Access privileges determine what users can do with the disks, folders, and files that you share. When you create a share point, you can set three levels of user access privileges to the share point.
Access privileges apply to all users–registered users, guests, and anonymous FTP users–no matter how they connect to the Web & File Server. Privileges do not apply to the AppleShare IP administrator.
Tip: The main administrator (named as the owner of the computer) can use his or her password to log on to a server as a user. This allows the administrator to examine the user's access privileges at any computer, without knowing the user's password.
This section tells you how to
Interpret access privileges
Read & Write, Read Only, Write Only, and None, explicit and adopted
privileges, and what users see
Interpret user categories
Owner, User/Group, and Everyone
Set explicit access privileges
Defining explicit access privileges for hard disks, CD-ROM discs,
and folders
Set adopted access privileges
Adopting the access privileges of the folder that contains a folder
Change access privileges of enclosed folders
Change privileges to match the folder that contains them
Access privileges determine what your registered users and guests
(including anonymous FTP users), and Web site visitors can do
with the data that you share. Following are the AppleShare IP
access privileges that you can assign to a shared item: Read & Write Read Only Write Only None
•
Allows a user to
•
open a shared item and see the folders (if any) it contains
•
see, open, and copy files within that folder
•
make changes to the contents of that folder (including creating,
deleting, moving, and modifying the files and folders within it)
•
Allows a user to
•
open a shared item and see the folders (if any) it contains
•
see, open, and copy files that are in the folder
•
Allows a user to
•
move files and folders into the shared area, but not see the area's
contents (also known as a drop box)
•
The user has no access to the shared item, and cannot open it,
see or change its contents, or add new folders or files to it.
Adopted versus explicit access privileges:
By default, shared hard disks and CD-ROM discs have "explicit"
access privileges–privileges you set by choosing access privileges
(above) for each of the user categories in the shared item's Privileges window.
A folder, by default, "adopts" its access privileges from the folder or disk that contains it. For example, if a disk has Read & Write privileges assigned, the folders and files on that disk will automatically adopt Read & Write privileges. However, you can explicitly set different access privileges for the folder.
The difference between explicit and adopted privileges for a shared item can be illustrated as follows:
A has no explicit privileges. It adopts the privileges of Folder
1, in which it is enclosed.
When A is moved to Folder 2, its privileges change to match those
of Folder 2.
B has explicit privileges, independent of the folder in which
it is enclosed.
When B is moved, its explicit privileges don't change.
IMPORTANT: Once you assign access privileges to folders, you need to make backups using a utility designed to copy and restore invisible files. When the Finder copies folders within a share point, it does not copy the folders' access privileges. Depending on your backup utility, you may need to make the invisible AppleShare PDS file visible before backing up.
What users see:
A user of AppleShare Client software can set access privileges
for a folder that he or she owns by selecting the folder and choosing
Sharing from the Finder's File menu. Windows file sharing users
can set folder properties, but not privileges.
If the client computer is using Mac OS 8.0 or later, the sharing privileges that users see are the same as the privileges you set in AppleShare IP.
If the client computer is using system software 7.6 or earlier, the sharing privileges are slightly different. If the user selects access privileges that cannot be directly translated into AppleShare IP 6.2 privileges, the Web & File Server applies the most secure subset of the access privileges that the user has chosen.
The following list shows how the Web & File Server responds to access privileges set using system software version 7.6 or earlier:
If user sets
Web & File Server sets
See folders, See files, Make changes
Read & Write
See folders, See files
Read
See folders
None
See folders, Make changes
Write Only
See files
None
See files, Make changes
Write Only
Make changes
Write Only
You assign a share point's access privileges in three user categories.
Note: The icons shown below are examples. You may see other icons depending on the user assigned to each category.
The categories are Owner User/Group
•
By default, the main administrator (named as the owner of the
computer) owns all volumes connected to that computer and the
folders they contain, and has read and write access privileges
to shared items on that computer.
The owner can change any access privileges at any time.
A registered user who places a new folder on the Web & File Server
is its owner, and can set access privileges for the Owner, User/Group,
and Everyone categories.
Note: In the example above, an administrator icon is used to describe
the owner.
•
or
The access privilege for this category determines whether this
registered user or group can open folders or read and write files
on the shared item.
A user or group that has access to a shared item through this
category cannot change the item's access privileges.
