EtherShare UB64 User manual (Version 6.0.0)  
 

5 The EtherShare file server

This chapter is devoted to the EtherShare file server. The function, the configuration and the operation of the file server is described. In addition we include information to allow the administrator to set up users, groups and volumes, create folders, and define access privileges. Finally, we describe methods for archiving data in the file server volumes to mass storage.

5.1 The file server program

The EtherShare file server system, “afpsrv”, is located in “HELIOSDIR/sbin”. The server is usually configured to start “afpsrv” automatically upon system boot.

Note:

EtherShare “afpsrv” uses the default port 548. On OS X, if the native OS X AFP services are already running on this port, EtherShare uses a random free port. See the note adjacent to afpport in 9.2 “AFP server preference keys” for instructions on how to assign a certain free port number for “afpsrv”.

afpsrv

“afpsrv” is the program that implements the AFP (Apple Filing Protocol) file server functions. It waits for filing requests from a client on the network, which are then immediately processed. Each new login request results in a separate “afpsrv” process being created. Accordingly, when a number of users access the file server at the same time, a number of “afpsrv” processes run on the host simultaneously. “afpsrv” is capable of supporting the following modern features:

File streams

A file in the Windows/NTFS environment can have a certain number of file streams. File streams contain meta data such as creation or modification date information, icon information, etc., similar to the resource fork of a Mac file. If you manipulate files which have been created in a Windows/NTFS environment, “afpsrv” supports file streams (see NTFS file streams support in the HELIOS Base manual).

Welcome and shutdown message

You can specify both a welcome message and a shutdown message to be output on Mac workstations when they log in to EtherShare. There are no preferences to set for this feature. Instead, create two text files “login.msg” and “shutdown.msg”, and store them in the “MacOS” folder of the “HELIOS Applications” volume. Then the messages will automatically be used by the file server during login and shutdown. Usually, only the administrator has write privileges to this directory (volume).

For example, the two messages could be: “Welcome to the Support server of HELIOS Software GmbH” and “The Support server of HELIOS Software GmbH has now been shut down”.

Note:

If you are running EtherShare on a demo license you cannot modify the default welcome message.

OS X 10.9 or newer clients do no longer support AFP messages. So there is no message displayed on such clients.

A maximum of 199 characters will be displayed (excess characters are truncated). If you want to include national accented characters such as Umlauts in your messages, an UTF-8 capable text editor should be used.

Long file names on Mac OS 8/9

Mac OS 8/9 has no support for AFP 3.1 or later, AFP 2.2 is used instead. As a result, file/directory names containing more than 31 characters will be truncated. In this case the file name, beginning with the 26th character, is replaced with a hashmark (“#”) followed by a four hexadecimal character checksum. It is possible to rename these files to a different file name from Mac OS 8/9. Working on files with truncated names is not recommended though.

5.2 Directory and file formats

On UNIX machines, the EtherShare file server simulates the Mac’s HFS (Hierarchical File System) on UFS (UNIX File System); the latter is found in many UNIX variants. Due to the differences between these two systems, the same Mac file appears differently when it is viewed through the UNIX file system compared to when it is viewed from a Mac workstation.

The structure of volumes and files

In EtherShare, each HFS volume is mapped to a specified part of the UNIX file system and mounted at a specified directory. This directory is then the root directory of the volume.

You specify the volume mount point when setting up new volumes with HELIOS Admin.

In contrast to files on DOS and UNIX, all Mac files are associated with so-called “Finder info” contained in the file’s directory entry, which stores among other things the file type and creator, the file creation date, etc.

Each file is split into two parts, the “data fork” and the “resource fork”. This “split” is normally invisible to the Mac user; the “Finder info” in the file’s directory is also invisible.

On EtherShare, the file’s data fork is stored with the chosen file name in the UNIX directory corresponding to the folder.

The file’s resource fork is combined with the Finder info and stored in a separate “resource file” of the same name in the so-called “resource” directory, which is the “.rsrc” subdirectory of the folder’s directory.

A description of the resource file structure is available on the HELIOS website.

Mac file names invalid for UNIX are converted according to a specified algorithm. For example, the question mark is coded as ^3f on the server:

Hexadecimal Usual representation
22 "
2a *
2f /
3a :
3c <
3e >
3f ?
5c \​
5e ^
7c |

When you create a folder on EtherShare, which you do with the Finder in the normal way, a UNIX directory is created with the same name as the folder. Folders also have Finder info, which stores among other things the folder’s window position and size, and the viewing style (Mac OS 9). The Finder info for a folder is stored in the parent’s folder “resource” directory, which is created automatically when the folder is created. See Create new folders on UNIX in 5.5 “Access privileges” for related information.

