File Sharing on the Macintosh - Benefits Bring Responsibilities Joanne Larrabee CSS Consulting One of the strengths of Apple's System 7 is a built-in feature called file sharing. It lets you examine and work on files on other Macintoshes connected to an AppleTalk network. You and other System 7 users can transfer and share information, without an intermediate file server or diskette. This ease of sharing brings with it some responsibilities. Simple mistakes can inadvertently open up your system to others - possibly to a much larger group of computer users than you intended. MITnet, for example, routes AppleTalk, so if you have an MITnet connection, you could open up your system to users all across campus. Because of the security issues raised, you shouldn't turn on file sharing unless you need to use it. What IS Recommends Information Systems recommends a setup that minimizes file sharing and the exposure of your machine to other users - that is, setting up the least open system that still lets you and your colleagues accomplish your work. You also need to think through how you organize data on your computer. Devise a storage strategy that enhances collaboration, yet still safeguards privacy. Isolate confidential files, such as financial data and performance reviews, from folders that you intend to share. Finally, be sure to assign a password to each user who will have access to files on your machine. Responsible File Sharing To make file sharing on your machine secure, you will need to: * determine whether your Macintosh can share files with others * configure access for authorized users * prevent unauthorized network access Can My Machine Share Files? File sharing between Macintoshes requires two elements: * File sharing software. As part of the standard System 7 installation, this software is placed on your machine. If you have System 7, you have file sharing software. * An AppleTalk network connection to other computers. An AppleTalk connection can take many forms. If your office runs LocalTalk cables for two machines to share a printer, you have such a network. A site where each Macintosh has a direct Ethernet link to MITnet can join an AppleTalk network with similar machines across campus. With AppleTalk Remote Access software, a phone connection can link two Macintoshes. If you aren't sure whether your machine is on an AppleTalk network, contact the Microcomputing Help Line at x3-0001 . To Configure User Access To turn on file sharing, you open the Sharing Setup control panel, under the Apple menu, and click the Start button. The "owner" of the machine is automatically registered with the name that appears in the Sharing Setup dialog box. This dialog box is also where you choose the owner password. By using a password, you can work securely with your files - even from a remote location - so don't omit this. (To get Guidelines for Choosing a Password, RP-7.1, call x3-5150, or look in TechInfo in the Computing folder). To let friends and colleagues with network access use files on your computer, add them to your access list. To do so, go to the Users & Groups control panel and choose New User from the File menu. You should assign each user a password, to guard against easily guessed names and wider access than intended. Once users are registered, you can control their ability to see and make changes to your files as individuals, or by grouping them with others needing the same access. You should routinely check your file-sharing settings to make sure they are configured the way you want them to be. To Prevent Unauthorized Access When file sharing is installed, a special account named Guest is automatically created. There is no password. The guest account lets anyone with the ability to reach you via AppleTalk connect to your machine. As soon as any contents are designated for sharing, they are visible and editable by all guests. While the guest account feature was created by Apple for convenience, using it means that you won't know who is accessing your computer or from where. IS strongly urges that Guest access be denied. Select the Users & Groups control panel, under the Apple menu, and open the Guest icon. In the Guest dialog box, make sure the box labeled "Allow guests to connect" is not checked. If you use System 7 but don't need to share files, make certain that the file-sharing capability of your Macintosh is turned off. Open the Sharing Setup control panel, under the Apple menu, and examine the File Sharing status box. If file sharing has been turned on in a previous session, it will remain on until you click on the stop button. Checking this setting is particularly important if you let others work at your machine. By accident or design, file sharing can be started in a few moments. What Can Be Seen and/or Changed Even with file sharing on, a user with permission to connect can only use a disk or folder that is explicitly opened for sharing. You highlight a disk or folder to be shared, select Sharing from the File menu, and then, in the window that appears, specify what is visible and/or editable. The default settings let every registered user see and edit the shared disk or folder contents. You should turn these settings off, and give privileges to individuals or groups as needed. The owner of a machine has special file-sharing privileges. When connecting from another machine using the owner's name and password, all files and folders are visible and editable. For this reason, do not share your account information. Create individual accounts for other users. Summing Up System 7 file sharing makes it easy for work groups to exchange files and distribute electronic information in well-connected network environments. Understanding how to open and close access will let you work securely, even when your computer is part of larger networks, beyond your office, floor, or building. The suggestions offered here supplement more complete procedural descriptions in the Macintosh User's Guide that accompanies new computers. In the future, i/s will cover the issue of security and wider network access - for example, when computers are set up as FTP servers. For more information about file sharing, call the Microcomputing Help Line at x3-0001. .