•
Everyone
(no icon)
Refers to all users who can log on to the Web & File Server as
registered users, guests, anonymous FTP users, or Web visitors
without a password.
The access privileges for this category determine whether users
who log on in these ways can open folders or read and write files
on the shared item.
To make a hard disk, CD-ROM disc, or folder accessible to all
registered users but no one else, perform these tasks in the following
order: disable guest access for all services, disable anonymous FTP, assign None to the User/Group category, and assign Read Only,
Write Only, or Read & Write privileges to the Everyone category
(as described in Setting access privileges).
You cannot assign more than one access privilege to a user or user category. If a user is included in more than one user category, the following rules apply: owner privileges override group privileges, and group/registered user privileges override privileges assigned to the category Everyone.
For example, when a user is both the owner and a member of the group for a shared item, the user's ownership access overrides his or her group access.
Controlling access by unregistered users:
If you want users who aren't registered to visit your Web site
or use anonymous FTP service, AppleShare services, or Windows
file sharing, you need to turn on guest access. Because no password
is required to log on as guest or to use anonymous FTP service,
these users pose a security risk.
You can control unregistered user access by sharing individual
folders (instead of an entire disk) and by taking the following
steps to control access to shared folders:
•
For those folders that you do not want to be accessed by users
who log on as guest or anonymous FTP, assign the None privilege
to the Everyone category and assign an appropriate user or group
to the User/Group category.
•
For the shared folder that contains files you want to make available
to guest and anonymous users, assign to the Everyone category
the Read & Write, Read Only, or Write Only privilege, as appropriate.
•
Make sure that Read Only access is set for the Everyone category
for the folder that contains your Web site files. This prevents
unauthorized users from modifying your Web site files and installing
and running CGI applications that may damage your software.
You can define explicit access privileges for a share point to specify what registered, guest, anonymous FTP, and Web users can do with the information it contains.
Note: For information about adopted versus explicit access privileges, see Adopted versus explicit access privileges.
To set explicit access privileges for a hard disk, CD-ROM disc,
or folder, follow these steps: Click the File server button.
1
Log on to AppleShare IP Remote Admin.
2
3
Click the Disks & Share Points button.
4
In the Disks & Share Points list, click the disk or folder to
which you want to assign explicit access privileges.
To display an item's contents, click the item.
5
To set privileges for the selected item, click Set Privileges.
6
In the window that appears, click "Set privileges for this item."
For information about these categories, see Interpreting user categories.
7
In the Set Privileges section, choose new access privileges from
the Owner, User/Group, or Everyone pop-up menu.
8
To change the user or group assigned to a category, select the
current user or group name, then type a new user or group name.
To remove a user or group from the User/Group area, select the
name and press the Delete key.
With the exception of the owner and the user or group assigned
to the User/Group category, anyone who logs on or visits your
Web site will have the privileges that you assign to the Everyone
category.
9
Click the Save button.
You can set a folder to adopt the access privileges of the folder
that contains it. Adopted access privileges have the following
characteristics:
•
If you change the access privileges of the enclosing share point,
item with adopted access privileges automatically change to match.
•
If you move a folder with adopted access privileges to another
share point, the folder takes on the privileges of the new share
point, including the Owner and User/Group categories for the share
point.
For more information, see Adopted versus explicit access privileges.
To set a folder to adopt the access privileges of its enclosing
folder, follow these steps: Click the File server button.
1
Log on to AppleShare IP Remote Admin.
2
3
Click the Disks & Share Points button.
4
In the Disks & Share Points list that appears, click the folder
containing the item that will adopt access privileges.
To display an item's contents, click the item.
5
Click Set Privileges.
6
In the window that appears, select the "Use enclosing item's privileges"
button.
7
Click the Save button.
If you explicitly change a folder's access privileges, you can set the access privileges of all enclosed folders to match. This procedure isn't necessary for disk share points, because their folders adopt the share point's privileges automatically.
To have enclosed folders adopt the privileges of the selected
folder, follow these steps: Click the File server button.
1
Log on to AppleShare IP Remote Admin.
2
3
Click the Disks & Share Points button.
4
In the Disks & Share Points list that appears, click the folder
that will adopt access privileges.
To display an item's contents, click the item.
5
Click Change Enclosed Privileges.
6
In the message that appears, click Change.
Table of contents