Advanced configuration of the built-in FTP server
Oct 15, '04 10:36:00AM
Contributed by: gripp
With Mac OS X, you can switch the built-in FTP server on and off, but nothing more advanced via the GUI. Read the rest of this hint for some ideas on a better configuration of log files, welcome messages, access rights, and more.
Configuring the built-in FTP server:
- Change the FTP server's logging behavior:
With the standard configuration, every FTP connection creates an error message in the system.log which reads:
Sep 17 12:03:35 localhost xinetd[339]: service ftp, IPV6_ADDRFORM setsockopt() failed: Protocol not available (errno = 42)
In the Terminal, type sudo pico /etc/xinetd.d/ftp to edit the FTP configuration file. Make it look like this:
service ftp
{
disable = no
socket_type = stream
wait = no
user = root
server = /usr/libexec/ftpd
server_args = -l -l
log_on_success = HOST DURATION
log_type = FILE /var/log/ftplog.log
groups = yes
flags = REUSE IPv4
}
This will create a logfile named ftplog.log, which you can see in the Console under the ftp.log entry, and there are no longer FTP entries in the system.log. The server_args and log_on_success lines will create more entries in the logfiles. The flags line (with Ipv4) will delete the error message in the system.log.
After this is done, get the xinetd process ID with ps ax, and then restart xinetd by typing sudo kill -SIGHUP PID, where PID is the process ID of xinetd. This will restart xinetd, so that your changes take effect.
- Create your welcome messages:
Edit or create the file /etc/motd for your server message. Then edit or create the file /etc/ftpwelcomefor your welcome-text
- Stop users from exploring outside their home directory:
Edit or create the file /etc/ftpchroot, type only a *, which will allow all users to see their home directory, but nothing more.
- Allow or prevent users from using the FTP connection:
Edit or create the file /etc/ftpusers. List all FTP users who will be allowed access:
ftpuser1 allow
ftpuser3 allow
*
The * is important, because the script stops here. The users below the * are ignored and
cannot connect.
- More useful commands:
If you create your own FTP users, the following commands are useful:
nidump group / -- shows all netinfo groups and users
nidump passwd / -- shows all users
sudo niutil –appendprop / /groups/ftpusers users ftptest -- put the user ftptest in
the group ftpusers
[robg adds: We've had tips that cover bits of this stuff before, but this puts it all in one easy-to-find spot. This search will return most, if not all, of the other advanced FTP-related hints we've run.]
Comments (3)
Mac OS X Hints
http://hints.macworld.com/article.php?story=20041012112759147