Manualshelf

Setup guide

ManualsBrandsApple ManualsNetwork CardMac OS X Server
51525354555657585960
Permissions on share points set as user home directories are particularly important.
By default, users’ home directories are set to allow any other user to read its
contents. To restrict a user’s home directory to allow only that user (i.e. the owner)
to read its contents, issue the command:
sudo chmod 700 /Users/<username>
If necessary, an argument of 750 would allow other members of the group owning
the folder to read and search its contents. By default, the staff group is set as the
group owner of user directories, and all user accounts are members of this group.
4.10.3.3 Configuring the AFP Server
As it provides both authentication and encryption, the AFP server is the preferred
file sharing method for Macintosh or compatible clients. Note that this does not
apply to automatically mounted home directories, where only authentication is
provided. To configure the AFP Server with recommended settings:
1. Open Server Admin.
2. Select AFP under the Server's name.
3. Click the Settings button at the bottom of the window. The General
settings tab should appear.
4. Uncheck the box for “Enable Rendezvous registration,”
5. Uncheck the box for “Enable browsing with AppleTalk.”
6. Enter the Logon Greeting according to site policy.
7. Click the Access tab at the top of the pane.
8. For Authentication, choose “Kerberos” if your system is integrated into a
Kerberos system. Otherwise, choose Standard.
9. Check the box for “Enable Secure connections.”
10. Uncheck the box for “Enable Guest Access.”
11. Uncheck the box for “Enable Administration to masquerade as any
registered user.”
12. Under Maximum Connections, enter the largest expected number for
Client Connections.
13. Although Guest access was disabled, enter “1” for Guest Connections to
minimize exposure in case it is accidentally re-enabled.
14. Click the Logging tab at the top of the pane.
15. Select “Enable Access Log” to enable logging.
16. Select "Archive every __ day(s)." Set the frequency according to site policy
or operational need.
17. Check the boxes for Login and Logout to include those events in the access
log. If operational needs dictate stronger accounting, check the others.
51
UNCLASSIFIED