T 3.108 Incorrect configuration of Mac OS X

To change the system configuration under Mac OS X, the configuration files can be modified using a text editor, command line calls, or a graphical user interface. When using several methods to change the system, this may create inconsistencies because the changes are stored in different configuration files and no synchronisation is made between these files. Moreover, security settings may cancel each other out or complicate the administration of the client under Mac OS X.

For example, when configuring SSH it is possible to modify the file "/etc/sshd_config" both directly and via the graphical user interface available in the "System Preferences" under "Sharing". The settings made are stored in different configuration files and will not be synchronised. So it can be possible, even though the SSH configuration files are correct, that no remote access via SSH is possible because the content of the configuration files is contradictory.

Example:

• A smaller company employs two administrators. One of the administrators always uses the command line or a text editor to configure the system. The other administrator prefers the graphical user interface. To increase personnel redundancy, both administrators are ordered to administrate the remote access. The file "/etc/sshd_conf" already includes several users that are activated for remote access via SSH. After employing a new colleague, the administrator using the graphical user interface creates a new entry for the new colleague. As both lists are no longer consistent, no one will be able to login via SSH anymore.