Security of OS X Lion server

0

If Lion server runs on OS X Lion, what is accessible from the "outside"?

If I open a port and connect it to the ip of the Lion server, will that traffic be intercepted by the server app and limiting the scope of the access to what the server app allows access too?

Will my entire file directory be available to the outside if I open the port? E.g. the Lion OS running has some other apps running and files stored on it, will this be accessible from the outside? Or does the server app intercept the incoming requests and, depending on what has been made available as a service through the server app, that is only what the outside can access?

user773578

Posted 2012-02-15T19:05:55.773

Reputation: 185

Answers

0

Server.app is used to configure the underlying OS services, so it doesn't "intercept" anything. In the case of ports, you are configuring the firewall software. In cases like file sharing you are also configuring the AFP/SMB/NFS daemons with access control lists.

Think of Server.app as just being a convenient GUI that lets you do all of this from one logical place.

Your "entire file directory" will only be served up by the AFP/SMB/NFS daemons if they are explicitly configured by you to do so. Some caution is called for here, as IIRC AFP may have a default "Administrative Share" that allows an Admin user to mount the whole volume… But that is still not something you'd normally need to be concerned about, as a user with Admin privs could simply change the sharing setup anyway.

I hope this clarifies how Server.app does what it does.

Kaelin Colclasure

Posted 2012-02-15T19:05:55.773

Reputation: 213

Great, thanks. So how does it work running other services from the machine that arent managed by the server app, such as svn, git, databases etc? Do they just get setup as normal? Can MAMP be used along side OSX lion server, is it needed? – user773578 – 2012-02-15T21:10:40.190

Git and SVN both can be configured with work over SSH and/or HTTP, so you can enable the relevant transport services using Server.app and then configure your source control system to use the transport(s) of your choice. Databases often want their own port, which will require you to manually tweak the firewall settings. Server.app may notice your tweaks and preserve them, but I would test that carefully before relying on it. I'm not familiar with MAMP, so I can't help you there. – Kaelin Colclasure – 2012-02-16T22:48:18.907

Asked: 2012-02-15T19:05:55.773

Viewed: 236 times

Active: 2013-04-10T11:56:05.033