File Sharing
Despite the popularity of file sharing services like Dropbox, the most common server used on internal networks today remains the file server, a central repository that stores files for a workgroup. These stalwarts have been connecting users to their files seemingly since before time began. Whether in a home, school, or business, file sharing is often the impetus for setting up a server.
OS X Server’s File Sharing service offers a number of file sharing protocols, including AFP, SMB, and WebDAV (the sidebar just ahead explains these File Sharing Protocols).
By default:
- File Sharing has some built-in shared folders, but not all environments require them. I recommend that you remove the built-in shared folders and add your own.
- Each shared folder can make its files available via AFP, SMB, and WebDAV, or any combination thereof.
- Each shared folder has permissions that Apple provides. These permissions will work in some cases, but you may need to modify them to meet your particular needs.
The basic steps to set up a file server are to Remove Default Shared Folders, Create a New Shared Folder as needed, Configure Permissions for each shared folder, and finally Enable File Sharing. Because file sharing is the most mature service in OS X Server, it’s also one of the easiest to manage. When you’re done setting it up, you’ll want close the loop on file sharing by having your clients Connect to Shared Folders.
Remove Default Shared Folders
Exactly which default shared folders will have been created for you depends on what you’ve done previously. For instance, the Groups shared folder appears if you selected the “Give this group a shared folder” checkbox in Add a Group. You might also see a Public folder and one called Backups, if you’ve enabled Time Machine Server.
The default file sharing configuration won’t work for everyone, because you don’t get to say where the default shared folders actually live on your server’s drive. Therefore, before we do anything else, let’s remove the unnecessary default shared folders, after which you can create new ones that do exactly what you want.
In the Server app, select File Sharing from the Services category in the sidebar. The File Sharing pane appears at the right, showing a list of available shared folders as in Figure 31.
Figure 31: To get started with File Sharing, remove unnecessary default shared folders.
In our example, we’ll remove the built-in Groups shared folder. To do so, in the Shared Folders list, select Groups and click the minus button. A confirmation dialog appears (Figure 32). Click Remove.
Figure 32: Server asks for confirmation if you try to disable a built-in shared folder.
Create a New Shared Folder
Now that you’ve cleaned up the default shared folders, it’s time to create one or more new shared folders. As an example, let’s assume that you have a large external hard drive sharing files for members of your household, or perhaps for a small department at work.
To create the shared folder:
- In the Finder, on the server computer, make a folder for the shared folder. You may also want to create subfolders within it to pre-populate the hierarchy.
Make sure the location where you create the folder is on a drive with plenty of room for future files and is backed up regularly. If you followed my recommendation in Storage and used a relatively small partition or drive to hold OS X and applications, then you’d want your shared folder to be on a larger drive or volume.
- In the Server app, from the File Sharing pane, click the plus button.
- In the file dialog that appears, browse to the location of your shared folder, Family in Figure 34, and then click the Choose button.
Figure 34: Find the shared folder and then click Choose.
- Back in the File Sharing pane, double-click the new shared folder (Family in this example).
- On the configuration screen for the shared folder (Figure 35), the text that appears in the Name field is the name of the folder you just selected, but you can edit it to adjust how it appears to users if you like.
Figure 35: Specify how the new shared folder will work.
- In the Settings checkboxes, enable just those file sharing protocols that your users need, as explained earlier in File Sharing Protocols.
If you enable guest access, then anyone can connect without entering account credentials.
- When you’re done, click OK to save your changes.
Server creates your new shared folder. Your next step is either to set up custom permissions for the shared folder, if needed, or to turn on File Sharing. I cover each option just ahead.
The specific permissions that are assigned to a shared folder vary based on where in the filesystem the folder was created, so it’s important to look at the permissions and make sure the correct users and groups have the appropriate access to the folder. You may also want to restrict access to particular subfolders within the shared folder.
Here are some examples of how you can use permissions:
- Home: A parent might allow children read-only access to a shared folder containing media. That way, nothing can be deleted accidentally by a child. Or parents might store legal and financial documents in a shared folder where children don’t even have accounts.
