This example considers a relatively small storage system with fewer than fifty users. Users will have login capabilities and are permitted to store data and access resources.
Begin by adding the following line to
The mac_bsdextended(4) security policy module may be
activated by adding this line to
Default rules stored in
/etc/rc.bsdextended will be loaded at
system initialization. However, the default entries may need
modification. Since this machine is expected only to service
users, everything may be left commented out except the last
two lines in order to force the loading of user owned system
objects by default.
Add the required users to this machine and reboot. For
testing purposes, try logging in as a different user across
two consoles. Run
ps aux to see if processes
of other users are visible. Verify that running ls(1) on
another user's home directory fails.
Do not try to test with the
root user unless the specific
sysctls have been modified to block super