10.5-desktop-negative.T
From radmind
(Difference between revisions)
(17 intermediate revisions not shown.) | |||
Line 1: | Line 1: | ||
- | This is a work in progress. For development and testing only. Note that this transcript uses the ./ path option, which should be added to any fsdiff directives. | + | This is a work in progress. For development and testing only. Note that this transcript uses the ./ path option, which should be added to any fsdiff directives. Also, if you get a notice that the last line to "too long", make sure your transcript ends with a carriage return (blank line). |
<pre> | <pre> | ||
Line 24: | Line 24: | ||
# Console logs, crash reports, etc. | # Console logs, crash reports, etc. | ||
d ./Library/Logs 0775 0 80 | d ./Library/Logs 0775 0 80 | ||
+ | |||
+ | # Preferences managed by MCX | ||
+ | d ./Library/Managed\bPreferences 0755 0 80 | ||
+ | |||
+ | # Global defaults. Contains things like monitor info, color profile, timezone, autologin enabled, etc. | ||
+ | # Should be managed in some form in a lab setting, by Radmind or scripts. | ||
+ | f ./Library/Preferences/.GlobalPreferences.plist 0644 0 80 1201111972 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= | ||
# Available network interface information | # Available network interface information | ||
f ./Library/Preferences/SystemConfiguration/NetworkInterfaces.plist 0644 0 0 1179344420 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= | f ./Library/Preferences/SystemConfiguration/NetworkInterfaces.plist 0644 0 0 1179344420 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= | ||
+ | |||
+ | # Stored AirPort network descriptions. May only affect systems using wifi. Uncomment if file is present. | ||
+ | #f ./Library/Preferences/SystemConfiguration/com.apple.airport.preferences.plist 0644 0 0 1201111970 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= | ||
+ | |||
+ | # Current network settings are stored here. | ||
+ | f ./Library/Preferences/SystemConfiguration/com.apple.network.identification.plist 0644 0 0 1201111943 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= | ||
+ | |||
+ | # SMB settings (NetBIOS name, local krb5 realm, server name). | ||
+ | # Remove or comment out for a lab. | ||
+ | f ./Library/Preferences/SystemConfiguration/com.apple.smb.server.plist 0644 0 80 1201139976 469 aITGy0QsFNiyGT1T8hYC6lKJWiM= | ||
# Machine's rendezvous name, AppleTalk name, DHCP settings, etc. | # Machine's rendezvous name, AppleTalk name, DHCP settings, etc. | ||
# Remove this item if you're running a lab. | # Remove this item if you're running a lab. | ||
f ./Library/Preferences/SystemConfiguration/preferences.plist 0644 0 0 1179344421 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= | f ./Library/Preferences/SystemConfiguration/preferences.plist 0644 0 0 1179344421 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= | ||
+ | |||
+ | # AFP server settings. Contains a local krb5 principal for afpserver. | ||
+ | # Similar to smb plist above. Manage this in a lab. | ||
+ | f ./Library/Preferences/com.apple.AppleFileServer.plist 0644 0 80 1201139679 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= | ||
+ | |||
+ | # Software Update settings and Time Machine path exclusions. | ||
+ | # Should be managed in a lab setting. | ||
+ | f ./Library/Preferences/com.apple.SoftwareUpdate.plist 0644 501 80 1201112008 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= | ||
+ | f ./Library/Preferences/com.apple.TimeMachine.plist 0644 501 80 1201111256 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= | ||
+ | |||
+ | # Stores whether IR is enabled for Apple Remote. | ||
+ | # Should be managed in a lab setting. | ||
+ | f ./Library/Preferences/com.apple.driver.AppleIRController.plist 0644 0 80 1201139684 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= | ||
+ | |||
+ | # Contains hex strings identifying KDC and "systemdefault". | ||
+ | # May be appropriate to manage this in a lab. | ||
+ | f ./Library/Preferences/com.apple.security.systemidentities.plist 0644 0 80 1201139675 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= | ||
+ | |||
+ | # .bom receipts. See pkgutil(1). Manage in a lab setting? Radmind kind of moots this file. | ||
+ | f ./Library/Receipts/db/a.receiptdb 0600 96 0 1201282510 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= | ||
# Network share browsing | # Network share browsing | ||
Line 78: | Line 115: | ||
