afp548.com published my article on how to replace the Apple-supplied FTP server with ProFTPd, with authentication through users and groups kept in MySQL instead of NetInfo or a simple passwd file. This is a nice tip if you're looking to serve up a lot of different users on a system without wanting them to be able to login via SSH and such. Read "ProFTPd, for the pro?" for the how-to.
[Editor's note: The article discusses the installation on OS X Server; I don't know for sure, but I suspect it would work as described for OS X Client as well.]
If you have a webpage hosted on OS X Server, you may want multiple people to have access to the front page (/Library/WebServer/Documents/) for updates. It takes a little bit of messing around, but it's all relatively easy; here's how (make sure you're an Admin before doing any of this):
Open the Workgroup Manager.
Create a New User who you want to have access to the front page (Command-Shift-N).
Name the user. You can give them a local home directory (or a network, or more advanced, doesn't matter) but it's not necessary. In this example, the user will be refered to as Web1. Click "Save."
Switch to the Groups tab.
Create a new Group (Command-Shift-N). In this example, the group will be refered to as Webmasters.
Add Web1 to Webmasters, then click "Save."
Click on the "Sharing" icon at the top of the window.
Click on the "All" tab on the left.
Navigate to the following: /[your-drive]/Library/WebServer/Documents.
With "WebServer" as the last highlighted folder, click on "Users and Groups."
Select the "Groups" tab from the Pop up window, then change the Domain to "Netinfo/root"
Select the webmasters group and drag to the "Group:" setting in the main window. IMPORTANT: do not change the Owner from root unless you know what you're doing
Click the "Share this item and it's contents" check box so that it is checked and then click "Save."
Now when the user Web1 logs in, they should have access to the "/Library/WebServer/Documents/" folder and be able to modify all the files therein. This process can also be used for any of the other folders on the system. Once the folder is a "Share Point," users will have the ability to manipulate the contents. For multiple users, repeat steps 2, 3 and 6.
To revert the status of the "/Library/Webserver/Documents/" folder follow steps 7-12 and replace webmaster with the the group admin, then deselect "Share this item and it's contents."
[Editor's note: I have not tested this hint myself.]
I'm setting up a Web Server with OS X Server (10.2), and have been having problems with creating users with directories accessible from FTP. In the provided Workgroup Manager, you can set the home directory of a new user but nothing is created initially. Instead, it waits for the user to log in through AFP before creating it, which for a web server, is not exactly convenient.
Fortunately, Apple thought of this problem ... after several days of researching various materials, I found that you can run a program called "createhomedir" in Terminal and all the home directories will be created for you. Here's the steps I took:
Open Workgroup Manager and go to the Users section
Create a new user
Click on the "Home" tab, and select the "local" radio button
Click save, then launch Terminal
In Terminal, type "sudo createhomedir --a"
That's it, you're done! There are some other options for creating home directories, just type "man createhomedir" to find out what each does.
I have put together a Firewall and NAT startup item for Mac OS X 10.2 Server. The server doesn't have a GUI for NAT, and BrickHouse doesn't support a second NIC card. I would appreciate some feedback, especially on the ipfw rules. I'm sure there are room for improvements. Please have a look at the Firewall script.
I use this startup item on a Mac OS X 10.2 server (with one extra NIC card) that acts as a Firewall and NAT server for an internal network. The server is connected to the Internet via ADSL with a static IP address. All the computers on the internal network get a private IP address via DHCP and can surf the Internet, look at home pages and check e-mail etc. I have made some pointers on how to configure it if you have a dynamic IP address from your ISP, but it's *not* tested.
By default, the script will set up ipfw to block ports 0-1023 in and allow ports 1024-65535 in. Everything outgoing is allowed. DNS, DHSP etc is also set up to work. Open up the services you use by uncommenting their rules in the script.
[Editor's note: I have not tested the following script myself, primarily due to a lack of OS X Server software (and a nice XServe to test on, of course!)]
After looking for help on a lot of on installing the moregroupware collaboration software, the website www.afp548.com has finally created a step by step tutorial on the installation and configuration of this handy software package.
[Editor's note: The instructions are designed for those running OS X Server, but could be useful if you're trying to get the package running on Client. I have not tested the tutorial.]
If you are using OS X server with Windows file sharing, you may have noticed that Windows client computers save files without any group permissions. So any other user belonging to the group is only able to read the file. I have been searching long and wide for a solution to this and have finally found a KB article (number 106570) that covers this.
Søren Theilgaard of Consult Theilgaard has written a guide to installing and using OS X Server entitled "Mac OS X Server Configuration: The Additional Guide for (some of) the UNIX Stuff." The first three chapters are available online at the above hyperlink; the entire guide is available as a $20 shareware purchase through Kagi.
For a short review of the entire guide, read the rest of the article...
I'm running OSX as an internet server, and recently installed the killer blog app Movable Type (MT), an absolute poster child for server applications. MT uses ImageMagick, a very powerful, but, uh, tersely documented suite of command-line image-manipulation utilities to provide resizing and so forth for in-browser file uploads. Installing ImageMagick, or even finding comprehensible documentation on the installation process, is very difficult.
Read the rest of the article to see how I got it running on my system...
The dearth of useful, moderated information about MacOS X Server was frustrating to Joel Rennich and David O'Donnell. As a result, they have created and launched AFP548.com. The site is dedicated to disseminating information about all aspects of MacOS X Server, from beginning UNIX tips and tricks to articles on how to maximize the value of your Server machine.
Some articles and other content are online already. Submissions -- in the form of articles, reviews, and questions -- from everyone in the MacOS X Server community (both current and potential users/administrators) are welcome.
[Editor's note: This is the first site I'm aware of that's dedicated to OS X Server, so if you're running Server and looking for information, it's probably worth your time to give a quick visit to AFP548.]
There is a problem with the default settings for the webserver on Mac OS/X 10.x Server where if you change the server to another IP or name, all kinds of redirects point to a :16080 port. This happened to me on a machine with a single IP address. When I gave the server a new address and reconfigured my services, all requests for a /~user site resulted in a :16080/~user being returned to the web-browser.
Of course, a lot of firewalls are not set up to handle those ports, so fixing the server is a better way of solving this problem. Read the rest of the article for instructions on how to do just that...
[Editor's note: I don't run OS X Server, so I can't vouch for either the bug or the fix, but it makes sense on a quick read-through.]