What is a package? What is the first step to making a package with PackageMaker? Describe the contents of an installation package that can be created with PackageMaker.

A package is a bundled file used by the Installer to install a specific piece of software.

First step: Create the folder structure on your hard drive exactly as you want to end on the users folder once installed. This consists of a root folder (which contains the eventual contents of your package). Also consists of a resource folder.

A package consists of the following components:
– bill of materials: a binary file that describes the contents of the package

– information property list: an XML file that contains the information entered in the package definition file when the package is created

– archive file: the set of files to be installed, also known as the payload. the archive file can be compressed to make the whole package smaller in size

– size-calculation file: a text file that contains the compressed and uncompressed sizes of the packages payload, which Installer uses to calculate the space required to install the payload

– Resources: optional files that Installer uses during an installation but doesnt install on the target computer. These include background picture used by the Installer, Read Me files, license-agreement files, and scripts.

Describe the authentication that is available for various file service protocols: AFP, SMB, NFS, FTP/SFTP? Which protocol supports which kind of authentication? Which file sharing protocols are browsable by which service discovery protocols? Is the authentication sent encrypted? Is the data encrypted?

AFP – authentication is normally encrypted; data is not encrypted; browsable via Bonjour & SLP

SMB – authentication is normally encrypted; data is not encrypted; browsable via NetBOIS

NFS – no user authentication at all; browsable via Bonjour & SLP

FTP – authentication is sent in the clear (cleartext); data is not encrypted; browsable via Bonjour, SLP

SFTP – authentication is encrypted; data is encrypted; not browsable

Describe the different options configured on Mac OS X Server 10.4 when configuring AFP and what they do (Where is this configured and enabled?). Describe the options available for a particular sharepoint. What is the difference between POSIX permissions and inherited permissions?

Describe the different levels of logging and logging options for AFP in Mac OS X Server 10.4? Can you log ownership and permissions changes? Can you log failed log-in attempts?

Note that AFP keeps an Access Log and an Error log.

You can enable/disable the Access Log entirely (Server Admin->AFP-> Settings->Logging)

Here you can choose to Archive the log every X days

You can also select which events get logged: Login, Logout, Open File, Create File, Create Folder, Delete File/Folder

You can also set to archive the Error log every X days (or not at all), but you cannot disable the Error log entirely.

Can you log ownership and permissions changes?
——————-

Can you log failed log-in attempts?
——————-

If you are an OS X administrator and are configuring your /Network, where is this done and what does this affect for users logging in?

This is for user accounts which are being managed such that when the user logs in they see a custom list of options under the /Network list (network browsing) in Mac OS X.

This is done in WGM, go to the Network icon or choose Network Admin from the view menu.

This also allows you to display services that may not advertise themselves automatically, like a web service.

There are three ways to configure a Network view for clients:

Named view – is for those specific computers listed in WGM

Default view – is what is seen by users who are bound to the directory (for example, a DHCP client) but do not have specific managed preferences

Public view – is seen by clients who connect to the network but are not bound in any way to the directory service

What choices are you presented with for configuring Open Directory in Server Assistant?

Standard
Connected to directory system
Open Directory master

(you cannot configure a Replica in Server Assistant)

Describe how to use Access Control lists, how they interact with Owner & Group permissions? Can an owner of a file change the ACL while connected over AFP? What is the Effective Permissions Inspector?

Files and folders are set with POSIX permissions and, if enabled on the volume, can also have File Access Control Lists applied inidividually.

(Both are configured in WGM -> Sharing)

File ACLs, which can be set in a granular way, override any POSIX permissions which they related to (on a permission-by-permisison basis). You can use the Effective Permissions Inspector (in WGM utility menu) to see how the ACL will affect or override the POSIX permissions for any particular use or group.

A user logged in over AFP can change permissions or ownership of a file they own IF there is no corresponding ACL list which prevents this (an ACL can be setup to deny Change Permissions or Change Owner).

A user logged in over AFP cannot change the ACL entry, however, that applies to a given file or folder.

Describe the managed preferences order priority. Scenario is: dock positioned on one side for user, other side for group, bottom for computer. Describe the behavior of what happens when a remote user logs in with managed preferences. What takes priority and how does the OS handle this for preferences that are override?

For managed preferences where the user, group, and computer have different preferences managed, the behavior for each preference is either: inherit, override, or combine.

The logic is that each preference is evaluated separately — if the preference is only set for one– user, group, OR computer (and the others are not managed), then whichever one is set will become the result– this is called inherited

If the preference is set for more than one– user, group, and computer — then it depends on whether or not the preference itself can have only one value. For example, the Dock position can have only one value. The list of available Applications, or the items to launch at log-in, however, can have multiple values. If the preference can have only one value, then the override rule applies: the user trumps computer, and the computer trumps the group. (when combining preferences that can have only one value, the order of importance is: user, computer, group)

Finally, if the preference CAN have multiple values (like Log-in items or Applications), the user, group, and computer managed preferences are combined.

In OX X Server 10.4, what does FTP support on-the-fly? (encrypt, decrypt, encode, decode, etc…) What is commonly done together and what is not supported?

encode — this has to do with the files with Resource forks (from mac OS 9 typically) which get encoded into a MacBinary file– with resource fork & data fork together

archive — taking a group of files and/or folders and archiving them into a single .tar file

compress — will add .gz to end and compress the file (does not preserve resource forks)

Commonly done together: archiving & compressing, to create a .tar.gz file

note you could also use MacBinary in combination with the others

WHAT IT DOES NOT SUPPORT:
encrypt
decrypt
uncompress

Does OX X Server 10.4 implementation on FTP support CRAM-MD5 and what is CRAM-MD5?

Not supported by FTP. FTP can authenticate Clear text or kerberos