Assumed you have a file “Test” in folder “Demo” which is in “dave’s” home volume. On UNIX you will have:

/home/dave/Demo/Test                    File’s data fork 
/home/dave/Demo/.rsrc/Test              File’s resource fork 
/home/dave/.rsrc/Demo                   Folder’s Finder info

Furthermore, if for example the volume mount point is “/home/apps”, the volume desktop is contained in the UNIX file “/home/apps/.Desktop”. The “Network Trash Folder” for the volume is contained in the UNIX directory “/home/apps/Network Trash Folder” and in the file “/home/apps/.rsrc/Network Trash Folder”. Finder info for the root of the volume (viewing style, layout info etc.) is contained in “/home/apps/.rsrc/^^volrsrc”. See “The desktop server” in the HELIOS Base manual for related information.

The file names “.Desktop”, “.DeskServer”, and the “.rsrc” folder are protected by EtherShare, and cannot be accessed from a Mac client.

Inside a HELIOS volume, “.rsrc” directories can only be missing if folders were created manually from UNIX or if “.rsrc” folders were removed manually from UNIX. “afpsrv” automatically creates missing “.rsrc” directories for every folder opened from the Mac in case a “.rsrc” directory is available in the volume root directory of the HELIOS volume. This applies to files as well; if “.rsrc” folders are available, resource files inside the “.rsrc” folder will be created automatically.

The file type and creator are used by the Finder to select the right icon to display. They are each 4 bytes long. The file creator is also used to automatically find and start the corresponding program when you double-click on the icon of a document. The icons themselves are stored in the desktop file, which exists only once for each volume. Each application is usually associated with a single file creator code (e.g. “MSWD” for Microsoft Word), but can as well have several file type codes (e.g. “WDBN” for normal Word documents, “WHLP” for Word help files, “DCT5” for the Word dictionary, etc.). See Icon data in “The desktop server” in the HELIOS Base manual for more information.

Safe file management

HELIOS volumes store Mac native files (including resource forks and Finder info) and Windows native files (including NTFS streams) in a format compatible with the server file system. When file operations are performed via EtherShare or PCShare clients, all of the associated file components are transparently acted upon, and the volume desktop database file (“.Desktop”) is updated. Hence it is always recommended to perform file operations from HELIOS clients. In situations where it is necessary to manipulate files in HELIOS volumes directly on the server, it is essential to use the HELIOS “dt” tools instead of the corresponding UNIX commands. The “dt” tools will properly perform file operations, and therefore should be used for all command line operations, in automated scripted workflows, for restoring backups, etc. Refer to the HELIOS Base manual for details.

UTF-8 encoded file names

HELIOS volumes use Unicode based file names in UTF-8 encoding. Therefore special characters such as Umlauts can be used on different platforms (Mac and PC clients) because modern clients offer full Unicode support. Exceptions are listed in the The structure of volumes and files conversion table.

Non-UTF-8 encoded file names

In a non-UTF-8 volume, Mac special characters are automatically translated by the EtherShare file server into a three-character escape sequence, but in this case led by a leading colon (:) instead of the caret (^). For instance, the special character “ä” is translated into “:8a” (MacRoman encoding).

However, accented characters (Umlauts) are not recommended for user names and passwords (otherwise you will need to remember different passwords for Mac and UNIX logins). Your UNIX host name must never include a slash character (for example “my_rs/6000”).

Note:

It is not possible for an AFP 3 client to mount a non-UTF-8 volume from the EtherShare file server in the Finder. Any attempt will fail and the following message is written to the syslog file:

volume: <volume name> without UTF8, unsupported, disabled
Generic file types

Finder info for UNIX files, which do not have resource files, are simulated automatically as “generic file types” by EtherShare. EtherShare automatically recognizes about 20 UNIX file types (shell script, socket etc.), and simulates the Mac file type and creator. EtherShare will create a suitable resource file when the corresponding folder is first opened. The resource file will be ignored by UNIX applications, but allows EtherShare to recognize the file type immediately the next time the folder is opened. EtherShare also recognizes TIFF and EPSF files, but it cannot automatically create the PICT resource for EPSF files. The following special UNIX file types are recognized directly (type and creator are also shown):

Description Type Creator
Block device BDEV UNIX
Character device CDEV UNIX
Socket SCKT UNIX
Named pipe PIPE UNIX

With normal UNIX data files, the file server tries to determine the file type by examining the first 512 bytes of the file, in order to place it into one of the following groups:

Description Type Creator
Executable file EXEC UNIX
Executable SCRIPT file TEXT UXSC
Object file OBJ  UNIX
Archive file AR   UNIX
CPIO archive file CPIO UNIX
Lempel-Zev compressed file COMP UNIX
Huffmann packed file PACK UNIX
SUN raster image file RAS  UNIX
PostScript file (including EPS) TEXT UXPS
Mailbox file TEXT UXMB
TIFF file TIFF UNIX
Gnu Zip file Gzip UNIX
PDF file PDF /TEXT CARO
EPSF file EPSF UNIX
Text file TEXT UNIX
Binary data file DATA UNIX
No permission NOPE UNIX
Unreadable file ???? UNIX

If the UNIX file does not correspond to any of these types, a differentiation is solely made between either text or binary data files. A binary data file is defined as a file where at least 30% of the characters are not contained in the 7-Bit ASCII code. All other files, including empty files, are classified as type TEXT.

If the user does not have sufficient access privileges to read a particular file, the file is classified as type “NOPE”.

If a file cannot be read by a particular user because a physical read error has occurred, the file is classified as type unreadable.

You can also create or modify the file type or creator manually. See Automatic extension mapping in 5.4 “Public and private volumes” for related information.

Note:

If a file type is assigned the code “UNKN/UNIX” the file server automatically enforces a file type conversion.

If necessary, the generic file types feature can be disabled (see binonly in 9.2 “AFP server preference keys”). In that case all UNIX files are classified as binary data files (DATA/UNIX).

File and record locking

The EtherShare file server supports file and record locking between Mac workstations. Likewise, PCShare – a TCP/IP-based Windows networking product developed by HELIOS – supports file and record locking between Windows workstations. Locks of both file servers are shared by accessing the same “locktable” file which is in the “HELIOSDIR/var/run” directory. Hence, if a volume is shared by both EtherShare and PCShare, cross-platform file and record locking is enabled.

“afpsrv” supports mandatory locking used by Apple AFP or Windows SMB clients.

UNIX advisory locking is not compatible with the mandatory locking method, and UNIX applications should not manipulate files at times they are in use by HELIOS AFP or SMB clients.

Symbolic links

Symbolic links allow copying application packages to, or from the server, without loss of information.

5.3 Users and groups

User and groups are authorized by use of the HELIOS authentication server. Details on the authentication server can be obtained in the HELIOS Base manual.

Guest access

Users that are not registered in the system but still need access to the network from time to time can log on to the file server as a guest. The administrator can configure EtherShare to either accept or reject guest access.

During logging on, guests are not required to enter user name or password. Guests only have access to public volumes, and do not have a private volume. If necessary, guests can be denied access to specific public volumes by suitably configuring the access privileges of the respective volumes.

Although guest users do not need to enter any user name, guest access must still be declared in the “Preferences” file via the guest preference (see “Authentication server preference keys” in the HELIOS Base manual), in order to allow guests group membership.

In order to ensure that guests do not have access to protected applications or documents of other users, the administrator should assign the guest a primary group which has no other members. Folders and files are protected against access by guests as long as access for the user category “Others” has been explicitly disabled.

Since user volumes are only available for registered users, a home directory for guests is ignored by the file server.

5.4 Public and private volumes

A volume (in the Mac file system) can be stored on both a removable disk or a hard disk. A hard disk can also be subdivided into several volumes, i.e. several separate file systems. The file system used by Mac computers is called HFS (Hierarchical File System) or HFS+, respectively.

The UFS (UNIX File System) is able to use storage capacity which is available through the network remotely in another computer via NFS (Network File System). Such remote storage can also be used by EtherShare.

On EtherShare, the UNIX file system can be treated like an Apple hard disk: one or more volumes containing folders and files can be mounted at a particular UNIX directory and made available to a group of users.

Volumes can be set up by using “prefvalue” (see “HELIOS utility programs” in the HELIOS Base manual), but we strongly recommend that you do this with HELIOS Admin instead.

Note:

Please see 3.3 “Volume AFP settings” for related information, especially if you are using file systems mounted remotely through NFS.

Public volumes

When a volume is created, it is automatically available to all users/groups. Such volumes are called public volumes (even if not all users/groups have the right to access them). Public volumes can optionally be protected with a password.

During the installation the public volume “demovol” is created. The installation program also creates a volume “HELIOS Applications” in “HELIOSDIR/​public”. It is used for HELIOS tools and user manuals.

If you want to deny guest access to a public volume, set the Guest preference to FALSE (see “Volume preference keys” in the HELIOS Base manual). No other configuration changes are necessary.

Private volumes

Each time you log on to EtherShare, if a home directory has been specified, you are automatically assigned a private “home” volume by the file server. The name of the home volume is shown abbreviated on the Mac workstation by using the tilde (“˜”) character together with the user name (e.g. “˜david”). It can be used to store the user’s private files.

Deny access to private volumes

If a particular user should only be allowed access to public HELIOS volumes, and not to a home volume, the Home Directory field in HELIOS Admin can be left empty when creating the user (which is equivalent to omitting the home directory entry in the system file “/etc/passwd”). This may – depending on the UNIX system – disable the login to the UNIX shell, but is not the same as unchecking Mac Visible in the Volumes:˜ window in HELIOS Admin, which simply makes home volumes invisible to (all) Mac users.

“afpsrv” very extensively checks for overlapping HELIOS volumes during each mount request. If an already mounted volume does include (or is included inside) a volume to be mounted, this will be invisible in the Connect To Server... dialog and an appropriate system error message, which contains the names of the overlapping directories, will be logged from “desksrv”.

Please make sure that no single HELIOS volume overlaps any other HELIOS volume. If in doubt, please consult your HELIOS dealer to implement a safe volume configuration.

Duplicate volume names

Volume names must be unique. If the user or administrator defines the same volume name more than once, the entry encountered last during user login is ignored because no two volumes on the file server can have the same name. Otherwise, it would not be possible for workstations to uniquely access a particular volume. The new volume must be given another name.

The administrator should be particularly careful not to create a volume with the same name as a user’s home volume (e.g. “˜rita”), because the user will then no longer be able to access their home volume any more.

Automatic extension mapping

The file server supports automatic mapping of file name extensions. This simplifies file sharing between EtherShare, UNIX and PCShare, by simulating an appropriate Mac type and creator, allowing Mac users to open files created on Windows or UNIX with a double-click.

Note:

This feature allows you to allocate specified file name extensions to application or document icons that already reside on the file server, but it does not allow creating new icons.

Extension mapping can be defined by editing the “suffixes” file or by means of HELIOS Admin (see “Extension Mappings” in the HELIOS Base manual).

5.5 Access privileges

Access privileges – on UNIX called “permissions” – define which users are allowed to work with which folders and files. Access privileges are assigned by the administrator or the owner of a file or folder.

5.5.1 HFS access privileges (Mac OS 9/AFP 2.2)

On Apple’s HFS (Hierarchical File System), no access limitation mechanisms are available for individual files, because the concept of user authorization is not known. A file can only be “locked” (write-protected) to prevent unintended writing/deleting operations. This attribute, however, can be disabled by any user at will. Furthermore, write-protection is not available for folders.

In a file server environment, considerably more sophisticated access privilege mechanisms are necessary. Apple’s AFP specification for sharing files differentiates between four different types of privileges:

Read only

This attribute specifies whether a particular folder is visible to the user. If a particular file is visible it can also be read.

Read & Write

This attribute additionally allows modifications applied to the files in the folder.

Write only (Drop Box)

This attribute allows only files being “dropped” into a specific folder.

No access

Any form of access to that folder is denied; neither reading the included files, nor applying changes to them is possible. See Fig. 5.4.

Individual file permissions:

UNIX file system permissions

Read and/or write permissions can be set for the file owner, group members, and others.

AFP 2.2 access privileges

Historically, using AFP 2.2 to access server volumes, it was not possible to specify different access privileges for individual files in the same folder. This is still true for Mac OS 8/9 clients, which use AFP 2.2. If it is necessary to allow a user to change a particular file, but not change another file, the two files need be stored in separate folders. If this is not possible, your only choice is to use the “dt chmod” (see HELIOS Base manual) command to change the privileges for individual files on the server. While AFP 2.2 does not allow granular control of access rights, it does facilitate file sharing and collaboration.

HELIOS AFP smart permissions active (default)

Using HELIOS AFP smart permissions, files saved to the server inherit the permissions of the parent folder. This is the preferred option for workgroup file sharing. When this option is active, the Finder of OS X clients is not allowed to change access privileges for individual files. However, changing access modes from the Finder can be toggled on/off as described below.

