Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Repair the ftpchroot bug in OS X 10.2 Network
This morning I was trying to help a friend set up the FTP server in OS X 10.2. In particular, we were trying to get ftpchroot (see this hint) working, which restricts FTP users to their home directory. As noted in the referenced hint, it's relatively easy to set up, but after creating the proper file, any attempt to FTP was met with this:
% ftp
Connected to
220 FTP server (lukemftpd 1.1) ready.
Name ( robg
331 Password required for robg.
550 Can't change root.
ftp: Login failed.
A little Google searching found this page, which explains the cause of the problem:
Internally, the bug is caused by changing the effective userid of the ftpd process to the user logging in before invoking the chroot command. Unfortunately, the chroot command can only be done by the root user, which is the user into which ftpd is first launched. It would be interesting to see the details of the original bug to see if it was creating a security issue or just an inconvenience.
The solution, also detailed on the same page, is to replace lukemftpd, Apple's chosen FTP server program, with an earlier bug-free version. Instructions are provided to build from source (you'll need an Apple Open Source ID to get the files), or you can use the author's precompiled binary.

Others will comment, of course, that you can avoid all these problems in the first place by just switching to proftpd, which about which I've heard good things (though I don't do much with FTP, so I haven't installed it myself). If one were to do this, however, I don't know of a method of changing the Sharing preferences panel such that it launches proftpd instead of Apple's built-in FTP server.
  • Currently 2.33 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (3 votes cast)

Repair the ftpchroot bug in OS X 10.2 | 9 comments | Create New Account
Click here to return to the 'Repair the ftpchroot bug in OS X 10.2' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Repair the ftpchroot bug in OS X 10.2
Authored by: caek on Aug 26, '03 10:18:18AM
This hint shows you how to replace ftpd with proftpd so changes in the Sharing Panel affect proftpd.

[ Reply to This | # ]
proftp and PAM on osx server
Authored by: andy2307 on Aug 26, '03 11:15:22AM

I'm currently using the bundled osx ftp server.

When I tried to install proftp I had no problem getting it to run on my standard OSX install however when I tried to install it under OSX server It failed because of PAM authentication error. I have tried to find a solution to this but had no luck. Has anyone else come accross this? Any solutions...

I know this is a little off topic but any help would be most welcome...

[ Reply to This | # ]
security issue?
Authored by: hayne on Aug 26, '03 11:54:48AM
I would be very reluctant to substitute an earlier version of any networking program unless I thoroughly understood the security implications. The page that is linked to above does mention the possible security issue of going back to an earlier version - but seems not to be too concerned about it. I think it is a major concern and would not recommend this change without further investigation.

[ Reply to This | # ]
Repair the ftpchroot bug in OS X 10.2
Authored by: wyvern on Aug 26, '03 01:33:16PM
Why bother working around the troublesome lukemftpd? I just use Pure-FTPd. It's secure (root exploits to date: 0) and easy to configure, and supports TLS/SSL encrypted login.

[ Reply to This | # ]
Authored by: WAW401 on Aug 26, '03 02:06:02PM

Same here!

[ Reply to This | # ]
Authored by: legacyb4 on Aug 27, '03 02:30:44AM

Not to mention that a few days ago, Macintouch posted a link to a user who put together a nice GUI front end for managing your FTP system for Pure-FTP.

[ Reply to This | # ]
but what about ssh, sftp and things like fb_realpath
Authored by: hamarkus on Aug 26, '03 03:10:00PM

I followed the same instructions some time ago (using the binary), and it worked as advertised. But one problem is that if remote login is enabled, every ftp user can ssh or sftp into your computer and will not be restricted to his home directory anymore.

Another question is what happens if Apple updates the ftp server via an OS or security update (remember the fb_realpath() function)?
Possiblity A:
nothing gets changed/fixed - good in that ftpchroot still works, bad in that you are vulnerable but thinking things were fixed
Possibilty B:
you are back to Apple's implementation - good in that security holes are fixed, bad in that ftpchroot does not work anymore, which you probably will not realise for quite some time
Possibilty C:
update breaks everything

If you would choose proftp, who is going to tell about fb_realpath() function like security holes in it?
And reading through the comments of the hint mentioned in the first comment, I am asking myself whether proftp really is such an easy thing to install.

[ Reply to This | # ]
but what about ssh, sftp and things like fb_realpath
Authored by: wyvern on Aug 26, '03 03:34:42PM

Edit your /etc/sshd_config and add a line at the end like so:

AllowUsers username_you_want_to_allow

(Or, if it's easier to deny... DenyUsers username_to_deny)

[ Reply to This | # ]
but what about ssh, sftp and things like fb_realpath
Authored by: tsaar on Aug 26, '03 03:51:42PM

Ah, that's right.
Maintaining these things is hard work.

BTW, there's ways to restrict ftp-users from logging in via SSH
(you either redirect their shells to /dev/null or you just drop a line in the config file sshd_config, something like
AllowUsers username
DenyUsers username
I personally gave up on it. I disabled ssh (cos I don't need it)
and I allow ftp from certain IP's only, which may not be enough, but I've decided it's enough for me.

There was this really cool script that i used that created ftp-only users (no login, either via SSH or to the machine itself, chroot jail, etc.) but it ceased to work update.

[ Reply to This | # ]