|
Setting up FTP users with Sharepoints
After reading through the forums, I figured out that to have secure FTP I needed to install pure-ftp, which I did through FINK. I also figured out (I think) how to configure it so that this is used by Apple as the default FTP client. However, I am stumped on the next step. I believe I need to set up users, directories, and permissions for FTP use - but I can't find instructions for doing this with OS X 10.2 and using the Sharepoints preference pane. Could anyone help? Thanks!
|
FWIW, sftp is already installed on OS X and is secure..
|
Create a user using the default facility (System Preferences > Accounts), then edit the user's capabilities in NetInfo Manager. I recommend setting a /dev/null shell assignment and changing the FTP user's home directory to the FTP root directory, so all user's share a common home.
You may want a command line adduser tool that automates this process. If so, I recommend testuser's adduser script: http://testuser.eshirazi.com/ |
Quote:
http://forums.macosxhints.com/showth...0915#post60915 http://forums.macosxhints.com/showth...ht=ftp+netinfo If you are correct, and I have no way of knowing, it seems like a lot of people are wasting their time! |
Quote:
The script on MacFora looks useful, but I'm a little hesitant because the author himself warns you not to use it because it hasn't been tested... |
This thread:
http://forums.macosxhints.com/showth...p+user+netinfo Has extensive instructions, but I'm wondering if this isn't overkill, considering the brief instructions provided by gatorparrots. Are all these steps necessary!? |
Quote:
Quote:
|
Quote:
Here is a question: Can people use a default FTP client with SFTP, or do they need special software? Which software? |
I guess one difference between the long instructions on the other thread and gatorparrots instructions is that the other thread is for setting up "anonymous ftp", while gatorparrots is just for how to allow a single user access to a given folder.
The macfora script was from 2002 - has anyone tested it, and does it work with 10.2.6? Do you have to set anything special for the directories you want to share? |
SFTP requires that the user have a valid shell account on your system. Consider the security implications of that for a moment. You should never give a shell account to anyone unless you trust them implicitly. A shell account is quite the potential open door into you system. (FTP, on the other hand, use does not require assigning a valid shell to the connecting user.)
Also, SFTP does not support chrooting, so the user is free to wander around the filesystem, potentially mucking up things by accident. Additionally, SFTP does not support the rich features available with modern FTP daemons, such as bandwidth throttling, upload/download quotas, maximum connections, connections per IP, etc. Overall, SFTP is highly generous in what it allows a user to do. Whatever resources are available, it makes available to the connecting user (filesystem and bandwidth). While the encryption feature is nice, this is an administrative nightmare if you have unknowledgeable users, so if you are looking for a fine level of server control, you must still look to FTP. |
Quote:
testuser (of Macfora) has a very nice, highly functional adduser script that has a wealth of options. It has perfect, fine control for setting up FTP-only user accounts. Unfortunately, it isn't posted at his site at the moment (because it is in beta), but you can use a functioning, slightly older version here: http://www.macfora.com/forums/showth...&threadid=8858 *edit* He now has his adduser script available on his site: http://testuser.eshirazi.com/ |
I found the script on his site from the above link, and I ran it to create a new user. But I can't connect. I keep getting refused. Is there any way to test that my FTP connection is working? Perhaps I did something wrong in installing pure-ftp?
If I type "ftp 0" in the terminal it says: Code:
ftp: connect: Connection refused |
BTW, here is what my system's "FTP" file looks like:
Code:
service ftpHere is the FINK package description: Quote:
I wish this stuff weren't so complicated. I've already wasted most of my day!!! But I'd like to thank everyone for their help! |
if it were easy, we wouldn't call it code :D
it's called pure-ftpd here: /sw/sbin/pure-ftpd |
Amazing. That little hyphen did the trick!!! Seems to work now!
|
Apropos quote
Quote:
|
I hope I didn't destroy any kingdoms by forgetting that hypen! (Or maybe I do ...)
|
Works, but then disconnects?
My friend is helping me test the connection. He seems to be able to connect, but almost immediately disconnects. The problem is clearly with the port setting. I opened up port 21, but he is getting this error:
Quote:
For what its worth, here is my computer's FTP log (modified for security): Quote:
|
That's not unusual for passive FTP. Unless he's using active FTP which negotiates and sends data on ports 20 & 21, it's always going to try and open a random high port to do the data transfer.
|
Quote:
|
In my example in the other thread, I showed the flag to send to pure-ftpd in order to specify a passive port range:
Quote:
More background about passive vs. active FTP here: http://slacksite.com/other/ftp.html |
Thanks. I had stupidly deleted that line of your setup because I didn't understand its purpose!
The link is very informative: Quote:
|
Quote:
Another one that I like to refer people to -- helpful because it does some hands-on demos that make things really clear -- is: http://www.freefire.org/articles/ftpexample.php3 Breen |
| All times are GMT -5. The time now is 10:23 PM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Site design © IDG Consumer & SMB; individuals retain copyright of their postings
but consent to the possible use of their material in other areas of IDG Consumer & SMB.