beautypg.com

Security issues – Apple Mac OS X Server (Administrator’s Guide) User Manual

Page 222

background image

222

Chapter 5

You must configure and turn on file services in order for clients to be able to access shared
information—the volumes and folders that you designate as share points—as described in
Chapter 4, “Sharing.” You must also turn on Windows services if you want to share network
printers using Windows Printing (SMB). Print service is described in Chapter 7, “Print
Service,” on page 315.

For descriptions of the file services, see

m “Apple File Service” on page 224

m “Windows Services” on page 235

m “File Transfer Protocol (FTP) Service” on page 244

m “Network File System (NFS) Service” on page 256

Security Issues

Security of your data and your network is the most critical issue you must consider when
setting up your file services.

The most important protection for your server is how you set the privileges for individual
files. In Mac OS X, every file has its own privilege settings that are independent of the
privileges for its parent folder. Users can set privileges for files and folders they place on the
server, and the server administrator can do the same for share points. See “Privileges” on
page 205.

Allowing Access to Registered Users Only

If you do not want to allow guests to access your server, make sure guest access is turned
off for each file service. If you see a checkmark next to Allow Guest Access in AFP or SMB
Access settings, guest access is turned on for that service. For FTP, guest access is called
“anonymous” access. Click the box to remove the checkmark and turn guest (or anonymous)
access off.

AFP also allows you to control guest access for individual share points, if you allow guest
access for the service. See “Configuring Apple File Protocol (AFP) Share Points” on page 212.

The equivalent to allowing guest access for NFS service is to export a shared item to World.
Unlike guest access, which you set when configuring a service, exporting to World for NFS is
an option you set when sharing an item. See “Sharing (Exporting) Items Using Network File
System (NFS)” on page 213.

Note: NFS lacks authentication. NFS service allows users access to shared information based
on their computers’ IP addresses. This is not as secure a method of preventing unauthorized
access as the authentication techniques employed by the other file services that require users
to enter their user names and passwords in order to gain access to shared information.

This manual is related to the following products:
See also other documents in the category Apple Software: