This chapter is devoted to the EtherShare file server. The function, the configuration and the operation of the file server is described. In addition we include information to allow the administrator to set up users, groups and volumes, create folders, and define access privileges. Finally, we describe methods for archiving data in the file server volumes to mass storage.
The EtherShare file server system is contained in “afpsrv”. It is created in the “HELIOSDIR/sbin” directory during the installation. The server is usually configured to start “afpsrv” automatically when UNIX is booted.
EtherShare “afpsrv” uses the default port 548. On Mac OS X, if the native OS X AFP services are already running on this port, EtherShare uses a random free port. See the note adjacent to afpport in 13.2 “AFP server preference keys” for instructions on how to assign a certain free port number for “afpsrv”.
“afpsrv” is the program that implements the AFP (Apple Filing Protocol) file server functions. It waits for filing requests from the AppleTalk or TCP/IP network, which are then immediately processed. Each new login request results in a separate “afpsrv” process being created. Accordingly, when a number of users access the file server at the same time, a number of “afpsrv” processes run on the host simultaneously. “afpsrv” is capable of supporting the following modern features:
Large file support, no 4 GB limit for archive, prepress and video data
Unicode/UTF-8 file and volume names
Long file name support up to 255 characters
Mac OS X symlink support for files allows copying application packages to/from the server, without loss of information
Client/server reconnect and client sleep support
Full Mac OS X compatibility (Mac OS X 10.3 or newer recommended)
2-3 times faster performance than NFS or SMB/CIFS file sharing
UNIX file/folder permissions for OS X clients
Apple Time Machine support
A file in the Windows/NTFS environment can have a certain number of file streams. File streams contain meta data such as creation or modification date information, icon information, etc., similar to the resource fork of a Mac file. If you manipulate files which have been created in a Windows/NTFS environment, “afpsrv” supports file streams (see NTFS file streams support in the HELIOS Base manual).
The number of concurrent connections to HELIOS services via AppleTalk is limited to 250. See sessions in 13.2 “AFP server preference keys”.
You can specify both a welcome message and a shutdown message to be output on Mac workstations when they log in to EtherShare. There are no preferences to set for this feature. Instead, create two text files “login.msg” and “shutdown.msg”, and store them in the “MacOS” folder of the “HELIOS Applications” volume. Then the messages will automatically be used by the file server during login and shutdown. Usually, only the administrator has write privileges to this directory (volume).
For example, the two messages could be: “Welcome to the Support server of HELIOS Software GmbH” and “The Support server of HELIOS Software GmbH has now been shut down”.
If you are running EtherShare on a demo license you cannot modify the default welcome message.
A maximum of 199 characters will be displayed (excess characters are truncated). If you want to include national accented characters such as Umlauts in your messages, use TeachText to write them: since the Umlaut codes are stored here in Unicode/UTF-8 format, it is a lot of work to enter the right codes with a UNIX editor.
Mac OS 8/9 has no support for AFP 3.1, AFP 2.2 is used instead. As a result, file/directory names containing more than 31 characters will be truncated. In this case the file name, beginning with the 26th character, is replaced with a hashmark (“#”) followed by a four hexadecimal character checksum. It is possible to rename these files to a different file name from Mac OS 8/9. Working on files with truncated names is not recommended though.
On UNIX machines, the EtherShare file server simulates the Mac’s HFS (Hierarchical File System) on UFS (UNIX File System); the latter is found in many UNIX variants. Due to the differences between these two systems, the same Mac file appears differently when it is viewed through the UNIX file system compared to when it is viewed from a Mac workstation.
In EtherShare, each HFS volume is mapped to a specified part of the UNIX file system and mounted at a specified directory. This directory is then the root directory of the volume.
You specify the volume mount point when setting up new volumes with HELIOS Admin.
In contrast to files on DOS and UNIX, all Mac files are associated with so-called “Finder info” contained in the file’s directory entry, which stores among other things the file type and creator, the file creation date, etc.
Each file is split into two parts, the “data fork” and the “resource fork”. This “split” is normally invisible to the Mac user; the “Finder info” in the file’s directory is also invisible.
The file type and creator are used by the Finder to select the right icon to display. They are each 4 bytes long. The file creator is also used to automatically find and start the corresponding program when you double-click on the icon of a document. The icons themselves are stored in the desktop file, which exists only once for each volume. Each application is usually associated with a single file creator code (e.g. “MSWD” for Microsoft Word), but can as well have several file type codes (e.g. “WDBN” for normal Word documents, “WHLP” for Word help files, “DCT5” for the Word dictionary, etc.). See Icon data in “The desktop server” in the HELIOS Base manual for more information.
On EtherShare, the file’s data fork is stored with the chosen file name in the UNIX directory corresponding to the folder.
The file’s resource fork is combined with the Finder info and stored in a separate “resource file” of the same name in the so-called “resource” directory, which is the “.rsrc” subdirectory of the folder’s directory.
A description of the resource file structure is available on the HELIOS website.
Mac file names, which are invalid for UNIX, are converted according to a specified algorithm.
When you create a folder on EtherShare, which you do with the Finder in the normal way, a UNIX directory is created with the same name as the folder. Folders also have Finder info, which stores among other things the folder’s window position and size, and the viewing style (Mac OS 9). The Finder info for a folder is stored in the parent’s folder “resource” directory, which is created automatically when the folder is created. See Create new folders on UNIX in 6.5 “Access privileges” for related information.
Assumed you have a file “Test” in folder “Demo” which is in “dave’s” home volume. On UNIX you will have:
/home/dave/Demo/Test File’s data fork /home/dave/Demo/.rsrc/Test File’s resource fork /home/dave/.rsrc/Demo Folder’s Finder info
Furthermore, if for example the volume mount point is “/home/apps”, the volume desktop is contained in the UNIX file “/home/apps/.Desktop”. The “Network Trash Folder” for the volume is contained in the UNIX directory “/home/apps/Network Trash Folder” and in the file “/home/apps/.rsrc/Network Trash Folder”. Finder info for the root of the volume (viewing style, layout info etc.) is contained in “/home/apps/.rsrc/^^volrsrc”. See “The desktop server” in the HELIOS Base manual for related information.
The file names “.Desktop”, “.DeskServer”, and the “.rsrc” folder are protected by EtherShare, and cannot be accessed from a Mac client.
Inside a HELIOS volume, “.rsrc” directories can only be missing if folders were created manually from UNIX or if “.rsrc” folders were removed manually from UNIX. “afpsrv” automatically creates missing “.rsrc” directories for every folder opened from the Mac in case a “.rsrc” directory is available in the volume root directory of the HELIOS volume. This applies to files as well; if “.rsrc” folders are available, resource files inside the “.rsrc” folder will be created automatically.
HELIOS volumes store Mac native files (including resource forks and Finder info) and Windows native files (including NTFS streams) in a format compatible with the server file system. When file operations are performed via EtherShare or PCShare clients, all of the associated file components are transparently acted upon, and the volume desktop database file (“.Desktop”) is updated. Hence it is always recommended to perform file operations from HELIOS clients. In situations where it is necessary to manipulate files in HELIOS volumes directly on the server, it is essential to use the HELIOS “dt” tools instead of the corresponding UNIX commands. The “dt” tools will properly perform file operations, and the< should be used for all command line operations, in automated scripted workflows, for restoring backups, etc. Refer to the HELIOS Base manual for details.
Provided that the UTF8
preference is set to TRUE
(which is the default
setting, compare “Volume preference keys” in the HELIOS Base manual), special
characters such as “ä” can be used on different platforms
(Mac and PC clients) because with “Unicode/UTF-8” they are
8-bit encoded. Exceptions are the “/”-character, which is
translated into a particular sequence which consists of
the caret (^) and two following characters representing
the hex value of the character (^2F).
In a non-UTF-8 volume, Mac special characters are automatically translated by the EtherShare file server into a three-character escape sequence, but in this case led by a leading colon (:) instead of the caret (^). For instance, the special character “ä” is translated into “:8a” (MacRoman encoding).
However, accented characters (Umlauts) are not recommended for user names and passwords (otherwise you will need to remember different passwords for Mac and UNIX logins). Your UNIX host name must never include a slash character (for example “my_rs/6000”).
It is not possible for an AFP 3 client to mount a non-UTF-8 volume from the EtherShare file server in the Finder. Any attempt will fail and the following message is written to the syslog file:
<volume name> without UTF8 support, disabled for AFP 3 clients
Finder info for UNIX files, which do not have resource files, are simulated automatically as “generic file types” by EtherShare. EtherShare automatically recognizes about 20 UNIX file types (shell script, socket etc.), and simulates the Mac file type and creator. EtherShare will create a suitable resource file when the corresponding folder is first opened. The resource file will be ignored by UNIX applications, but allows EtherShare to recognize the file type immediately the next time the folder is opened. EtherShare also recognizes TIFF and EPSF files, but it cannot automatically create the PICT resource for EPSF files. The following special UNIX file types are recognized directly (type and creator are also shown):
Description | Type | Creator |
---|---|---|
Block device | BDEV | UNIX |
Character device | CDEV | UNIX |
Socket | SCKT | UNIX |
Named pipe | PIPE | UNIX |
With normal UNIX data files, the file server tries to determine the file type by examining the first 512 bytes of the file, in order to place it into one of the following groups:
Description | Type | Creator |
---|---|---|
Executable file | EXEC | UNIX |
Executable SCRIPT file | TEXT | UXSC |
Object file | OBJ_ | UNIX |
Archive file | AR | UNIX |
CPIO archive file | CPIO | UNIX |
Lempel-Zev compressed file | COMP | UNIX |
Huffmann packed file | PACK | UNIX |
SUN raster image file | RAS_ | UNIX |
PostScript file (including EPS) | TEXT | UXPS |
Mailbox file | TEXT | UXMB |
TIFF file | TIFF | UNIX |
Gnu Zip file | Gzip | UNIX |
PDF file | PDF /TEXT | CARO |
EPSF file | EPSF | UNIX |
Text file | TEXT | UNIX |
Binary data file | DATA | UNIX |
No permission | NOPE | UNIX |
Unreadable file | ???? | UNIX |
If the UNIX file does not correspond to any of these types, a differentiation is solely made between either text or binary data files. A binary data file is defined as a file where at least 30% of the characters are not contained in the 7-Bit ASCII code. All other files, including empty files, are classified as type TEXT.
If the user does not have sufficient access privileges to read a particular file, the file is classified as type “NOPE”.
If a file cannot be read by a particular user because a physical read error has occurred, the file is classified as type unreadable.
You can also create or modify the file type or creator manually. See Automatic extension mapping in 6.4 “Public and private volumes” for related information.
If a file type is assigned the code “UNKN/UNIX” the file server automatically enforces a file type conversion.
If necessary, the generic file types feature can be disabled (see binonly in 13.2 “AFP server preference keys”). In that case all UNIX files are classified as binary data files (DATA/UNIX).
An automatic recognition feature for Adobe Acrobat PDF files allows easy access to HELIOS documentation provided in PDF format, e.g. on the HELIOS distribution CDs, and the folder “Documentation” in the “HELIOS Applications” volume. You can mount our distribution CD on a UNIX server, on a Mac or on a DOS/Windows PC, and open the contained PDF files with Adobe Reader/Acrobat on any of these platforms.
The EtherShare file server supports file and record locking between Mac workstations. Likewise, PCShare – a TCP/IP-based Windows networking product developed by HELIOS – supports file and record locking between Windows workstations. Locks of both file servers are shared by accessing the same “locktable” file which is in the “HELIOSDIR/var/run” directory. Hence, if a volume is shared by both EtherShare and PCShare, cross-platform file and record locking is enabled.
Not all applications honor file and record locks.
“afpsrv” supports UNIX (advisory) locking in addition to the built-in Apple AFP-compatible (mandatory) locking.
Check with your supplier of UNIX applications whether these do also support and use advisory locking before you use Mac/PC-based applications accessing files concurrently with UNIX-based applications.
If you are using NFS-imported file systems for EtherShare or PCShare volumes the “lockd” and “statd” daemons must be configured and running. See your NFS documentation for further details.
Please note that symbolic links pointing
to directories inside or outside the current volume would confuse
the file server and are therefore not displayed. If you need links,
use the Mac Make Alias
function instead.
User and groups are authorized by use of the HELIOS authentication server. Details on the authentication server can be obtained in the HELIOS Base manual.
Users that are not registered in the system but still need access to the network from time to time can log on to the file server as a guest. The administrator can configure EtherShare to either accept or reject guest access.
During logging on, guests are not required to enter user name or password. Guests only have access to public volumes, and do not have a private volume. If necessary, guests can be denied access to specific public volumes by suitably configuring the access privileges of the respective volumes.
Although guest users do not need to enter any user name, guest access must still be declared in the “Preferences” file via the guest preference (see “Authentication server preference keys” in the HELIOS Base manual), in order to allow guests group membership.
In order to ensure that guests do not have access to protected applications or documents of other users, the administrator should assign the guest a primary group which has no other members. Folders and files are protected against access by guests as long as access for the user category “Others” has been explicitly disabled.
Since user volumes are only available for registered users, a home directory for guests is ignored by the file server.
A volume (in the Mac file system) can be stored on both a removable disk or a hard disk. A hard disk can also be subdivided into several volumes, i.e. several separate file systems. The file system used by Mac computers is called HFS (Hierarchical File System) or HFS+, respectively.
The UFS (UNIX File System) is able to use storage capacity which is available through the network remotely in another computer via NFS (Network File System). Such remote storage can also be used by EtherShare. This allows any computer which supports UFS (e.g. many computers running a UNIX variant) to store volumes for an AppleTalk network.
On EtherShare, the UNIX file system can be treated like an Apple hard disk: one or more volumes containing folders and files can be mounted at a particular UNIX directory and made available to a group of users.
Volumes can be set up by using “prefvalue” (see “HELIOS utility programs” in the HELIOS Base manual), but we strongly recommend that you do this with HELIOS Admin instead.
Please see 3.3 “Volume AFP settings” for related information, especially if you are using file systems mounted remotely through NFS.
When a volume is created, it is automatically available to all users/groups. Such volumes are called public volumes (even if not all users/groups have the right to access them). Public volumes can optionally be protected with a password.
During the installation the public volume “demovol” is created. The installation program also creates a volume “HELIOS Applications” in “HELIOSDIR/public”. It is used for HELIOS tools und user manuals.
If you only want access to user volumes, and not public
volumes, just set the Guest preference
to FALSE
(see “Volume preference keys” in the HELIOS
Base manual). No other configuration changes are necessary.
Each time you log on to EtherShare, if a home directory has been specified, you are automatically assigned a private “home” volume by the file server. The name of the home volume is shown abbreviated on the Mac workstation by using the tilde (“˜”) character together with the user name (e.g. “˜david”). It can be used to store the user’s private files.
If a
particular user should only be allowed access to public HELIOS volumes,
and not to a home volume, the Home Directory
field
in HELIOS Admin can be left empty when creating the user (which is
equivalent to omitting the home directory entry in the system
file “/etc/passwd”). This may – depending on the UNIX system – disable
the login to the UNIX shell, but is not the same as unchecking
Mac Visible
in the Volumes:˜
window in HELIOS Admin, which simply makes home volumes invisible
to (all) Mac users.
“afpsrv” very extensively checks for overlapping HELIOS
volumes during each mount request. If an already mounted
volume does include (or is included inside) a volume to be
mounted, this will be invisible in the Connect To Server...
dialog and an appropriate system error message, which
contains the names of the overlapping directories, will be
logged from “desksrv”.
Please make sure that no single public or private HELIOS volume overlaps any other HELIOS volume. If in doubt, please consult your HELIOS dealer to implement a safe volume configuration.
The conversion of file name encodings in a private volume (home volume) from old-style “:Hex” to Unicode can be done according to the instructions given in 12.9 “converthome”.
Volume names must be unique. If the user or administrator defines the same volume name more than once, the entry encountered last during user login is ignored because no two volumes on the file server can have the same name. Otherwise, it would not be possible for workstations to uniquely access a particular volume. The new volume must be given another name.
The administrator should be particularly careful not to create a volume with the same name as a user’s home volume (e.g. “˜rita”), because the user will then no longer be able to access their home volume any more.
The maximum number of network volumes that can be opened by Mac users on the file server simultaneously is 128 by default. Each open volume is only counted once, even if it has been opened by more than one user. See maxdesktop in “Desktop server preference keys” in the HELIOS Base manual.
The file server supports automatic mapping of file name extensions. This simplifies file sharing between EtherShare, UNIX and PCShare, by simulating an appropriate Mac type and creator, allowing Mac users to open files created on Windows or UNIX with a double-click.
This feature allows you to allocate specified file name extensions to application or document icons that already reside on the file server, but it does not allow creating new icons.
Extension mapping can be defined by editing the “suffixes” file or by means of HELIOS Admin (see “Extension Mappings” in the HELIOS Base manual).
Access privileges – on UNIX called “permissions” – define which users are allowed to work with which folders and files. Access privileges are assigned by the administrator or the owner of a file or folder.
On Apple’s HFS (Hierarchical File System), no access limitation mechanisms are available for individual files, because the concept of user authorization is not known. A file can only be “locked” (write-protected) to prevent unintended writing/deleting operations. This attribute, however, can be disabled by any user at will. Furthermore, write-protection is not available for folders.
In a file server environment, considerably more sophisticated access privilege mechanisms are necessary. Apple’s AFP specification for sharing files differentiates between four different types of privileges:
This attribute specifies whether a particular folder is visible to the user. If a particular file is visible it can also be read.
This attribute additionally allows modifications applied to the files in the folder.
This attribute allows only files being “dropped” into a specific folder.
Any form of access to that folder is denied, i.e. neither reading the contained files, nor applying changes to them is possible. See Fig. 6.4.
Individual file permissions:
Read and/or write permissions can be set for the file owner, group members, and others.
