Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Advanced configuration of the built-in FTP server System
With Mac OS X, you can switch the built-in FTP server on and off, but nothing more advanced via the GUI. Read the rest of this hint for some ideas on a better configuration of log files, welcome messages, access rights, and more.

Configuring the built-in FTP server:
  1. Change the FTP server's logging behavior:
    With the standard configuration, every FTP connection creates an error message in the system.log which reads:
    Sep 17 12:03:35 localhost xinetd[339]: service ftp, IPV6_ADDRFORM setsockopt() failed: Protocol not available (errno = 42)
    In the Terminal, type sudo pico /etc/xinetd.d/ftp to edit the FTP configuration file. Make it look like this:
    service ftp
      {
      disable = no
      socket_type = stream
      wait = no
      user = root
      server = /usr/libexec/ftpd
      server_args = -l -l
      log_on_success = HOST DURATION
      log_type = FILE /var/log/ftplog.log
      groups = yes
      flags = REUSE IPv4
      }
    
    This will create a logfile named ftplog.log, which you can see in the Console under the ftp.log entry, and there are no longer FTP entries in the system.log. The server_args and log_on_success lines will create more entries in the logfiles. The flags line (with Ipv4) will delete the error message in the system.log.

    After this is done, get the xinetd process ID with ps ax, and then restart xinetd by typing sudo kill -SIGHUP PID, where PID is the process ID of xinetd. This will restart xinetd, so that your changes take effect.

  2. Create your welcome messages:
    Edit or create the file /etc/motd for your server message. Then edit or create the file /etc/ftpwelcomefor your welcome-text

  3. Stop users from exploring outside their home directory:
    Edit or create the file /etc/ftpchroot, type only a *, which will allow all users to see their home directory, but nothing more.

  4. Allow or prevent users from using the FTP connection:
    Edit or create the file /etc/ftpusers. List all FTP users who will be allowed access:
      ftpuser1 allow
      ftpuser3 allow
      *
    
    The * is important, because the script stops here. The users below the * are ignored and cannot connect.

  5. More useful commands:
    If you create your own FTP users, the following commands are useful:

    nidump group / -- shows all netinfo groups and users
    nidump passwd / -- shows all users
    sudo niutil –appendprop / /groups/ftpusers users ftptest -- put the user ftptest in the group ftpusers
[robg adds: We've had tips that cover bits of this stuff before, but this puts it all in one easy-to-find spot. This search will return most, if not all, of the other advanced FTP-related hints we've run.]
    •    
  • Currently 1.50 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (2 votes cast)
 
[31,615 views]  

Advanced configuration of the built-in FTP server | 3 comments | Create New Account
Click here to return to the 'Advanced configuration of the built-in FTP server' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Thank you
Authored by: rhowell on Oct 15, '04 02:27:47PM

This hint is priceless. There are endless discussions on Apple's forums about this, particularly parts 3 and 4. Now we have an answer. Thank you very much.



[ Reply to This | # ]
Advanced configuration of the built-in FTP server
Authored by: Sam Rohn on Oct 18, '04 12:29:02AM

Pure_FTPd is a secure, free, open-source replacement for OS X built in ftp -

http://www.pureftpd.org/

PureFTPd Manager is a nice installer for a cocoa prefpane front end for Pure-FTPd -

http://jeanmatthieu.free.fr/pureftpd

i gave up on OS X properly chroot'ing ftp clients, PureFTPd Manager handles it quite nicely...



[ Reply to This | # ]
Advanced configuration of the built-in FTP server
Authored by: lbraud on Oct 18, '05 11:46:13AM
On 10.4.2, the location for this file is

/private/etc/xinetd.d-migrated2launchd/ftp
.

[ Reply to This | # ]