Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

MacOS High Sierra kills terminal FTP?

Hi, I regular use the FTP on the MacOS terminal, however, since I updated the OS to MacOS High Sierra, when typing the FTP command in the terminal it just reply with a bash error, I contacted apple phone support and they are "investigating the issue" but no answers yet.


This is the terminal snippet:

User-MacBook-Pro:~ user$ ftp

-bash: ftp: command not found


My mac: MacBook Pro 2017, 2,3 Ghz, I5.

MacBook Pro (13-inch, 2017, 2 TBT3), macOS High Sierra (10.13)

Posted on Sep 30, 2017 5:10 AM

Reply
Question marked as Best reply

Posted on Oct 2, 2017 7:26 AM

Apple reply:


Case Number:

Hi,

Thank you for the link.

I’ve received answer from our engineers and it is not possible to access FTP through the terminal, because High Sierra is a more secure operating system.

You can perhaps use 3rd party apps to access FTP, but which are eligible for this I’m not sure of since we don’t support 3rd party applications.

Best regards.

Apple Distribution International.

34 replies
Question marked as Best reply

Oct 2, 2017 7:26 AM in response to tintinve

Apple reply:


Case Number:

Hi,

Thank you for the link.

I’ve received answer from our engineers and it is not possible to access FTP through the terminal, because High Sierra is a more secure operating system.

You can perhaps use 3rd party apps to access FTP, but which are eligible for this I’m not sure of since we don’t support 3rd party applications.

Best regards.

Apple Distribution International.

Nov 11, 2017 12:10 PM in response to tintinve

$ brew install inetutils


will install inetutils from GNU that includes /usr/local/bin/ftp


$ which ftp

/usr/local/bin/ftp

$ ftp --version

ftp (GNU inetutils) 1.9.4

Copyright (C) 2015 Free Software Foundation, Inc.

License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>.

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.


Written by many authors.

Sep 30, 2017 6:57 AM in response to tintinve

Apparently, Apple has removed /usr/bin/ftp, and left secure ftp at /usr/bin/sftp. However, some sites still do not support secure ftp, so Apple has removed ftp without regard for that issue.


Another heads up.


For the first time in High Sierra, Apple has changed the default PATH element order (i.e. /etc/paths) to make /usr/local/bin have the highest precedence over /usr/bin, instead of previously, the last (lowest) position in these PATH elements.


This means if you have two commands installed in both locations with the same exact name, but different builds — the version in /usr/local/bin will run when you type the command name, instead of the system installed command in /usr/bin. Now, where it has never been needed before, one must explicitly preface the system command with /usr/bin/command. This is nuts.

Sep 30, 2017 7:27 AM in response to tintinve

As VikingOSX states it, the default PATH has been modified. This is unfair, as it wasn't mentioned anywhere.

Moreover, the ftp itself, which was in /usr/bin, has been removed: I installed High Sierra this morning, so my locatedb is as yesterday, and shows it was still there before upgrade:


$> locate ftp | grep ftp$

/Applications/ Développement/Xcode.app/Contents/Developer/usr/libexec/git-core/git-remote-ftp

/Applications/GitHub.app/Contents/Resources/git/libexec/git-core/git-remote-ftp

/System/Library/Filesystems/ftp.fs/Contents/Resources/mount_ftp

/System/Library/Tcl/tcllib1.12/ftp

/sbin/mount_ftp

/usr/bin/ftp

/usr/bin/sftp

/usr/bin/tftp

/usr/share/zsh/5.2/functions/_ncftp

/usr/share/zsh/5.2/functions/_zftp

/usr/share/zsh/5.2/help/zftp


but it you try to make an ls (LS) on this list, then /usr/bin/ftp is missing, as some zsh parts:


$> ls -ld $(locate ftp | grep ftp$)

ls: /usr/bin/ftp: No such file or directory

ls: /usr/share/zsh/5.2/functions/_ncftp: No such file or directory

ls: /usr/share/zsh/5.2/functions/_zftp: No such file or directory

ls: /usr/share/zsh/5.2/help/zftp: No such file or directory

lrwxr-xr-x 1 root wheel 15 23 sep 19:56 /Applications/ Développement/Xcode.app/Contents/Developer/usr/libexec/git-core/git-remote-ftp -> git-remote-http

-rwxr-xr-x 1 myusername staff 850620 30 jui 2015 /Applications/GitHub.app/Contents/Resources/git/libexec/git-core/git-remote-ftp

-rwxr-xr-x 1 root wheel 1905072 14 nov 2012 /Applications/SourceTree.app/Contents/Resources/git_local/libexec/git-core/git- remote-ftp

-rwxr-xr-x 1 root wheel 31616 21 sep 06:37 /System/Library/Filesystems/NetFSPlugins/ftp.bundle/Contents/MacOS/ftp

-rwxr-xr-x 1 root wheel 18224 21 sep 06:34 /System/Library/Filesystems/ftp.fs/Contents/Resources/mount_ftp

drwxr-xr-x 5 root wheel 170 16 jul 02:02 /System/Library/Tcl/tcllib1.12/ftp

drwxr-xr-x 82 myusername wheel 2788 30 jui 20:09 /Volumes/TMBKIMAC/BkAppsIMac/

lrwxr-xr-x 1 root wheel 63 30 sep 02:08 /sbin/mount_ftp -> /System/Library/Filesystems/ftp.fs/Contents/Resources/mount_ftp

-rwxr-xr-x 1 root wheel 110720 21 sep 06:35 /usr/bin/sftp

-r-xr-xr-x 1 root wheel 39008 21 sep 06:35 /usr/bin/tftp


I bet that I'm going to get the /usr/bin/ftp in some backup, and check my paths to fix them in POSIX way.


p.s. Not related to High Sierra but seen while writing this: if one clicks here on "Use advanced editor" while replying, then there is an error since we have no permission to do so. Please tell the webmaster to have this fixed asap. Found 'cause I wanted to set another style for terminal excerpts.


