Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Enabling anonymous FTP UNIX
Anonymous FTP allows guests to access your machine in a limited manner, to either upload or download files. You can put FTP links on web pages that connect the users directly to your anonymous site; it's a convenient way of giving them easy downloads.

Read on for step-by-step directions on how to set this up on your machine. Before proceeding with this one, you should be comfortable at the command line, and probably have at least some knowledge of users, groups, and permissions in UNIX.

1) All of step one is done using Terminal, which is located in /Applications/Utilities.

Note - replace all references to "user" with your username or root (it's more convenient with your username because you can easily drop things into /Users/ftp/pub).

a) First create a directory in /Users that looks like this:
drwxr-xr-x   9 user     ftp    262 Nov  1 15:32 ftp
b) Then in /Users/ftp create the following directories:
bin
usr/lib
System/Library/Frameworks/System.framework/Versions/B
pub
incoming
c) Copy the following files to their respective corresponding directories in the ftp directory:
/bin/ls
/usr/lib/dyld
/System/Library/Frameworks/System.framework/Versions/B/System
d) In /Users/ftp make sure the file permissions look like this:
total 0
dr-xr-xr-x 3 user ftp 58 Oct 4 15:29 System
dr-xr-xr-x 3 user ftp 58 Oct 4 15:30 bin
drwx-wx-wx 10 user ftp 296 Oct 30 02:06 incoming
drwxr-xr-x 6 user ftp 160 Nov 1 01:01 pub
dr-xr-xr-x 3 user ftp 58 Oct 4 15:29 usr

./System:
total 0
dr-xr-xr-x 3 user ftp 58 Oct 4 15:29 Library

./System/Library:
total 0
dr-xr-xr-x 3 user ftp 58 Oct 4 15:29 Frameworks

./System/Library/Frameworks:
total 0
dr-xr-xr-x 3 user ftp 58 Oct 4 15:29 System.framework

./System/Library/Frameworks/System.framework:
total 0
dr-xr-xr-x 3 user ftp 58 Oct 4 15:29 Versions

./System/Library/Frameworks/System.framework/Versions:
total 0
dr-xr-xr-x 3 user ftp 58 Oct 4 15:30 B

./System/Library/Frameworks/System.framework/Versions/B:
total 2408
-r-xr-xr-x 1 root ftp 1231624 Oct 4 15:30 System

./bin:
total 56
-r-xr-xr-x 1 user ftp 26920 Oct 4 15:30 ls

./usr:
total 0
dr-xr-xr-x 3 user ftp 58 Oct 4 15:30 lib

./usr/lib:
total 616
-r-xr-xr-x 1 user ftp 312384 Oct 4 15:30 dyld
Note: if you don't know how to change permissions, read the man (man command-name) pages for:
chown for changing file/directory ownership
chgrp for changing file/directory group ownership
chmod for changing file directory user/group/other permissions

2) You have to manually create an ftp user using NetInfoManager which is located in /Applications/Utilities:
  1. open NetInfoManager
  2. under /users create a new directory and label it ftp
  3. enter the following properties and values (shown as property | value)
    • uid | 21
    • expire | 0
    • name | ftp
    • passwd | *
    • home | /Users/ftp
    • change | 0
    • shell | /dev/null
    • gid | -21
For passwd, make sure you put an asterix (*) and do not leave it empty, as this would allow the ftp user to login at the login screen of Aqua! Also make sure the shell is /dev/null, or the ftp user will be able to rlogin and telnet in and wreak havoc.

Finally, you don't have to have the "home" be /Users/ftp, "home" just has to be the location of the ftp directory you created in step one, which could conceivably be anywhere. Another logical place to put it might be in the same place as your WebServer, in /Library .

You should now be good to go. Good luck!
    •    
  • Currently 2.78 / 5
  You rated: 4 / 5 (9 votes cast)
 
[53,640 views]  

Enabling anonymous FTP | 26 comments | Create New Account
Click here to return to the 'Enabling anonymous FTP' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Default file permissions
Authored by: Anonymous on Dec 10, '00 05:21:50AM

I can confirm that the method described by rustychow works. The one difference is that the
owner (me) of all the folders/files described belongs to the admin group rather than the 'ftp'
group.

What I want to know is if there's a way to change the default permissions of files uploaded
through anonymous ftp; they're currently defaulted at

-rw-r--r-- 1 ftp admin

whenever they're uploaded. It's a pain because I can't move or delete these files without
going into the terminal and using chown.



