Skip navigation
This discussion is archived

How do I setup users for the Built-In FTP Server?

2355 Views 13 Replies Latest reply: Nov 15, 2007 9:23 PM by WhoLikesBread RSS
mickey79 Calculating status...
Currently Being Moderated
Nov 5, 2007 12:56 PM
Ave,

I turned on 'File Sharing' from System Preferences, which did enable the built-in FTP Server on my Leopard installation. But how do I setup Users and their Home Directories for this FTP Server?

Thanks!
Power Mac G5, Mac OS X (10.5)
  • Ryan D. Level 4 Level 4 (2,935 points)
    Currently Being Moderated
    Nov 5, 2007 7:28 PM (in response to mickey79)
    Hi Mickey,

    You can add users in the Accounts pane of System Preferences and that information will be used to allow people to ftp to your machine. There are some alternatives that will allow you to add users to the bsd flat files so they do not also show up as normal users, but this might be a bit complicated for your purposes as it involves Terminal usage and some minor modifications in Directory Utility.

    +R
    PowerBook G4 15 1.67 Ghz (Dual Layer SD), Mac OS X (10.5)
  • Ryan D. Level 4 Level 4 (2,935 points)
    Currently Being Moderated
    Nov 6, 2007 5:55 AM (in response to mickey79)
    Hi Mickey,

    It's not really that difficult, but I just wanted to gauge your experience. First step is to open /Applications/utilities/Directory Utility and click on the Search Policy tab. Check and see if /BSD/Local is listed in the Directory Domains; this will allow people to authenticate using the /etc/master.passwd file in addition to the local open directory.

    One thing to keep in mind before we go the flat file route; you can add users into the local open directory that don't have home folder and don't show up in the login screen. This has become much easier in 10.5 due to the advanced setting available in System Preferences. Goto Accounts, then unlock the prefs pane, then right click on an account and you can edit the UID, GID, and home directory path as well as other details. I would suggest going this route. If you make the UID less then 500 the accounts won't show up in the GUI (like login screen or fast user switching menu). Set eh UID below 500 and great possible a ftp group to use with these accounts; change the home dir to a folder in the ftp server and change the login shell...you should be good to go at that point.

    Back to the BSD flat files, you can edit the master.passwd file to add users like this:

    testuser:*:499:1500:Test User:/path/to/home:/sbin/nologin

    Check man on master.passwd for details on what each field is for. I set the shell for ftp only user as /sbin/nologin so they cannot login any way except for ftp. Keep in mind that FTP us very insecure and you way want to consider using SFTP (which I believe is builtin). I'm not really up to speed with the ftp server included with Mac OS X, so I'm not a good resource for securing that. But I can help you add users. I also suggest going the Open Direcotry route rather then the flat file route now that the advanced settings are available. Let me know what needs more explanation.

    +R
    PowerBook G4 15 1.67 Ghz (Dual Layer SD), Mac OS X (10.5)
  • Ryan D. Level 4 Level 4 (2,935 points)
    Currently Being Moderated
    Nov 6, 2007 6:35 AM (in response to mickey79)
    Hey Mickey,

    Sorry I didn't realize they added all of those options for adding accounts to 10.5! That makes it even easier. I would use the "Sharing Only" account as you thought. Looks like the UID doesn't matter as this account type is not shown in the GUI anywhere. The only thing you will have to change is the home directory path to somewhere you can secure with a chroot chail or something (on my ftp server I have their home set to /var/ftp/). I was looking for the ftp server on 10.5, but I can't find it...nor is there a service listed in Sharing for it. So I'm confused about that. The GID doesn't necessarily have to be the ftp group, but you could create a ftp group or a group for shared users. You could also leave it as 20, just set the permissions on the home folder to be available to these ftp users.

    Again, ftp is very insecure and you should be very careful when setting up a ftp server. I referenced the Practical Unix & Internet Security book by Simson Garfinkel, Gene Spafford, Alan Schwartz for some great tips on setting up a "secure" ftp server.

    http://www.oreilly.com/catalog/puis3/

    +R
    PowerBook G4 15 1.67 Ghz (Dual Layer SD), Mac OS X (10.5)
  • Ryan D. Level 4 Level 4 (2,935 points)
    Currently Being Moderated
    Nov 6, 2007 6:59 AM (in response to mickey79)
    No reason to change the UID for this user as I stated above, try changing it back to what it was before and try again. Also, make sure the home folder exists, I don't think it will be created for you. Check the permissions on it as well.

    Can you verify that FTP is working by using a regular account to connect?

    +R
    PowerBook G4 15 1.67 Ghz (Dual Layer SD), Mac OS X (10.5)
  • Ryan D. Level 4 Level 4 (2,935 points)
    Currently Being Moderated
    Nov 6, 2007 7:08 AM (in response to mickey79)
    Mickey,

    Can you tell me the path to the ftp server and maybe where the config files for it are? That might help determine what needs to be added to this account in order to be allowed on via ftp.

    +R
    PowerBook G4 15 1.67 Ghz (Dual Layer SD), Mac OS X (10.5)
  • Ryan D. Level 4 Level 4 (2,935 points)
    Currently Being Moderated
    Nov 6, 2007 7:23 AM (in response to mickey79)
    Thanks for showing me how to turn it on! I missed the options button. It looks like you will have to get the users added to the pane in the options and allow them to connect. However, Sharing only account don't show up in there, so I am confused about that. I'm not sure accounts in the bsd files will show up either, so we need to figure out where the SACLs (Service Access Control Lists) live for file sharing. I'll keep looking.

    +R
    PowerBook G4 15 1.67 Ghz (Dual Layer SD), Mac OS X (10.5)
  • WhoLikesBread Calculating status...
    Currently Being Moderated
    Nov 15, 2007 9:23 PM (in response to mickey79)
    Anybody find it? This whole "User may not use FTP" error is killing me when a "Sharing Only" user endeavors to connect.
    Dual G4 MDD, Mac OS X (10.5)

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.