- Challenges of File Sharing
- Different Protocols for Different Clients
- Planning File Services
- Using Apple Filing Protocol
- Configuring Apple File Service
- Monitoring AFP Activity
- Using Windows File Service
- Configuring Windows File Service
- Configuring Access and Starting Windows File Services
- Using NFS Share Point Access
- Configuring NFS
- Using FTP File Service
- Configuring FTP Service
- Network-Mounted Share Points
- Preparing for a Network Home Folder
- Configuring Network Mounts
- Controlling Access to Shared Folders
- Troubleshooting File Services
- What Youve Learned
- Chapter Review
Planning File Services
When setting up file services on Mac OS X Server, proper initial planning can save you time in the long run.
Setting Up File Services
Follow these guidelines when you first start planning to implement file services.
Plan Your File-Server Requirements
Determine your organizational requirements:
- How are your users organized?
- Is there a logical structure to follow for assigning users to groups that best address workflow needs?
- What types of computers will be used to access your file server?
- What share points and folder structures will be needed?
- How will users interact with one another when accessing these share points?
These answers will dictate the file services you configure, as well as how you might organize groups and share points.
Use Workgroup Manager to Configure Users and Groups
The main goal is to end up with a group structure that best matches your organizational needs and allows easy maintenance over time. Setting up users and groups at the beginning is trivial. Setting up users and groups that continue to work as the organization goes through natural changes over time is not as simple as it first appears. Nevertheless, having a logical group structure that can be used to allow and deny access to your server file system will save you from continually adjusting file-service access later on. Mac OS X Server supports groups within groups, using groups as owners of a folder, and setting access-control lists on folders. Additionally, since Mac OS X Server v10.4, users can be members of more than 16 groups.
Use Server Admin to Configure and Start the Services
Server Admin is the main application you use to configure share points, file permissions, and specific file services—AFP, FTP, NFS, Windows (SMB/CIFS). You first configure the settings for each service, addressing such options as maximum number of clients, guest access, logging levels, and other service-specific settings. Once the services are configured, set and test appropriate access for users to the specific services. For example, you may have one group of users that needs access from both Windows and Mac clients, while another group is using only Linux clients. For security reasons, you might limit the first group’s access to the AFP and Windows services while limiting the Linux users’ access to NFS or FTP services. Next, you define which folders should be shared by your file-sharing services, and what permissions each folder should have. Once everything has been properly secured, then you can use Server Admin to start each of the services you will be using and let users start accessing their appropriate file service.
Adjust Settings over Time and Monitor Your File Server for Problems
There are several ways to monitor your server services and manually adjust user and group settings:
- Use Server Admin to monitor logs and queues for specific services, to fine-tune any service-configuration settings, and to modify folder permissions and any service ACLs as required.
- Use Workgroup Manager to adjust users and groups.
- Use other appropriate applications for either monitoring or securing the server.
Once a server is deployed, you’ll need to perform regular maintenance. This includes monitoring service usage to determine if it is addressing the needs of the organization, as well as looking for any security issues or unexpected activity. You might use additional software, such as Console, Terminal, or even third-party security software. As organizations change, use Workgroup Manager and Server Admin to adjust groups, users, and access to file systems and services.
Creating Share Points and Setting Access Permissions
After determining server and user requirements and entering at least a sample set of users and groups that represents the organizational structure, the next step in sharing files is to create your share points. A share point can be any folder, drive, or partition that is mounted on the server. When you create a share point, you make that item and its contents available to network clients via the specified protocols. This includes deciding what items you want to give access to and organizing the items logically. It requires using your initial planning and knowledge of your users and their needs. You might decide that everything belongs in a single share point and use permissions to control access within that share point, or you might set up a more complex workflow. For example, you could have one share point for your copywriters and a separate share point for the copy editors. Perhaps you would have a third share point where both groups could access common items or share files. Setting up effective share points requires as much knowledge of your users and how they work together as it does the technology of share points.
Remember that Mac OS X Server supports different file-sharing protocols for different clients. When you create a share point in Server Admin, you have the option of sharing it via any combination of AFP, FTP, SMB, or NFS. By default, any new share point is shared via AFP and SMB. If you want to share it over FTP or NFS, you must explicitly enable that service for that share point. For each protocol, you should review the Server Admin settings for items such as allowing guest access, creating a custom share-point name, Spotlight searching, and deciding whether service-specific inheritance is to be configured for that service. It is also important to keep in mind that different protocols will handle issues like filename case-sensitivity and extended file permissions differently. For this reason, it is usually best to limit your file-sharing protocols to those needed by the clients that are connecting to your server. For example, if you have only Mac OS X clients connecting to your server, it will simplify things to only use the AFP service and disable the SMB service for that share point.
Ultimately, how a share point is configured for access, combined with the access settings for each file-sharing service, determines whether users are able to log in via a file-sharing protocol, and if so, what share points they are able to see upon login.