Manualshelf

Setup guide

ManualsBrandsApple ManualsNetwork CardMac OS X Server
51525354555657585960
server and client is not at risk for eavesdropping. Generally, use of SMB is not
recommended.
NFS is a common file sharing protocol for UNIX computers. NFS does not perform
authentication of its clients; it grants access based on client IP address and file
permissions. Using NFS can be appropriate if the client computer administration
and the network are trusted. Generally, use of NFS is not recommended.
FTP should generally not be used for file sharing. The SFTP feature of the SSH
protocol should be used instead. SFTP is designed to provide a secure means of
authentication and data transfer, while FTP is not. The only situation where FTP is
still an acceptable choice is when the system must act as a file server for anonymous
users. This may be necessary over wide area networks, where there is no concern for
the confidentiality of the data, and responsibility for the integrity of the data rests
with its recipient.
4.10.3 Configuring the File Sharing Protocols
Once a protocol is chosen for file sharing, all unnecessary protocols should be
disabled. Next, the share point’s filesystem permissions should be appropriately
restricted and configuration specific to the file sharing protocol should be performed.
4.10.3.1 Deactivate Unnecessary Protocols
After designating a share point, the default settings allow clients to access it using
AFP, SMB, and FTP. To deactivate unnecessary file sharing protocols:
1. Open Workgroup Manager and click on the Sharing icon.
2. Click on the Share Points tab.
3. If any share point is not required, uncheck “Share this item and its
contents” and click save. The item should disappear from the list of share
points.
4. Select each necessary share point and click on the Protocols tab.
5. Using the pop-up menu in the pane, select each of the protocols (Apple
File Protocol, Windows File Settings, Network File System, File Transfer
Protocol) and uncheck each box for “Share this item using...” unless the
protocol is required.
If no share points are shared with a particular protocol, then the service that runs
that protocol can be disabled using the Server Admin program. The NFS service
automatically stops when no share points specify its use.
4.10.3.2 Restrict File Permissions
Before a directory is shared, its permissions should be restricted to the maximum
extent possible.
50
UNCLASSIFIED