Historically, using AFP 2.2 to access server volumes, it was not possible to specify different access privileges for individual files in the same folder. This is still true for Mac OS 8/9 clients, which use AFP 2.2. If it is necessary to allow a user to change a particular file, but not change another file, the two files need be stored in separate folders. If this is not possible, your only choice is to use the “dt chmod” (see HELIOS Base manual) command to change the privileges for individual files on the server. While AFP 2.2 does not allow granular control of access rights, it does facilitate file sharing and collaboration.
Using HELIOS AFP 3.1 smart permissions, files saved to the server inherit the permissions of the parent folder. This is the preferred option for workgroup file sharing. When this option is active, the Finder of Mac OS X clients is not allowed to change access privileges for individual files. However, changing access modes from the Finder can be toggled on/off as described below.
If “smart permissions” are not active, server volumes will use UNIX permissions. UNIX command line utilities in AFP volumes will create files according to “umask” and work as expected. However, many Mac OS X GUI applications create all new files and directories with default permissions of:
Read/write for the owner
Read-only for the group and others
So “UNIX permissions” have the advantage to be changed in an easier way but the disadvantage of default permissions that are not optimal for file sharing and collaboration.
Extreme care should be taken when changing access privileges of AFP files on the UNIX server directly (do not forget the resource part). Or, in order to avoid such problems, use the “dt chmod” program. Incompatible combinations of privileges could lead to EtherShare access problems, e.g. no read or write access to a file anymore, or it may no longer be possible to use a folder.
This description only applies to Mac-OS-X clients up to 10.4.
Mac OS X is a UNIX-based operating system, so AFP 3.1
file/directory access permissions are identical to the UNIX
permissions. However, HELIOS AFP 3.1 supports two
(mutually exclusive, serverwide) permission modes for
saving files and folders: HELIOS AFP 3.1 smart permissions
and UNIX permissions. As mentioned above, the default setting
is to use smart permissions, so that files saved to the
server will inherit the permissions of the parent folder.
When smart permissions are turned off, standard UNIX permissions
will be used when saving files and folders. See checkbox
AFP UNIX Permissions
in the HELIOS Admin
volume configuration window (Fig. 3.3) and
the useunixperm
volume preference in the HELIOS
Base manual.
With enabled UNIX permissions, permissions can be changed using the “Get Info” dialog from the Mac OS X Finder as usual.
With disabled UNIX permissions, which is the default, permissions cannot be changed directly. This feature is only available with active UNIX permissions. However, to allow an authorized user to change the permissions, do the following:
Open the Finder’s “Get Info” dialog for a file/folder in the server volume. Then open the permission details, enter the new user name unixperm and press the TAB key.
A Finder message pops up (“invalid user name”), together with the following AFP message (Fig. 6.1):
Now the UNIX permissions are enabled for the AFP server client process, irrespective of the volumes' smart permissions status, so you can change the permissions as required. The owner can change the read/write mode within the Finder for owner, group and others.
AFP 2.2 allows the owner of directories to transfer the ownership to a different user. AFP 3.1 does not support changing the owner unless you are the user “root”.
The UNIX permissions for the particular client are enabled
until the client disconnects from all server volumes or the
UNIX permissions are switched off. Switching off the
UNIX permissions is done by entering the user name reset
in the Get Info
dialog, followed by pressing the TAB key.
Then again, a Finder error (“invalid user name“) pops up,
together with the following AFP message (Fig. 6.2):
As discussed earlier, a folder in a volume is represented as a directory in the UNIX file system, which is also associated with a (usually invisible) resource directory. The EtherShare file server uses the resource directory to store the Mac’s resource fork and the Finder info for the files. If it is required to create a folder directly from UNIX use the “dt mkdir” program, so both the main and the resource directory will be created. The “dt chown” and “dt chgrp” commands are used to set the owner and group of the folder.
The “dt chmod” command sets appropriate access privileges:
$ dt mkdir Folder $ ls -ld Folder Folder/.rsrc/ drwxrwsr-x 3 root root 512 Jul 20 16:01 Folder drwxrwsrwx 2 root root 512 Jul 20 16:01 Folder/.rsrc/
Please refer to the UNIX system documentation for more details of the “mkdir”, “chown”, “chgrp”, “chmod”, and “ls” commands. Also refer to the “dt mkdir”, “dt chown”, “dt chgrp”, “dt chmod”, and “dt ls” commands in the HELIOS Base manual, respectively.
We recommend that network folders are always created by using the Mac Finder, in the same way as local folders. This guarantees that all of the above considerations are handled automatically.
A folder can be deleted in an analogous way by using the
UNIX command dt rm -r
, provided that the user has sufficient
privileges. If the folder contains further folders and/or
files, these are also deleted.
IBM and Sun operating systems set or clear the “setgid” bit on directories to indicate whether files created in that directory should follow BSD semantics or System V semantics, respectively. The “setgid” bit is then automatically propagated to nested directories. AppleShare users expect the BSD style, thus HELIOS Admin ensures that the “setgid” bit is set if it creates a directory for a new volume or a new user. The “dt” utility will automatically make sure that the “setgid” bit is set.
The four modes of privileges are separately defined for four categories of AFP users: the owner of the folder (“Owner:”), group members (“User/Group:”), all other users of the system (“Everyone”, equivalent to “Other” on UNIX), and the administrator. This allows access privileges to be individually tailored. With the exception of the administrator, the owner of a folder is the only one who is allowed to change the privileges of the folder (if necessary, you can allow “Owner:” to be any user, by just leaving the field blank).
The folder is visible and all files can be read, changed and deleted. New files and folders can be created.
The folder is visible and all files can be read. Amendment or deleting of files is not allowed. New files and folders cannot be created.
The directory content is not visible and files in the folder cannot be read, amended or deleted. However, new files and folders can still be created since the folder acts as a drop folder (Drop Box).
Access to the files and folders is not possible. New files and folders cannot be created and the folder cannot be deleted.
The following table shows the four combinations of access privileges for the EtherShare file server, and the corresponding rights in the UNIX file system. Remember that the files that are stored in the folders have always the same access privileges as the folders themselves:
EtherShare file server | UNIX file system | |
Read & Write | (rw-) | read write execute |
Read only | (r--) | read execute |
Write only (Drop Box) | (-w-) | write |
None | (---) |
The System V UNIX semantics use “x” on directories, whereas “s” provides an additional bit in BSD UNIX for setting group IDs. For more detailed information see also Create new volumes on UNIX above. You may also refer to your UNIX documentation.
The Finder’s sharing section (in File > Get Info > Sharing...
)
can be used to display and edit the access privileges. Fig. 6.3
shows the privileges for a folder.
The corresponding directory listing for this folder, made
with the UNIX program ls
is:
$ ls -ld adi adi/.rsrc drwxrws--- 3 hendrik helios 512 Jul 20 16:16 adi drwxrws--- 2 hendrik helios 512 Jul 20 16:16 adi/.rsrc/
Only the folder’s owner or the system administrator (“root”) can change the access privileges of the folder. The corresponding fields and checkboxes are grayed out when another user asks for privileges information (Fig. 6.4).
HELIOS UB2 supports the idea of drop boxes for folders with mode “733” (others and the group can drop files/folders) or “773” (only others can drop files/folders). The dropped files and folders will have read/write permissions and can be opened by the folder owner or folder group members only. This feature is active for volumes with smart permissions enabled.
A drop folder can be created using the “dt mkdir” function, e.g.:
# dt mkdir -m 733 dropfolder # dt chmod g+s dropfolder # dt chown michael dropfolder # dt chgrp adminusers dropfolder
The folder list will look like this:
# dt ls -l drwx-ws-wx 4 michael adminusers 136 Mar 13 08:25 dropfolder
The chmod g+s
command enforces that files/folders
created within this folder will inherit the group “adminusers” from
the drop folder.
When compared to the Apple file server using HFS, EtherShare has a few minor limitations but also offers powerful additional features which result in part from specific features of the UNIX environment on which EtherShare is based.
The following table compares the behavior of different operating systems regarding the file name case sensitivity.
Preserve | Ignore | |
---|---|---|
Mac OS X (HFS default) | ||
Mac OS X (UFS/Xsan) | – | |
Mac OS 8/9 | ||
Windows | ||
UNIX | – | |
MS-DOS | – |
Table 6.1: Operating systems and the case-sensitivity of file names
As Table 6.1 shows, there is no case preserving on MS-DOS, i.e. file names entered in lowercase will appear uppercase in the directory listing. In contrast to UNIX, the Mac and Windows operating systems are not case-sensitive when looking for files or creating or opening them. If your application looks for “Dave”, they will also find “dave”, and you cannot create a file “Dave” and a file “dave” in the same folder in a local volume. Due to its UNIX heritage, this is not true for HELIOS volumes. This distinction is normally not a problem – if an application has created a file called e.g. “Editor Prefs” and needs to open this file again, it usually tries to open it using the same name and not “EDITOR PREFS”. If an application cannot find a file which it has created, and the file is visible on UNIX and in the Finder, it is likely that case-sensitivity is to blame. If you are able to determine the name of the file which the application is trying to open, you can often provide a workaround by using a Mac Alias or by renaming the file. Contact your application vendor for assistance.