HTH.

Sep 30, 2017 7:47 AM in response to VikingOSX

Even as root, I couldn't make an 'cp -p sftp ftp' nor 'ln -s sftp ftp' in the /usr/bin directory.

So what I made to recover an ftp command is (with sudo or being root): cp -p /usr/bin/sftp /usr/local/bin/ftp

This works, and the copied sftp (named ftp) behaves correctly (this kind of executable behaves differently according to their name, such as vi and view).

HTH to have ftp back.


However, this doesn't solve my Cyberduck.app not working anymore, I thoughty is was realated to ftp missing. It probably is, but they must have explicitly specified /usr/bin/ftp, which I can't fix. Maybe some advanced access rights (like setfacl and getfacl commands)?

Nov 29, 2017 8:39 AM in response to tintinve

Haha. This is a good one! You made my day! You should probalbly read this: https://twitter.com/lemiorhan/status/935578694541770752😉


Actually, OSx is a horrible OS in regards of security, because the user has very limited access and authority over major parts of the system. Considering, that every line of code is a possible one to exploit, the major goal should be to reduce complexity to gain security. While with other UNIX like OS as BSD or Linux the users have the possibility to reduce attack surface pretty effective, with OSx this is difficult or impossible at all for the OS itself.


Who, for example, needs the bloated standard kernel? In this thing nearly everything is included even if 95% of the users only need 30% of the included functions. So why e.g. do I need to compile all filesystem drivers, when I only need ext4? Or why do I need 20 different bluetooth drivers compliled, when my PC does not even have bluetooth hardware? I could go on and on and on...


With Linux one can build a kernal from scratch exactly with the features required and can even only compile them as modules (or even utilize security features as grsecurity and PaX). Even better, one can sandbox every application using seccomp to filter system calls (as Google does with Chrome btw).


Not sure why so many people guess, that Apple OS is safe, but I'm really interested if anyone has a good argument, because none comes to my mind.


Cheers,

sizeof(void)

Nov 29, 2017 7:20 PM in response to tintinve

In terms of security, removing clients like "telnet" and "ftp" does not make an operating system any more or less secure.

you probably lock your car when its in a public car park in town, but you might choose to leave it open when its in your locked garage at home.

in the same vein, is true that a security dead-lock door is probably harder for people to get through, but do you really need it on your internal toilet door?

the point here is that tools are just tools, and deploying security needs to be done sensibly.

as a networking guy for 20+ years, I'll use telnet locally to test stuff, but ssh to servers on the internet.

(at the very least, we should have vendor supported ways to get them back - forcing people to get 3rd party stuff is surely the worse security outcome!!)

Jan 30, 2018 12:00 PM in response to tintinve

This is not "Solved". That is not even a logical answer, an insecure FTP client does not compromise the operating system security and unencrypted FTP is still widely used, especially inside corporate lans. Now we have to go install third party builds which in some ways actually CAN compromise security. Apple is getting more and more disappointing every year.

Feb 26, 2018 10:09 AM in response to danuke

No way on earth I'll ever go for a locked down desktop or laptop/notebook computer. iPads are barely bearable and cause me some degree of regret as they are whilst using them in that I need more freedom as a developer. They do not cater to developer level flexibility with regards to code editing and shell usage, etc. which are critical for our workflow patterns.

Feb 27, 2018 4:38 AM in response to ylluminate

That has been my concern for some time. I do not want a desktop iPad/iPhone/iAnyThingElse. I am really starting to miss command line only computing even for shell access to the internet. I tried wiping my computer and installing El Capitan but things would no longer work and I kept getting messages about updating my OS; and that was on my pre-Harvey iMac, I have not even considered trying that on this new iMac.


The Apple thought cops are starting to vacuum big time, and that's for sure and for certain. Perhaps I should look into a Debian box.

Feb 27, 2018 7:59 AM in response to danuke

Well, I can 100% feel your concern. We're not there yet and I'm able to operate as per norm on 10.13.x (aside from some performance glitches with 10.13.3+). I will never accept SIP or Gatekeeper. Period. Fortunately I can turn them off, but as soon as I can't... I'm gone or will be sticking with the last version that does and then put my support behind Linux efforts.


Linux UI and app support isn't there yet. There is a Linux project that I'm quite keen of at the moment, but won't mention here, that could make all the difference in the world for us. We definitely need to be able to run our os x apps in other green pastures when the time comes and I believe we will from the way things are going.


Apple's definitely losing it's way right now. I've been told by internals that Apple doesn't truly care about macOS anymore, it's really all about iOS and mobile devices - that's their bread and butter.


But yes, if we are to have real options lined up for when Apple goes completely south, the movement has to grow well past the hackintosh movement. It can all be done, but the lack of unity and fragmentation in the Linux and Unix communities in general have completely screwed things up over the last 20 years.

Mar 29, 2018 12:50 PM in response to tintinve

Removing basic Unix commands without regard for the impact on users and applications is reckless. FTP and TELNET have been basic functions of Unix since its early days. Removing them arbitrarily without providing a way for users to get them back is unacceptable. Why not make them available from the App Store for those of us who really need them? It's not up to Apple to dictate how secure my systems should be. Give me the tools to make it secure but do not impose your view of security on me.

MacOS High Sierra kills terminal FTP?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.