HELIOS AFP UNIX permissions

If “smart permissions” are not active, server volumes will use UNIX permissions. UNIX command line utilities in AFP volumes will create files according to “umask” and work as expected. However, many OS X GUI applications create all new files and directories with default permissions of:

So “UNIX permissions” have the advantage to be changed in an easier way but the disadvantage of default permissions that are not optimal for file sharing and collaboration.

Extreme care should be taken when changing access privileges of AFP files on the UNIX server directly (do not forget the resource part). Or, in order to avoid such problems, use the “dt chmod” program. Incompatible combinations of privileges could lead to EtherShare access problems, e.g. no read or write access to a file anymore, or it may no longer be possible to use a folder.

5.5.2 EtherShare privileges (OS X)

Note:

This description only applies to OS X clients up to 10.4.

OS X 10.6 clients and later can use the HELIOS Permissions tool to change server file permissions in the Finder of connected Mac workstations.

See 8.1 “HELIOS Permissions”.

OS X is a UNIX-based operating system, so AFP file/directory access permissions are identical to the UNIX permissions. However, HELIOS AFP 3.1 and newer supports two (mutually exclusive, serverwide) permission modes for saving files and folders: HELIOS AFP smart permissions and UNIX permissions. As mentioned above, the default setting is to use smart permissions, so that files saved to the server will inherit the permissions of the parent folder. When smart permissions are turned off, standard UNIX permissions will be used when saving files and folders. See checkbox AFP UNIX Permissions in the HELIOS Admin volume configuration window (Fig. 3.3) and the useunixperm volume preference in the HELIOS Base manual.

Change access modes from the Finder

With enabled UNIX permissions, permissions can be changed using the “Get Info” dialog from the OS X Finder as usual.

With disabled UNIX permissions, which is the default, permissions cannot be changed directly. This feature is only available with active UNIX permissions. However, to allow an authorized user to change the permissions, do the following:

hsymInstruction

Open the Finder’s “Get Info” dialog for a file/folder in the server volume. Then open the permission details, enter the new user name unixperm and press the TAB key.

A Finder message pops up (“invalid user name”), together with the following AFP message (Fig. 5.1):

Enable UNIX permissions

Fig. 5.1: Enable UNIX permissions

Now the UNIX permissions are enabled for the AFP server client process, irrespective of the volumes' smart permissions status, so you can change the permissions as required. The owner can change the read/write mode within the Finder for owner, group and others.

Note:

AFP 2.2 allows the owner of directories to transfer the ownership to a different user. AFP 3.1 and newer does not support changing the owner unless you are the user “root”.

The UNIX permissions for the particular client are enabled until the client disconnects from all server volumes or the UNIX permissions are switched off. Switching off the UNIX permissions is done by entering the user name reset in the Get Info dialog, followed by pressing the TAB key. Then again, a Finder error (“invalid user name“) pops up, together with the following AFP message (Fig. 5.2):

Reset permissions to volume default

Fig. 5.2: Reset permissions to volume default

Create new folders on UNIX

As discussed earlier, a folder in a volume is represented as a directory in the UNIX file system, which is also associated with a (usually invisible) resource directory. The EtherShare file server uses the resource directory to store the Mac’s resource fork and the Finder info for the files. If it is required to create a folder directly from UNIX use the “dt mkdir” program, so both the main and the resource directory will be created. The “dt chown” and “dt chgrp” commands are used to set the owner and group of the folder.

The “dt chmod” command sets appropriate access privileges:

$ dt mkdir Folder 
$ ls -ld Folder Folder/.rsrc/ 
drwxrwsr-x  3 root  root  512 Jul 20 16:01 Folder 
drwxrwsrwx  2 root  root  512 Jul 20 16:01 Folder/.rsrc/ 

Please refer to the UNIX system documentation for more details of the “mkdir”, “chown”, “chgrp”, “chmod”, and “ls” commands. Also refer to the “dt mkdir”, “dt chown”, “dt chgrp”, “dt chmod”, and “dt ls” commands in the HELIOS Base manual, respectively.

We recommend that network folders are always created by using the Mac Finder, in the same way as local folders. This guarantees that all of the above considerations are handled automatically.

Delete folders

A folder can be deleted in an analogous way by using the UNIX command dt rm -r, provided that the user has sufficient privileges. If the folder contains further folders and/or files, these are also deleted.

