Securely setting Up a Web/ File server

Similar Messages

• Web file server?

  hello, i'm trying to set up a web file server at work right now.  it has to be easy enough to use so that someone without knowledge of htaccess, servers, can upload files and changes permissions.
  currently, i'm running lighttpd with directory listing.  i also wrote up a quick c# script to automatically rsync with a shared windows resource.  i parse some _passwd.txt files and i restart lighttpd if anything changes.
  yeah...not very efficient...
  are there any good tools out there that serves the basic web file server with authentication?
  i've looked into some CMS systems, but they are all overkill...i don't need the news/forums/blah blah blah.
  thanks.

  We had a similar issue with the requirements that the users had to have a fimiliar user interface and I had to have a secure athentication method. WebDav was out because of the way it worked in a multiuser environment.
  So what we did is this: We create a user on the webserver using the same user name that exists on the windows machines. I compiled rssh and this allows for ssh encripted file transfers without shell access (they get it if they ask, instead of /bin/bash use /usr/local/bin/rssh in /etc/passwd), athentication on the Linux side is via PAM to the windows DC(allows for the user to use their windows password). Then something called "webdrive" is installed on each windows PC (don't think it's free - I haven't seen or used it), but what it does is to allow for "mapping a drive" on the users PC but connects to the webserver using SSH. So far the users like it because it behaves just like mapping any other drive - something that they are used to using.
  Don't know if that helps but it works for us.
  -Shawn

• Setting up local web test server

  Hi All,
  Apologies if this should go in installation and setup but here goes.
  Running 10.3.9.
  Httpd running
  MySQL server running
  PHP enabled
  I'm trying to set up a local testing server on my G4 powerbook so I can do my mods and just occasionally ftp up the code, say, once a week.
  I've started personal web sharing and can access my local site's index page ok (i.e. http://mymachine.local/~me/website/ ). That's all fine.
  But I've installed the oscommerce app under my web directory and unless I have a connection toi the net then it just doesn't want to know.
  So calling up " http://mymachine/local/~me/website/catalog/index " gives me a nothing if I don't have an internet connection.
  I think I have set everything up as I should to have a local testing server for web apps :- Personal web sharing enabled, MySQL sorted, PHP sorted.
  Does anyone know what I might need to do further or perhaps point me in the right direction?
  Much appreciated.

  Try using http://localhost/local/~me/website/catalog/index . It may be that your original link doesn't work because your machine is trying to look up the IP-address of "mymachine" using DNS, and that won't work if you're off-line; "localhost" is a synonym for "127.0.0.1", which is the "loopback address" -- it always means your own machine. No DNS lookup required, no real network interface required, so it should work whether you're on-line or not.

• What documentation do I need to set up a second file server?

  I have a 10.4 server that used to be my OD master...  but I'm setting up a new Mac Pro to be the master (running 10.6) but would like the old 10.4 server to handle some of the network software.  I don't mind doing a bit of reading to set this up, but I couldn't find any documentation to help me.  The File Server Administration PDF doesn't talk about a second server for AFP or how to get the second server to look up user information on a different server running as the OD Master...
  Thanks in advance for any help or direction!  (either would be great!)
  Kevin

  Hi
  Launch Directory Access (/Applications/Utilities) on your 10.4 Server, click on the LDAPv3 Plug-in and create a New Entry. Add the fully qualified domain name of your 10.6 OD Master. There's no need to provide authentication unless you're disallowing anonymous binding on your 10.6 OD Master?
  Assuming everything is as it should be regarding internal DNS Services and that the 10.4 Server is referencing the correct DNS Server, the 10.4 Server should now be reading from the OD Master's LDAP Database - essentially your Users and Groups. Launch WorkGroup Manager on the 10.4 Server and you should see those Users and Groups.
  All of the above absolutely depends on properly working and configured DNS Services. You may want to add an A Record for the 10.4 Server in whatever you've designated as your DNS Server for your private network. Presumably this will be the 10.6 Server? For SSO (Kerberos) Authentication to work properly - assuming this is what you want? All Servers and Clients must be referencing the same NTP Server.
  Assuming all has gone well with the 'join', launch Server Admin and click on the Open Directory Service. This should report its role as "Connected to a Directory Service". Now start the AFP Service. Use WorkGroup Manager to define shares and access. I would enable Access Control Lists for volumes you wish to designate shares on. Once enabled restart the 10.4 Server. Use the ACL Permissions Model rather than the POSIX one. Make sure you propagate permissions afterwards. Don't share Volumes. Share folders instead.
  You can have as many Servers as you like presenting AFP Shares to as many clients as you like. There is no restriction. Basically it's just another server offering shares. The documentation you've read does not mention multiple servers probably because - no offence intended - it's kind of obvious and fairly straightforward.
  HTH?
  Tony