[ Reply to This | # ]
Possible workaround
Authored by: serversurfer on Dec 12, '01 02:18:09PM
Did you try adding yourself to the ftp group in NetInfo Manager? Just a guess here, but that should work.

[ Reply to This | # ]
Listing problems
Authored by: macavenger on Mar 29, '01 12:30:44AM

When I first tried this hint, logging in via IE appeared to work, but nothing showed up. When I tried using the terminal ftp, and doing a ls, I got the following output:


200 PORT command successful.
150 Opening ASCII mode data connection for '/bin/ls'.
dyld: /bin/ls malformed library: /usr/lib/libSystem.B.dylib (not a Mach-O library file, bad filetype value)
226 Transfer complete.

copying the libSystem.B.dylib file to the coresponding directory in the ftp folder solved the problem. As I find no mention of this file in the instructions, I am not sure whether it is simply an indadvertent ommision, or something different about my setup.



[ Reply to This | # ]
Listing problems
Authored by: ThesQuid on Apr 21, '01 05:15:01PM

Where did you find libSystem.B.dylib? I did a find on my whole drive and couldn't find it!



[ Reply to This | # ]
Listing problems
Authored by: macavenger on Apr 22, '01 06:30:49PM

/usr/lib/ It is a hidden directory, so it is natural that a search would not find it. It can be accessed through the terminal, however.



[ Reply to This | # ]
Create user & group first
Authored by: Anonymous on Apr 20, '01 07:43:28PM
Then you can create and copy everything so its owned by user ftp & group ftp which have been created with the same privileges as user and group nobody so its pretty hermetic.

[ Reply to This | # ]
Create user & group first
Authored by: sekalreed on Apr 23, '01 04:34:18PM
there is one problem with this, it allows ftp users read/write access to files they shouldn't have.

dr-xr-xr-x 3 user ftp 58 Oct 4 15:29 System
dr-xr-xr-x 3 user ftp 58 Oct 4 15:30 bin
drwx-wx-wx 10 user ftp 296 Oct 30 02:06 incoming
drwxr-xr-x 6 user ftp 160 Nov 1 01:01 pub
dr-xr-xr-x 3 user ftp 58 Oct 4 15:29 usr

assuming you are user, this allows you to modify the pub and incoming directory, but doesn't let ftp users read the incoming directory, and they also cannot modify files in the pub directory. if you were to change user to ftp, you would allow ftp users to modify/delete files in your pub directory. they would also be able to view files in your incoming directory.
i have mine setup as follows:

dr-xr-xr-x 3 user ftp 264 Apr 23 02:09 System
d--x--x--x 3 user ftp 264 Apr 23 02:10 bin
d--x--x--x 3 user ftp 58 Apr 23 03:13 etc
drwx-wx-wx 3 user ftp 264 Apr 23 02:31 incoming
drwxr-xr-x 2 user ftp 264 Apr 23 02:09 pub
dr-xr-xr-x 3 user ftp 264 Apr 23 02:07 usr

you can see it in action at <ftp.david-s.net>


[ Reply to This | # ]
Terrific. Now FTP never answers anymore.
Authored by: Anonymous on Apr 24, '01 09:41:20AM

Following your advice was not my smartest move. :-)

You must have forgot something in your instructions because my system is now entirely secure. Entirely too secure.

-Charles-A.



[ Reply to This | # ]
my anonymous ftp setup in detail
Authored by: sekalreed on Apr 25, '01 02:04:48AM
here is my current ftp setup. i believe everything is in working order. if anything is out of whack or not working for you, let me know, and i'll see what i can do.
CAUTION: Please work on backups of your files! i'm not responsible for anything you do to your system.
anything in italics is a comment on this page, and should not be put into any files.
replace any instance of user with your username.

