-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathSecurityAFP.page
131 lines (90 loc) · 5 KB
/
SecurityAFP.page
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
Icon="icons/apple-icon.png"
Cond="($var['shareAFPEnabled']=='yes')&&(array_key_exists($name,$sec_afp))"
Menu="Disk Cache Share"
Title="AFP Security Settings"
---
<script>
function check_afp_security_form()
{
var form = document.afp_security_form;
if (form.shareExportAFP.value=="et") {
form.shareVolsizelimitAFP.disabled=false;
}
else {
form.shareVolsizelimitAFP.disabled=true;
}
}
$(document).ready(check_afp_security_form);
</script>
> This section is used to configure the security settings for the share when accessed using AFP and
> appears only when AFP is enabled on the Network Services page.
<form markdown="1" name="afp_security_form" method="POST" action="/update.htm" target="progressFrame">
Export:
: <select name="shareExportAFP" size="1" onchange="check_afp_security_form();">
<?=mk_option($sec_afp[$name]['export'], "-", "No");?>
<?=mk_option($sec_afp[$name]['export'], "e", "Yes");?>
<?=mk_option($sec_afp[$name]['export'], "et", "Yes (TimeMachine)");?>
</select>
> The Export setting determines whether this share is exported via AFP (Yes or No)
> The Export setting also includes a third option (Yes - TimeMachine). This setting enables various
> special options for TimeMachine; in particular a "volume size limit". Note: Apple recommends not
> to use the volume for anything but TimeMachine due to the way locks are used.
TimeMachine volume size limit:
: <input type="text" name="shareVolsizelimitAFP" maxlen="20" value="<?=$sec_afp[$name]['volsizelimit'];?>"> MB
> This limits the reported volume size, preventing TimeMachine from using the entire real disk space
> for backup. For example, setting this value to "1024" would limit the reported disk space to 1GB.
Security:
: <select name="shareSecurityAFP" size="1">
<?=mk_option($sec_afp[$name]['security'], "public", "Public");?>
<?=mk_option($sec_afp[$name]['security'], "secure", "Secure");?>
<?=mk_option($sec_afp[$name]['security'], "private", "Private");?>
</select>
> The unRAID AFP implementation supports Guest access and fully supports the three security
> modes: Public, Secure, and Private.
> In general, when you click on your server's icon in Finder, you will be asked to log in as Guest or to
> specify a set of login credentials (user name/password). In order to use Secure or Private security on
> a share, you must have a user already defined on the server with appropriate access rights.
> Note: netatalk does not permit the user name <tt>root</tt> to be used for log in purposes.
> **Public** When logged into the server as Guest, an OS X user can view and read/write all shares set as
> Public. Files created or modified in the share will be owned by user `nobody` of
> the `users` group.
> OSX users logged in with a user name/password previously created on the server can also view
> and read/write all shares set as Public. In this case, files created or modified on the server will
> be owned by the logged in user.
> **Secure** When logged into the server as Guest, an OS X user can view and read (but not write) all
> shares set as Secure.
> OS X users logged in with a user name/password previously created on the server can also view and
> read all shares set as Secure. If their access right is set to read/write for the share on the server,
> they may also write the share.
> **Private** When logged onto the server as Guest, no Private shares are visible or accessible to any
> OS X user.
> OS X users logged in with a user name/password previously created on the server may read or
> read/write (or have no access) according their access right for the share on the server.
> Note: Private security is available only with ''Plus'' and ''Pro''
> [registration](http://lime-technology.com/products/registration-keys).
: <input type="hidden" name="shareName" value="<?=$name;?>">
<input type="submit" name="changeShareSecurityAFP" value="Apply">
<button type="button" onClick="done();">Done</button>
</form>
<? if ($sec_afp[$name]['security'] == 'secure'): ?>
<form markdown="1" method="POST" action="/update.htm" target="progressFrame">
User Access:
: <? input_secure_users($sec_afp); ?>
> All guests will have **read-only** access. See also [Secure Security Mode](/Help).
: <input type="hidden" name="shareName" value="<?=$name;?>">
<input type='submit' name='changeShareAccessAFP' value='Apply'>
<button type='button' onClick='done();'>Done</button>
</form>
<? elseif ($sec_afp[$name]['security'] == 'private'): ?>
<form markdown="1" method="POST" action="/update.htm" target="progressFrame">
User Access:
: <? input_private_users($sec_afp); ?>
> All guests will have **no access**. See also [Private Security Mode](/Help).
: <input type="hidden" name="shareName" value="<?=$name;?>">
<input type='submit' name='changeShareAccessAFP' value='Apply'>
<button type='button' onClick='done();'>Done</button>
</form>
<? endif ?>