• Setting up an internet file server using Powermac

  With iDisc possibly being dumped with the switch to Cloud, I'm looking at the possibility of turning an PowerMac into some sort of internet file server/iDisc replacement. Now, whilst I'm not clueless I'm not a networtking expert, so if poss I need some help.
  What I'd like to do is have the machine at work, connected to my router by wire. The three main work machines (Mac Mini's and iMacs) can access it also by wire, as they're wired into the same router. Then I'd like to be able to access it's files on my iDevices when either connected to the work network wirelessly or out and about via the internet. Also, be able to connect my laptop and home machine to it via the internet.
  I don't want to be able to stream anything from the file server, just use it as a file store, for stuff that needs working on at home and work, and when out and about using my iPad or iPhone.
  The Powermac runs that last version of OS X that will run on the non intel machines, and the work machines on Snow Leopard. My iDevices are JB's and run 4.3.3 and my Macbook Pro runs Lion.
  I have a dynamic IP at work, and only use Macs so don't need to be able to connect Windows machines.
  Help, advice welcome.
  Ta.

  Hi Steve, with a Dynamic IP at work, you'll need to a service like DynDNS or no-IP.
  http://support.apple.com/kb/HT2366
  http://hintsforums.macworld.com/archive/index.php/t-33446.html
  http://homepage.mac.com/car1son/static_port_fwd_intro.html
  http://www.wikihow.com/Setup-VNC-on-Mac-OS-X

• How to manually create security policy in integrated web logic server

  Hi,
  I am trying to run a webcenter portal app that uses web services and has security enabled thru policies. I am no expert in terms of web service security and I am encountering this error.
  The password credentials cannot be obtained from the Credential Store Framework (CSF). Unable to retrive the csfKey "BASIC_KEY". The csf map "oracle.wsm.security" found in the credential store is being used and the following keys are found in this map...I know this is related to security but how do I define or create this in my integrated weblogic server? The web service I think use the oracle/wss_http_token_client_policy
  Thanks
  JDEV 11G PS5

  Hi,
  Found this link http://portal.intelitur.com/webcenterhelp/faces/helppages/main.jspx;jsessionid=GH3XQt2ZfTpLMRXQNytrrmLyfBh9DZR0nhjvwWgw8knck3FvjQ0J!1175791655!1369545269?locale=es-ES&vtTopicFile=wcadm%2Fwcadm_security_wss004.htm&config=OHW+Servlet&_adf.ctrl-state=17i2c8oad3_4
  although I am unsuccessful
  createCred(map="oracle.wsm.security", key="BASIC_KEY", user="user", password="user1", desc="Keystore key")when I execute this code using WLST, I am encountering below error
  Traceback (innermost la
    File "<console>", lin
  NameError: createCred..what could be the cause?

