Apple mac os x server 10.3 手册
14
Chapter 1
About File Services
Security Considerations
Security of your data and your network is critical. The most effective method of
securing your network is to assign appropriate privileges for each file, folder, and share
point as you create it.
securing your network is to assign appropriate privileges for each file, folder, and share
point as you create it.
Be careful when creating and granting access to share points, especially if you’re
connected to the Internet. Granting access to Everyone, or to World (in NFS service),
could potentially expose your data to anyone on the Internet.
connected to the Internet. Granting access to Everyone, or to World (in NFS service),
could potentially expose your data to anyone on the Internet.
NFS share points don’t have the same level of security as AFP and SMB, which require
user authentication (typing a user name and password) to gain access to a share point’s
contents. If you have NFS clients, you may want to set up a share point to be used only
by NFS users.
user authentication (typing a user name and password) to gain access to a share point’s
contents. If you have NFS clients, you may want to set up a share point to be used only
by NFS users.
Restricting Access for Unregistered Users (Guests)
When you configure any file service, you have the option of turning on guest access.
Guests are users who can connect to the server anonymously without entering a valid
user name or password. Users who connect anonymously are restricted to files and
folders with privileges set to Everyone.
Guests are users who can connect to the server anonymously without entering a valid
user name or password. Users who connect anonymously are restricted to files and
folders with privileges set to Everyone.
To protect your information from unauthorized access, and to prevent people from
introducing software that might damage your information or equipment, you can take
these precautions using the Sharing module of Workgroup Manager:
introducing software that might damage your information or equipment, you can take
these precautions using the Sharing module of Workgroup Manager:
•
Share individual folders instead of entire volumes. The folders should contain only
those items you want to share.
those items you want to share.
•
Set privileges for Everyone to None for files and folders that guest users shouldn’t
access. Items with this privilege setting can be accessed only by the item’s owner or
group.
access. Items with this privilege setting can be accessed only by the item’s owner or
group.
•
Put all files available to guests in one folder or set of folders. Assign the Read Only
privilege to the Everyone category for that folder and each file within it.
privilege to the Everyone category for that folder and each file within it.
•
Assign Read & Write privileges to the Everyone category for a folder only if guests
must be able to change or add items in the folder. Make sure you keep a backup
copy of information in this folder.
must be able to change or add items in the folder. Make sure you keep a backup
copy of information in this folder.
•
Check folders frequently for changes and additions and use a virus-protection
program regularly to check the server for viruses.
program regularly to check the server for viruses.
•
Disable anonymous FTP access using the FTP service settings in Server Admin.
•
Don’t export NFS volumes to World. Restrict NFS exports to a subnet or a specific list
of computers.
of computers.
LL2346.Book Page 14 Friday, August 22, 2003 2:38 PM