- School: Each student might need read/write access to a private folder but only write access to a folder where homework is handed in.
- Business: The human resources department might want a shared folder that most employees can’t view, while the marketing department might have read/write access to a shared folder that holds logos, brochures, and product descriptions. That same marketing shared folder might be available on a read-only basis to the rest of the company so that employees can distribute marketing materials.
To specify permissions:
- In Server, open the File Sharing pane and double-click the shared folder’s entry in the Shared Folders list.
- Examine the left column in the Access panel to verify that the correct users and groups have access. To add a user or group, click the plus button and enter the name or choose Browse from the menu that pops up once you start typing (Figure 36). Or, to delete a user or group, select it and click the minus button.
Figure 36: Click the plus button to activate a new entry in the Access panel.
- Work with the pop-up menus on the right side of the Access panel to set what each user or group may do when accessing the shared folder: Read & Write, Read Only, Write Only.
- Click OK to save your changes.
You can also limit who has access to folders within the shared folder, as you might do with a folder that contains sensitive or private items like accounting or grades. If these more granular permissions are required, follow these steps, which take place in a different part of Server’s interface:
- Click the name of the server in the sidebar and then click the Storage button.
- Using the expansion triangles or column browser (switch with the View buttons), browse to and select a subfolder, click the gear pop-up menu, and choose Edit Permissions.
- In the dialog that appears (Figure 37), use the plus and minus buttons to add or remove users or groups from this folder, and choose your desired permissions from the pop-up menus at the right.
Figure 37: Manage permissions for a subfolder within a shared folder.
- When you’re done, click OK.
- If you need to specify permissions for additional subfolders, repeat the appropriate steps above.
Enable File Sharing
Although it’s okay to come back later and modify your File Sharing setup, before you turn on file sharing you should do the things in this list so you aren’t inadvertently exposing anything sensitive:
- You’ve deleted or removed permissions from any default shared folders that you don’t need.
- You’ve created any new shared folders that you need.
- For each shared folder, you’ve ensured that it’s using only the necessary file sharing protocols (that is, AFP, SMB, and WebDAV).
- For each shared folder, you’ve configured the appropriate permissions.
With all of the above taken care of, select File Sharing in the sidebar and click the ON button (at the upper right) to start the File Sharing service.
Connect to Shared Folders
Now that you’ve turned on File Sharing, it’s time to help users connect to shared folders.
To connect to a shared folder from the Mac Finder:
- Choose Go > Connect to Server (Command-K).
- In the Connect to Server dialog, users can type the name or IP address of your server, but they may prefer to click Browse to view servers available on the network in a Finder window, or work with the Favorite Servers list or the Recent pop-up menu.
If your shared folder is accessible via multiple file sharing protocols, specify which should be used by prefixing the name or IP address in the Server Address field with afp://
, smb://
, or webdav://
, as Figure 38 shows with AFP.
Figure 38: You can connect to a shared folder by IP address or by clicking the Browse button to locate it in a Finder window.
- Click Connect.
- If the Mac asks for authentication information (Figure 39), which it will unless the credentials have already been stored in the user’s keychain, leave the Registered User radio button selected and enter the username and password that you set up for that user in directory services (see Work with Users).
Figure 39: Enter the user’s credentials when prompted.
After the user enters a username and password, if he selects the checkbox “Remember this password in my keychain,” the next time he connects he won’t have to authenticate. (Needless to say, remembering the password generally makes things easier.) Click Connect.
- If you’ve created multiple shared folders, a list of available shared folders appears in a dialog (Figure 40). You can select one or more by Command-or Shift-clicking. Click OK to mount them.
Figure 40: Select one or more shared folders to mount.
The shared folder (or folders) can now be accessed through the Shared category in the sidebar of any Finder window, in the hidden /Volumes
directory, and in Open and Save dialogs. Plus, the shared folder works just like any other local folder when it comes to making an alias or adding it to the Finder window’s sidebar or toolbar.