# temporary files, managed by system | # temporary files, managed by system | ||
d ./private/tmp 1777 0 0 | d ./private/tmp 1777 0 0 | ||
+ | |||
+ | # amavisd(8) - a mini-SMTP server | ||
+ | d ./private/var/amavis/db 0755 83 83 | ||
+ | d ./private/var/amavis/tmp 0755 83 83 | ||
+ | |||
+ | # at(1) jobs and spool | ||
+ | d ./private/var/at/jobs 0755 1 0 | ||
+ | d ./private/var/at/spool 0755 1 0 | ||
+ | d ./private/var/at/tmp 0700 0 0 | ||
# Apple caches | # Apple caches | ||
f ./private/var/db/BootCache.playlist 0600 0 0 1179344453 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= | f ./private/var/db/BootCache.playlist 0600 0 0 1179344453 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= | ||
f ./private/var/db/CodeEquivalenceDatabase 0644 0 0 1179344447 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= | f ./private/var/db/CodeEquivalenceDatabase 0644 0 0 1179344447 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= | ||
+ | |||
+ | # DirectoryService(8) data stores. File is a SQLite3 database containing | ||
+ | # copies of things like /etc/passwd, /etc/services, etc. Strange. | ||
+ | f ./private/var/db/DirectoryService/flatfile.db 0644 0 0 1201139670 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= | ||
+ | |||
+ | # Spotlight data location. Not used in all configurations. Does seem to be used in environments with network homes. | ||
+ | # Uncomment if you need it | ||
+ | #d /private/var/db/Spotlight-V100 0700 0 0 | ||
+ | |||
+ | # Crypto entroy cache. Used by things like security server. | ||
f ./private/var/db/SystemEntropyCache 0600 0 0 1179344400 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= | f ./private/var/db/SystemEntropyCache 0600 0 0 1179344400 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= | ||
Line 94: | Line 150: | ||
f ./private/var/db/dslocal/indices/Default/index 0644 0 0 1179865456 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= | f ./private/var/db/dslocal/indices/Default/index 0644 0 0 1179865456 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= | ||
d ./private/var/db/dslocal/nodes/Default 0700 0 0 | d ./private/var/db/dslocal/nodes/Default 0700 0 0 | ||
+ | |||
+ | # 10.5 uses a local MIT Kerberos V KDC, which shouldn't be managed | ||
+ | # on a personal machine. In a more tightly-controlled environment, | ||
+ | # like a public lab, the administrator may want to manage this. | ||
+ | # Alternatively, consider using excludes. | ||
+ | d ./private/var/db/krb5kdc 0700 0 0 | ||
# Contains the latest estimate of clock frequency error for ntpd | # Contains the latest estimate of clock frequency error for ntpd | ||
f ./private/var/db/ntp.drift 0644 0 0 1179423459 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= | f ./private/var/db/ntp.drift 0644 0 0 1179423459 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= | ||
+ | |||
+ | # DB data directory for BerkeleyDB associated with slapd-bdb(5) | ||
+ | d ./private/var/db/openldap/openldap-data 0755 0 0 | ||
+ | |||
+ | # slurpd(8) temporary directory | ||
+ | d ./private/var/db/openldap/openldap-slurp 0755 0 0 | ||
+ | |||
+ | # openldap pids go here | ||
+ | d ./private/var/db/openldap/run 0755 0 0 | ||
# MD5 hashes of user passwords | # MD5 hashes of user passwords | ||
Line 121: | Line 192: | ||
f ./private/var/log/alf.log 0644 0 0 1179344422 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= | f ./private/var/log/alf.log 0644 0 0 1179344422 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= | ||
f ./private/var/log/asl.db 0600 0 0 1179344558 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= | f ./private/var/log/asl.db 0600 0 0 1179344558 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= | ||
+ | d ./private/var/log/cups 0755 0 0 | ||
f ./private/var/log/cups/access_log 0644 0 26 1179344510 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= | f ./private/var/log/cups/access_log 0644 0 26 1179344510 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= | ||
f ./private/var/log/cups/error_log 0644 0 26 1179344558 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= | f ./private/var/log/cups/error_log 0644 0 26 1179344558 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= |
Current revision
This is a work in progress. For development and testing only. Note that this transcript uses the ./ path option, which should be added to any fsdiff directives. Also, if you get a notice that the last line to "too long", make sure your transcript ends with a carriage return (blank line).
