Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Print Service Administration For Version 10.4 or Later
21222324252627282930
28 Chapter 1 Overview of File Services
Restricting Access to File Services
As stated in “File Services Access Control” on page 26, you can use Service Access
Control Lists (SACLs) to restrict access to AFP, FTP, and Windows services.
Restricting Access to Everyone
Be careful when creating and granting access to share points, especially if you’re
connected to the Internet. Granting access to Everyone, or to World (in NFS service),
could potentially expose your data to anyone on the Internet.
Restricting Access to NFS Share Points
NFS share points don’t have the same level of security as AFP and SMB/CIFS, which
require user authentication (typing a user name and password) to gain access to a
share point’s contents. If you have NFS clients, you may want to set up a share point to
be used only by NFS users.
Note: NFS doesn’t support ACLs.
Restricting Guest Access
When you configure any file service, you have the option of turning on guest access.
Guests are users who can connect to the server anonymously without entering a valid
user name or password. Users who connect anonymously are restricted to files and
folders with privileges set to Everyone.
To protect your information from unauthorized access, and to prevent people from
introducing software that might damage your information or equipment, you can take
these precautions using the Sharing module of Workgroup Manager:
Depending on what controls you want to place on guest access to a share point, you
might consider one of the following options:
Set privileges for Everyone to None for files and folders that guest users shouldn’t
access. Items with this privilege setting can be accessed only by the items owner
or group.
Put all files available to guests in one folder or set of folders and then assign the
Read Only privilege to the Everyone category for that folder and each file within it.
Assign Read & Write privileges to the Everyone category for a folder only if guests
must be able to change or add items in the folder. Make sure you keep a backup
copy of information in this folder.
Don’t export NFS volumes to World. Restrict NFS exports to a subnet or a specific list
of computers.
Disable access to guests or anonymous users over AFP, FTP, and SMB using Server
Admin.
Share individual folders instead of entire volumes. The folders should contain only
those items you want to share.