Apple Mac OS X Server File Services Specifiche

Mac OS X ServerFile Server AdministrationVersion 10.6 Snow Leopard

10 Preface About This GuideChapter  7, “Working with FTP Service,” describes how to set up and manage FTP service in Mac OS X Server.Chapter

Parameter DescriptionadminCommands:serverRoleThe authentication role played by the server. Can be set to:  standalone  domainmember  primarydomainc

Chapter 5 Working with SMB Service 101 5 To permit Windows or other SMB users to connect to Windows le services without providing a user name

Conguring SMB Service Logging SettingsUse the Logging pane of SMB service settings in Server Admin to specify how much information is recorded in the

Chapter 5 Working with SMB Service 103Conguring SMB Service Advanced SettingsUse the Advanced pane of SMB service settings in Server Admin to c

From the command line:To congure SMB service access settings: m$ sudo serveradmin settingssmb:dos charset = valuesmb:domain master = valuesmb:local m

Chapter 5 Working with SMB Service 105Parameter Descriptionwins supportWhether the server provides WINS support. Can be set to:yes | noThis corr

Managing SMB ServiceThis section describes typical tasks you might perform after you set up SMB service on your server. Initial setup information appe

Chapter 5 Working with SMB Service 107Viewing SMB Service LogsUse Server Admin to view SMB service logs.To view SMB logs: 1 Open Server Admin a

Viewing SMB ConnectionsUse Server Admin to view the clients that are connected to the server through SMB service.To view SMB connections: 1 Open Ser

Chapter 5 Working with SMB Service 109From the command line:To view connected user information: m$ sudo serveradmin stop smbFor more information

Preface About This Guide 11File ServerAdministrationDescribes advancedoptions for settingup, configuring,and managingfile services.Advanced Server

11 0Use this chapter to learn how to set up and manage NFS service in Mac OS X Server.Network File System (NFS) is the protocol used for le service

Chapter 6 Working with NFS Service 111See “Creating a Share Point” on page 36, “Exporting an NFS Share Point” on page 43, and “Automatically Mou

Setting Up NFS ServiceUse Server Admin to change NFS service settings. The following sections describe the tasks for conguring and starting NFS servi

Chapter 6 Working with NFS Service 11 3$ sudo serveradmin settingsnfs:nbDaemons = valuenfs:useTCP = valuenfs:useUDP = valueControl-DParameter (n

3 From the expanded Servers list, select NFS. 4 Click Overview.The Overview pane tells you whether the service is running and whether nfsd, portmap

Chapter 6 Working with NFS Service 11 5Stopping NFS ServiceUse Server Admin to stop NFS service and disconnect users. Users who are connected wh

11 6Use this chapter to set up and manage FTP service in Mac OS X Server.File Transfer Protocol (FTP) is a simple way for computers of any type to t

Chapter 7 Working with FTP Service 11 7FTP UsersFTP supports two types of users: Â Authenticated users. These users have accounts on your server

FTP Root and Share PointsThe “FTP Root and Share Points” environment option gives access to the FTP root and any FTP share points that users have acce

Chapter 7 Working with FTP Service 11 9Users access other FTP share points through symbolic links in the FTP root. As always, access to FTP shar

12 Preface About This GuideViewing PDF Guides OnscreenWhile reading the PDF version of a guide onscreen:Show bookmarks to see the guide’s out

Home Folder OnlyWhen you choose the “Home Folder Only” option, authenticated users are conned to their home folders and do not have access to the FTP

Chapter 7 Working with FTP Service 121The following table shows common le extensions and the type of compression they designate.File extension

Setup OverviewHere is an overview of the basic steps for setting up FTP service.Step 1: Before you beginFor issues to keep in mind when you set up FTP

Chapter 7 Working with FTP Service 12 3Before Setting Up FTP ServiceWhen determining whether to oer FTP service, consider the type of informati

Setting Up FTP ServiceThere are four groups of settings on the Settings pane for FTP service in Server Admin: Â General. Use to set information about

Chapter 7 Working with FTP Service 12 5 10 To limit the number of anonymous users who can connect to your server at the same time, enter a num

Parameter (ftp:) DescriptionenableMacBinAndDmgAutoConversionDefault = yesloginFailuresPermittedDefault = 3maxAnonymousUsersDefault = 50maxRealUsersDef

Chapter 7 Working with FTP Service 12 7Parameter (ftp:) DescriptionbannerMessageDisplays a banner message that appears when you are prompted to

