Disable guest file sharing over AFP
- macOS onlyThis script improves your privacy on macOS
- Single actionThis page belongs to a script, containing basic changes to achieve a task.
- Impact: Medium
System Functionality / Data Loss Risk: Moderate
This action improves privacy with minimal impact when you run the recommended script.
This action improves privacy with some impact when you run the recommended script. - Bash (Shell script)These changes use macOS system commands to update your settings.
- Administrative (sudo) access requiredThis script requires privilege access to do the system changes
- Fully reversible
You can fully restore this action (revert back to the original behavior) using this website.
The restore/revert methods provided here can help you fix issues.
Overview
This script prevents anonymous users from accessing shared files through the Apple Filing Protocol (AFP).
AFP (Apple Filing Protocol) is a file-sharing protocol designed for Macs to facilitate network file sharing 1.
By default, macOS enables guest access to sharing services 2 3. It allows you to share files and folders with others on your network 4. This configuration allows anyone to access specific shared folders without requiring permission 5 6.
This script improves your privacy by preventing unauthorized users from accessing your shared files through AFP sharing. It also protects your Mac from potential attacks where malicious users can store data in your system 5 or gain increased system access through guest sharing vulnerabilities 7.
Guest access introduces multiple security risks:
- Unauthorized users may access shared files 7
- Attackers may fill your hard drive by writing excessive data to guest-accessible folders, potentially causing system crashes 5
- The system may be vulnerable to reconnaissance and privilege escalation attacks 7
This script exclusively affects AFP file sharing 7 and does not impact:
- File sharing through other protocols 1 8
- Local guest user account functionality 9
- The Find My app's ability to locate your Mac 9
- FileVault encryption 9
This security measure is recommended by:
- The U.S. National Institute of Standards and Technology (NIST) 8
- The Center for Internet Security (CIS), that provides best practices for securing IT systems 7
After running this script, configure access via System Settings to share files with specific users.
After running this script, users on your network will require explicit permission to access files shared from your Mac.
Technical Details
The script:
- Disables guest access in AFP server preferences:
/Library/Preferences/com.apple.AppleFileServer!guestAccess5 6 7 8 10. - Disables AFP guest access using the
sysadminctlutility with the-afpGuestAccess offoption 11sysadminctlis a tool used to administer system user accounts 11. - Restarts the file sharing service (
AppleFileServer) to apply changes 5 10
This script is only recommended if you understand its implications.
Some non-critical or features may no longer function correctly after running this script.
This script can be fully reversed to restore changes if something goes wrong.
Sources
- File Services. High-performance workgroup and Internet file sharingfor Mac, Windows, and Linux clients.. www.apple.com. (2025).
Original: https://www.apple.com/server/docs/File_Services_TB_v10.4.pdf
Archived: https://web.archive.org/web/20250113191313/https://www.apple.com/server/docs/File_Services_TB_v10.4.pdf - 6.1.3 Disable guest account login. Tenable®. www.tenable.com. (2025).
Original: https://www.tenable.com/audits/items/CIS_Apple_macOS_11_v1.1.0_L1.audit:153219403c9d852b574cc5ef59902392
Archived: https://web.archive.org/web/20250123200241/https://www.tenable.com/audits/items/CIS_Apple_macOS_11_v1.1.0_L1.audit:153219403c9d852b574cc5ef59902392 - SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF). www.scaprepo.com. (2025).
Original: https://www.scaprepo.com/view.jsp
Archived: https://archive.ph/2025.01.12-201010/https://www.scaprepo.com/view.jsp?id=CCE-50057-9 - Set up file sharing on Mac. support.apple.com. (2024).
Original: https://support.apple.com/en-gb/guide/mac-help/mh17131/mac
Archived: https://web.archive.org/web/20240728041621/https://support.apple.com/en-gb/guide/mac-help/mh17131/mac - Practical Mac OS X Insecurity Security Concepts, Problems, and Exploits on Your Mac. cdn2.qualys.com/docs/release-notes. events.ccc.de. (2024).
Original: https://events.ccc.de/congress/2004/fahrplan/files/95-macosx-insecurity-paper.pdf
Archived: https://web.archive.org/web/20240421151410/https://events.ccc.de/congress/2004/fahrplan/files/95-macosx-insecurity-paper.pdf - OS X Security. www.princeton.edu. (2007).
Original: http://www.princeton.edu:80/~psg/unix/osx/osxsecurity.html
Archived: https://web.archive.org/web/20071102090442/http://www.princeton.edu:80/~psg/unix/osx/osxsecurity.html - SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF). scaprepo.com. (2025).
Original: https://www.scaprepo.com/control.jsp
Archived: https://web.archive.org/web/20250113201942/https://www.scaprepo.com/control.jsp?command=relation&relationId=CCE-50149-4 - NIST Special Publication 800-179 (December 2016). nvlpubs.nist.gov. (2024).
Original: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-179.pdf
Archived: https://web.archive.org/web/20240928201604/https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-179.pdf - Guest user - Apple Support. support.apple.com. (2025).