A file system error is issued if files whose names contain ASCII “0” (zero) are copied to the server or if application programs or tools try to create such files. This restriction also applies to all AFP compatible file server products (including those from Apple).
HELIOS EtherShare in combination with the Mac OS X built-in “Time Machine” feature enables backups of networked Mac workstations and laptops. EtherShare AFP volumes can be used as backup disks for Time Machine backups from any Mac OS X 10.5 (10.5.5 or later recommended) and Mac OS X 10.6 clients.
Backed-up data is accessible from anywhere within the local network and can easily be restored by Mac users. Enabling HELIOS EtherShare support for “Time Machine Backup” takes less than a minute and requires no additional software installation. Even the restoration of a crashed Mac or the transfer of a saved system to a new Mac is supported directly from the Mac OS install DVD, or with the Mac “Migration Assistant”.
Entire Mac networks can do Time Machine backups to a central HELIOS server volume. The main advantages of the HELIOS server support for Time Machine backups are:
Automatic hourly, daily and weekly backups, with no configuration required
Easy restore by users using the Time Machine Finder interface
Optimized automated backups of mobile MacBooks (Time Machine keeps track of any files changed since the last backup)
Mac backups are stored as HFS disk images on the server (no trouble with millions of files)
No client software installation required
Excellent backup performance
Easy and fast Mac recovery by users
Central client backup repository, which in turn is backed up as part of the server backup plan
Disaster recovery from the Mac OS X install DVD
In general, a dedicated EtherShare volume should be created to use as a
backup disk for Time Machine backups. Use HELIOS Admin to enable
Time Machine Backup
(see Fig. 6.5)
in the volume configuration. This enables the volume to be selected in
the Time Machine preferences. In addition, you should activate the
AFP UNIX Permissions
checkbox, to enforce security so that
one user cannot access backups from other users.
Backups are saved on the server as a bundle directory (per Mac client) containing HFS disk images. It may be desirable to limit the backup volume space allocated per Mac client, to prevent the server disk getting filled up when Time Machine does many incremental backups. By default, Time Machine creates an auto-incrementing HFS disk image per user containing the backup data. “HELIOS TM Image Builder” is a Mac client tool which serves to create HFS disk images of a specified size on EtherShare volumes.
If you wish to create a Time Machine backup on such an image you need a HELIOS server whose AFP port number is unchanged. This is because Time Machine only works with the default port.
Launch “HELIOS TM Image Builder” on a Mac OS X 10.5 or 10.6 network client (see Fig. 6.6).
Mount the EtherShare volume that will be used as a backup disk for Time Machine backups for that client.
Select the desired options.
Max. backup size (GB)
– The initial disk image will be quite
small, and will grow as backups are added. This setting allows limiting
the maximum size the disk image can reach. A good value is the disk size
of your Mac or at least the size currently used on that Mac.
Since Mac OS X 10.6.3 this feature has no effect anymore because the client resets the disk image size on each backup.
Segment size (MB)
– A disk image is divided into many smaller segments
which are stored within the disk image bundle. A small segment size
such as 16 MB is good if the server volume itself is backed up by server
backup software doing incremental backups because not every segment
will change. If no server backup is done, then a larger disk
segment size is good (128 MB) because you have fewer individual files
within the bundle.
Encrypted backup image
– If this option is set, a password to
open the disk image is required. When Create image
is clicked,
a dialog box will request an Administrator password in order to write the
disk image password to the system keychain, so that Time Machine can
automatically access it. The password can be retrieved via the “Keychain Access”
application. The password is required to open the disk image via the
Finder. When mounted, it will be titled Backup of <client name>.
HELIOS TM Image Builder allows saving the Max. backup size
and Segment size
settings to the selected backup volume. This
addresses Admins who wish to pre-define the disk image and segment size
in order to get custom defaults.
The advantage is – when the next workstation selects that backup volume –
these defaults are preset from the settings file. The settings file can be
saved/updated via File > Write Preferences to Volume
.
If desired, these default settings can be overridden on each client (e.g.
to specify a different Max. backup size
for that client).
Click Create image
to finish with the HELIOS TM Image Builder.
If a HELIOS volume is mounted and Time Machine Backup
is enabled
for that volume, Time Machine on the Mac OS X client detects the volume,
and it can be selected as a backup device. If HELIOS TM Image Builder was
used to create a disk image on this volume for that client, then the backups
from that client will automatically be saved into the disk image. After
the initial setup, Time Machine remembers the user name/password and
automatically creates a hidden AFP connection if the backup schedule
is active.