Create new volumes on UNIX

IBM and Sun operating systems set or clear the “setgid” bit on directories to indicate whether files created in that directory should follow BSD semantics or System V semantics, respectively. The “setgid” bit is then automatically propagated to nested directories. Mac users expect the BSD style, thus HELIOS Admin ensures that the “setgid” bit is set if it creates a directory for a new volume or a new user. The “dt” utility will automatically make sure that the “setgid” bit is set.

5.5.3 EtherShare privileges (Mac OS 8/9)

The four modes of privileges are separately defined for four categories of AFP users: the owner of the folder (“Owner:”), group members (“User/Group:”), all other users of the system (“Everyone”, equivalent to “Other” on UNIX), and the administrator. This allows access privileges to be individually tailored. With the exception of the administrator, the owner of a folder is the only one who is allowed to change the privileges of the folder (if necessary, you can allow “Owner:” to be any user, by just leaving the field blank).

Read & Write

The folder is visible and all files can be read, changed and deleted. New files and folders can be created.

Read only

The folder is visible and all files can be read. Amendment or deleting of files is not allowed. New files and folders cannot be created.

Write only

The directory content is not visible and files in the folder cannot be read, amended or deleted. However, new files and folders can still be created since the folder acts as a drop folder (Drop Box).

None

Access to the files and folders is not possible. New files and folders cannot be created and the folder cannot be deleted.

Correlation to UNIX access privileges

The following table shows the four combinations of access privileges for the EtherShare file server, and the corresponding rights in the UNIX file system. Remember that the files that are stored in the folders have always the same access privileges as the folders themselves:

EtherShare file server UNIX file system
Read & Write (rw-) read write execute
Read only (r--) read execute
Write only (Drop Box) (-w-) write
None (---)
Note:

The System V UNIX semantics use “x” on directories, whereas “s” provides an additional bit in BSD UNIX for setting group IDs. For more detailed information see also Create new volumes on UNIX above. You may also refer to your UNIX documentation.

The Finder’s sharing section (in File > Get Info > Sharing...) can be used to display and edit the access privileges. Fig. 5.3 shows the privileges for a folder.

Folder access privileges

Fig. 5.3: Folder access privileges

The corresponding directory listing for this folder, made with the UNIX program ls is:

$ ls -ld adi adi/.rsrc 
drwxrws--- 3 hendrik helios  512 Jul 20 16:16 adi 
drwxrws--- 2 hendrik helios  512 Jul 20 16:16 adi/.rsrc/ 

Only the folder’s owner or the system administrator (“root”) can change the access privileges of the folder. The corresponding fields and checkboxes are grayed out when another user asks for privileges information (Fig. 5.4).

Access privileges for user not being the owner

Fig. 5.4: Access privileges for user not being the owner

5.5.4 Creating a drop box

HELIOS supports the idea of drop boxes for folders with mode “733” (others and the group can drop files/​folders) or “773” (only others can drop files/​folders). The dropped files and folders will have read/​write permissions and can be opened by the folder owner or folder group members only. This feature is active for volumes with smart permissions enabled.

A drop folder can be created using the “dt mkdir” function, e.g.:

# dt mkdir -m 733 dropfolder
# dt chmod g+s dropfolder
# dt chown michael dropfolder
# dt chgrp adminusers dropfolder

The folder list will look like this:

# dt ls -l
drwx-ws-wx  4 michael    adminusers     136 Mar 13 08:25 dropfolder

The chmod g+s command enforces that files/​folders created within this folder will inherit the group “adminusers” from the drop folder.

5.6 EtherShare compatibility notes

When compared to the Apple file server using HFS, EtherShare has a few minor limitations but also offers powerful additional features which result in part from specific features of the UNIX environment on which EtherShare is based.

Case-sensitivity

The following table compares the behavior of different operating systems regarding the file name case sensitivity.

Preserve Ignore
OS X (HFS default) hsymCheckMark hsymCheckMark
OS X (UFS/Xsan) hsymCheckMark
Mac OS 8/9 hsymCheckMark hsymCheckMark
Windows hsymCheckMark hsymCheckMark
UNIX hsymCheckMark
MS-DOS hsymCheckMark

Table 5.1: Operating systems and the case-sensitivity of file names

As Table 5.1 shows, there is no case preserving on MS-DOS, i.e. file names entered in lowercase will appear uppercase in the directory listing. In contrast to UNIX, the Mac and Windows operating systems are not case-sensitive when looking for files or creating or opening them. If your application looks for “Dave”, they will also find “dave”, and you cannot create a file “Dave” and a file “dave” in the same folder in a local volume. Due to its UNIX heritage, this is not true for HELIOS volumes. This distinction is normally not a problem – if an application has created a file called e.g. “Editor Prefs” and needs to open this file again, it usually tries to open it using the same name and not “EDITOR PREFS”. If an application cannot find a file which it has created, and the file is visible on UNIX and in the Finder, it is likely that case-sensitivity is to blame. If you are able to determine the name of the file which the application is trying to open, you can often provide a workaround by using a Mac Alias or by renaming the file. Contact your application vendor for assistance.

ASCII “0”

A file system error is issued if files whose names contain ASCII “0” (zero) are copied to the server or if application programs or tools try to create such files. This restriction also applies to all AFP compatible file server products (including those from Apple).

5.7 Time Machine

HELIOS EtherShare in combination with the OS X built-in “Time Machine” feature enables backups of networked Mac workstations and laptops. EtherShare AFP volumes can be used as backup disks for Time Machine backups from OS X 10.5 or later (10.5.5 or later recommended).

Backed-up data is accessible from anywhere within the local network and can easily be restored by Mac users. Enabling HELIOS EtherShare support for “Time Machine Backup” takes less than a minute and requires no additional software installation. Even the restoration of a crashed Mac or the transfer of a saved system to a new Mac is supported directly from the OS X install DVD, or with the Mac “Migration Assistant”.

Entire Mac networks can do Time Machine backups to a central HELIOS server volume. The main advantages of the HELIOS server support for Time Machine backups are:

Server setup

In general, a dedicated EtherShare volume should be created to use as a backup disk for Time Machine backups. Use HELIOS Admin to enable Time Machine Backup (see Fig. 5.5) in the volume configuration. This enables the volume to be selected in the Time Machine preferences. In addition, you should activate the AFP UNIX Permissions checkbox, to enforce security so that one user cannot access backups from other users.

HELIOS Admin – Volume configuration

Fig. 5.5: HELIOS Admin – Volume configuration

5.7.1 Time Machine Image Builder

Backups are saved on the server as a bundle directory (per Mac client) containing HFS disk images. It may be desirable to limit the backup volume space allocated per Mac client, to prevent the server disk getting filled up when Time Machine does many incremental backups. By default, Time Machine creates an auto-incrementing HFS disk image per user containing the backup data. “HELIOS TM Image Builder” is a Mac client tool which serves to create HFS disk images of a specified size on EtherShare volumes.

Note:

If you wish to create a Time Machine backup on such an image you need a HELIOS server whose AFP port number is unchanged. This is because Time Machine only works with the default port.

hsymInstruction

Launch “HELIOS TM Image Builder” on a OS X 10.6 or later network client (see Fig. 5.6).

hsymInstruction

Mount the EtherShare volume that will be used as a backup disk for Time Machine backups for that client.

hsymInstruction

Select the desired options.

“HELIOS TM Image Builder” window

Fig. 5.6: “HELIOS TM Image Builder” window

Max. backup size (GB) – The initial disk image will be quite small, and will grow as backups are added. This setting allows limiting the maximum size the disk image can reach. A good value is the disk size of your Mac or at least the size currently used on that Mac.

Note:

Since OS X 10.6.3 this feature has no effect anymore because the client resets the disk image size on each backup.

Segment size (MB) – A disk image is divided into many smaller segments which are stored within the disk image bundle. A small segment size such as 16 MB is good if the server volume itself is backed up by server backup software doing incremental backups because not every segment will change. If no server backup is done, then a larger disk segment size is good (128 MB) because you have fewer individual files within the bundle.

Encrypted backup image – If this option is set, a password to open the disk image is required. When Create image is clicked, a dialog box will request an Administrator password in order to write the disk image password to the system keychain, so that Time Machine can automatically access it. The password can be retrieved via the “Keychain Access” application. The password is required to open the disk image via the Finder. When mounted, it will be titled Backup of <client name>.

Write preferences to volume option

HELIOS TM Image Builder allows saving the Max. backup size and Segment size settings to the selected backup volume. This addresses Admins who wish to pre-define the disk image and segment size in order to get custom defaults.

The advantage is – when the next workstation selects that backup volume – these defaults are preset from the settings file. The settings file can be saved/updated via File > Write Preferences to Volume.

If desired, these default settings can be overridden on each client (e.g. to specify a different Max. backup size for that client).

hsymInstruction

Click Create image to finish with the HELIOS TM Image Builder.