• Setting up an external hd as a network drive/ setting up a web/fileserver?

  i would like to set up an external hd i have plugged into my imac g5 as a network drive that is accessable throughout my network by my windows based systems and my mac book pro... i would also like to be able to set up a web/file server on osx... i usta use abyss when i used windows for a web server what are some good apps to use for the webserver admin?

  i would like to set up an external hd i have plugged
  into my imac g5 as a network drive that is accessable
  throughout my network by my windows based systems and
  my mac book pro...
  to do that you should try out
  sharepoints
  i would also like to be able to
  set up a web/file server on osx... i usta use abyss
  when i used windows for a web server what are some
  good apps to use for the webserver admin?
  To setup a webserver on your mac goto your System Preferences -> Sharing and turn on 'Personal WebSharing' Then drop your html files and other data in /Library/WebServer/Documents or /Users/yourname/Sites
  Although I have not used it myself you may want to look at Web Control 1.0.7

• Web service: Cannot remove WSS security setting

  Hi,
  i have a problem about developing web service with jdeveloper 10.1.3.1
  The problem is that ---> once i have add the security to the web service
  (through the web service wizard .. i,e, right click the web service and
  select "Secure Web Service'), i CANNOT REMOVE the security setting using
  the web service wizard...
  call the web service always say missing wsse:Security SOAP header..
  do anybody have the solution?
  thank you...

  Hi,
  the issue is still there in 10.1.3.3, and it must be somewhere on JDeveloper or OC4J side. Moreover, it's not limited to removing security settings, as the situation (old settings remembered) is the same when editing security settings.
  lsp,
  before regenerating a web service and its xml files (editing security properties), make sure you have cleaned the project and then you can try deleting the oracle-webservices.xml file from your project directory, because JDeveloper does not seem to be willing to overwrite it during regeneration.
  If this does not help and you are using embedded OC4J, you can try the following steps before running the web service again:
  - delete the embedded-oc4j/application-deployments/current-workspace-app directory, because it contains an oracle-webservices.xml file which may be outdated,
  - empty the contents of embedded-oc4j/config/wsmgmt.xml, because it contains security settings for web services you have deployed so far, which also may be outdated,
  - restart JDeveloper :)
  Note that these are just guesses to solve the problem. Unfortunately doing all of these did not solve it for me.
  So if anybody has some more ideas, we'll be happy to hear them.
  Thanks,
  Patrik

• Setting up permissions on a central file server...

  I am setting up a central file server in a small network enviornment where the users will share a drive and jobs on the drive. Problem I am having is if I set up seperate users and one group that they all belong to, when someone creates a job in there home directory and then copies it to the server, the rest of the users access it as read only. I need them to be able to read and write to each others folders. Any solution other than creating one user that they all share (since that kind of defeates the perpose).
  Thanks in advance,
  Larry

  The solution to your problem depends on whether you want to use ACLs or not.
  If you are managing a server, you should crack open the manuals- the answer to your question lies within those pages. To point you in the right direction.....
  If ACLs are NOT enabled for the volume. When you click the Share Point in WorkGroup Manager, then click the Protocols tab, you will see a check box for "Inherit Permissions from Parent". This is what you want.
  If this option is greyed, then you DO have ACLs enabled for the volume.
  The explanations for this are not short and managing a server requires reading, research and frustration.
  ACLs work more reliably than the Posix 'inherit' permissions option does.
  That said....
  A user of this forum put together an excellent guide to ACLs. Here's the link:
  http://discussions.apple.com/thread.jspa?messageID=648307&#648307
  Jeff

• Need some help with a file server!

  Hi,
  I'm wanting to get a mac mini or the mac mini server (whichever is needed) and connect all of my random external drives i have lying about to it. Basically, i'm wanting to set up a mini file server that i can access from anywhere in the world. I have enough space with the external drives to store my music library, other general storage and maintain a backup of my OS drive and portable external that i carry around with me, but i don't know how i'd set it up so that i could access my hard drives and use them normally from anywhere.
  Also, with Mail Server, i'd like it if i could store all of my emails on the server computer and be able to access them on my Macbook. I don't know what i need though. For my needs, do i even need the server program or can i just use Lion (or even Snow Leopard if i choose) by itself? And if i did need the server, would i need it on just the server computer or both the server and my Macbook?
  Sorry if i haven't explained this very well, if you didn't fully understand just ask me and i'll try to rephrase it.
  Thanks in advance
  mr meister