If you receive an error message like that in Fig. 6.8, see Server setup above.
Q: Can I restore an entire Mac from the Mac OS X boot DVD?
A: Yes. HELIOS offers Bonjour registration of
EtherShare Time Machine Backup
enabled volumes. This allows
booting from the Mac OS X DVD and restoring an entire Mac with
just a few clicks – basically a disaster recovery of new or
repaired Mac computers. You can boot from a Mac OS X 10.6
Install DVD and restore a complete workstation (Mac OS X 10.6
or 10.5) from a backup on a HELIOS server without installing
Mac OS X first. However, a Mac OS X 10.5 Install DVD can
only restore Mac OS X 10.5 workstations.
Such a disaster recovery using the Mac OS X Install DVD works for unencrypted disk images only. Encrypted disk images must first be opened and copied to a disk or to another disk image that is not encrypted. The Mac OS X “Disk Utility” can be used for this. You can easily work using the encrypted image for backup and restore, but a disaster recovery needs the additional procedure desribed above.
Q: Can I use HELIOS TM Image Builder from a
single Mac to create backup disk images for other Macs?
A: No. Only one disk image from a given client can be
created in an EtherShare volume, and that disk image
is associated with the specific client from which it
was created. Each image includes unique names and IDs
which cannot be determined remotely. It is required
to launch HELIOS TM Image Builder on every Mac where
you wish to specify a custom disk image of a specified size.
Q: Can the disk images created by HELIOS TM Image Builder
be renamed?
A: No. Time Machine requires a specific name which
includes Mac workstation name and unique IDs.
Q: Can the server admin spy my encrypted backup images?
A: No. The password is only stored in the keychain for
your local Mac – if the admin has no Administrator
rights on your Mac they cannot access the password to
open the disk image.
Q: Will HELIOS TM Image Builder work on non-EtherShare volumes?
A: No. This Tool is dedicated to HELIOS EtherShare volumes only.
The HELIOS Time Machine Browser (“HELIOS TM Browser”) application is a tool for system administrators, to get a quick centralized overview of the backup status of all Mac clients configured to save Time Machine backups in an EtherShare volume. The overview includes complete information about when backups were started and completed. Special warnings advise if backups are overdue. With HELIOS TM Browser, admins no longer need to do hands-on visits of every single Mac station to receive a backup overview. HELIOS TM Browser simplifies and consolidates this critical administrator duty, facilitating the monitoring of Time Machine network backups of workgroup and enterprise Mac environments.
Launch HELIOS TM Browser on a Mac network client (see Fig. 6.9).
Mount the HELIOS EtherShare volume(s) that contain Time Machine backups.
From the Select Time Machine Backup Volume
pop-up menu select the
volume that you wish to review.
The various Time Machine backups, along with size, status, and last backup details are listed. The “Last backup” status color labels provide a quick view of current and past due backups.
Click on the desired column headers to change the sort order.
Click on an individual backup to view additional details in the Overview
and Dates
sections below.
Use the menu File > Update all
or File > Update selected
to refresh the status of all or selected backups. Or, right-click (CTRL+click)
on a backup to update the backup status. A backup status could be:
Finished: the last backup has completed
Incomplete: the last backup has not completed
Encrypted: an encrypted disk image is used and so there are no backup details available
N/A: the image is not a Time Machine backup
image or there was an error and the image could not be opened.
This could be the case e.g. when there is currently a backup running
and the image is in use. The “Messages” section in the Overview
tab will show the reason of the error
The HELIOS TM Browser > Preferences...
menu allows setting the backup
status colors and corresponding maximum age. A click on a color changes it. File
sizes can also be set to use the Mac OS X 10.6 method. See “How Mac OS X and iOS
report storage capacity”
(support.apple.com/kb/TS2419)
for details.
The File > Export backup list ...
menu allows saving a list of backups
into a TAB-separated text file.
Preferences are stored on the Mac workstation in:
“ /Library/Preferences/de.helios.TMBrowser.preferences”
If a Mac OS X 10.5 machine is used for “HELIOS TM Browser” it may not be possible to check Mac OS X 10.6 created disk images. It is recommended to use a Mac OS X 10.6 machine.
The application may not respond for a few seconds when the image mount is in progress. It may even take a long time in case the OS makes an automatic file system check on the currently used disk image. This can be checked via “Activity Monitor” or “top”. If a file system check is in progress the list will contain a “fsck_hfs” entry.
Feedback is welcome via Help > Send feedback to HELIOS...