File Sharing

Despite the popularity of file sharing services like Dropbox, the most common server used on internal networks today remains the file server, a central repository that stores files for a workgroup. These stalwarts have been connecting users to their files seemingly since before time began. Whether in a home, school, or business, file sharing is often the impetus for setting up a server.

OS X Server’s File Sharing service offers a number of file sharing protocols, including AFP, SMB, and WebDAV (the sidebar just ahead explains these File Sharing Protocols).

By default:

  • File Sharing has some built-in shared folders, but not all environments require them. I recommend that you remove the built-in shared folders and add your own.
  • Each shared folder can make its files available via AFP, SMB, and WebDAV, or any combination thereof.
  • Each shared folder has permissions that Apple provides. These permissions will work in some cases, but you may need to modify them to meet your particular needs.

The basic steps to set up a file server are to Remove Default Shared Folders, Create a New Shared Folder as needed, Configure Permissions for each shared folder, and finally Enable File Sharing. Because file sharing is the most mature service in OS X Server, it’s also one of the easiest to manage. When you’re done setting it up, you’ll want close the loop on file sharing by having your clients Connect to Shared Folders.

Note: If you haven’t already created the necessary local network users and groups that will need access to shared folders, go back and turn on Directory Services and then Work with Users and Work with Groups in that chapter as needed.

File Sharing Protocols

OS X Server’s File Sharing service offers three different file sharing protocols, each focused on a different environment.

  • AFP: Apple Filing Protocol, as the name suggests, is an Apple-created file sharing protocol. Traditionally, if you’re sharing files to Mac clients, you’ll want to enable AFP for your shared folders.
  • SMB: SMB (Server Message Block) is the predominant file sharing protocol in the Windows world. If you have Windows clients on your network, you’ll want to enable SMB for your shared folders. Macs can access SMB shared folders too, and SMB now appears to be used preferentially by Mac clients running Mavericks as well.
  • WebDAV: Created with the goal of making the Web read/write instead of just read-only, WebDAV (Web Distributed Authoring and Versioning) is a more modern file sharing protocol that is most used by iOS apps. The main reason to enable WebDAV is for specific iOS apps that require it. The OS X Finder does support WebDAV, but it’s a clunky way to access shared folders.

You can enable multiple protocols for each shared folder. For example, you could have iOS devices and Windows computers accessing the same shared folder through WebDAV and SMB respectively.

Remove Default Shared Folders

Exactly which default shared folders will have been created for you depends on what you’ve done previously. For instance, the Groups shared folder appears if you selected the “Give this group a shared folder” checkbox in Add a Group. You might also see a Public folder and one called Backups, if you’ve enabled Time Machine Server.

The default file sharing configuration won’t work for everyone, because you don’t get to say where the default shared folders actually live on your server’s drive. Therefore, before we do anything else, let’s remove the unnecessary default shared folders, after which you can create new ones that do exactly what you want.

Warning! If the Backups shared folder or another folder with a Time Machine logo on it appears, do not remove it, since Time Machine Server relies on specific shared folders in the File Sharing service!

In the Server app, select File Sharing from the Services category in the sidebar. The File Sharing pane appears at the right, showing a list of available shared folders as in Figure 31.

**Figure 31:** To get started with File Sharing, remove unnecessary default shared folders.

Figure 31: To get started with File Sharing, remove unnecessary default shared folders.

In our example, we’ll remove the built-in Groups shared folder. To do so, in the Shared Folders list, select Groups and click the minus button. A confirmation dialog appears (Figure 32). Click Remove.

**Figure 32:** Server asks for confirmation if you try to disable a built-in shared folder.

Figure 32: Server asks for confirmation if you try to disable a built-in shared folder.

Disabling Protocols Instead of Deleting Shared Folders

If you’re uncomfortable with deleting these default shared folders, you can instead disable them by removing access to all the file sharing protocols. To do so, for example, double-click Public and then, in the Settings area, make sure all the checkboxes are deselected, as shown in Figure 33.

_**Figure 33:** You can disable a folder’s sharing capability by unchecking all of its Settings checkboxes._

Figure 33: You can disable a folder’s sharing capability by unchecking all of its Settings checkboxes.