  Be careful what you wish for.
  Either Mac OS X, or Mac OS X Server can act as a simple file server for your LAN.
  Granting access to external/remote users is largely a facet of setting access controls in your router to allow external clients to access your machine, but you have to consider the security implications of doing so - how do you make sure that you, and only you, access your data and not your local script kiddie down the street - or evem some hacker in China?
  HOWEVER, as simple as that may be, performance is going to be your issue.
  Local disks in your machine are typically connected on a bus that runs as several gigabits per second.
  Even the server on your LAN is connected to your client over, typically, a gigabit connection.
  However, your internet connection is likely to be measured in megabits per second... or two orders of magnitude lower than a local connection. You're really not going to want to use this for normal usage - e.g. accessing files - it's probably only practical for copying files to/from your machine.
  As for mail, there are a myriad of issues in running your own mail server, especially if you don't have your own domain and static IP addresses. I'd seriously defer that question until you're more settled in your server plans.

• AirDisk vs. Mac Mini as File Server

  I'm so frustrated with AirDisk (as with any other wired NAS) due to their slowness with large files transfer over my wired network of Macs that I started looking for another solution.
  What access/transfer speed difference I can achieve with a dedicated Mac Mini set up exclusively as file server on gigabit wired network?

  The right tool for the job. I'm not sure the airport is the best solution. Some things to consider:
  How will these files be backed up? This is absolutely the number one question to ask. Number 2 should be, how are we doing off site backups? If this is really for an office and you have files, that if lost, mean your business can be impacted, you need to have off site backups. Even if that is just bringing in an external HD every friday, backing up the server, and keeping the backup at home somewhere safe and secure.
  For 100 MB files, you can do that over a network. Not a big deal. For GB files, what is worth more, time or money? Do you have files on the same disk that need simultaneous access by different people?
  What machines do you use to do the editing? Can you attach a drobo to one of the machines (helping you with your backup issue as well as providing a nice way to grow your available storage pool), and then use personal file sharing? I don't think you necessarily need a dedicated file server for three people. With the Mac Mini option, if you don't have a keyboard and monitor, I don't think the Mac OS X client software is a great choice for a headless server. I know, I tried to do this. It did not work out very well.
  I have two Airport Extreme Ns. I've got a Drobo connected to one and it is not too bad. I have all my DVDs ripped to it and have my laptop synched to my Apple TV. When I watch a movie, iTunes reads the file over the airport extreme and then needs to stream from iTunes to the Apple TV, all wirelessly. It works out well enough. I might have to wait a second or two for the video to start, but its all wireless and that rocks for me.
  In your case, you'd likely benefit from wired gigabit ethernet and direct attached storage on one of the machines you use and personal file sharing.
  Just do those backups!

• How can I make a file server sync with a laptop when it connectsSOLVED

  Ok, first let me say that I looked on the Internet for this but didn't find what I was looking for. I'm going to be setting up a simple file server for my in laws soon...they use windows so I'll be using samba on the server side.
  They have 3 computers and want to be able to have all there files stored in one central place so they can share them easily and also have them backed up at the same time. They have 2 desktops and one laptop.
  The desktops are not a big deal to sync with the server because they are on all the time and I can just use a cron job or something. Then problem is the laptop..
  What can I do to make the laptop automatically sync when it gets on the network? 
  The catch is this needs to be ran from the server side so they have a "hands free" experience or whatever. If you know a way for the laptop to do this in the background I guess that would work too.
  I know this is probably a very simple task but so far everything I find the user would have to manually start the sync.
  Thanks in advance for you help!
  Last edited by jonrd (2008-07-27 04:28:57)

  Is it necessary that all the files are on the local hard disks? In the case of the laptop I could understand this if the laptop is also used outside the network, but the desktops should stay in place, no?
  It could be as easy as to make a shortcut on all the computers to the samba-share and tell the inlaws that they have to use the samba-share to store their (shared) files.
  You are correct about this but I doubt they would remember to use this all the time so I want to sync the folders just in case.
  Assuming the laptop is always going to be in the same IP address when it connects to the network (which is unlikely in default configurations), you could create a script that checks for the existence of the machine on the network then perform a sync.  I had a script written in Python somewhere that would check to make sure the server side was up and run unison, but it could be modified to check for the laptop and copy files.  Let me know if that's something you're interested in and I can post it for you.
  This sounds like what I'm looking for. Also I wander If it could be done by NetBIOS  name instead of ip address? This way It wouldn't matter.
  The script sounds like what I'm looking for though
  Thanks for the help!