these are files which we'll deal with in the /etc directory
/etc/
-rw-r--r-- 1 root wheel 779 Apr 25 00:59 crontab
-rw-r--r-- 1 root wheel 86 Apr 24 20:59 ftpchroot
-rw-r--r-- 1 root wheel 100 Feb 25 03:05 ftpusers
-rw-r--r-- 1 root wheel 28 Apr 23 17:28 ftpwelcome
-rw-r--r-- 1 root wheel 40 Apr 24 21:02 motd

add this line to the end of the crontab file, which will run a script to change the permissions of all files in the upload directory every 60 minutes
/etc/crontab
*/60 * * * * root sh /Users/ftp/bin/upload_permissions

this file contains usernames who while be chroot() to their home directory
/etc/ftpchroot
# list of users chrooted for ftp access.
# read by ftpd(8).
ftp
anonymous

this file contains usernames who while be denied ftp access to prevent security breaches
/etc/ftpusers
# list of users disallowed any ftp access.
# read by ftpd(8).
Administrator
administrator
root
uucp

this file is displayed to all users when the connection is first established (command 220)
/etc/ftpwelcome
Welcome to ftp://ftp.david-s.net.

this file contains the message displayed when a user logs in (especially telnet or ssh)
/etc/motd
Welcome to Darwin 1.3.1 under Mac OS X!

this is the home directory for ftp users
~ftp/
dr-xr-xr-x 3 user ftp 264 Apr 23 02:09 System
dr-x--x--x 3 user ftp 264 Apr 23 02:10 bin
drwx-wx-wt 4 user ftp 92 Apr 25 00:21 dropbox
dr-x--x--x 3 user ftp 264 Apr 23 03:13 etc
drwxr-xr-t 3 user ftp 264 Apr 25 00:16 pub
dr-xr-xr-x 3 user ftp 264 Apr 23 02:07 usr

~ftp/System/
dr-xr-xr-x 3 user ftp 264 Apr 23 02:09 Library

~ftp/System/Library/
dr-xr-xr-x 3 user ftp 264 Apr 23 02:09 Frameworks

~ftp/System/Library/Frameworks/
dr-xr-xr-x 3 user ftp 264 Apr 23 02:09 System.framework

~ftp/System/Library/Frameworks/System.framework/
dr-xr-xr-x 3 user ftp 264 Apr 23 02:09 Versions

~ftp/System/Library/Frameworks/System.framework/Versions/
dr-xr-xr-x 3 user ftp 264 Apr 23 02:11 B

~ftp/System/Library/Frameworks/System.framework/Versions/B/
-r-xr-xr-x 1 root ftp 1260740 Apr 23 02:11 System

ls is copied from /bin/ls and upload_permissions must be created
~ftp/bin/
-r-xr-xr-x 1 user ftp 26984 Apr 23 02:10 ls
-r-x------ 1 user ftp 97 Apr 25 00:57 upload_permissions

this is a shell script to change the uploaded files' owner, group, and permissions (you can change them to whatever you wish). this script is run from the root crontab. if it is run from anything other than root, it will fail due to lack of permission.
~ftp/bin/upload_permissions
#!/bin/sh
chown user:staff /Users/ftp/dropbox/*
chmod 744 /Users/ftp/dropbox/*

this is your drop box, people can upload, but cannot view these files
~ftp/dropbox/
0

~ftp/etc/
-rw-r--r-- 1 user ftp 28 Apr 23 03:13 motd

this file is displayed to anonymous users upon login (command 230)
~ftp/etc/motd
Welcome to ftp://ftp.david-s.net.
Please feel free to upload in the dropbox directory, and download from the pub directory.

this is your public directory. you can put any files you wish others to download here
~ftp/pub/
0

~ftp/usr/
dr-xr-xr-x 4 user ftp 264 Apr 23 02:25 lib

these are copied from /usr/lib/dyld and /usr/lib/libSystem.B.dylib respectively
~ftp/usr/lib/
-r-xr-xr-x 1 user ftp 327528 Apr 23 02:10 dyld
-r-xr-xr-x 1 user ftp 1260740 Apr 23 02:25 libSystem.B.dylib


for more info, check out the man files for the following commands:
man ftpd
man -a chroot
man sticky


-david schlosnagle
http://www.david-s.net/


[ Reply to This | # ]
my anonymous ftp setup in detail
Authored by: by on Feb 03, '02 02:14:29PM

I did all this and it seems to run great...

There are two minor issues where I would like to ask for help:
One, upload permissions fails with an error if the directory is empty ("chown: /Users/ftp/incoming/*: No such file or directory", "chmod: /Users/ftp/incoming/*: No such file or directory").
Two, I would like to hide the contents of ~ftp/bin, ~ftp/etc, ~ftp/usr, and ~ftp/System to ftp-users; how could I do this?

Thanks and best regards,
Michael



[ Reply to This | # ]
my anonymous ftp setup in detail
Authored by: raffi on May 01, '04 04:15:51AM

HI
i did try few things to set up anonymous tfp

but there ie something which don't work when i put the file "ftpchroot"
into etc/ with the name you wrote : anonymous and ftp
login by ftp, deny acces to the computer if i let the file ftpchroot in etc/
then i take it of, but you can let the login and pass empty it works !
what need i to do for give acces to ftp user only ?





[ Reply to This | # ]
User control panel?
Authored by: allenhuffman on Dec 02, '01 01:25:43AM

What is "wrong" if I just make a new user using the User control panel? I made one called "Anonymous FTP User" with a short name of "ftp" and that seemed to work. Is there a security problem with these defaults? I noticed AppleISP.net (ISP for Macs only, using Mac OS X server for their hosting) seems to use normal accounts like this -- their help pages show FTP instructions and the directory has /Sites, /Pictures, etc. in it. Problems?



[ Reply to This | # ]
User control panel?
Authored by: DannyMac on Dec 08, '01 04:31:53AM

Because, doing it this way will create a system wide account. Meaning you can actually login with "ftp" using the login panel. This is what we don't want. But if it doesn't bother you that the system generates this huge directory with unessary items in it, go ahead...



[ Reply to This | # ]
User control panel?
Authored by: allenhuffman on Dec 11, '01 01:16:44AM

The instructions for MySQL create the user account through the GUI, too.

So what makes a user account "GUI aware" versus "*nix aware"? How does one create true Unix accounts that the GUI won't see?

My Unix background is with Solaris/SunOS but I'm afraid to touch too many files since I don't know how much X does and does not support at the OS level ;-)



[ Reply to This | # ]
anonymous ftp through a firewall
Authored by: ngb on Dec 30, '01 05:11:17PM

It's worth pointing out that if your Mac is behind a firewall you need to enable both ports 21 and 20.

When I tried to enable ftp on my router/firewall, the device set port 21 when I typed in 'ftp', but there was no mention of port 20. The result was that I could connect and send commands, but no feedback was displayed. A brief message appeared saying ftp couldn't open the proper port.

I checked here on MacOSXHints and at MacSlash but didn't find anything. So I hit the man pages.

Looking at the ftpd(8) manpage referred me to the services(5) manpage, which said to look in /etc/services for a list of a registered ports. There I found the following:

ftp-control 21
ftp-data 20

Anyway, this seems to have solved the problem. I hope this can help others from running into the same problem.

Nate



[ Reply to This | # ]
Doesn't work for me in Jaguar
Authored by: wealthychef on Sep 15, '02 07:50:01PM

I don't know if this is a Jaguar problem or not. I tried to follow the instructions faithfully. But when I try to log in as "anonymous" I get the following error:
ftp> user anonymous
331 Guest login ok, type your name as password.
Password:
550 Can't set guest privileges.
Login failed.

I think maybe I screwed up my password field in Netinfo or something. I tried
su ftp
but cannot get that to work unless I am root. So I su'd to root, then su'd to ftp, and then tried:
chroot /Users/ftp
and got:
ftp% chroot /Users/ftp
chroot: /Users/ftp: Operation not permitted
I've tried recursive chowns to make the directory owned by ftp and by myself and that doesn't help. Netinfo seems set up right, except one point. I had to create an ftp group and gave it an ID of -21, hope that's ok. Seemed the right thing to do. Added the ftp user to the ftp group.
What could I be doing wrong?
Thanks. Here's my current setup.
[12-232-110-43:~] ftp% ls -ld /Users/ftp
drwsr-xr-x 7 ftp ftp 238 Sep 15 16:27 /Users/ftp
[12-232-110-43:~] ftp% ls -l
total 0
drwxr-xr-x 3 ftp ftp 102 Sep 15 14:13 System
drwsr-xr-x 4 ftp ftp 136 Sep 15 16:26 bin
drwxr-xr-x 2 ftp ftp 68 Sep 15 16:27 incoming
drwsr-xr-x 3 ftp ftp 102 Sep 15 13:58 pub
drwsr-xr-x 3 ftp ftp 102 Sep 15 14:12 usr


I su'd to the ftp user and found that



[ Reply to This | # ]
Doesn't work for me in Jaguar
Authored by: evands on Sep 16, '02 02:32:09AM

Had the same experience - I don't think you've messed up your configuration. Something else has to be the matter, something about a default Jaguar install.