When you’ve deselected all the checkboxes, click the OK button to save your changes.

More generally, it’s a good security practice to share files only over the protocols you need for accessing them. You can always enable other protocols at a later date by simply checking a box here.

Create a New Shared Folder

Now that you’ve cleaned up the default shared folders, it’s time to create one or more new shared folders. As an example, let’s assume that you have a large external hard drive sharing files for members of your household, or perhaps for a small department at work.

To create the shared folder:

  1. In the Finder, on the server computer, make a folder for the shared folder. You may also want to create subfolders within it to pre-populate the hierarchy.

    Make sure the location where you create the folder is on a drive with plenty of room for future files and is backed up regularly. If you followed my recommendation in Storage and used a relatively small partition or drive to hold OS X and applications, then you’d want your shared folder to be on a larger drive or volume.

    Tip: It’s totally fine to specify the shared folder as the top level of a hard drive, if you want to share the entire volume.

  2. In the Server app, from the File Sharing pane, click the plus button.
  3. In the file dialog that appears, browse to the location of your shared folder, Family in Figure 34, and then click the Choose button.
    **Figure 34:** Find the shared folder and then click Choose.

    Figure 34: Find the shared folder and then click Choose.

  4. Back in the File Sharing pane, double-click the new shared folder (Family in this example).
  5. On the configuration screen for the shared folder (Figure 35), the text that appears in the Name field is the name of the folder you just selected, but you can edit it to adjust how it appears to users if you like.
    **Figure 35:** Specify how the new shared folder will work.

    Figure 35: Specify how the new shared folder will work.

  6. In the Settings checkboxes, enable just those file sharing protocols that your users need, as explained earlier in File Sharing Protocols.

    If you enable guest access, then anyone can connect without entering account credentials.

    Note: If you select “Make available for home directories over” and choose the appropriate protocol from the pop-up menu, the shared folder becomes available as a network home folder directory location for those using portable home directories. As noted back in Other Home Folder Choices, portable home folders are beyond the scope of this book.

  7. When you’re done, click OK to save your changes.

Server creates your new shared folder. Your next step is either to set up custom permissions for the shared folder, if needed, or to turn on File Sharing. I cover each option just ahead.

Create a WebDAV Share for iOS Users

Another common use for shared folders is to provide a central repository where iPhone and iPad users can store files on your server. For that, you’d want to follow the steps above, but when it comes time to select protocols, be sure to select Share over WebDAV. Obviously, enabling WebDAV is helpful only if the iOS apps your users rely on support WebDAV, but in iOS, WebDAV support is more common than support for AFP or SMB.

Configure Permissions

The specific permissions that are assigned to a shared folder vary based on where in the filesystem the folder was created, so it’s important to look at the permissions and make sure the correct users and groups have the appropriate access to the folder. You may also want to restrict access to particular subfolders within the shared folder.

Here are some examples of how you can use permissions:

  • Home: A parent might allow children read-only access to a shared folder containing media. That way, nothing can be deleted accidentally by a child. Or parents might store legal and financial documents in a shared folder where children don’t even have accounts.
  • School: Each student might need read/write access to a private folder but only write access to a folder where homework is handed in.
  • Business: The human resources department might want a shared folder that most employees can’t view, while the marketing department might have read/write access to a shared folder that holds logos, brochures, and product descriptions. That same marketing shared folder might be available on a read-only basis to the rest of the company so that employees can distribute marketing materials.

To specify permissions:

  1. In Server, open the File Sharing pane and double-click the shared folder’s entry in the Shared Folders list.
  2. Examine the left column in the Access panel to verify that the correct users and groups have access. To add a user or group, click the plus button and enter the name or choose Browse from the menu that pops up once you start typing (Figure 36). Or, to delete a user or group, select it and click the minus button.
    **Figure 36:** Click the plus button to activate a new entry in the Access panel.

    Figure 36: Click the plus button to activate a new entry in the Access panel.

  3. Work with the pop-up menus on the right side of the Access panel to set what each user or group may do when accessing the shared folder: Read & Write, Read Only, Write Only.
  4. Click OK to save your changes.