To display banner and welcome messages to users: 1 Open Server Admin and connect to the server. 2 Click the triangle at the left of the server.The l

Chapter 7 Working with FTP Service 12 9Conguring FTP Logging SettingsLogging settings enable you to choose which FTP-related events to record.F

Preface About This Guide 13An RSS feed listing the latest updates to Mac OS X Server documentation and Âonscreen help is available. To view the

Parameter (ftp:) DescriptionlogSecurity:realDefault = nologTransfers:anonymous:inboundDefault = yeslogTransfers:anonymous:outboundDefault = yeslogTran

Chapter 7 Working with FTP Service 131Starting FTP ServiceYou must start FTP service to make it available to users.To start FTP service: 1 Open

Creating an FTP Uploads Folder for Anonymous UsersThe uploads folder provides a place for anonymous users to upload les to the FTP server. It must ex

Chapter 7 Working with FTP Service 133Anonymous users and authenticated users who don’t have home folders (or whose home folders are not located

4 To see whether the service is running, when it started, the number of authenticated and anonymous connections, and whether anonymous access is ena

Chapter 7 Working with FTP Service 13 5From the command line:You can also view the FTP log using the cat or tail commands in Terminal.To view th

From the command line:To view FTP connections: m$ ftpcountor$ sudo serveradmin command ftp:command = getConnectedUsersFor information about serveradmi

13 7Use this chapter to nd solutions to common problems you might encounter while working with le services in Mac OS X Server.Problems are list

Server administrators don’t see share points the same way a user does over AFP Âbecause administrators see everything on the server.To see share poin

Chapter 8 Solving Problems 13 9Make sure the le server is running. Use the Ping pane in Network Utility to check Âwhether the server at the sp

14Use this chapter to learn basic concepts regarding Mac OS X Server le services.Mac OS X Server includes several le services that help you manage

If Users Can’t Log In to the Windows (SMB) ServerIf users can’t log in to the Windows (SMB) Server, use the dirt command to make sure Password Server

Chapter 8 Solving Problems 141Verify that the user is correctly entering his or her short name and password. ÂUser names and passwords with sp

142Creating a Share PointYou can include the following parameters when creating a share point using the sharing command in Terminal.commandParameter

Appendix Command Line Parameters for File Services 143Parameter Descriptionguestags A group of ags indicating which protocols allow guest acce

144 Appendix Command Line Parameters for File ServicesParameter (afp:) DescriptionactivityLogTimeRollover time (in days) for the activity log.

Appendix Command Line Parameters for File Services 145Parameter (afp:) DescriptionerrorLogPathLocation of the error log.Default = /Library/Logs/

146 Appendix Command Line Parameters for File ServicesParameter (afp:) DescriptionloggingAttributes: logLoginRecord user logins in the activit

Appendix Command Line Parameters for File Services 147Parameter (afp:) DescriptionregisterAppleTalkAdvertise the server using AppleTalk NBP.Defa

148 Appendix Command Line Parameters for File ServicesCommand (afp:command=) DescriptionsyncSharePointsUpdate share point information after ch

Appendix Command Line Parameters for File Services 149Parameter (ftp:) DescriptionenableMacBinAndDmgAutoConversionDefault = yesftpRootThe direct

Chapter 1 Understanding File Services 15Protocol Security ComparisonWhen sharing network resources, congure your server to provide the necessar

15 0 Appendix Command Line Parameters for File ServicesFTP serveradmin CommandsTo manage FTP service, use the following commands with serverad

Appendix Command Line Parameters for File Services 151Parameter (smb:) Descriptiondos charsetThe code page being used. Can be set to: Â437 (Lati

Parameter (smb:) Descriptionmap to guestWhether guest access is allowed. Can be set to: Â"Never" (No guest access) Â"Bad User" (Al

Appendix Command Line Parameters for File Services 153SMB serveradmin CommandsTo manage SMB service, use the following commands with serveradmin

Index 15 4 IndexAaccessACEs 20, 23, 38, 51AFP 71anonymous 11 7, 12 0, 12 3, 12 4, 131, 141NFS 110, 111precedence rules 26share point 30, 34, 38

Index 155AFP settings 85command-line toolsAFP settings 71, 74, 76, 80, 81, 82, 83, 86, 87, 89, 143, 147disk quotas 65FTP settings 12 5, 12 6, 1

