Most transport encryption requires the participation of both parties in the transaction. Some services (such as SMTP mail service) can’t reliably use such techniques, so encrypting the file itself is the only method of reliably securing the file content.
To learn more about file encryption, see “About File Encryption” on page 55.
About File Security
By default, files and folders are owned by the user who creates them. After they’re created, items keep their privileges (a combination of ownership and permissions) even when moved, unless the privileges are explicitly changed by their owners or an administrator. Therefore, files and folders you create are not accessible if they are created in a folder that the users don’t have privileges for.
When setting up share points, make sure that items allow appropriate access privileges for the users you want to share them with.
File and Folder Permissions
Mac OS X Server supports the following file and folder permissions:
ÂÂ Standard Portable Operating System Interface (POSIX) permissions ÂÂ Access Control Lists (ACLs)
POSIX permissions let you control access to files and folders based on three categories of users: Owner, Group, and Everyone Else.
Although these permissions control who can access a file or a folder, they lack the flexibility and granularity that many organizations require to deal with elaborate user environments.
ACL permissions provide an extended set of permissions for files or folders and allow you to set multiple users and groups as owners. In addition, ACLs are compatible with Windows Server 2003 and Windows XP, giving you added flexibility in a multiplatform environment.
For more information about file permissions, see the online help and Mac OS X Server Resources website at www.apple.com/server/macosx/resources/
About File Encryption
Mac OS X has a number of technologies that can perform file encryption, including:
ÂÂ FileVault: FileVault performs
Chapter 4 Enhancing Security
55
