Organize your shared information, Security issues – Apple Mac OS X Server (Administrator’s Guide) User Manual
Page 210
210
Chapter 4
Conversely, you might want to set up share points using a single protocol even though you
have different kinds of clients. For example, if almost all of your clients are UNIX users and
just a couple are Mac OS clients, you may want to share items using only NFS in order to
keep your setup simple. Keep in mind, however, that Mac OS users will not enjoy the
features of AFP not provided by NFS, such as the ability to search server contents using
Sherlock, and performance optimization.
See Chapter 5, “File Services,” on page 221 for more information.
Organize Your Shared Information
Once you have created share points, users will start to form “mental maps” of the share
points you have set up and the items contained in them. Changing share points and moving
information around could cause confusion. If you can, organize the information you share
before you start creating share points. This is especially important if you are setting up
network home directories (see “Administering Home Directories” on page 155).
Windows Users
If you have Windows clients, you should set up at least one share point to be used only by
your Windows users. This provides a single point of access for the Windows users.
Security Issues
Security of your data and your network is critical. The most effective method of securing your
network is to assign appropriate privileges for each file, folder, and share point as you create it.
Be careful when creating and granting access to share points, especially if you’re connected
to the Internet. Granting access to Everyone, or to World (in NFS service), could potentially
expose your data to anyone on the Internet.
NFS share points don’t have the same level of security as AFP and SMB, which require user
authentication (typing a user name and password) to gain access to a share point’s contents.
If you have NFS clients, you may want to set up a share point to be used only by NFS users.
Restricting Access by Unregistered Users (Guests)
When you configure any file service, you have the option of turning on guest access. Guests
are users who can connect to the server anonymously without entering a valid user name or
password. Users who connect anonymously are restricted to files and folders with privileges
set to Everyone.
To protect your information from unauthorized access, and to prevent people from
introducing software that might damage your information or equipment, you can take these
precautions using the Sharing module of Server Settings:
m Share individual folders instead of entire volumes. The folders should contain only those
items you want to share.