15 6 IndexLLibrary folder, network 30, 60lockingles 95opportunistic 40, 95strict 40, 95unied 34login 89, 13 9, 140logsAFP 73, 79, 83FTP 1

Index 157SSACLs (service access control lists) 29, 66security 15, 30See also access, authentication, permissionsServer Adminaccess control 22, 3

158 Indexunregistered 31See also clients, guest accounts, home foldersVvirtual share points 103, 109volumesexporting NFS 43, 58, 11 5permission

Deployment PlanningWhen planning your network, consider the protocols your network conguration requires. For example, if your network consists of mul

17Use this chapter to learn about standard permissions, Access Control Lists (ACLs), and related security issues.An important aspect of computer s

Therefore, new les and folders you create are not accessible by users if they are created in a folder that users don’t have privileges for. When sett

Chapter 2 Setting Up File Service Permissions 19Note: QuickTime Streaming Server (QTSS) and WebDAV have separate permissions settings. For info

Apple Inc. K© 2009 Apple Inc. All rights reserved.The owner or authorized user of a valid copy of Mac OS X Server software may reproduce this publicat

 Group—You can put users who need the same access to les and folders in group accounts. Only one group can be assigned access permissions to a shar

Chapter 2 Setting Up File Service Permissions 21Apple’s ACL model supports 13 permissions for controlling access to les and folders, as describ

The ACL Use ModelThe ACL use model focuses on access control at the folder level, with most ACLs applied to les as the result of inheritance.Folder-l

Chapter 2 Setting Up File Service Permissions 23What’s Stored in an ACEAn ACE contains the following elds: Â User or Group. An ACE stores a uni

Inheritance option DescriptionApply to this folder Apply (Administration, Read, and Write) permissions to this folderApply to child folders Apply perm

Chapter 2 Setting Up File Service Permissions 25ACL Inheritance CombinationWhen you set inheritance options for an ACE in Server Admin, you can

ACL Permission PropagationServer Admin provides a feature that lets you force the propagation of ACLs. Although this is done automatically by Server A

Chapter 2 Setting Up File Service Permissions 27After evaluating ACEs, Mac OS X Server evaluates the standard POSIX permissions dened for the 

Always Propagate PermissionsInheritance is a powerful feature, so take advantage of it. By propagating permissions down a folder hierarchy, you save y

Chapter 2 Setting Up File Service Permissions 29Folder ACL (Everyone) POSIXDrop box Permission Type: AllowSelect the following checkboxes: Â Tra

9 Preface: About This Guide9 What’s in This Guide10 Using Onscreen Help10 Documentation Map12 Viewing PDF Guides Onscreen12 Printing PDF Guides

Share Points in the Network FolderBy default, the Network folder contains at least these subfolders:Applications ÂLibrary ÂServers ÂYou can mount shar

Chapter 2 Setting Up File Service Permissions 31Restricting Access to NFS Share PointsNFS share points without the use of Kerberos don’t have th

32Use this chapter to learn how to share specic volumes and directories by using AFP, SMB, FTP, and NFS, and to set standard and ACL permissions.Yo

Chapter 3 Setting Up Share Points 33AutomountingYou can congure client computers to automatically mount share points. These share points can be

Step 4: Turn specic le services onFor users to access share points, you must turn on the required Mac OS X Server le services. For example, if you

Chapter 3 Setting Up Share Points 35Conversely, you might want to set up share points that support a single protocol even though you have diere

Disk QuotasYou can limit the disk space users have available to store les in the volume where their home folders reside. This quota applies to all l

Chapter 3 Setting Up Share Points 37To create a share point: 1 Open Server Admin and connect to the server. 2 Click File Sharing. 3 Click Vol

Setting Standard PermissionsWhen you don’t need the exibility and granularity that access control lists (ACLs) provide, or in cases where ACLs are no

Chapter 3 Setting Up Share Points 39To set ACL permissions on a share point or a folder: 1 Open Server Admin and connect to the server. 2 Clic

4 Contents30 Share Points in the Network Folder30 Adding System Resources to the Network Library Folder30 Security Considerations30 Restricti

8 Permit unregistered users to access the share point by selecting “Allow AFP guest access.”For greater security, don’t select this item. 9 To cha

Chapter 3 Setting Up Share Points 41 4 Click Share Point below the list. 5 Click Protocol Options.This opens the protocol window with congura

Parameter Descriptionpath The full path to the share point.customname The name of the share point. If you don’t specify the custom name, it’s set to t

Chapter 3 Setting Up Share Points 43From the command line:To change FTP settings: m$ sudo sharing -e path -s 010 -A customname -g guestflagsPara

Important: Make sure the subnet address you enter is the IP network address that corresponds to the subnet mask you chose, and not a client address.