• File Server and Permissions

  We are using Coldfusion 8.  Does anyone know a way to set permissions on a file server so my users in my cfapplication are the only people that can access the files in a specific folder on that server?  I ask this because we have a lot of public folders on this server and now we want to add some private folders only accesable via people using the application.

  If what you are asking is "how can I setup a folder on my fileserver so that files that are accessed through my CF application using tags such as CFFILE are the only ones that can access it" then the answer is to 1) Change the login information for the CF services from the local system service to a domain account, being sure to give that account admin privs, 2) on the file server only give access to the domain user that you just created in step 1.
  However, if your CF app is allowing users to access that folder via mechanisms like HREF links (ie, where the account accessing the folder is not the CF account, but the user that is logged into windows running a browser), then you need to put those users in a group and give that group the sole access to the folder.
  Scenario #1 presumes that your CF app is doing some sort of authentication so that it knows who is allowed to use it to get to that folder. 
  -reed

• Suggestions for File Server?

  I've got a small architecture office with six Macs - one is a white iMac G5 (wired) that's set up as the file server for the others. The system is sometimes slow to load our CAD files (300MB ones are understandable, but 15 minutes to open a 30MB file from the server is crazy).
  I'm wondering what the fastest file server setup is going to be (even if it means getting another machine). I'm told a USB Network Attached Drive (NAD) hung off my Airport Extreme or switch/hub won't allow file sharing, and would just give each user separate folders - is that true?
  I thought about Time Capsule, but am told it can't also be a wired (thereby faster) server.
  Is there a way to figure out where the bottleneck is (ethernet vs. computer)?
  Thanks for any thoughts.

  Hi Erick Mikiten-
  More free space or a larger hard drive on that dedicated mac would probably help a bit.
  Macs generally do connect at the fastest possible speed, unless of course there is something to prevent them from doing so. Generally the internal wiring of a facility is often to blame, as are the jumper canbles used to connect each machine to the wall.
  A gig switch might help quite a bit, assuming your wiring is all at least Cat 5e.
  A dedicated server can be a machine not being used for something else as described. I was just trying to clarify. That machine connected to an external FireWire drive and communicating via gig ethernet should provide a fairly snappy setup.
  Luck-
  -DaddyPaycheck

• File server replacement

  zoranstojanovic wrote:
   This new server will function as the file, print management, WSUS, and Hyper-V server.
  I hope you mean file, print, and WSUS will be in virtual machines on a Hyper-V host, not that the host will have all those roles.  The Hyper-V server should be doing only that.
  Personally, I would use two VM's, one for file and print, one for WSUS.  A Server 2012 R2 Standard license grants you two VM's, so you wouldn't need any extra.
  Also, I would think DFS may help.  Set up a namespace and just change the target folders.

  I plan on setting up a new file server to replace the current one in production. This new server will function as the file, print management, WSUS, and Hyper-V server. I'm thinking, to make my life easier, I'll keep the server name and IP the same. I found a good article on Spiceworks, http://community.spiceworks.com/how_to/75097-replace-an-old-file-server-with-a-new-file-server-using...but have a few questions as my scenario is a little different. I've used the method in that link years ago when I migrated from the last server. This time all my shares are on my MSA2212fc. So I'm thinking as long as I import the shares registry key from the old server to the new oneand reassign the drives to the new server, everything should just work.. Right? Also, anyone think the server has too many roles?Any feedback would be greatly appreciated....
  This topic first appeared in the Spiceworks Community