User profile for user: lynnmonk
lynnmonk Author
User level: Level 1
4 points

FTP permissions question

I want to be able to create user FTP accounts that can only access their own and certain shared folders. However, even if I login by FTP with only a guest account with very limited privileges, I can still see every folder on my computer, most of which I can open to view the files inside. I can even see the system files that are normally invisible to me when I am logged on as an admin to the computer itself!

How can I arrange it so that all unauthorised folders and files are invisible to outside users?

Dual 2.3Ghz PowerPC G5, Mac OS X (10.4.6), 1.5Gb DDR2 SDRAM

Posted on Apr 18, 2006 3:36 PM

Reply
23 replies
User profile for user: lynnmonk
lynnmonk Author
User level: Level 1
4 points

Apr 19, 2006 2:03 PM in response to Tim Haigh

Well I can already do that with the Mac permissions. But how can I make it so that the folders are completely invisible.

For instance, when I log onto my web host via FTP, I can only see the folders in my account, the button to browse directories above that doesn't function, so I am unable to see the server's system directories and other users folders.

On my Mac server, I can see all directories above my home directory even though I don't have permission to write to them.

I tried changing permission on the system directories and only succeeded in completely locking all users, including myself, out of the system! So I had to do a permissions reset to get back in!
Reply
User profile for user: Tim Haigh
Tim Haigh
User level: Level 7
24,198 points

Apr 19, 2006 2:24 PM in response to lynnmonk

For instance, when I log onto my web host via FTP, I can only see the folders in my account, the button to browse directories above that doesn't function, so I am unable to see the server's system directories and other users folders.


They are using a commercial ftp server that is setup completley differently the macs simple and ftp server. If for example you were using Server software such as Tiger OSX server you have a much more configurable GUI for setting up an FTP sharepoint. To do this manually in a regular Tiger installation you need to learn about ftpchroot and other unix tools. This is why I suggest you use PureFTPd manager as it is really easy to use and require no termial unix commands to setup.

PureFTPd manager lets you setup an FTP server in the same way as with commerical server software. You have an option to restrict users to their own home directory.

I tried changing permission on the system directories and only succeeded in completely locking all users, including myself, out of the system!


That was in my opinion a dangerous thing to do. Why did you not try out my suggestions first.
Reply
User profile for user: lynnmonk
lynnmonk Author
User level: Level 1
4 points

Apr 20, 2006 12:42 PM in response to lynnmonk

Well I spent most of the day trying to get this pureftpd thing to work and I can't even get as far as installing it! I followed all the instructions and when I type ./configure a few messages pop up then Error: No acceptable C compiler found in $PATH. I tried it in different directories, but same message.

... this is supposed to be the EASY way???

Really I don't even need a whole FTP. All I want to do is to have a web page from which a few people can upload and download files. I would rather they didn't have to install FTP clients. Most of them are less familiar with computers than I am! I'm fed up of having to give them instructions on how to download and set up an FTP Client.

I've got as far as getting the MAC to display a web page from the Webserver directory. Downloading files from a directory is no problem, but how can I get the MAC to accept an upload to a specified directory using the "form-send file" command?
Reply
User profile for user: fu
fu
User level: Level 2
455 points

Apr 20, 2006 1:42 PM in response to lynnmonk

Hi lynnmonk,
Well I spent most of the day trying to get this pureftpd thing to work and I can't even get as far as installing it! I followed all the instructions and when I type ./configure a few messages pop up then Error: No acceptable C compiler found in $PATH. I tried it in different directories, but same message.
... this is supposed to be the EASY way???

Take it easy, you obviously downloaded the source files for pureFTPd, you tried to build it and you got the $PATH error because you don't have Apple's XCode installed or your PATH is not nicely defined...

So to save yourself from frustration, go download the binary distribution of PureFTPd:
http://jeanmatthieu.free.fr/pureftpd/pkg/PureFTPd-Manager-1.6.2.dmg

I would rather they didn't have to install FTP clients

They don't have to. Basic FTP functionality is available in web browsers, the command line gives you every ftp option you'll ever wish for and there are lots of beautifull (graphical) clients as well (some are free too). The choice is yours...