Understanding the Access Entries

The bottom three entries in the Access list correspond to the folder’s Unix owner, group, and world classes, and as such can’t be deleted. However, if you want to remove access, they each have a None option in the permissions pop-up menu.

Any entries above the bottom three are part of an access control list (ACL) and lack a None option because you should delete them if you want to remove access. The permissions pop-up menu for each of these ACL entries has the options Read and Write instead of Read Only and Write Only, but they mean the same thing.

You can also limit who has access to folders within the shared folder, as you might do with a folder that contains sensitive or private items like accounting or grades. If these more granular permissions are required, follow these steps, which take place in a different part of Server’s interface:

  1. Click the name of the server in the sidebar and then click the Storage button.
  2. Using the expansion triangles or column browser (switch with the View buttons), browse to and select a subfolder, click the gear pop-up menu, and choose Edit Permissions.
  3. In the dialog that appears (Figure 37), use the plus and minus buttons to add or remove users or groups from this folder, and choose your desired permissions from the pop-up menus at the right.
    **Figure 37:** Manage permissions for a subfolder within a shared folder.

    Figure 37: Manage permissions for a subfolder within a shared folder.

  4. When you’re done, click OK.
  5. If you need to specify permissions for additional subfolders, repeat the appropriate steps above.

Enable File Sharing

Although it’s okay to come back later and modify your File Sharing setup, before you turn on file sharing you should do the things in this list so you aren’t inadvertently exposing anything sensitive:

  • You’ve deleted or removed permissions from any default shared folders that you don’t need.
  • You’ve created any new shared folders that you need.
  • For each shared folder, you’ve ensured that it’s using only the necessary file sharing protocols (that is, AFP, SMB, and WebDAV).
  • For each shared folder, you’ve configured the appropriate permissions.

With all of the above taken care of, select File Sharing in the sidebar and click the ON button (at the upper right) to start the File Sharing service.

Connect to Shared Folders

Now that you’ve turned on File Sharing, it’s time to help users connect to shared folders.

To connect to a shared folder from the Mac Finder:

  1. Choose Go > Connect to Server (Command-K).
  2. In the Connect to Server dialog, users can type the name or IP address of your server, but they may prefer to click Browse to view servers available on the network in a Finder window, or work with the Favorite Servers list or the Recent pop-up menu.

    If your shared folder is accessible via multiple file sharing protocols, specify which should be used by prefixing the name or IP address in the Server Address field with afp://, smb://, or webdav://, as Figure 38 shows with AFP.

    **Figure 38:** You can connect to a shared folder by IP address or by clicking the Browse button to locate it in a Finder window.

    Figure 38: You can connect to a shared folder by IP address or by clicking the Browse button to locate it in a Finder window.

  3. Click Connect.
  4. If the Mac asks for authentication information (Figure 39), which it will unless the credentials have already been stored in the user’s keychain, leave the Registered User radio button selected and enter the username and password that you set up for that user in directory services (see Work with Users).

    Tip: If guest access has been enabled for the shared folder, a Guest radio button appears in the login dialog shown in Figure 39. To log in as a guest, select it; no username or password is necessary.

    **Figure 39:** Enter the user’s credentials when prompted.

    Figure 39: Enter the user’s credentials when prompted.

    After the user enters a username and password, if he selects the checkbox “Remember this password in my keychain,” the next time he connects he won’t have to authenticate. (Needless to say, remembering the password generally makes things easier.) Click Connect.

  5. If you’ve created multiple shared folders, a list of available shared folders appears in a dialog (Figure 40). You can select one or more by Command-or Shift-clicking. Click OK to mount them.
**Figure 40:** Select one or more shared folders to mount.

Figure 40: Select one or more shared folders to mount.

The shared folder (or folders) can now be accessed through the Shared category in the sidebar of any Finder window, in the hidden /Volumes directory, and in Open and Save dialogs. Plus, the shared folder works just like any other local folder when it comes to making an alias or adding it to the Finder window’s sidebar or toolbar.

Tip: If a user would like a shared folder to mount on startup, she can open the Users & Groups pane of System Preferences, click Login Items, and drag the icon for the shared folder from the Finder into the list of login items. Exactly when the shared folder mounts during startup isn’t entirely predictable, so it’s best not to have other login items rely on its presence.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset