Sharing Your Files | Mac OS X Bible, Panther Edition

The beginning of this Chapter explains how to access files that other computers are sharing. This section of the Chapter explains how to do the opposite: to make your files available for other people to access. First, you plan for file sharing and identify your computer on the network. Next, you start the file-sharing feature in Mac OS X, and then you can make files available for sharing and create user accounts for people you want to have greater access to your files. For folders that contain shared files, you can restrict the type of access some people have.

Using file sharing in a small network allows all or some of the computers on that network to function as both personal computer and file server, saving the cost and space of a dedicated machine functioning as a server.

Planning for file sharing

The personal file-sharing capabilities of Mac OS X make sharing items across a network surprisingly easy but not without some cost. This section discusses the capabilities and limitations of Mac OS X file sharing to help you decide in advance whether it meets your needs. The alternative to file sharing is a dedicated, centralized file server.

Deciding between distributed or centralized file sharing

Your network can implement file sharing in a distributed or centralized fashion. With distributed file sharing, also known as peer-to-peer file sharing, each computer makes files, folders, and disks available to other computers on the network. While your computer shares your files with other computers, you are free to use your computer for other tasks. The price you pay for making files from your computer available does lead to a reduced performance of your computer while other computers are accessing it. In addition, Mac OS X file sharing limits the number of people that can share the same folder or disk at the same time, making file sharing unsuitable for serving files to large numbers of computers.

By contrast, a network with centralized file sharing dedicates one computer (or more) to providing file-sharing services. The file sharing occurs between the centralized computer and the individual computers, not between the individual computers themselves. The dedicated computer runs file server software, such as Apple’s Mac OS X Server, enabling the computer to serve files to a large number of other computers. A dedicated file server needs to be fast and needs to have one or more large hard disks. Although the underpinnings are the same in both Mac OS X Client and Mac OS X Server, the huge difference lies in the management tools that OS X Server provides. Mac OS X Server costs $499 for up to 10 simultaneous users, or $999 for an unlimited number of users. If you purchase an XServe, Apple’s specially designed enterprise level rack-mountable server, OS X Server is included with the hardware purchase.

Although Mac OS X Client file-sharing capabilities are designed for distributed file sharing, you can use file sharing on a dedicated computer to create a file server for a small network. Folders or entire hard disks on that file-server computer can be made available to other computers on the network as described in the remainder of this Chapter. (Going forward, any mention of “Mac OS X” is referring to the client [the one that ships on your Mac] version. The server version is specifically referenced as “Mac OS X Server.”)

The problem with such a file server is its performance. Mac OS X assumes someone is using the dedicated computer for more than sharing files. As a result, Mac OS reserves more than 50 percent of the dedicated computer’s processing power for tasks other than file sharing and runs the file-sharing activities at a lower priority than other tasks.

Mac OS X Server

The newest solution from Apple for centralized serving is Mac OS X Server. This server package, built on the Unix underpinnings of Mac OS X, offers Apple File Services support as well as sharing of many Ethernet-capable PostScript printers. Designed as a full-service Web, Internet, mail, and network server as well as an Apple File Services server, Mac OS X Server offers impressive performance and capabilities. One of those capabilities called NetBoot actually allows most late-model Macs to start up from the Mac OS X server machine, making it possible for a room full of such Macs to receive their system software and applications from a centralized server. You can choose to boot from a Network Startup volume in the Startup Disk pane of System Preferences. Another impressive capability is OS X Server’s client management, offering individualized control over the user environments of the clients that connect to it, through the use of its NetInfo databases and Directory Services.

Centralized disk storage reduces the amount of local disk storage required by each networked computer while providing a way for people who work together to share information. People can store files on the server’s disks where other people can open or copy them. Many people can access the server’s disks and folders simultaneously, and new files become available to everyone instantly. Unlike the file sharing provided by Mac OS X, no one uses the server’s computer to do personal work because it is dedicated to providing network services. Conversely, your computer is not burdened when someone else on the network accesses one of your shared items on the AppleShare server’s disks.

A centralized file server is set up and maintained by a trained person called a network administrator. Mac OS X Server includes organizational, administrative, and security features to manage file access on the network. The network administrator does not control access to folders and files on the server’s disks; that is the responsibility of each person who puts items on the disks.

The Mac OS X Server software runs on any Macintosh that came with built-in USB ports, as long as there is a minimum of 256 MB RAM and 2.5 GB free on the hard drive. These are however, the bare minimum requirements. OS X Server is quite RAM hungry, and the more you give it, the happier it is. Beige G3s are no longer supported in 10.3 Server.

Guidelines for file sharing

These guidelines and tips for sharing folders and disks help optimize file sharing and help prevent problems:

To share a Write-only folder (a drop box), it must be inside another shared folder that has read permission.
The greater the number of accessed shared folders, the greater the memory and processing demands on your computer. Too many sharing connections slow your system to a crawl.
Check or review any applicable licensing agreements before sharing programs, artwork, or sounds. Often, licensing agreements or copyright laws restrict use of such items to a single computer.
Select a single computer and dedicate it to acting as a file server for the shared information. Create an ordinary user account (not an administrator account) on this computer for everyone to use when connecting for file sharing. Everyone who connects for file sharing with this account’s name and password has access to the contents of the account’s home folder. This method is often the most efficient way to share numerous files or to share folders with several users simultaneously.
Use a router rather than a hub if your network has a DSL or cable modem connection to the Internet and each network computer has a public IP addressed assigned by your ISP. If you use a hub, network traffic from one machine travels to another machine on your network via your ISP. In addition to upsetting most ISPs, this can result in significant performance degradation. This situation does not occur if the computers on your network have private IP addresses and your network has an Internet connection that shares a public IP address among the network computers.

Identifying your computer

Before your Mac can share files, it requires a network identity. There are two components to a network identity:

Computer name: You establish the computer name in the Services tab of the Sharing pane of System Preferences, as shown in Figure 10-21.
Computer IP address: The current IP address is also displayed in Sharing preferences (only is file sharing is enabled) but is established or changed in the Network pane of System Preferences.

Tip

After you have your settings the way you want them in Sharing preferences and Network preferences, you may want to click the lock button to prevent accidental changes. You are asked for your password to unlock the settings if you want to make changes later.

Turning file sharing on and off

After you establish your computer’s network identity in Sharing preferences, and Network preferences if necessary, you are ready to turn on file sharing in the same Sharing preferences window. You don’t need to turn on file sharing to access files from other computers, for example by using the Finder’s Go Connect to Server command. However, you do need to turn on file sharing to allow users of other network computers to access the shared files on your computer. If some other computer users need to access your shared files via the AppleTalk protocol, you also need to turn on this protocol in Network preferences.

Unlike previous versions of Mac OS (Versions 9.2.2 and earlier), simply turning on file sharing does not significantly slow down your Mac OS X computer. You may, however notice your computer performing more slowly while other computers are opening or copying your shared files. During this activity, your attempts to open, save, or copy files as well as network activities of your own take a bit longer.

Starting and stopping file sharing

To start file sharing, simply check the On box to the left of Personal File Sharing in the services list. The right side of the preference pane will change to tell you that file sharing is starting up, and then it will change to say that it is turned on. Uncheck the box to stop personal file sharing. Alternatively, you can select the service, Personal File Sharing, from the list, and click on the button on the right-hand side to start file sharing, and click on the same button to stop file sharing after it has started. You can turn FTP access on as well as the capability for Windows users to access your Mac files by the same processes as for personal file sharing.

Enabling file sharing via AppleTalk

Mac OS X normally uses the TCP/IP protocol for file-sharing services, but it can also use the AppleTalk protocol simultaneously. If some other computer users need or prefer to use the AppleTalk protocol for file sharing, you can configure Mac OS X to use it. You turn on AppleTalk in the Network pane of System Preferences, as described in Chapter 18.

click to expand
Figure 10-21: The Sharing preference pane.

Sharing with Microsoft Windows

For whatever reasons, far more people use Windows PCs than all other personal computers combined. Because the Windows PC is the lowest common denominator, other operating systems need to be able to coexist — something the Mac operating system has done well for quite some time. Not only can Mac OS X read and write PC-formatted disks, use Windows-format fonts, and share many hardware peripherals with Windows PCs, but it can also share files with Windows PCs. You can also enable SMB/CIFS file sharing by choosing to turn on Windows File Sharing in the Services tab of the Sharing pane of System Preferences.

Identifying who can connect for file sharing

In Mac OS X, unlike Mac OS 9 and earlier, you do not create users, groups, and passwords specifically for file sharing. In Mac OS X, the user accounts that are created in the Accounts preference pane are the same user accounts that people log into your Mac for accessing file sharing services. As soon as you turn file sharing on, any administrator level user will have full access to the hard drive, as well as his or her user folder. As long as file sharing is on, anyone will be able to log in as a guest and have access to every users public folder.

Mac OS X automatically puts all administrator users in groups named wheel and admin. All users who have login accounts, including administrators, are automatically members of a group named staff.

Designating your shared items

Inside every user account’s home folder is a Public folder. By default, the Public folder is a Read-only folder for all users, that is, anyone can copy an item from the folder, but cannot copy anything to the folder. Within the Public folder, by default, is a Drop Box folder. The Drop Box folder is a Write-only folder for all users. This means that users can copy information to the drop box, but do not have access to anything inside of it, and therefore cannot take items from it. If you want to share items among any user, place them in the Public folder. People who give items to you place them in your Drop Box folder.

Caution

A user gains access to your entire hard drive and other volumes by connecting for file sharing as an administrator of your computer. For obvious security reasons, be very careful who you allow to connect to your computer for file sharing as an administrator. Ensure that user accounts created on your computer solely for file sharing purposes are not administrator accounts. For each of these accounts, the option in Users pane of your System Preferences that allows the account to administer Mac OS X on your computer should be turned off.

If you want to share more folders on your computer, you can create login accounts on your computer specifically for file-sharing users. When people connect to your computer for file sharing with one of these accounts, they can access everything in the account’s home folder. If you want to put items in this home folder, you must log in using the account name and password. Then you can copy items into the account’s home folder. Thereafter, other users can access the items in this home folder by connecting for file sharing with the account’s name and password.

A special folder called Shared exists in the Users folder in Mac OS X. All registered users of a Mac OS X machine have access to this folder. If you want to make items accessible to all users of the machine but not to guests, place them in the Shared folder that is in the Users folder.

Setting specific access privileges

This section explains how to use the Finder’s Info window to set separate access privileges for the owner, owner’s group, and everyone else.

You set access privileges for a folder or volume in its Get Info window. Select a folder or volume in the Finder and Choose File Get Info (z-I) to display the Info window. (z-Option-I brings up the inspector window that will show information for whatever is selected in the Finder.) By default, the ownership and permissions section is partially disclosed, and a summary of the privileges that you have are displayed, which are usually read and write. Clicking the disclosure triangle next to the word “Details:” brings down the full permissions area, giving you the option to set privileges for owner, for group, and for everyone. (See Figure 10-22.)

click to expand
Figure 10-22: Each of your files and folders can have different privilege levels in three user categories.

As discussed in Chapter 4, each file and folder in Mac OS X can have different access privileges for three user categories: Owner, Group, and Others. Anyone connecting to your Mac without a name and password falls into the Others category. Even if a person connects with the name and password of a login account on your computer, this person falls in the Others category for every file and folder unless they are either the owner of the file or part of the owner’s group.

You can set one of four privilege levels for each user category in the access privileges pop-up menus:

Read & Write: Permits users to open and copy the file or folder. In the case of a folder, users can also see enclosed files and folders and can put items into the folder. In the case of a file, users can also make changes to the file.
Read only: Permits users to open and copy the file or folder. In the case of a folder, users can see also enclosed files and folders.
Write only (drop box): Permits users to put files and folders into the folder, but does not allow users to open the folder. (Files can’t have Write-only permission.)
None: This level denies access to the file or folder. Users can see the item but can’t open it or change it.

Note

To establish Write-only access to a folder, you must give the person or group Read privileges or Read & Write privileges to the folder containing the folder. For example, your Public folder has Read-only privileges for Others. Inside the Read-only Public folder is a folder named Drop Box, which has Write-only privileges for Others. Other users couldn’t access the Drop Box folder if you put it inside another folder with Write-only privileges. That would defeat the purpose.

The Owner privileges must be at least as broad as the Group privileges, and the Group privileges must be at least as broad as the Others privileges. In other words, if you give Others Read & Write privileges, then both the Group and the Owner are automatically set to Read & Write.

If you wish to set the same privileges for all folders enclosed within the current folder, click the Apply to enclosed items button. Remember that this is an all-or-nothing operation.