Disable Personal File Sharing's guest access

Sep 27, '04 09:26:00AM

Contributed by: David

I've just been reading an interesting article on the insecure.org website (home of Nmap) and as I read it, it occurred to me that it probably was a problem having Guest access enabled for AFP (or Personal File Sharing). I checked, and sure enough, if you connect to a Mac with AFP turned on as a guest user, you are given the option to connect to any user's public folder. Granted, hardly anyone stores files in their Public folder, but the main thing is that you can get a list of all users on the machine!

So I decided to see if there was an easy way to turn off guest access (Mac OS X Server has a radio button option). It turns out there is, as long as you don't mind using the Terminal.

Open up the Terminal (in Applications -> Utilities -> Terminal.app), and then type in this command to back up the file we are going to edit:

sudo cp /Library/Preferences/com.apple.AppleFileServer.plist \
 /Library/Preferences/com.apple.AppleFileServer.plist.old
The backslash above should let this copy and paste successfully, but if it doesn't, just remove the slash and the line break, leaving a space before /Library.... Then edit the AppleFileServer.plist file, by typing:
sudo pico /Library/Preferences/com.apple.AppleFileServer.plist
and do a search for guest (hit Control-W, type in guest, hit Return). Change the tag from this:
        <key>guestAccess</key>
        <true/>
to this:
        <key>guestAccess</key>
        <false/>
Save the file (Control-O, hit Return) and exit (Control-X). We now need to restart the AFP server by typing:
sudo killall -HUP AppleFileServer
If you try connecting now, you shouldn't be able to log in using the guest user. Much better!

Comments (10)


Mac OS X Hints
http://hints.macworld.com/article.php?story=20040922132434781