[ Reply to This | # ]
Doesn't work for me in Jaguar
Authored by: leebennett on Sep 20, '02 09:41:09PM

add another report of this not working under Jaguar. 'sigh'

i'll be keepin' watch if someone finds a fix.



[ Reply to This | # ]
Doesn't work for me in Jaguar
Authored by: kerrazyjoe on Sep 22, '02 02:27:41AM

Same old Same old
I am convinced this is a bug and no magical config....

This site explains the bug http://www.chezludo.com/ftpchroot.html
and how to fix through recompiling ftpd.



[ Reply to This | # ]
Doesn't work for me in Jaguar
Authored by: blgrace on Feb 28, '03 07:00:10AM

I got it to work by swapping the screwed ftpd file - however - EVERY file I upload to the incoming (drop box) is corrupt ??????
Anyone else having this issue.
All my privs and directories are spot on - can access it from work as an anonymous user - but the files I upload just get scrambled or truncated by a few k, resulting in a -5000 error when trying to uncompress. Even .jpg files just don't work ???



[ Reply to This | # ]
Doesn't work for me in Jaguar
Authored by: blgrace on Feb 28, '03 10:07:47PM

Never mind -
I found my answer.... it's called " Pure-Ftp" - works a treat and easier to configure either as standalone or xinetd.

ftp://ftp.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-1.0.14.tar.gz



[ Reply to This | # ]
Now it's working
Authored by: proxenett on Oct 27, '02 12:47:38AM

I found the solution on this page:
> http://www.xrings.net/xrings/article.php3?id_article=52

It's in french and it's working really good



[ Reply to This | # ]
Now it's working
Authored by: leebennett on Nov 24, '02 04:10:23PM

can someone provide an english version of this? yes, i tried reading it in babelfish translation and i'm getting the gist of it, but i think it's stumbling on a few of the technical parts.



[ Reply to This | # ]
You don't actually need to speak French...here's the fix
Authored by: chincotaco on May 26, '03 02:32:26PM
That French website offers a method of setting up the directory structure, same as the OP here. The reason the French solution works under Jaguar but not this is because it has you download an old version of the ftpd and use it to replace the Jaguar version.

1) Download the file from their server

2) After it's unstuffed, go back into your terminal. Do

% sudo mv /usr/libexec/ftpd /usr/libexec/ftpd.old
(this will make a backup of your old ftp daemon, which probably isn't a bad idea. If you do screw up, you can just use the mv command to rename the ftpd.old to ftpd and you'll be back to the initial setup). Enter your password if prompted.

3) Move the new file to that directory. Type

% sudo mv
with a trailing space. Then drag the expanded file onto the Terminal. This will copy the path to that file. Type a space on that same line, then type
/usr/libexec/ftpd
Hit return.

4) Now you need to restart the FTP server to make it use the new server program. Go to System Preferences:Sharing, and uncheck the "FTP Access" box. Once it's shut down (you'll see feedback on the right side of the pane), recheck it.

Worked for me, hope it works for you.

[ Reply to This | # ]

Doesn't work for me in Jaguar
Authored by: uhammer on Mar 14, '03 05:38:42PM

After much searching I found an article that goes into detail about ftpd being broken in OS X.2 for anonymous ftp (server). So, I started searching around and found www.pure-ftpd.org and downloaded, compiled and installed it. Worked like a champ. Pure-ftpd touts itself as a fast, secure ftpd. Anyway, I then went into /etc/xinetd.conf/ftp and modified the pointer from the standard ftpd to the new pure-ftpd and changed the server arguments to better line up with pure-ftpd. It all worked perfectly. So, now when I enable or disalbe ftp through the System Preferences panel it is pure-ftpd that starts or stops.

If you want more info drop me a line at jrichardson@yobbo.net

---
Jim Richardson



[ Reply to This | # ]
Doesn't work for me in Jaguar
Authored by: wealthychef on Apr 26, '03 05:02:27PM

This worked great for me! Thanks.
The long and the short of it seems to be:
1) create a user and group named ftp using netinfo Manager
2) create the appropriate directories in /Users/ftp
3) get pure-ftpd
rock on!



[ Reply to This | # ]