Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

A simple way to create basic FTP shares and users Network
If you're trying to share a bunch of large files, it should be super easy, but it's not. I tried several approaches, but the following seemed to be the best. It's not unique, but it took me a while to figure out that it was the best no-software approach, so I thought it would be nice to have a primer for the semi-power user. Follow these directions to set up an FTP server with a single user, who has read-only access to one folder of your choice.
  1. Go to System Preferences -> Accounts.
  2. Create a new user (+ button).
  3. Give them a name and password, then click on the Limitations tab and select Some Limits, then uncheck everything. Just in case.
  4. Use NetInfo Manager to change the user's home directory to the folder that you want to share (I wanted to share the same folder I share when file sharing). Look under Users -> Username -> Home.
  5. Delete the original home directory.
  6. Go to System Preferences -> Sharing.
  7. Turn on FTP access. Be sure to forward ports 20-21 if you have an external firewall.
  8. To link to your FTP server: ftp://username:password@1.1.1.1 . If your IP is dynamic, it will eventually change. If you are going through a router, then use your router's WAN IP, port-forwarded to your computer's LAN IP. Leave out the password (and the :colon) to marginally increase security (make them type the password).
To automate, check out this hint: A shell script to add FTP users in 10.3

Why do it this way? It's simple and requires no additional software. If you want to do more (lots of users, advanced GUI control over your FTP server), then this is not the best solution.

[robg adds: When I needed to send many hundreds of megabytes of book image files to my editors, I used CrushFTP, a Java-based FTP server. It's a bit tricky to set up, but has tons of control over users and privileges -- users don't need to exist outside the CrushFTP space, which is a nice feature when you need to allow multiple users access.]
    •    
  • Currently 3.00 / 5
  You rated: 3 / 5 (4 votes cast)
 
[15,294 views]  

A simple way to create basic FTP shares and users | 11 comments | Create New Account
Click here to return to the 'A simple way to create basic FTP shares and users' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
A simple way to create basic FTP shares and users
Authored by: cudaboy_71 on Jun 22, '04 11:19:29AM

for read only access i just use http with htpassword and htaccess files.

it is super simple to set up and maintain right thru a browser.

is this any less secure than ftp?

---
if it aint broke, break it!



[ Reply to This | # ]
A simple way to create basic FTP shares and users
Authored by: joebeone on Jun 22, '04 01:59:12PM

Both transmit plaintext passwords in the clear, I believe...



[ Reply to This | # ]
A simple way to create basic FTP shares and users
Authored by: mustang_dvs on Jun 22, '04 02:25:11PM
If you are using SSL, .htaccess data is transmitted in a secure packet.

SFTP is the only way to secure an FTP connection, by wrapping it in an SSH session.

[ Reply to This | # ]

A simple way to create basic FTP shares and users
Authored by: osxpounder on Jun 22, '04 04:20:58PM

And another benefit of SFTP is that it's just simpler. You don't have to run yet another program -- if you check the box to allow "Remote Login" in your Sharing preferences [in System Preferences], you are already running the SSH daemon-server-thingy [correct me if I'm wrong, folks].

You still have to create a userid, but you don't have to mess with FTP servers, .htaccess files, or anything except setting up your users' permissions. An SFTP client uses SSH to log in; I believe it's as secure as an SSH connection, but I know there are folks reading this hints site who could say more about security.

One thing I wonder is whether the default SSH setup in OSX is properly secure; I assume someone here would have spoken up if it weren't.

I use FileZilla, on my home PC, so that I can xfer filer to my work Mac -- all I need is my OSX username and password, which [I hope] is being sent encrypted across the Internet to the Mac.

---
--
osxpounder



[ Reply to This | # ]
A simple way to create basic FTP shares and users
Authored by: eno on Jun 22, '04 05:13:28PM

"Some limitations" or no, if you follow this hint and you also happen to have SSH shell access turned on then you've just given the holder of the FTP account you just created unfettered shell access to your machine.

May your NAT router save you.

This is what happens when desktop users discover UNIX, courtesy of Apple Computer Inc.



[ Reply to This | # ]
a solution to this problem?
Authored by: SuperCrisp on Jun 22, '04 08:21:48PM
Would setting this ftp user's terminal to null or something like
/usr/libexec/sftp-server
eliminate this problem?

It might also be good to edit
../Library/Preferences/com.apple.AppleFileServer.plist
to disallow guest access if this machine is going to be exposed continuously.

[ Reply to This | # ]
Netinfo Manager to the rescue
Authored by: josh doubles on Jun 23, '04 12:43:09AM
Open Netinfo Manager select
/users/ftpuser
where ftpuser is the name of the user you want to disallow shell access

change the value for shell to
/usr/bin/false


[ Reply to This | # ]
Additional information about securing your FTP as well as other important info.
Authored by: hanha014 on Jun 23, '04 06:52:27AM
I tried to set the loginshell to /usr/bin/false but then the ftp account didn't seem to work that well either. I suppose it depends on what ftp server you are using. On my Linux box with proftpd you could set so that you don't require a valid login shelll for the ftp-account. I think this would be the solution (after checking
man ftpd
)

NOTE: Please read the whole message before beginning to change your system.

1. Instead of using /usr/bin/false as a login shell for the ftp-user use /sbin/nologin instead. So open up the NetInfo manager, go to the ftp user and set the login-shell to /sbin/nologin instead.

2. Then we must tell the ftp-server that /sbin/nologin is a valid shell for the ftp-server. Open the file /etc/shells file with your favourite editor and put /sbin/nologin on an empty row (you could see how the other valid shells are written in the file). Now if users are logging in via ssh they will get a message that they are not allowed to log in (the /etc/shells file only seems to apply to the ftp server, and not other login processes).

Here's some additional tips to make the ftp server a bit more secure.

3. chroot users to their home directory. What this means in plain english is that, what appears to be the root directory for users that logs in via ftp - is their home directory. In other words they can't go outside of their home directory and download other files in the system.

You configure this chrooting thing, by creating the file /etc/ftpchroot (if it doesn't already exist). There you put one username on each row for users you want to be "caught" in their home directory.

NOTE: If you have created links or aliases that points to directories outside of the chrooted environment they will probably not work. So if you have done that you probably should skip this step even though it might make your system more secure.

NOTE2: In Linux I know a way of making virtual mounts so you could mount one directory into another, and even mount them with a read-only option, this should be very secure. Haven't got it to work correctly in OS X though, I will investigate this and reply to my message with an update if I find a solution.

FINALLY a completely optional step for users that would like to make their ftp configuration even nicer.

4. If you want the users of your ftp-server to recieve a welcome message when they are accessing your ftp you could easily accomplish that by creating the file /etc/ftpwelcome and then write some nice message that would be displayed to users before they log in.

A tip what to write would probably be your e-mail and name, and some rules for the ftp server for instance

5. If you want information displayed to users after they login you should edit the /etc/motd (message of the day) file. I don't think that this only applies for users connecting to your ftp server, but also for users logging in via ssh.

Ok I think that was all my tips I could give concerning the ftp server. For additional information you should check out the manual page for ftpd.

man ftpd

And remember, if you're not that used to working with a *nix system, be careful what you write in the terminal, you could render your system unusable if you are not careful. Don't want to scare people off, just a warning :-)

Oh and one more thing. If the terminal says that you don't have permission to do a certain action you could always type the command sudo before the actual command like this:

sudo vim /etc/ftpchroot
and then write in the password for the user you logged in as (assuming that you are an administrator of the OS X system)



[ Reply to This | # ]
Additional information about securing your FTP as well as other important info.
Authored by: mrgerbek on Jun 30, '04 12:26:47AM

Awesome - you've done a fine job with these instructions. I commend you.

---
~~~~~~~~~~
Be Green



[ Reply to This | # ]
A simple way to create basic FTP shares and users
Authored by: BMarsh on Jun 23, '04 10:41:46AM

An easier way, but requires extra software (it's freeware!)
is PureFtpd Manager

almost no setup, simple interface, fairly straightforward UI.
It makes ftp only users, and allows existing full users of your machine to access their home directories.

there can be some issues with permissions if you want to put things into a users directory, since the default is to only give read access to anyone else.

it isn't sftp, but Pureftp is supposed to be one of the more secure ftpd's out there from what information I've been able to gather.

There should be links on both versiontracker and macupdate



[ Reply to This | # ]
A simple way to create basic FTP shares and users
Authored by: mcsattu on Sep 07, '04 07:12:57PM

I recently tried to use PureFTPd, and had serious problems with it -- any time I tried to manage users, I'd have no more than 15 seconds before it quit the entire program. Everything else worked, and if I was able to finish whatever I needed to do quickly, log ins & everything worked perfectly... but it was too painful for me to continue using it.

Is there any other freeware gui ftp server software available?

(Note: using 10.3.5 on an 867 Quicksilver G4, haven't had any similar problems before)



[ Reply to This | # ]