Most of them are less familiar with computers than I am! I'm fed up of having to give them instructions on how to download and set up an FTP Client.

Well, if you don't like configuring the server find someone else to do it. MacOS X Server is a fully-fledged one and (like any other server) in order to be configured properly you need some unix familiarity or an apetite to learn new things...

I've got as far as getting the MAC to display a web page from the Webserver directory. Downloading files from a directory is no problem, but how can I get the MAC to accept an upload to a specified directory using the "form-send file" command?

Did you go through Apple's Tiger Server Documentation? Tiger server is very well documented, start familiarizing yourself with unix worksheets and then read the FTP section, all you need to get started is covered.

Be carefull to run only 1 FTP server thoough, either MacOS X built-in or PureFTPd 😉...


Macs running 9.x, Macs running 10.4.x, SGI workstations running Irix 6.5.x



Message was edited by: fu
Reply
User profile for user: Tim Haigh
Tim Haigh
User level: Level 7
24,198 points

Apr 20, 2006 1:39 PM in response to lynnmonk

Your not then using the same installer I used to install pureftpd manager as it requires NO terminal compiling at all.

The link I provided for you takes you to a page titled PureFTPd Manager for OSX.

The download link on that page takes you to page where you can donwload a pre compiled version!.

You must have downloaded the source code he only included the source code on his site to comply with the GNU Public license you don't need it.


BTW a MAC is not the same thing as a Mac.
Reply
User profile for user: lynnmonk
lynnmonk Author
User level: Level 1
4 points

Apr 23, 2006 2:13 AM in response to fu

Thanks for that link, fu. I'll try that later.

Unfortunately the link Tim Gave me earlier was not working. It kept returning me to the same homepage. I think the site must have been "got at". That's why I obviously ended up with the wrong version.

I really do appreciate all your help. I am a person with quite a lot of patience and its usually simple things like wrong pathnames that keep me confused for longer periods than should be neccessary.

Yes, I have read all the Tiger help pages more than once. I'm sure I'll get something useful to work eventually. I think most of the problems occur because there are so few tutorials written that a bozo like me can understand. Most of this stuff is really simple once you realise what basic step was missing from the instructions!

Well I only need one server. I'll get back to you with my results from this new download.

Many thanks both of you.
Reply
User profile for user: lynnmonk
lynnmonk Author
User level: Level 1
4 points

Apr 24, 2006 12:24 PM in response to Tim Haigh

Hi again!

I've installed the pureFTPd manager now. That was easy! :o)

I switched off the FTP in Mac preferences as instructed by the install docs and created a Guest account. When I try to log on through my PC, I now get "Failed to receive response after connect" from my FTP client. It is the same with all accounts including "anonymous". If I try to connect directly to my current IP address through Internet Explorer, I get the message "FTP Folder Error. Windows can't access this folder. The connection with the server was reset."

I still have DynDNS running as I have a dynamic IP. I can still connect to the webserver directory through my DynDNS account name. Should I delete this account? Does PureFTPd manager check for a changed IP? Is DynDNS conflicting with PureFTPd? Have I missed something in the setup instructions?
Reply
User profile for user: Kevin Horn
Kevin Horn
User level: Level 4
1,836 points

Apr 24, 2006 6:49 PM in response to lynnmonk

The easiest way to do that, in my opinion, is to get a .mac account. You can put what you want on there and have people download with their web browser.

Here's mine:

http://homepage.mac.com/kevinbbg/

Can't remember if you need a password or not, I don't think I set one up, but if you can't get in that's why. You can also use it to put up pictures right from iPhoto for the family:

http://homepage.mac.com/kevinbbg/PhotoAlbum10.html
Reply
User profile for user: Kevin Horn
Kevin Horn
User level: Level 4
1,836 points

Apr 25, 2006 7:03 AM in response to lynnmonk

Yes and no. You can set up your public folder so that people can access it on their desktop like another hard drive where upload and download are as easy as drag and drop.