HELIOS TM Image Builder – Finished

Fig. 5.7: HELIOS TM Image Builder – Finished

Mac client setup

If a HELIOS volume is mounted and Time Machine Backup is enabled for that volume, Time Machine on the OS X client detects the volume, and it can be selected as a backup device. If HELIOS TM Image Builder was used to create a disk image on this volume for that client, then the backups from that client will automatically be saved into the disk image. After the initial setup, Time Machine remembers the user name/password and automatically creates a hidden AFP connection if the backup schedule is active.

Error messages

If you receive an error message like that in Fig. 5.8, see Server setup above.

HELIOS TM Image Builder – Error message

Fig. 5.8: HELIOS TM Image Builder – Error message

FAQ

Q: Can I restore an entire Mac from the OS X boot DVD?
A: Yes. HELIOS offers Bonjour registration of EtherShare Time Machine Backup enabled volumes. This allows booting from the OS X DVD or recovery partition and restoring an entire Mac with just a few clicks – basically a disaster recovery of new or repaired Mac computers. You can boot from a OS X 10.6 or later Install DVD and restore a complete workstation from a backup on a HELIOS server without installing OS X first. However, a OS X 10.5 Install DVD can only restore OS X 10.5 workstations.

Note:

Such a disaster recovery using the OS X Install DVD works for unencrypted disk images only. Encrypted disk images must first be opened and copied to a disk or to another disk image that is not encrypted. The OS X “Disk Utility” can be used for this. You can easily work using the encrypted image for backup and restore, but a disaster recovery needs the additional procedure desribed above.

Q: Can I use HELIOS TM Image Builder from a single Mac to create backup disk images for other Macs?
A: No. Only one disk image from a given client can be created in an EtherShare volume, and that disk image is associated with the specific client from which it was created. Each image includes unique names and IDs which cannot be determined remotely. It is required to launch HELIOS TM Image Builder on every Mac where you wish to specify a custom disk image of a specified size.

Q: Can the disk images created by HELIOS TM Image Builder be renamed?
A: No. Time Machine requires a specific name which includes Mac workstation name and unique IDs.

Q: Can the server admin spy my encrypted backup images?
A: No. The password is only stored in the keychain for your local Mac – if the admin has no Administrator rights on your Mac they cannot access the password to open the disk image.

Q: Will HELIOS TM Image Builder work on non-EtherShare volumes?
A: No. This Tool is dedicated to HELIOS EtherShare volumes only.

5.7.2 Time Machine Browser

The HELIOS Time Machine Browser (“HELIOS TM Browser”) application is a tool for system administrators, to get a quick centralized overview of the backup status of all Mac clients configured to save Time Machine backups in an EtherShare volume. The overview includes complete information about when backups were started and completed. Special warnings advise if backups are overdue. With HELIOS TM Browser, admins no longer need to do hands-on visits of every single Mac station to receive a backup overview. HELIOS TM Browser simplifies and consolidates this critical administrator duty, facilitating the monitoring of Time Machine network backups of workgroup and enterprise Mac environments.

Usage
hsymInstruction

Launch HELIOS TM Browser on a Mac network client (see Fig. 5.9).

hsymInstruction

Mount the HELIOS EtherShare volume(s) that contain Time Machine backups.

hsymInstruction

From the Select Time Machine Backup Volume pop-up menu select the volume that you wish to review.

The various Time Machine backups, along with size, status, and last backup details are listed. The “Last backup” status color labels provide a quick view of current and past due backups.

hsymInstruction

Click on the desired column headers to change the sort order.

hsymInstruction

Click on an individual backup to view additional details in the Overview and Dates sections below.

HELIOS TM Browser – Main window

Fig. 5.9: HELIOS TM Browser – Main window

Update backup status

Use the menu File > Update all or File > Update selected to refresh the status of all or selected backups. Or, right-click (Ctrl+click) on a backup to update the backup status. A backup status could be:

Preferences

The HELIOS TM Browser > Preferences... menu allows setting the backup status colors and corresponding maximum age. A click on a color changes it. File sizes can also be set to use theOS X 10.6 method. See “How OS X and iOS report storage capacity” (support.apple.com/kb/TS2419) for details.

Export backup list

The File > Export backup list ... menu allows saving a list of backups into a TAB-separated text file.

Files

Preferences are stored on the Mac workstation in:
“˜/Library/Preferences/de.helios.TMBrowser.preferences”

Known issues
Feedback

Feedback is welcome via Help > Send feedback to HELIOS...


HELIOS Website © 2015 HELIOS Software GmbH  
HELIOS Manuals October 13, 2017