Setting SACL Permissions for Limiting Access to Protocols
You can prevent specific users from accessing AFP and SMB, and/or protocol services using service access control lists (SACLs). Removing a user or group from an SACL listing for SMB, for instance, prevents that user or group from accessing all share points shared with SMB. You can also prevent users from accessing other services, including iCal and Profile Manager. SACLs are permissions to use a service.
For file sharing, SACLs are a way to control behavior. For example, if you want your Mac users to always use AFP to connect to the file server, you can ban them from the SMB service.
To configure SACLs, do the following:
- In Server Admin, select your server listed in the left column.
- Click Access in the toolbar, and then click the Services tab.
The window in Figure 9-12 appears.
- Select one of the two radio buttons on the left to restrict services:
- For All Services limits access to all services listed.
- For Selected Services Below limits access for individual services.
- Select one of the two radio buttons on the right to choose a level of restriction for users and groups:
- Allow All Users and Groups allows access to the service(s) by all.
- To restrict access, click Allow Only Users and Groups Below. Select one or more services. Then click the Add (+) button to bring up the Users & Groups palette and drag users and groups to the list.
- Click Save.
Figure 9-12 Setting SACL permissions in Server Admin to restrict access to ...
Get Mac OS X Lion Server For Dummies® now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
