Originally Web posted Friday, 30 November 2012.
Content last modified Saturday, 9 January 2021 .
External links last verified Friday, 30 November 2012.

Setting Up and Using Accounts on Apple Time Capsule

In pre-Time Capsule days, i frequently shared files with some of my Mac friends via Personal File Sharing over the Internet. I’d put the files in my OS X user account’s Public folder, arrange a particular day or part of a day where my Mac would be running and they’d connect to pick up the files, then provide them with my then-current public IP address. A bit of a hassle at my end to set up and at their end to learn how to do, yet less of a hassle for me than dealing with a service such as Dropbox and less expensive than putting the files on my web server.

Recently when attempting to follow this usual procedure with our relatively new Time Capsule, i found that port 548 (Personal File Sharing) was already in use. I had been ignoring an arguably superior way to achieve this same file sharing goal, using the Time Capsule’s internal hard drive as the share point. This article discusses setting up public Internet Personal File Sharing (Mac style) on a Time Capsule, including some important yet poorly-documented information which i found essential to keep our existing Time Machine backups functioning.

Article Scope

As most technology companies do, Apple changes its hardware and software from time to time. This article covers the following configuration:

Time Capsule 4th. Generation, with firmware version 7.6.1
AirPort Utility 5.6.1 run under OS 10.5.8 Leopard on a PPC processor PowerBook5,6 (PowerBook G4 1.67 GHz 15" low-res screen non-DL superdrive, a.k.a. next-to-last ever PB G4 15")
AirPort utility 5.6 run under OS 10.7.5 Lion on an Intel processor MacBook Air (4,2) 2011.

The Time Capsule (which i may abbreviate as TC) is running as a home network router and WLAN base station in a more-or-less typical configuration, connected to a cable Internet modem.

At the time of my research and the creation of this article, AirPort Utility 6.1 is the most current version. Due to the lack of some of the functionality of the older versions, i have chosen to use the older versions for screenshots and settings descriptions. Once the new 6.x version is able to do everything the 5.x versions can do, it should be a nice, easier-to-use improvement. At the moment as i type, it is sorely lacking in some ways.

It is possible to attach an external hard drive to a Time Capsule and it is probably possible to use it for file sharing. This article does not cover this option: it only covers using the internal TC hard drive.

Time Capsule File Sharing Advantages

Advantages of sharing files via the Time Capsule hard drive versus using Personal File Sharing on a network-attached Mac:

“Always On”: no need to keep a computer available and running (or on active standby) whenever someone needs to transfer files.
Each potential remote user may access their own separate read/write file space, in addition to a shared (typically set up read-only) file space.

The only disadvantage i’ve found so far is marginal to poor documentation regarding setting up and using TC file sharing. That is the reason this article exists.

Setup

Anything out of the ordinary (as seen by Apple) requires “Manual Setup”. In AirPort Utility 5.6.x, after entering Manual Setup, select Disks from the top icon row then the File Sharing tab.

Initially, file sharing will probably be off. You’ll need to Enable file sharing. The default option for Secure Shared Disks (as best i remember) was “With Time Capsule password”: the device password set under the AirPort icon category and Time Capsule tab. In other words, the same password used by AirPort Utility to access the Time Capsule for settings changes and the like.

The initial view of the File Sharing window has most options disabled.

One of the other options for Secure Shared Disks is “With a disk password”. Selecting this option allows entering a separate (different than TC unit) password, which will be used by all users wishing to access files via file sharing on the TC. I did not test this option and thus this article does not cover it beyond the following screenshot.

Changing to “With a disk password” reveals the usual Apple password and verification text boxes, and the key button to create a password.

The final and in my opinion most useful (and least documented) option for Secure Shared Disks is “With accounts”. Initial selection of this option causes AirPort Utility to warn about potential loss of access to files—that is in large part what this web page covers: how to avoid problems accessing files in this security mode. The remainder of this page covers this mode only.

A “Configure Accounts…” button appears with this setting.

Secure Shared Disks With Accounts Setup Details

The user accounts set up on your Time Capsule bear no relation to OS X user accounts on your Mac(s), though if you wish you could make them the same. The accounts exist entirely within the TC. One account should be set up for each remote user you wish to have separate, independent access to your TC.

Clicking the Configure Accounts… button immediately beneath the Secure Shared Disks: With accounts pop-up list box does exactly the same thing as clicking on the Accounts tab to the right of the File Sharing tab. Click the + button to add an account. In addition to selecting the user name and password, you will be able to select separately for this account whether it has read and write, read only, or no access to shared disks. Note that by “shared disks” Apple means all share points, both the user’s own personal directory location and the communal shared directory (folder) used by guests. In other words, selecting Sharing Access: Not allowed is nonsensical.

The Account Setup Assistant sheet has text boxes for account Name, Password, and Verify Password, and the Sharing Access pop-up list.

I tested Sharing Access: Not allowed and whether i attempted to access the shared guest folder or this user’s folder, i got the following error, followed by a disconnect and reversion to a guest connection:

The operation can’t be completed because the original item for “S-S Time Capsule HD” can’t be found.

