krypted.com

Tiny Deathstars of Foulness

macOS Server 5.2/5.3 and below had this great file sharing service. And while the GUI elements are gone from the Server app in High Sierra, the options available in the client operating system have matured to the point where they’re no longer really necessary. You can still configure users and groups using the Server app, and once those are created, you’ll be ready to configure share points that can be accessed using the Sharing System Preferences.

Configure Sharing Through System Preferences
To access the sharing options, open System Preferences and click on File Sharing. First, we’ll configure the global options using the Options… button.

This brings up the ability to choose whether to share with AFP or SMB. Notice that FTP is gone and will need to be started from the command line. Check the box for each user that will be sharing files via Windows (unnecessary with OD-based users), and each protocol you’d like to share data as.

Next, we’ll configure share points. From the File Sharing entry in System Preferences, you’ll see a list of Shared Folders and Users. I like to remove everything the system adds by default. Then, use the + sign to add a add a new shared folder. 

Browse to the folder you’d like to share and then click on the Add button.

Once shared, configure the permissions of the folder. If you have the Server app, the best way to do this is to open the Server app, click on the name of the server, and then click on the Storage tab. From here, you can browse to a given share to configure ACLs.

From the cog wheel icon at the bottom of the screen, choose the Edit Permissions… button.

At the Edit Permissions screen, you can add additional users, and configure permissions more granularly than otherwise.


Once you make changes, you can use the same cog wheel icon to “Propagate Permissions.” Doing so will apply the same set of permissions on all child files. If you don’t have the server app, many of these same options will be available by doing a Get Info on a folder (which you can do with the Command-I keystroke, or with the File->Get Info menu item, within a standard Finder window.



Overall, there are fewer GUI options. And wwwwwaaaaaaayyyyyy fewer options, now that the serveradmin command line options are no longer available. But if there’s something you could do before that you can’t any more, let me know and I’ll add it (or a script to accomplish it) to this article.

Client Configuration
Once configured, you’ll want to connect to your server from a client. To connect to a share, use the Connect to Server dialog, available by clicking Connect to Server in the Go menu. A change that happened way, way back in Mavericks is that when you enter an address, the client connects over SMB by default (which is even better now that those connections can be encrypted). If you’d like to connect via AFP ‘cause you’re all old school, enter afp:// in front of the address and then click Connect.

Command Line Management
The File Sharing service can also be controlled from the command line. macOS also has the sharing command. Using this command you can programmatically inspect, create, delete and augment information for share points using sharing. 

To create a share point for AFP you can use the following command:

sharing -a <path> -A <share name>

So let’s say you have a directory at /Shares/Public and you want to create a share point called PUBLIC. You can use the following command:

sharing -a /Shares/Public -A PUBLIC

Now, the -a here will create the share for AFP but what if you want to create a share for other protocols? Well, -F does FTP (even though FTP is older than I am) and -S does SMB. Once created you can disable the share using the following command:

sharing -r PUBLIC

To then get a listing of shares you can use the following command:

sharing -l

September 26th, 2017

Posted In: Mac OS X, Mac OS X Server

Tags: , , , , , , ,

  • Michael Bierman

    Thanks for this.

    sharing -a /Shares/Public -F PUBLIC doesn’t seem to work for me. What am I missing?

    • Michael Bierman

      Actually looking at the man page, “-F” is no longer an option in High Sierra. 🙁

  • How do we start the FTP? I actually have it started under 5.3.1 will it automatically start on 5.4? I use it internally only for our printer. Thanks

  • Bob Giammanco

    File sharing is not working correctly. Users in different groups cannot access their shares since when you go to permissions, the Everyone permission is set to No Access (as it always has been). With 10.13, users are not able to access. Even if one creates a new group, users cannot gain access unless you change the permissions for Everyone, which of course, makes no sense. In addition, all users can see all shares, but if the Everyone permission is not changed, they cannot access it.

    (1) you do not want users seeing shares they cannot access…and (2) users cannot access shares they have been given permissions to access due to the Everyone permissions being set to No Access.

    I tested by also creating brand new shares under a brand new group, and Everyone is set to No Access by default – users who are put into a particular server group, cannot gain access to that share drive or any of the folders within it.

    I am not sure what to do other than stay on 10.12 until this is resolved.

    • Tim

      I had this problem too. The issue seems to be with how the Finder of the file sharing client handles permissions defined by access control lists (ACLs). I’ve reported the issue to Apple and it is being investigated.

