder.
This encrypts the entire directory in one virtual volume, which is mounted, and
the data is unencrypted as needed.