I wholly do not understand why the Not allowed option exists: if one wanted the account to not have any shared file access to anything, one would simply delete the account. Now, if Apple implemented two separate pop-up lists as follows:

“Account Folder Sharing Access:” with the two options “Read only” plus “Read and write”
“Guest Folder Sharing Access:” with the existing three options of “Not allowed”, “Read only”, and “Read and write”

that would make sense. For my purposes, i want my remote users to have full read/write access to their TC account folder. As a side-effect of the current Apple all-or-nothing arrangement, they also have read/write access to the shared Guest folder:

Guest and WAN (Internet) Access Setup

If everyone (local and remote) who needs to access files on the TC is doing so within their own TC account folder, there may be no need to enable Guest access. On the other hand, if everyone is to freely share one set of files, it may make more sense to ignore setting up accounts and simply enable AirPort Disks Guest Access. If this is being done for local users only (“Share disks over WAN” unchecked—disabled), it should be safe to choose “Read only” or “Read and write” depending upon your needs. If you want both Internet and local users to be able to access the Guest shared folder, i strongly recommend selecting “Read only”. Otherwise, nefarious outsiders who come across your TC would be able to use it as a handy file repository of their own, possibly with very large and/or illegal file content.

In my case, i want some files to be accessible to anyone—local plus on the Internet—with the least amount of hassle (e.g. no need to log into an account on the TC). Therefore i have AirPort Disks Guest Access set to Read only and Share disks over WAN checked (enabled):

In AirPort Utility 5.6.x, you may notice the intriguing option “Share disks over the Internet using Bonjour”. I have found almost no documentation on this feature. AirPort Utility will not allow updating the configuration when this box is checked unless there are valid server settings over in AirPort (icon) > Time Capsule > Edit… > “Enter a global hostname for this AirPort wireless device”. A quick search on "Use dynamic global hostname" reveals only payware/hassleware (DynDNS) solutions and confusion. Lacking any other information on this function, i’m calling it useless (at the time this article was written) and leaving it unchecked. If you have solid information to the contrary (in other words, you know how to make this work in a useful way by using, for example, one’s own already existing Internet domain, i’d love to learn more (and maybe revise this section).

If you wish to set up Windows File Sharing, Best Wishes to you… you won’t find information on that here (i have no need and don’t want to deal with any security issues for which Windows File Sharing is historically famous).

Time Capsule Accounts, Time Machine Backups, and a Big Surprise

Time Machine Broken then Fixed: the Big Surprise/Big Secret!

We’d been running our Time Capsule in the usual manner, without using TC file sharing, for months. Both the PowerBook G4 (running Leopard) and MacBook Air (running Lion so far) used the TC for their Time Machine backups. As soon as i enabled Secure Shared Disks: With accounts, Time Machine backups on both Macs immediately started to fail: could not connect to the Time Capsule. I had to revert to the With Time Capsule password setting to restore the ability to back up.

Researching this problem, i eventually came upon a Super User post with what seems to be (unintentionally?) Top Secret information: using the With accounts security setting in AirPort Utility creates an invisible root user account, with the following account login information:

user: admin
password: [same as the Time Capsule unit password]

This is probably the most important information in this entire article. Why Apple keeps this essential information a secret, i have no idea (documentation oversight?). Great Appreciation to Super User contributor Spiff for sharing this information!

Using the above information in a Macintosh Finder Shared or Network window for the Time Capsule allows full read/write access to EV-REE-THING. In other words: root access to the Time Capsule hard drive.

If you’ve been using your TC for Time Machine (TM) backups without file sharing or with one of the other security settings, the existing TM backup sparse bundles will be at the root level of the TC hard drive, and will become suddenly inaccessible to Time Machine unless and until the TM login credentials are changed to the “secret” root login information above (or the sparse bundle is moved to one of the new TC user accounts, though this apparently has side-effects when using the Restore function in Disk Utility [causing it to fail], and is thus not recommended).

Seems to me it ought to be possible to simply change the user name on the Keychain item for the Time Machine backup from whatever it is (which does not seem to matter with the default TC non-file sharing setup) to admin. However i had trouble getting this to work. I needed to redo the Select Disk option in Time Machine preferences. Interestingly, there is still an icon for the old way TM saw my TC (top icon in the screenshot) along with its new incarnation (selected middle item in the screenshot):

Top icon retains the hand-holding stick figure people disk icon, but out of nowhere now says “My User Account”. The new (middle) icon is the Wi-Fi fan disk icon, with the correct name for our Time Capsule’s internal hard drive.

The top icon is no longer usable (and i have not found an easy way to make it go away). For the selected (middle) icon, i use admin as the user and the existing unit password for the TC itself and Ta Daaaa Time Machine backups resume working as they always have in the past. Problem solved!

Root (admin) Account Quirk

Upon initial login, it appears that admin has its own account folder:

Shared Network volume, connected as user “admin”, showing two folders: admin and S-S Time Capsule HD.