      There are two work arounds; firstly the files are accessible via the terminal without any changes; secondly you can use basic unix owner and group permissions. So if you have a directory called Finance that is accessible to users within the Finance group set up on Open Directory you can go into terminal:

      sudo chown -R :finance /Groups/finance

      You can now set the privileges to Others to No Access.

  • wow, and it is posed almost like it’s a good thing that the functionality is ripped from Server. What kind of Linux ‘we like no GUI functionality’ bs is this? I am a Mac user. I use a Mac Mini server with a Lacie 4big as storage unit connected to it for my SMB needs. If I wanted crippled Linux bs, I would have gotten some lame ass Linux distribution.

  • Lee

    I think it was better under 10.11 and 10.12, File Sharing and permissions in the same app. This has gone back to the days of Mac OS 9. And of course, where is WEBDAVS/iOS?

  • This is the hugest head scratcher to me. I understand Apple in their seemingly infinite, omniscient, and by default omnipotent powers are declaring local Server based file sharing dead pushing us over a cliff to be saved by the magical cloud. The problem is that the cloud, while on paper the saving grace and the Beatles of new age storage, is more Yoko than John and Paul. I feel as though the Cloud has really inserted itself into any and all discussions of Apple based file storage as the defacto best way to do things and if you don’t like it, well… tough! The Cloud (perfectly honest the iPhone and iOS) has destroyed Apple’s focus on Enterprise, SOHO, and home local file sharing. For most of us including my work which has 500,000 desktops (I am the VP on Engineering) the Cloud isn’t always the answer nor is it the best method. In the case of my home computer I would like to install macOS Server on my MacBook Mid-2015 (which has a broken screen and is now my headless server), plug in my G-Tech GRAID, open the Server.app, setup my permissions, apply, and be done with it. The new method of implimentation has convoluted the process. Now I am noticing I set my shares up in the standard Sharing Pane in System Preferences (why the hell would you put your Sever based file storage preferences here that is stupid) which, is a completely seperate location from where I manage my serving and may also pose an issue when I am remotely managing via the Server.app on another machine. You set your Server shares up like you’re sharing your “Puppy and Kitties Photos” folder to Grandma and Grandpa and set permissions then you are presented with the actual Server.app permissions which are totally different. I am also noticing that the Sharing portion is not holding its permissions or showing completely different sets of permissions versus the actual Server.app Shares options. The real question I am trying to figure out is what is taking precedence here? Do I set up via Sharing, then setup via Server.app? Does changing Server.app permissions change the Sharing permissions? Does it even matter and do I just use terminal and chown and chmod everything? Something that sounds so trivial such as removing the Network Sharing tab from Server.app actually presents a lot of current and potential issues and this is yet again another oversight on the part of Apple’s macOS Development Team. When I was an Engineer at Apple in the mid to early 2000’s OS X was everything! When the iPhone and iOS came out and was beginning to become a smash Apple still told us how important OSX was. Slowly though people were being moved from the OSX team to other places (most people just quit and went other places such as myself) and now we’re at the poiny where macOS Development is really just the framework of iOS integrated or just the scraps of Development time. macOS and OSX over the last few years has been buggy and out paced by its competitor Windows 10 and more importantly Windows Server and *Nix. Apple has become so focused on iOS that they have forgotten what made them Apple, not a TV, Watch, or Phone but a bulletproof computing system and why couldn’t it be a bulletproof Framework that ties it all together instead of just as Apple sees it… the past. Computers aren’t going away and the crazy thing is right before I left Apple the shot callers we’re talking about creating an Apple world where everything is in iCloud, Apple controls everything down to your settings, and you use an iPhone and iPad for everything. Computers will be gone! I’m sorry but I still don’t own an iPad, my iPhone is a phone 95% of the time, and myself and the company I work for will never give over control to Apple, Google, Microsoft, et. al. nor could we do business on a freaking iPad or iPhone!!! Okay, sorry for the rant I am just really disappointed with Apple. Maybe the Cloud isn’t Yoko… iOS is.

    • Damon Schultz

      Appreciated your rant, even if it was 2 months ago 🙂

  • Are these guys apologists? They seem to be praising the new “cut down” feature list.

    Here’s something: try to expand the “sharepoints“ window to fit the whole path of 10+ shares. Oh wait, you can’t, the window is embedded in the system settings dialogue.

    Or now try to get 10 different people who are members of multiple groups to access each other’s files within group shares.

