Apple Mac OS X Server Print Service Administration For Version 10.4 or Later Especificaciones

Mac OS X ServerFile Services AdministrationFor Version 10.4 or Later

10 Preface About This Guide• Chapter 3, “AFP Service,” describes how to set up and manage AFP service in Mac OS X Server.• Chapter 4, “NFS Service,

100 Glossary pathname The location of an item within a file system, represented as a series of names separated by slashes (/).permissions Settin

Glossary 101 single sign-on An authentication strategy that relieves users from entering a name and password separately for every network service

102 Glossary volume A mountable allocation of storage that behaves, from the client’s perspective, like a local hard disk, hard disk partition, o

103IndexIndex.bin (MacBinary) format 80, 83FTP auto-conversion 83Aaccess control entries (ACEs) 19Access Control Lists (ACLs) 15, 16access control

104 Index disconnect messages 58, 64DNS serviceproblems with 92documentation 11DOS prompt 91drop boxsetting up 49Eerror logsAFP service 57, 6

Index 105MMacBinary (.bin) format 80, 83FTP auto-conversion 83masquerading 57mounting share pointsnetwork (automatic) mounts 27, 40Nnaming sha

106 Index FTP General settings 83FTP Logging settings 84FTP logs 88FTP user environment 87FTP user messages 88monitoring NFS 72NFS settings

Preface About This Guide 11 The Mac OS X Server SuiteThe Mac OS X Server documentation includes a suite of guides that explain the services and pro

12 Preface About This GuideGetting Documentation UpdatesPeriodically, Apple posts new onscreen help topics, revised guides, and additional solution

Preface About This Guide 13 Apple customer training—instructor-led and self-paced courses for honing your server administration skills.train.apple.

14 Preface About This Guide

1 151 Overview of File ServicesThis chapter provides an overview of Mac OS X Server file services, explains standard permissions and Access Contr

16 Chapter 1 Overview of File Services Permissions in the Mac OS X Environment—BackgroundIf you’re new to Mac OS X and are not familiar with UNIX,

Chapter 1 Overview of File Services 17 Standard PermissionsThere are four types of standard POSIX access permissions that you can assign to a share

18 Chapter 1 Overview of File Services The User Categories Owner, Group, and EveryoneYou can assign standard POSIX access permissions separately to

Chapter 1 Overview of File Services 19 ACLsWhen standard POSIX permissions are not enough, you can use access control lists (ACLs). An ACL is a lis

K Apple Computer, Inc.© 2005 Apple Computer, Inc. All rights reserved.The owner or authorized user of a valid copy of Mac OS X Server software may

20 Chapter 1 Overview of File Services The ACL Use ModelThe ACL use model is centered around access control at the folder level, with ACLs applied

Chapter 1 Overview of File Services 21 Access Control EntriesAn access control entry (ACE) is an entry in an ACL that specifies, for a group or a u

22 Chapter 1 Overview of File Services The Apple ACL Inheritance ModelThe Apple ACL inheritance model defines four options that you can select or d

Chapter 1 Overview of File Services 23 ACL Inheritance CombinationsWhen you set inheritance options for an ACE in Workgroup Manager, you can choose

24 Chapter 1 Overview of File Services ACL Permission PropagationWorkgroup Manager provides a command that lets you force the propagation of ACLs.

Chapter 1 Overview of File Services 25 For example, if you add an ACE for the user Mai and allow her reading permissions and then add another ACE f

26 Chapter 1 Overview of File Services Use the Deny Rule Only When You Need ToWhen Mac OS X Server encounters a Deny permission, it stops evaluatin

Chapter 1 Overview of File Services 27 Using SACLs allows you to add another layer of access control on top of standard and ACL permissions. Only u

28 Chapter 1 Overview of File Services Restricting Access to File ServicesAs stated in “File Services Access Control” on page 26, you can use Servi

2 292 Setting Up Share PointsThis chapter describes how to share specific volumes and directories via the AFP, SMB/CFIS, FTP, and NFS protocols.

3 1 Contents Preface 9 About This Guide9 What’s New in Version 10.4 9 What’s in This Guide 10 Using Onscreen Help 11 The Mac OS X Server Suite

30 Chapter 2 Setting Up Share Points Dynamic share points always reside inside the Network globe in /Network/Servers/server_name and don’t mount un

Chapter 2 Setting Up Share Points 31 Note: Unified locking across AFP, SMB/CIFS, and NFS protocols lets users working on multiple platforms simult

32 Chapter 2 Setting Up Share Points • The share point should be in the same Open Directory domain where the user accounts are defined.• To provide

Chapter 2 Setting Up Share Points 33 Step 4: Turn specific file services onFor users to access share points, you must turn on the required Mac OS