# 10.5-desktop-negative # Spotlight database directory. Every writable mounted volume gets one. d ./.Spotlight-V100 0700 0 80 # Obvious, no? Every volume has its own .Trashes folder d ./.Trashes 1333 0 99 AAAAAAAAAABAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= # For fseventsd, but can't find any docs on it d ./.fseventsd 0700 0 80 # database of frequently-accessed small files a ./.hotfiles.btree 0600 0 0 1179344393 94 e25XUAMeUwitvZY5DnLvqOCiGy8= # Used by Carbon applications d ./.vol 0755 0 0 AAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= # Cached information d ./Library/Caches 1777 0 80 # Console logs, crash reports, etc. d ./Library/Logs 0775 0 80 # Preferences managed by MCX d ./Library/Managed\bPreferences 0755 0 80 # Global defaults. Contains things like monitor info, color profile, timezone, autologin enabled, etc. # Should be managed in some form in a lab setting, by Radmind or scripts. f ./Library/Preferences/.GlobalPreferences.plist 0644 0 80 1201111972 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= # Available network interface information f ./Library/Preferences/SystemConfiguration/NetworkInterfaces.plist 0644 0 0 1179344420 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= # Stored AirPort network descriptions. May only affect systems using wifi. Uncomment if file is present. #f ./Library/Preferences/SystemConfiguration/com.apple.airport.preferences.plist 0644 0 0 1201111970 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= # Current network settings are stored here. f ./Library/Preferences/SystemConfiguration/com.apple.network.identification.plist 0644 0 0 1201111943 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= # SMB settings (NetBIOS name, local krb5 realm, server name). # Remove or comment out for a lab. f ./Library/Preferences/SystemConfiguration/com.apple.smb.server.plist 0644 0 80 1201139976 469 aITGy0QsFNiyGT1T8hYC6lKJWiM= # Machine's rendezvous name, AppleTalk name, DHCP settings, etc. # Remove this item if you're running a lab. f ./Library/Preferences/SystemConfiguration/preferences.plist 0644 0 0 1179344421 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= # AFP server settings. Contains a local krb5 principal for afpserver. # Similar to smb plist above. Manage this in a lab. f ./Library/Preferences/com.apple.AppleFileServer.plist 0644 0 80 1201139679 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= # Software Update settings and Time Machine path exclusions. # Should be managed in a lab setting. f ./Library/Preferences/com.apple.SoftwareUpdate.plist 0644 501 80 1201112008 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= f ./Library/Preferences/com.apple.TimeMachine.plist 0644 501 80 1201111256 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= # Stores whether IR is enabled for Apple Remote. # Should be managed in a lab setting. f ./Library/Preferences/com.apple.driver.AppleIRController.plist 0644 0 80 1201139684 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= # Contains hex strings identifying KDC and "systemdefault". # May be appropriate to manage this in a lab. f ./Library/Preferences/com.apple.security.systemidentities.plist 0644 0 80 1201139675 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= # .bom receipts. See pkgutil(1). Manage in a lab setting? Radmind kind of moots this file. f ./Library/Receipts/db/a.receiptdb 0600 96 0 1201282510 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= # Network share browsing d ./Network 0755 0 0 AAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= # Cached information (kernel cache, fonts) d ./System/Library/Caches 0755 0 0 # Replacement for Extensions.kextcache ? d ./System/Library/Extensions/Caches 0755 0 0 # Extensions caching. Remove the files after installing new kexts. f ./System/Library/Extensions.mkext 0644 0 0 1179323969 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= # User home directories. Don't delete them. Use the User Management scripts # if you need to manage user profiles in a