However, it's one big folder and anyone who has access to it has access to the whole folder. It sounds like you want to segment it so each person can only have access, or even see, the stuff meant only for them. For that you would need an ftp site. I wish .mac had that ability, I'd like to do that too.

If you've got broadband it should also come with disk space and you can set up an FTP site on there. Better to keep everyone off your computer and on a web site.
Reply
User profile for user: Kevin Horn
Kevin Horn
User level: Level 4
1,836 points

Apr 25, 2006 7:10 AM in response to lynnmonk

One ridiculously easy way to transfer files is through iChat. When you are signed on just drag and drop a file to anyone on your buddy list and it will transfer over. No size limit. Only drawback is the other person must be online and able to accept it. Also they need an iChat account. Easiest way to get one is go to aim.com and sign up with a screen name for free.

Mac people can use iChat, Windows people can use AIM software or MSN. Really simple and nothing to set up or maintain.
Reply
User profile for user: fu
fu
User level: Level 2
455 points

Apr 25, 2006 7:19 AM in response to lynnmonk

Hi lynnmonk

Give us a detailed description of your network, where is the Mac that's the FTP Server where are your (remote?) hosts? same LAN, different LAN?
I switched off the FTP in Mac preferences as instructed by the install docs and created a Guest account. When I try to log on through my PC, I now get "Failed to receive response after connect" from my FTP client. It is the same with all accounts including "anonymous". If I try to connect directly to my current IP address through Internet Explorer, I get the message "FTP Folder Error. Windows can't access this folder. The connection with the server was reset."


Hmm, first of all forget IE, and install Firefox on the Windows boxes 😉

I still have DynDNS running as I have a dynamic IP. I can still connect to the webserver directory through my DynDNS account name. Should I delete this account? Does PureFTPd manager check for a changed IP? Is DynDNS conflicting with PureFTPd? Have I missed something in the setup instructions?


Seems that you are trying to log in to your FTP server from a remote network/host, did you go through the firewall settings of PureFTPd? Is Port Forwarding/Mapping OK?

Again, providing us with detailed description of your network would help.

FYI here are the FTP TCP ports and their names:
TCP 20: FTP Data
TCP 21: FTP Control
TCP 989: FTP Data over LS/SSL
TCP 990: FTP Control over LS/SSL



Macs running 9.x, Macs running 10.4.x, SGI workstations running Irix 6.5.x




Message was edited by: fu
Reply
User profile for user: lynnmonk
lynnmonk Author
User level: Level 1
4 points

Apr 25, 2006 11:07 AM in response to fu

Hi fu

First of all please forgive my naivety regarding networks. I find them very confusing!

I have a small LAN of 3 PCs and the Mac. They are connected to the net through a Linksys ADSL gateway. I have set up the gateway so that only the Mac is visible to the outside World. It only allows one computer to be visible.

For testing purposes, I am trying to connect to the Mac from one of my PCs, via the web to the LAN IP address. It appears to be connecting to the Mac, but the Mac is not sending a response. I therefore cannot see any folders or files in the public or user accounts.

The people who will be connecting to my FTP will be people from all over the World, not members of my LAN. I currently can only connect to the Mac from one of my PCs, the Mac wont accept the password if entered from either of the others. Even on the PC that does work, I can only see my home directory, not the whole of the two drives installed. In order to work at the moment, I have to get my clients to upload files to a remote server, which I then download to my PC using an FTP client. Then I transfer them to the home folder of my Mac. Then I move over to the Mac and have to then transfer the files from my home folder to the auxiliary drive where I work on them!

So you see, it will save so much messing about if people could upload the files directly to the Mac!

I currently have the ports set to TCP 21. I obviously need these other settings you mention, but where, and in what, do I make these changes? Where do I find the firewall settings of PureFTPd? The settings page has "listens on port 21" and the passive port range is empty. Do I need to put 20 in the "from" & "to" fields?

I used to run a Hotline server on my PC (in the days before I had a LAN) and it was a doddle to set up. I'd like to have something with similar capabilities on the Mac. I don't need the chat functions though.
Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

FTP permissions question

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up