34 Chapter 2 Setting Up Share Points Setting PrivilegesMac OS X Server provides two methods of access control to files and folders:• Standard POSIX

Chapter 2 Setting Up Share Points 35 To set ACL permissions on a share point or a folder:1 Open Workgroup Manager and click Sharing.2 Click All and

36 Chapter 2 Setting Up Share Points 7 If using only POSIX permissions, choose a default permissions option for new files and folders.To have new o

Chapter 2 Setting Up Share Points 37 To have new items adopt the privileges of the enclosing item, select “Inherit permissions from parent.”To assi

38 Chapter 2 Setting Up Share Points Exporting an NFS Share PointYou can use NFS to export share points to UNIX clients. (Export is the NFS term fo

Chapter 2 Setting Up Share Points 39 File and file range locking (standard POSIX advisory locks) are enabled by default for NFS share points in Mac

4 Contents Chapter 2 29 Setting Up Share Points29 Share Points and the Mac OS X Network Globe 29 Automounting 30 Share Points and Network Home Direct

40 Chapter 2 Setting Up Share Points Automatically Mounting Share Points for ClientsYou can mount share points automatically on client computers us

Chapter 2 Setting Up Share Points 41 Managing Share PointsThis section describes typical day-to-day tasks you might perform after you have set up s

42 Chapter 2 Setting Up Share Points Viewing Share PointsYou can use the Sharing module of Workgroup Manager to view share points and their content

Chapter 2 Setting Up Share Points 43 Managing Share Point Access PrivilegesManaging access privileges to share points involves the following:• “Cha

44 Chapter 2 Setting Up Share Points Adding ACEs to ACLsYou control access to a share point by adding or removing access control entries (ACEs) to

Chapter 2 Setting Up Share Points 45 Editing ACEsIf you need change the settings of an access control entry (ACE) to allow or restrict what a user

46 Chapter 2 Setting Up Share Points From the Command LineYou can also remove inherited ACEs using the chmod command in Terminal. For more informat

Chapter 2 Setting Up Share Points 47 Workgroup Manager automatically propagates the selected permissions to all descendants.Removing a File’s ACLTo

48 Chapter 2 Setting Up Share Points To determine user or group permissions to a file or folder:1 Open Workgroup Manager and click Sharing.2 Click

Chapter 2 Setting Up Share Points 49 Changing NFS Share Point Client AccessYou can use the Protocols pane of Workgroup Manager to restrict the clie

Contents 5 56 Changing Access Settings 57 Changing Logging Settings 58 Changing Idle User Settings 59 Starting AFP Service 59 Managing AFP Service 59

50 Chapter 2 Setting Up Share Points To create a drop box:1 Create the folder that will act as a drop box within an AFP share point.2 Open Workgrou

Chapter 2 Setting Up Share Points 51 If you are not logged in as a root user, you can’t make changes using Workgroup Manager. If possible, you shou

52 Chapter 2 Setting Up Share Points

3 533 AFP ServiceThis chapter describes how to set up and manage AFP service in Mac OS X Server.AFP (Apple Filing Protocol) service allows Mac OS

54 Chapter 3 AFP Service Automatic ReconnectMac OS X Server provides the ability to automatically reconnect Mac OS X clients that have become idle

Chapter 3 AFP Service 55 Setting Up AFP ServiceIf you allowed the Server Assistant to start AFP service when you installed Mac OS X Server, you don

56 Chapter 3 AFP Service 3 To advertise the AFP share point using both Network Service Location (NSL) and Bonjour, select “Enable Bonjour registrat

Chapter 3 AFP Service 57 Note: After you allow guest access for Apple file service in general, you can still selectively enable or disable guest a

58 Chapter 3 AFP Service The server closes the active log at the end of each archive period, renames it to include the current date, and then opens

Chapter 3 AFP Service 59 Starting AFP ServiceYou start the AFP service to make AFP share points available to your client users.To start Apple file

6 Contents 80 FTP service specifications 81 Setup Overview 81 Before Setting Up FTP Service 82 Server Security and Anonymous Users 82 Setting Up FTP

60 Chapter 3 AFP Service Viewing Service LogsYou use Server Admin to view the error and access logs for AFP service (if you have enabled them).To v

Chapter 3 AFP Service 61 Enabling NSL and Bonjour BrowsingYou can register the service with Network Service Locator (NSL) and Bonjour to allow user

62 Chapter 3 AFP Service Limiting ConnectionsIf your server provides a variety of services, you can prevent a flood of users from affecting the per

Chapter 3 AFP Service 63 Archiving AFP Service LogsYou can periodically save the active logs and open new logs.To set how often logs are archived:1

64 Chapter 3 AFP Service Disconnecting Idle Users Automatically You can set AFP service to automatically disconnect users who have not used the ser

