search for: mac_uids

I am trying to come up with a workable solution in managing numerous Mac workstations allowing a high degree of flexibility with regards to certs. My puppet environment is setup to application installation on machines that have been ''imaged'' with a base OS and the puppet and facter apps. So, when a Mac is ''imaged'' and subsequently re-booted, puppet is run at

...such an environment. Have I missed anything? Has something similar been done? The module would (roughly) work as follows: Defining security levels in a similar way to mac_mls or mac_biba, we define a range of uids as sysctl variables to be used as "compartiments". For example, mac.mac_uids.lowuid mac.mac_uids.highid And it would be implemented so that: Below a given security level, (mac.mac_uids.enforce_below) - Any operation of a subject with uid x (between lowuid and highuid) on an object with uid y (between lowuid and highuid) would fail. - A subject with a given security le...