Specifications
Chapter 2 Setting Up File Service Permissions 31
Restricting Access to NFS Share Points
NFS share points without the use of Kerberos don’t have the same level of security as
AFP and SMB, which require user authentication (entering a user name and password)
to gain access to a share point’s contents.
If you have NFS clients, you might want to set up a share point to be used only by
NFS users or congure NFS with Kerberos. NFS doesn’t support SACLs. For more
information, see “Protocol Security Comparison” on page 15.
Restricting Guest Access
When you congure any le service, you can turn on guest access. Guests are users
who connect to the server anonymously without entering a user name or password.
Users who connect anonymously are restricted to les and folders that have privileges
set to Everyone.
To protect your information from unauthorized access, and to prevent people from
introducing software that might damage your information or equipment, take the
following precautions by using File Sharing in Server Admin:
Depending on the controls you want to place on guest access to a share point, Â
consider the following options:
Set privileges for Everyone to None for les and folders that guest users shouldn’t Â
access. Items with this privilege setting can be accessed only by the item’s owner
or group.
Put all les available to guests in one folder or set of folders and then assign the Â
Read Only privilege to the Everyone category for that folder and each le in it.
Assign Read & Write privileges to the Everyone category for a folder only if guests Â
must be able to change or add items in the folder. Make sure you keep a backup
copy of information in this folder.
Don’t export NFS volumes to World. Restrict NFS exports to a subnet or a specic list Â
of computers.
Disable access to guests or anonymous users over AFP, FTP, and SMB using Server Â
Admin.
Share individual folders instead of entire volumes. The folders should contain only Â
those items you want to share.