Chapter 3 AFP Service 65 Allowing Guest AccessGuests are users who can see information on your server without using a name or password to log in. F

66 Chapter 3 AFP Service Supporting AFP ClientsThis section describes how client computers can access Mac OS X Server AFP share points.Note: Non-A

Chapter 3 AFP Service 67 Setting Up a Mac OS X Client to Mount a Share Point AutomaticallyAs an alternative to using the network mount feature of A

68 Chapter 3 AFP Service Connecting to the AFP Server from Mac OS 8 or Mac OS 9Apple file service does not support AppleTalk connections, so client

4 694 NFS ServiceThis chapter describes how to set up and manage the NFS file service in Mac OS X Server.Network File System is the protocol used

Contents 7Index 103

70 Chapter 4 NFS Service Step 3: Create share points and share them using NFSUse the Sharing module of Workgroup Manager to specify the share poin

Chapter 4 NFS Service 71 NFS allows access to information based on the computer’s IP address. This means that a particular client computer will hav

72 Chapter 4 NFS Service User Datagram Protocol (UDP) is a connection-less transport protocol. UDP doesn’t break data into packets, so it uses fewe

Chapter 4 NFS Service 73 The portmap process allows client computers to find nfs daemons (always one process).The rpc.lockd is a daemon that provid

74 Chapter 4 NFS Service

5 755 FTP ServiceThis chapter describes how to set up and manage File Transfer Protocol (FTP) service in Mac OS X Server.FTP (File Transfer Proto

76 Chapter 5 FTP Service FTP UsersFTP supports two types of users:• Authenticated users. These users have accounts on your server (and might even h

Chapter 5 FTP Service 77 FTP Root and Share PointsThe “FTP Root and Share Points” option gives access—for both authenticated and anonymous users—to

78 Chapter 5 FTP Service Home Directory With Share PointsWhen the user environment option is set to “Home Directory with Share Points,” authenticat

Chapter 5 FTP Service 79 Home Directory OnlyWhen you choose the Home Directory Only option, authenticated users are confined to their home director

8 Contents

80 Chapter 5 FTP Service On-the-Fly File ConversionFTP service in Mac OS X Server allows users to request compressed or decompressed versions of in

Chapter 5 FTP Service 81 Setup OverviewHere is an overview of the basic steps for setting up FTP service. Step 1: Before you beginRead “Before Set

82 Chapter 5 FTP Service Server Security and Anonymous UsersEnabling anonymous FTP poses a security risk to your server and data because you open y

Chapter 5 FTP Service 83 Configuring General SettingsYou can use the General settings to limit the number of login attempts, provide an administrat

84 Chapter 5 FTP Service Changing the Greeting MessagesUsers see the banner message when they first contact your server (before they log in) and th

Chapter 5 FTP Service 85 Changing Advanced SettingsThe Advanced settings let you specify the directories that FTP users can access.You can change t

86 Chapter 5 FTP Service From the Command LineYou can also start the FTP service using the serveradmin command in Terminal. For more information, s

Chapter 5 FTP Service 87 Changing the User EnvironmentYou use the Advanced pane of Configure FTP Service to change the user environment.To change t

88 Chapter 5 FTP Service To view FTP log:1 Open Server Admin and select FTP in the Computers & Services list. 2 Click Log (near the bottom of t

6 896 Solving ProblemsThis chapter lists possible solutions to common problems you might encounter while working with the file services in Mac OS

9PrefaceAbout This GuideLearn what’s new for Mac OS X Server File Services Administration.Mac OS X Server version 10.4 offers reliable, high-per

90 Chapter 6 Solving Problems Users Can’t Find a Shared Item• If a user can’t find a shared item, check the access privileges for the item. The use

Chapter 6 Solving Problems 91 • If the user is searching for the server via AppleTalk (in the Chooser), make sure you’ve enabled browsing over Appl

92 Chapter 6 Solving Problems User Can’t Log in to the Windows Server• If you’re using Password Server to authenticate users, check to make sure th

Chapter 6 Solving Problems 93 • See if there are any problems with directory services, and if the directory services server is operating and connec

94 Chapter 6 Solving Problems

95GlossaryGlossaryAFP Apple Filing Protocol. A client/server protocol used by Apple file service on Macintosh-compatible computers to share fil

96 Glossary command-line interface A way of interfacing with the computer (for example, to run programs or modify file system permissions) by ent

Glossary 97 drop box A shared folder with privileges that allow other users to write to, but not read, the folder’s contents. Only the owner has

98 Glossary Internet Generally speaking, a set of interconnected computer networks communicating through a common protocol (TCP/IP). The Internet

Glossary 99 mount (verb) In general, to make a remote directory or volume available for access on a local system. In Xsan, to cause an Xsan volum