    Using this interface? No longer possible. Why? There is now no longer access to inherited ACL settings. That’s why!

    Apple are no longer even in servicing SMEs. They are pure consumer. Pure appliance. And this saddens me becsusbeOS X server used to be THE platform for my small clients without a full time System Admin on hand.

  • Shawn Michael Larkin

    Does anyone know if the 10 Client Share Limitation is gone in regular Mac OS 10.13x ?

  • Miguel

    lol Mac, a silly toy bit by bit having anything good stripped from it for the eventual merge of Mac OS and iOS

  • Martyn A Ford

    I concur with the above admin users experiences but be fully aware Apple is using kindergarten kids to write their software now. An example of this is the recent Root no password release of OS X and the fact that Sierra even though I did download it, is no longer available in my previous purchased. Apple thought this product was so shit they did not want anyone to ever install it again. Lucky I make Diskmaker X versions on to USB as the download from Apple sometime seem like they are using a dialup modem. Also needed to use this recently because iMac would not install High Sierra (another conspiracy looming) from 10.9.5 so I installed 10.12 then 10.13. If the kindergarten dev kids could write we may have an explanaion as to why they keep being selfish with the toys, recently taking the resetpassword app that allows you to also fix ACL permissions away. It is gone in 10.13 and not in the pulldown menu in 10.12 (use terminal).

    Spent some time in 2017 fixing simple issues with permissions being screwed up on local home folders because of Apples introduction of ACL’s over traditional unix permissions. So a quick indication that there is a problem, put an icon in the dock and restart if its not there on restart then you have a problem. In most cases u can fix this up to 10.13, give the local HOME folder admin W/R access and propagate. Boot into recovery and run “resetpassword” in terminal “yes it is missing from pull down menu in 10.12” he says in a eye rolling exasperated way, then tick reset ACL’s down the bottom. So if they can’t even get this right how the hell are they going to fix sharing permissions.

    Last year will be the last year I supply a new Mac Mini or any new Mac to run as a server after 30+ years. Could not get permissions to behave themselves in a small work group. Sharing a Raid hard drive was murder, one user being able to write a file and the next not being able to open it or in some cases write it back, all logging in under the same user (no level security needed). In the past this could be resolved by forcing AFP rather then SMB or last resort selecting the Raid HD and ticking “Ignore Ownership On this Volume”. A funny thing happened (sorry I mean bloody ridiculous thing). IT WORKED then after 12 hours IT turned its self off, repeated more than once the “Ignore Ownership On this Volume” unticked itself after a few hours, no restart needed. Yes self decision making computers have taken over. Ringing the kindergarden was no help, did reach out to Apple engineer in Sydney that told me to delete some database files, did not help. Outcome client cut their losses, I did not bill them for my time and they bought a cheap slow nasty NAS that still has issues they cannot resolve.

    But under the bonnet there are more things wrong. Just had a client with 10.10 copy files off a NTFS external HD to a Mac formatted external, with no errors, to find that it skipped thousands of files. Only reason I can think of this occurring is a dodgy third party NTFS seagate plugin, but all the same where is the accountability? We used a product that uses rsync to copy over the hundred of files missing out of many folders.

    It makes me wonder if big brother )Apple) are not building in bugs to puss you to a new OS X. Another issue only 3 days ago client running 10.10 but has Office 2016. Word tried to open the file but it does not open, memory leaks in the core system cause the finder to loose network drive, not allow force quite, not open other programs, lock finder in rainbow spinning wheel. Have to restart mac to get it to work again. Install Office 2011 and default Word to open with older version it open no crash.

    The only redeeming quality Apple have left is their unix OS X soon to be IOS because their hardware has already been compromised by making it more expensive (Retina nano manufactured screens), that can’t be extended or repaired due to soldering in SSD and ram.

    There will be many Windows people that may revel in the aftermath of these types of disasters but windows takes double the same energy to do anything, its harder to find good quality software without having to first install Anti Virus. Apps that are essential for good mac use are not available for Windows, or costly without a demo veriosn and built in applications like Migration are now Missing from Windows 10, meaning Microsoft are also using kindergarden kids.

    Dear Elon Musk please save our arses and bring us an OS that is Unix that runs MS Office, along with 100 other top titles including Vmware.

  • Helge Tjelta

    Hi, my afp works nicely with network users, how come SMB don’t ? If I add a local user on that server, and connect via SMB with that user, it works… but any user that is a network user will not connect. AFP will…. what is going on?