lab. d ./Users 0755 0 80 # Shared User space, required by some applications d ./Users/Shared 1777 0 0 # Other volumes mounted here. d ./Volumes 1777 0 80 AAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= # If coring is enabled, here's where cores go. d ./cores 1775 0 80 AAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= # Mac OS X uses a devfs and fdesc filesystem to handle /dev and /dev/fd d ./dev 0555 0 0 AAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= # Used by autofs for mounting d ./home 0555 0 0 d ./net 0555 0 0 # cupsd(8) components. Comment out if managing a lab. d ./private/etc/cups/ppd 0755 0 26 f ./private/etc/cups/printers.conf 0600 0 26 1194381759 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= # ssh authentication keys. For proper management, us sshd-key-gen.sh post-apply script f ./private/etc/ssh_host_dsa_key 0600 0 0 1180528981 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= f ./private/etc/ssh_host_dsa_key.pub 0644 0 0 1180528981 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= f ./private/etc/ssh_host_key 0600 0 0 1180529068 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= f ./private/etc/ssh_host_key.pub 0644 0 0 1180529068 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= f ./private/etc/ssh_host_rsa_key 0600 0 0 1180528979 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= f ./private/etc/ssh_host_rsa_key.pub 0644 0 0 1180528979 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= # temporary files, managed by system d ./private/tmp 1777 0 0 # amavisd(8) - a mini-SMTP server d ./private/var/amavis/db 0755 83 83 d ./private/var/amavis/tmp 0755 83 83 # at(1) jobs and spool d ./private/var/at/jobs 0755 1 0 d ./private/var/at/spool 0755 1 0 d ./private/var/at/tmp 0700 0 0 # Apple caches f ./private/var/db/BootCache.playlist 0600 0 0 1179344453 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= f ./private/var/db/CodeEquivalenceDatabase 0644 0 0 1179344447 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= # DirectoryService(8) data stores. File is a SQLite3 database containing # copies of things like /etc/passwd, /etc/services, etc. Strange. f ./private/var/db/DirectoryService/flatfile.db 0644 0 0 1201139670 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= # Spotlight data location. Not used in all configurations. Does seem to be used in environments with network homes. # Uncomment if you need it #d /private/var/db/Spotlight-V100 0700 0 0 # Crypto entroy cache. Used by things like security server. f ./private/var/db/SystemEntropyCache 0600 0 0 1179344400 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= # Certificate Revocation Lists # Managed by ocspd and crlrefresh d ./private/var/db/crls 0755 0 0 # DHCP leases d ./private/var/db/dhcpclient/leases 0700 0 0 # Local directory store. Replaces NetInfo Database. f ./private/var/db/dslocal/indices/Default/index 0644 0 0 1179865456 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= d ./private/var/db/dslocal/nodes/Default 0700 0 0 # 10.5 uses a local MIT Kerberos V KDC, which shouldn't be managed # on a personal machine. In a more tightly-controlled environment, # like a public lab, the administrator may want to manage this. # Alternatively, consider using excludes. d ./private/var/db/krb5kdc 0700 0 0 # Contains the latest estimate of clock frequency error for ntpd f ./private/var/db/ntp.drift 0644 0 0 1179423459 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= # DB data directory for BerkeleyDB associated with slapd-bdb(5) d ./private/var/db/openldap/openldap-data 0755 0 0 # slurpd(8) temporary directory d ./private/var/db/openldap/openldap-slurp 0755 0 0 # openldap pids go here d ./private/var/db/openldap/run 0755 0 0 # MD5 hashes of user passwords d ./private/var/db/shadow/hash 0700 0 0 # managed by rpc.statd(8) f ./private/var/db/statd.status 0644 0 0 1099338074 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= # sudo timestamps d ./private/var/db/sudo 0700 0 0 # used by vsdbutil(8) which controls