Chapter 3 Setting Up Share Points 45Note: If you export more than one NFS share point, you cannot have nested exports on a single volume, which

Automatically Mounting Share Points for ClientsYou can mount share points automatically on client Mac OS X computers using network mounts. You can aut

Chapter 3 Setting Up Share Points 47Mounting a user’s home folderTo mount a user’s home folder, use mnthome. The mnthome tool unmounts the AFP h

3 Click Share Points and select the share point you want to remove. 4 Click Unshare. 5 Click Save.Protocol and network mount settings you made for

Chapter 3 Setting Up Share Points 49Parameter Descriptionpath The full path to the share point.shareags A three-digit binary number indicating

Contents 564 Conguring Time Machine Backup Destination64 Conguring Share Point Quotas65 Monitoring Share Point Quotas66 Setting SACL Permissio

3 Click Share Points and select a share point in the list. 4 Click Browse. 5 Click Permissions below the list.You can now view the contents of the

Chapter 3 Setting Up Share Points 51 5 To change the permissions for the Owner, Group, and Others (Everyone), use the Permissions pop-up menu i

By default, each new ACE gives the user or group full read permissions. In addition, all four inheritance options are selected. For more information a

Chapter 3 Setting Up Share Points 53To edit an ACE: 1 Open Server Admin and connect to the server. 2 Click File Sharing. 3 Click Share Points

Removing a Folder’s Inherited ACEsIf you don’t want to apply inherited ACEs to a folder or a le, you can remove these entries using Server Admin.Inhe

Chapter 3 Setting Up Share Points 55Propagating PermissionsServer Admin enables you to specify which permissions to propagate to descendant les

6 Select all ACEs in the ACL Permissions list and click Delete (–). 7 Click Save.Server Admin removes all ACEs from the ACL of a le. The only perm

Chapter 3 Setting Up Share Points 57 6 Open the Users & Groups window by clicking the Add (+) button (below the Permissions list). 7 From

For information about command-line parameters, see “Creating a Share Point” on page 142. For information about sharing, see its man page. For the basi

Chapter 3 Setting Up Share Points 59 7 Click OK, then click Save.Note: Make sure guest access is also enabled at the service level in Server A

6 Contents95 Chapter 5: Working with SMB Service95 File Locking with SMB Share Points96 Setup Overview97 Turning On SMB Service97 Setting U

If you want users to have full control of the drop box, add ACEs that give them full ÂAdministration, Read, Write, and inheritable permissions.For mo

Chapter 3 Setting Up Share Points 61To congure a network library: 1 Open Server Admin and connect to the server. 2 Click File Sharing. 3 Cli

To assure that connecting the system to the network does not disrupt network operations, work with the system administrator or other expert. Follow th

Chapter 3 Setting Up Share Points 63Step 4: Congure le services for AFP, NFS, FTP, and SMBAssuming that you turned on the le services with Se

From the command line:To enable Spotlight for a volume: m$ sudo mdutil -i on volumeTo disable Spotlight for a volume: m$ sudo mdutil -i off volumeCon

Chapter 3 Setting Up Share Points 65 4 Click Home, specify the disk quota using the Disk Quota eld and the adjacent pop-up menu, and then clic

To monitor share point quotas: 1 Open Server Admin and connect to the server. 2 Click File Sharing. 3 Click Volumes and select the volume you want

Chapter 3 Setting Up Share Points 67Setting Files Services SACL Permissions for AdministratorsUse Server Admin to set SACL permissions for admin

68Use this chapter to set up and manage AFP service in Mac OS X Server.Apple Filing Protocol (AFP) service enables Mac OS clients to connect to your

Chapter 4 Working with AFP Service 69AFP Service SpecicationsAFP service has the following default specications:Maximum number of connected us

Contents 7124 Setting Up FTP Service124 Conguring FTP General Settings126 Conguring FTP Greeting Messages127 Displaying FTP Banner and Welcome

Turning AFP Service OnBefore you can congure AFP settings, you must turn on AFP service in Server Admin.To turn AFP service on: 1 Open Server Admin

