Lion Server File Sharing Supports POSIX and ACL - dummies

Lion Server File Sharing Supports POSIX and ACL

By John Rizzo

Lion Server offers two different types of permissions for files and folders: Portable Operating System Interface for Unix (POSIX) permissions from the Unix world and access control lists (ACLs) from the Windows world. POSIX permissions are easier to use, but ACLs give you a finer degree of control over access to files and folders. Keep in mind, however, that ACLs are more complicated to manage.

POSIX permissions allow only one owner and one group setting for a shared folder. POSIX permissions don’t provide different permissions to different individual users. ACLs allow multiple individuals and multiple groups to have different permissions for a shared folder. ACLs can be useful if you have several departments in the organization that need different levels of access for the same shared folder.

Apple Filing Protocol (AFP) is the best to use for Mac clients, and Server Message Block (SMB) is the best to use for Windows clients. Lion offers the webDAV protocol for file sharing for iOS devices (iPad, iPhone, and iPod touch).

Permission Types Available to File-Sharing Protocols
File-Sharing Protocol POSIX Permissions ACL Permissions
AFP Yes Yes
SMB Yes Yes
webDAV Yes Yes
NFS Yes (files only) No
FTP Yes No

Two other file sharing protocols, NFS (Network File Sharing) and FTP (File Transfer Protocol), are no longer supported from the graphical management tools (Server Admin and the Server app). Advanced administrators with knowledge of Unix can still configure file sharing from the Terminal application.

You can use the Server app to set a limited set of POSIX permissions for AFP and SMB, using only a few mouse clicks. To take advantage of the full set of permission combinations that POSIX permissions offer, or to set ACLs, use Server Admin, which enables you to set all permissions that Lion Server provides.

Standard POSIX permissions and ACLs are set in two different places in the Server app. You set standard POSIX permissions from the File Sharing pane. You set ACLs from the Hardware pane.