ownership/permissions on removable volumes f ./private/var/db/volinfo.database 0644 0 0 1179348698 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= # XXX - Need to document why # Appears to contain various caches for fonts and icons d ./private/var/folders 0755 0 0 # system log directory -- removing this would cause old logs to be removed by radmind, leaving only # those listed below. Depending on your environment and policy, that might be a good thing d ./private/var/log 0755 0 0 # Logging facilities. syslogd doesn't create them if they're missing. f ./private/var/log/alf.log 0644 0 0 1179344422 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= f ./private/var/log/asl.db 0600 0 0 1179344558 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= d ./private/var/log/cups 0755 0 0 f ./private/var/log/cups/access_log 0644 0 26 1179344510 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= f ./private/var/log/cups/error_log 0644 0 26 1179344558 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= f ./private/var/log/daily.out 0644 0 0 1179818102 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= f ./private/var/log/install.log 0640 0 80 1179349203 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= f ./private/var/log/ipfw.log 0640 0 80 1174796825 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= f ./private/var/log/mail.log 0644 0 0 1180463047 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= f ./private/var/log/mb.log 0644 0 0 1179344541 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= f ./private/var/log/monthly.out 0644 0 0 1178011800 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= f ./private/var/log/seatbelt.log 0644 0 0 1179344541 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= f ./private/var/log/secure.log 0600 0 80 1174796825 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= f ./private/var/log/system.log 0640 0 80 1179407716 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= f ./private/var/log/weekly.out 0644 0 0 1179559083 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= f ./private/var/log/windowserver.log 0640 0 80 1179344437 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= # each local user's mail is stored here d ./private/var/mail 0775 0 6 # Managed by msgs(1) f ./private/var/msgs/bounds 0644 0 0 1174796825 0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= # radmind client data d ./private/var/radmind/client 0755 0 0 # where pid information is stored for running processes d ./private/var/run 0775 0 1 # samba share configuration and winbindd(8) support d ./private/var/samba/shares 0755 0 0 d ./private/var/samba/winbindd_privileged 0700 0 0 d ./private/var/samba/winbindd_public 0755 0 0 # CUPS print spooling d ./private/var/spool/cups/cache 0775 0 26 d ./private/var/spool/cups/tmp 1770 0 26 # fax spooling d ./private/var/spool/fax 0750 0 0 # postfix(1) mail spooling; see also output of postconf -d d ./private/var/spool/mqueue 0750 0 0 d ./private/var/spool/postfix/active 0700 27 0 d ./private/var/spool/postfix/bounce 0700 27 0 d ./private/var/spool/postfix/corrupt 0700 27 0 d ./private/var/spool/postfix/defer 0700 27 0 d ./private/var/spool/postfix/deferred 0700 27 0 d ./private/var/spool/postfix/flush 0700 27 0 d ./private/var/spool/postfix/hold 0700 27 0 d ./private/var/spool/postfix/incoming 0700 27 0 d ./private/var/spool/postfix/maildrop 0730 27 28 d ./private/var/spool/postfix/pid 0755 0 0 d ./private/var/spool/postfix/private 0700 27 0 d ./private/var/spool/postfix/public 0710 27 28 d ./private/var/spool/postfix/saved 0700 27 0 d ./private/var/spool/postfix/trace 0700 27 0 # unix to unix copy spool. uucp(1). d ./private/var/spool/uucp 0755 4 0 # Temporary items, managed by the system. d ./private/var/tmp 1777 0 0 # Virtual memory d ./private/var/vm 0755 0 0 # xgrid(1) client job control d ./private/var/xgrid/agent 0755 86 0 d ./private/var/xgrid/agent/cookies 0755 86 0 d ./private/var/xgrid/controller 0755 85 0 d ./private/var/xgrid/controller/blobs 0755 85 0