Yet attempting to open it produces an “operation can’t be completed” error:

The operation can’t be completed because the original item for “admin” can’t be found.

Given that the other (default configuration: no additional USB hard drive) option is the entirety of the TC internal hard drive, this is more of a confusing anomaly than any sort of actual problem. Here’s the root view of our TC, with explanations of what’s what:

Two sparse bundle files for each of our Macs using Time Machine for backup, plus a sparse image file from testing SuperDuper! backups from an OS 10.4 Tiger Mac to our TC. Two folders: Shared, for Guest access, and Users, containing a separate folder for each TC account holder.

In addition to allowing Time Machine to operate normally, admin (root) Time Capsule access can be useful for moving/arranging/placing files on the TC without having to individually connect as a particular user with a user account on the TC.

Note that when WAN access is enabled, it is likely (i did not test this) possible to make a root connection to the Time Capsule via the Internet. This is one of many other great reasons to have a truly robust, long multi-character password or passphrase as the unit password for your Time Capsule.

Using Time Capsule Accounts

All information from this point to the end of the article assumes the configuration listed at the beginning of this article plus the setup at the end of the Setup section:

TC file sharing enabled
Secure Shared Disks: With accounts, with one account for each user needing separate read/write access
AirPort Disks Guest Access: Read only
Internet access enabled: Share disks over WAN is checked
Internet Bonjour services are not available and not set up

I am not going to cover local (LAN) access, because this is well documented in Apple Help and Support files, and elsewhere. The basic idea is:

Click on the Time Capsule link in the Shared area of a Finder window sidebar (OS 10.5 Leopard or newer) or select the Time Capsule from the Finder’s Network entry (OS 10.4 Tiger and probably earlier) or do some other equivalent action.
Enter the appropriate user account credentials into the dialog box and click Connect.

The remainder of this article focuses on remote users connecting to the Time Capsule over the public Internet. Because we’re not using a Bonjour public Internet service, in every case it will be necessary to provide remote (public Internet) users with the current public IP address assigned by our ISP. This information can be found in the initial window of AirPort Utility, by visiting certain websites such as WhatIsMyIP.com, or other methods. For the examples, i’ll pretend that the current IP address is 71.80.5.23.

Guest Access

Method 1: Connect to Server Basic

Go to Finder’s Go menu and select Connect to Server…
For Server Address, type in afp:// and the current IP address:
afp://71.80.5.23
Click the Connect button. You’ll be presented with an option to connect as a registered user or as Guest. Pick the latter

and again click Connect.

You should now be looking at a Finder window with all contents on the TC available to guests. As seen from the TC admin account, this is the contents of the Shared folder.

Method 2: Connect to Server Direct

Go to Finder’s Go menu and select Connect to Server…
For Server Address, type in afp:// and the current IP address:
afp://;AUTH=No%20User%20Authent@71.80.5.23
Click the Connect button.

As with Method 1, you should now be looking at a Finder window with all contents on the TC available to guests. As seen from the TC admin account, this is the contents of the Shared folder. This method saves the user the trouble of selecting Guest access.

Method 3: Hyperlink

Instead of making the user open up the Connect to Server… window, you may instead include a properly formatted hyperlink in an email message or somesuch to the remote user. Simply put the identical Apple Filing Protocol (AFP) URL contents into the hyperlink. If you’re being this kind to your remote user, might as well give them the Method 2 URL so they won’t have to hassle with selecting Guest access.

Time Capsule User Account Access

Method 1: Connect to Server Basic

The same steps are followed as for Guest access, except Registered User is selected, with the Time Capsule account Name and Password entered.

Method 2: Connect to Server Direct

Same as for Guest access, except with an AFP URL which includes the user name (“My Account” in this example) and password (“My Pass” in this example):

afp://My%20Account:My%20Pass@71.80.5.23

Avoiding the Volume Selection Dialog

This isn’t an issue for Guest access. For TC user access, the user will be presented with a folder for their files and one named for the TC hard drive (as set in Disks > Disks in AirPort Utility), which in actuality will be the Shared folder (as seen by admin), a.k.a. the same content seen as the exclusive option via Guest access.

To directly connect to a user account’s TC folder, add the folder path to the URL:

afp://My%20Account:My%20Pass@71.80.5.23/My%20Account

Security of Hyperlinks

Per my brief reading on the subject, using the Connect to Server… method is secure because the OS parses the URL and encrypts the TC user account information in transit. (Unfortunately i did not retain the reference where i read this and thus can’t share it with you.) This same (already forgotten) source indicated that the same URL in a WWW browser would not be secure. The URL in email would not be secure unless the email were end-to-end encrypted with S/MIME or PGP or similar.

Direct File Access?

A Time Capsule is indeed Network Attached Storage (NAS), but it is not a file server: a direct link to a specific file in an AFP URL will not cause the file to be downloaded… at least not from Connect to Server…. If that’s what you need, you need an FTP or WWW or some other server arrangement.

Thoughts or suggestions on improving this article? Let me know.