Lesson 11 - Manage Permissions and Sharing Flashcards
How do you identify the ownership and permissions of a file or folder in the Finder?
An item’s ownership and permissions can be identified using the Info or Inspector windows in the Finder.
How do ACLs differ from standard UNIX file system permissions?
Standard UNIX file system permissions allow permissions to be set for only one owner, one group, or all others. ACLs, on the other hand, allow for an essentially unlimited list of permissions entries.
What is the locked file flag?
The locked file flag prevents anyone, including the item’s owner, from editing an item. Only the item’s owner can unlock the item to then allow modification.
Why is the root, or beginning, level of a user’s home folder visible to other users?
The root level of a user’s home folder is visible to other users so they can navigate to the Public shared folder.
How does the default organization of the file system allow users to safely share local files and folders?
Every home folder contains a Public folder that other users can read and a Drop
Box folder that other users can write to. All other subfolders in a user’s home folder (except the optional Sites folder) have default permissions that do not allow access to other users. The Shared folder is also set for all users to share items.
What is unique about the permissions of the /Users/Shared folder?
The Shared folder is set up to allow all users to read and write files, but only the user who owns an item can delete it from the Shared folder. This is accomplished using the sticky bit permissions setting.
What does it mean when you choose the option to “ignore volume ownership” in the Finder? What are the security ramifications of ignoring volume ownership?
You can choose to ignore ownership on any nonsystem volume. This will ignore any ownership rules and grant any logged-on user unlimited access to the contents of the
volume. It is a potential security risk because it will allow any local user account to have full access to the volume even if that user did not originally mount the volume.
How does System Integrity Protection (SIP) help ensure that an OS X system remains secure?
SIP prevents users and processes with root access from modifying core OS X system items. Protected items include the /System, /bin, /sbin, and /usr folders along with core system applications.
