A reader is looking for information on some advanced FTP server options in OS X. He's tried the various boards and had no luck, so I'm posting here in case there are any answers out there. He writes:
I've looked near and far and have heard from many other people the same problem. Finding a concise document to set up a FTP server on OS X is hard to find. Basically I am looking for some tips on these few tasks which I can not figure out and I believe would help many other OS X newbies:
I have set up a ftpchroot file to resrict users to their home directories, but how do I provide them a link in their home directory to a community folder for all of them to upload and download from?
How do I limit access to say two logins per user, and limit their bandwidth?
How do I go about setting up groups in user administration say so that all FTP users would be in thier own user group of FTP?
If anyone could shed some light on these relatively simple tasks which are complicated to us newbies please please feel free to provide some answers. Thank you.
The incomparable Brad Suinn from Apple has been kind enough to release juicy tidbits about the AppleShare X Client in a unauthorized readme. Amongst other things the end of the file shows how to do an AFP/IP connection using SSH so everything is nice and secure and encrypted. Check out:
The network preferences file is used to store all the user entered information about your TCP-IP/PPPoE/PPP settings. If you are looking to automatically setup these settings for use in an "easy installer", the preferences file can be found at this location:
This file is usually owned by root, in group wheel.
The /etc/hosts file by default is ignored by OS X. Though it is possible to import hosts into the "machines" directory (see tips here on macosxhints), there is also a way to configure lookupd so it consults /etc/hosts directly.
lookupd can use different agents to lookup hosts: e.g. DNSAgent which consults DNS, FFAgent which consults local files like /etc/hosts, and CacheAgent which will keep a local cache. The trick is to tell lookupd which agents to use in which order.
Read the rest of this article if you'd like the details on making OS X use your local hosts file before it uses the DNS servers.
With the release of 10.0.2, Apple has included an upgraded FTP server that makes it easier to control which directories FTP users can utilize. This is done using an 'ftpchroot' file, which makes each listed user's home directory appear as the root of the system via FTP, so there's no way they can move "up" out of their directories.
Implementing 'ftpchroot' is quite simple, but it does require a bit of editing work as root. If you'd like to restrict your FTP users to their own directory, read the rest of this tip.
This is the result of a few hours worth of digging around, chasing after a loooong setup delay on SSH connections with (if I recall correctly) both the 2.3 SSH in 10.0.1 and the 2.5 SSH available from Scott Anguish.
If any of you have been experiencing long (dozens of seconds) waits in starting up SSH connections, it looks like 'arp' is being called with a parameter order that Apple's arp utility isn't handling as expected (Apple's utility wants 'arp -n -a' when SSH is using 'arp -a -n'). [Found this out by running ssh -v -v, after a bit of packet sniffing and DNS experimentation.]
Read the rest of this article if you'd like a workaround to speed up your SSH connections!
Since the 10.0.1 update has been released, one of the new features is the implementation of SSH/SSHD. First thing I always do after an install of SSHD is edit a few items in the sshd_config file.
- At your terminal, 'su -' to your root account
- 'pico -w /etc/sshd_config'
- Look for the line containing "PermitRootLogin yes"
- Simply change this line to read "PermitRootLogin no"
- Save your changes and exit the editor
- Open your "System Preferences" from the Dock, and choose "Sharing"
- If the check box beside remote access is not selected, turn it on if you wish for SSH access to be enabled. If it is already selected, then just cycle it. Click it off, then back on.
...unless of course you want to allow someone one step closer to controlling your machine remotely. ;)
I recently got OSX and immediatly started to setup an FTP, using the built in FTP sharing in the system preferences. Everything works great, and the server is running, but the only problem is... every user has access to anything. I can't restrict access to folders (I dont know how anyways...) I would like a setup many different users who can only access their own folders, not my ENTIRE HD. Any help would be appreciated.