Original: https://support.apple.com/guide/mac-help/aside/glos8c20ac45/15.0/mac/15.0
Archived: https://archive.ph/2025.01.12-195712/https://support.apple.com/guide/mac-help/aside/glos8c20ac45/15.0/mac/15.0 - Qualys API Release Notes. cdn2.qualys.com. (2025).
Original: https://cdn2.qualys.com/docs/release-notes/qualys-api-rti.pdf
Archived: https://web.archive.org/web/20250123203912/https://cdn2.qualys.com/docs/release-notes/qualys-api-rti.pdf - bg Man Page - macOS - SS64.com. ss64.com. (2024).
Original: https://ss64.com/mac/sysadminctl.html
Archived: https://web.archive.org/web/20241125024856/https://ss64.com/mac/sysadminctl.html
Apply Now
Choose one of three ways to apply:
Help
How to apply or restore "Disable guest file sharing over AFP" using script
- ≈ 3 min to complete
- Tools: Web Browser
- Difficulty: Medium
- ≈ 5 instructions
- 1
Download
Download the script file by clicking on the button above.
Use button above to restore changes. - 2
Keep the file
If warned by your browser, keep the file. - 3
Open
Open the downloaded file. - 4
Exit
Once it's done, press any key to exit the window. - 5
Restart
Restart your computer for all changes to take effect.
Apply with privacy.sexy
Guided, automated application with safety checks- Recommended for most users
- Includes safety checks
- Free
- Open-source
- Popular
- Offline/Online usage
Help
How to apply or restore "Disable guest file sharing over AFP" using privacy.sexy
- ≈ 3 min to complete
- Tools: privacy.sexy
- Difficulty: Simple
- ≈ 4 instructions
- 2
Choose script
- Search for the script name: Disable guest file sharing over AFP
- Check the script by clicking on the checkbox.
- 3
Run
Click on ▶️ Run button at the bottom of the page.This button only appears on desktop version (recommended). On browser, use 💾 Save button.
- Apply
- Revert
sudo defaults write '/Library/Preferences/com.apple.AppleFileServer' 'guestAccess' -bool NO
if ! command -v 'sysadminctl' &> /dev/null; then
echo 'Skipping because "sysadminctl" is not found.'
else
sudo sysadminctl -afpGuestAccess off
fi
sudo killall -HUP AppleFileServer
InN1ZG8gZGVmYXVsdHMgZGVsZXRlICcvTGlicmFyeS9QcmVmZXJlbmNlcy9jb20uYXBwbGUuQXBwbGVGaWxlU2VydmVyJyAnZ3Vlc3RBY2Nlc3MnXG5pZiAhIGNvbW1hbmQgLXYgJ3N5c2FkbWluY3RsJyAmPiAvZGV2L251bGw7IHRoZW5cbiAgICAgICAgPiYyIGVjaG8gJ0Nhbm5vdCByZXZlcnQgYmVjYXVzZSBcInN5c2FkbWluY3RsXCIgaXMgbm90IGZvdW5kLidcbiAgICBlbHNlXG4gICAgICAgIHN1ZG8gc3lzYWRtaW5jdGwgLWFmcEd1ZXN0QWNjZXNzIG9uXG4gICAgZmlcbnN1ZG8ga2lsbGFsbCAtSFVQIEFwcGxlRmlsZVNlcnZlciI=
Help
How to apply or restore "Disable guest file sharing over AFP" using commands
- ≈ 2 min to complete
- Tools: Terminal app
- Difficulty: undefined
- ≈ 3 instructions
- 1
Open terminal
Open Terminal app. - 2
Copy code
Copy the code: - 3
Paste & run
Paste the code into Terminal and press Enter to run.Some changes require a system restart to take effect
Similar Guides
Wider Goal
Guides below includes this guide to achieve a wider goal.See other more general settings that includes this one as one of its actions.
These plans combine multiple privacy settings, including this one, for stronger protection.
- Disable guest accounts
- Security improvements
These scripts control guest access on macOS to protect your system's security and privacy. Guest access lets anyone use your Mac without a password or account. Thi...
This document —security improvements— provides guidance on how to establish robust privacy protection on macOS. What's more, you'll learn how to reset the changed ...
Same Goal
Other guides in Disable guest accountsSee settings that are in the same category as this guide.
Using other actions in the same category may help you achieve your goal better.
About the Creators
These people have authored this documentation and written its scripts:
undergroundwires- Certified security professional
- 7+ years experience securing banks
- Open-source developer since 2005
- EU advisor, Public Speaker, Moderator
- Open-Source Contributors
- Hundreds across the globe
- Testers, reviewers, developers
- Companies, military agencies
- Community since 2017
Reviewed By
This guide has undergone comprehensive auditing and peer review:Expert review by undergroundwires
- Verified technical accuracy and editorial standards
- Assessed system impact and user privacy risks
Public review by large community
- Privacy enthusiasts and professionals peer-reviewed
- Millions of end-users tested across different environments
History
We continually monitor our guides, their impact and all other privacy options. We update our guides when new information becomes available. On every update, we publicly store who made the change, what has been changed, why the change was made and when the change was made.