Chapter 4 Working with AFP Service 71 6 Enter the message you want users to see in the Login Greeting eld.The message does not appear when a u

5 Choose the authentication method you want to use from the Authentication pop-up menu: Standard, Kerberos, or Any Method. 6 If necessary, permit u

Chapter 4 Working with AFP Service 73Parameter DescriptionauthenticationModeAuthentication mode. Can be:standardkerberosstandard_and_kerberosDef

7 Select the events you want AFP service to log.An entry is added to the log when a user performs an action you select.When you choose the number of

Chapter 4 Working with AFP Service 75Parameter DescriptionloggingAttributes: logOpenForkLog le opens in the activity log.Default = yesloggingAt

6 To specify the idle time limit, select “Disconnect idle users after __ minutes” and enter the number of minutes after which the AFP session of an

Chapter 4 Working with AFP Service 77Parameter DescriptionidleDisconnectTimeIdle time (in minutes) allowed before disconnect.Default = 10idleDis

Managing AFP ServiceThis section describes typical day-to-day tasks you perform after you set up AFP service on your server. Initial setup information

Chapter 4 Working with AFP Service 79Viewing AFP Service LogsUse Server Admin to view the error and access logs for AFP service, if you have ena

8 Contents142 Appendix: Command Line Parameters for File Services142 Creating a Share Point143 AFP Parameters148 FTP Parameters150 SMB Para

Viewing AFP ConnectionsUse Server Admin to view the clients that are connected to the server through AFP service.To view AFP connections: 1 Open Ser

Chapter 4 Working with AFP Service 81 3 From the expanded Servers list, select AFP. 4 Click Connections, then click Stop. 5 Enter the amount

Limiting Connections to AFP ServiceIf your server provides a variety of services, you can prevent a ood of users from aecting the performance of tho

Chapter 4 Working with AFP Service 83Keeping an Access Log for AFP ServiceThe access log records the times when a user connects or disconnects,

Parameter DescriptionactivityLogTurn activity logging on or o.Default = nologgingAttributes: logLoginRecord user logins in the activity log.Default =

Chapter 4 Working with AFP Service 85 7 Click Disconnect.From the command line:To set up access logging: m$ sudo serveradmin settingsafp:comman

Although the server disconnects sleeping clients, the clients’ sessions are maintained for the specied period. When a user resumes work within that t

Chapter 4 Working with AFP Service 87Parameter DescriptionidleDisconnectTimeIdle time (in minutes) allowed before disconnect.Default = 10idleDis

afp:sessionIDsArray:_array_index:1 = sessionid2afp:sessionIDsArray:_array_index:2 = sessionid3[...]Control-DParameter Descriptionmessage-text Message

Chapter 4 Working with AFP Service 89From the command line:To change several settings: m$ sudo serveradmin settingsafp:guestAccess = valueafp:ma

9This guide describes how to congure and use le services with Mac OS X Server.File sharing requires le server administrators to manage user priv

$ sudo serveradmin settingsafp:loginGreeting = "value"afp:loginGreetingTime = valueControl-DParameter DescriptionloginGreetingLogin greeting

Chapter 4 Working with AFP Service 91If practical, make the server name match its unqualied DNS host name. For Âexample, if your DNS server ha

3 Click Connect. 4 Enter your user name and password or select Guest, then click Connect. 5 Select the share point you want to use and click OK.Ch

Chapter 4 Working with AFP Service 93To set no name:$ defaults write /Library/Preferences/com.apple.NetworkAuthorization UseDefaultName -bool YE

Connecting to the AFP Server from Mac OS 8 and Mac OS 9 ClientsAFP service requires the following Mac OS 8 or 9 system software:Mac OS 8 v8.6 or Mac O

95Use this chapter to set up and manage SMB service in Mac OS X Server.Mac OS X Server can provide the following native services to Windows client

In Mac OS X Server, SMB share points support oplocks.To enable oplocks, change SMB protocol settings for a share point using Workgroup Manager. For mo

Chapter 5 Working with SMB Service 97Step 7: Start SMB serviceAfter you congure SMB, start the services to make them available. See “Starting S

Conguring SMB General SettingsUse the General settings to select the server role and provide the description, computer name, and workgroup for the se

Chapter 5 Working with SMB Service 99 6 Enter a description, computer name, and domain or workgroup:For Description, enter a description of the