ftp

[yeash28]

i am setting up ftp on my mac and having some difficulties. i am new to using the terminal, but want to learn how to use it, so i am trying to do it entirely with command line. i have set up an ftp directory, but i dont know if the permissions or ownership is correct.
total 0
dr-xr-xr-x 3 jfelker wheel 264 Aug 6 23:24 bin
drwx-wx-wx 2 jfelker wheel 264 Aug 6 23:22 incoming
drwxr-xr-x 6 jfelker wheel 264 Aug 11 20:51 pub
dr-xr-xr-x 3 jfelker wheel 264 Aug 6 23:21 system
dr-xr-xr-x 3 jfelker wheel 264 Aug 6 23:20 usr
is this right? totally unsure here! i have a ream of paper entitled "free bsd unleashed" and i have read the section on "anonymous ftp" like 10 times and i still don't know if i got it right.
also i want to set up a greeting for whoever logs in "welcome to dumbass's computer" or whatever. i know what file i have to put the message in, but how the hell do i do it??? and how do i add a group entitled ftp? "addgroup" didn't work for me. should my group be ftp instead of wheel? every question i have just births a new one. haha
any help anyone can give would be greatly appreciated!
thanks

[yeash28]

you mean to tell me that all you unix gurus out there reading these forums can't help me out with setting up anonymous ftp access? nobody know how? c'mon someone knows!

share your knowledge with me and i'll buy you a cup of coffee and danish or something.

dont make me make my wife beg you guys, she hates it when i do that!

[AKcrab]

Funny. You may have to resort to the wife...
I did it the easy way, by clicking the "allow ftp access" button in sharing...
Wish I could help.
(I've shared my knowledge, do I get a danish? Or is your wife danish?)

[Jadey]

Here's how to set up your Mac OS X machine as an anonymous FTP server. From the MacAddict July, 2001 issue:

Step 1: enable root access.
Open NetInfo Manager. Choose "Authenticate" from the Security submenu of the Doman menu. Enter your admin password. Choose "Enable Root User" from the Security submenu again.

Step 2: create the FTP user.
Do this in NetInfo Manager. Click the padlock to unlock it. Highlight the Users folder, click the button to create a new directory (folder with a plus-sign). Name the new directory "ftp" (no quotes). Next choose New Property and New Value repeatedly from the Directory menu to created these properties and values: (properties on the left, values on the right)

uid: 21
expire: 0
name: ftp
passwd: *
shell: /dev/null
change: 0
home: /Users/ftp
gid: -21

Select Save from the Domain menu, quit NetInfo Manager.

Step 3: create the directories.
Launch the Terminal application. Type:

su
cd /Users
mkdir -p \
~ftp/System/Library/Frameworks/System.framework
mkdir /Users/ftp/bin
mkdir -p /Users/ftp/usr/bin
mkdir /Users/ftp/incoming
mkdir /Users/ftp/pub

Take a look at the folders you've created in the finder to make sure they're all in the proper spot.

Step 4: copy system files.
So your ftp users can browse the FTP folders, In the Terminal application, type:

cp /usr/lib/dyld /Users/ftp/usr/lib
cp /bin/ls /Users/ftp/bin/ls
cp /System/Library/Frameworks/System.framework/System ~ftp/System/Library/Frameworks/System.framework
cp /usr/lib/libSystem.B.dylib /Users/ftp/usr/lib

Step 5: set privileges.
In the Terminal application, type:

chmod -R 555 /Users/ftp/System
chmod 555 /Users/ftp/bin
chmod -R 555 /Users/ftp/usr
chmod 755 /Users/ftp/pub
chmod 733 /Users/ftp/incoming
chown -R yeash28 /Users/ftp/*

(of course modify yeash28 to the username of the administrator for the FTP site)

chown root \
~ftp/System/Library/Frameworks/System.framework.System
chown root /Users/ftp/bin/ls
chown root /Users/ftp/usr/lib/dyld
chgrp -R www /Users/ftp/*

Step 6: restart the FTP server.
For changes to take effect, stop and start your FTP server. You can do this in your Sharing Control panel in System Preferences.

There we go. MacAddict explains each step in detail, if you have a back issue from over a year ago (I'm sure you could buy one from them). I just typed out the important commands. Some tildes (key left of the 1) kinda look like dashes, so maybe copy/paste the commands I've typed out. Lemmie know if a command brings up an error, and I'll double-check the article to see if I haven't typed something incorrectly.

[sao]

yeash28,

You can find a well done setup script on Boris Mann's site. With also a FAQ page.

http://www.bmannconsulting.com/mod.p...0300&page_id=4

It has been modified recently and now works perfectly. ( February 23, 2002)

Remember that these instructions will brake on 10.2, but surely Boris will update the information after Jaguar is released.

After you set it up, make a search in both Unix forums for 'ftp server', and you will find some threads with common problems and solutions.

You also may want to check ProFTPD:

http://www.proftpd.org/goals.html

Good luck.


Cheers...

[yeash28]

thanks to everyone for your input, i greatly appreciate it. hopefully this weekend will provide me with opportunity to utilize it.

to akcrab, actually my wife has quite a bit of danish blood, do you want her? i have to warn you though, she's 6'1" and has a mighty right hook and roundhouse kick. however, if you're quick on your feet, you should be ok. let me know & you pay the shipping!

yeash28

[bluehz]

Whats the actual puprose of step 4 in the instructions? Sounds a bit fishy - copying some System files into the anon ftp dir.

[stetner]

The ftpd does something called 'chroot'ing. It makes it appear as if the root of the filesystem is the anon ftp dir.

This makes it safe, no anon user can go walkabout on your system. But it also means he cant see certain libraries, the ls and cd command etc. So these have to be copied down there for the anon user to use.

Might not be to clear, but do a google on 'chroot' and you should find lots of info.....

[bluehz]

Thanks for the info - I learned something new today. Assuming you use the chroot technique - is ftp really as unsafe as everyone crys about in terms of security. I use Proftpd on my Linux box that works as a DNS/Mail/FTP server for my LAN. But because of the "legendary security risk" that ftp poses - I only turn the ftp on when needed.

[stetner]

Well, in theory it is nice and safe. But all software has bugs!

One problem is that if you are running an anon ftp server I can decide to put 100 GB of stuff on it filling up your hard drive and causing you problems (this can be avoided by putting it on its own partition so if it fills up no damage is done).

If the permissions ar not done correctly on those libraries and executables, I could replace them with malicious code and possibly break out of the chroot'ed environment.

It is like a lot of stuff, if it is done right, you should have no worries. But if you do not need it turned on all the time, why take a chance?

[stetner]

see this thread for an update on ftp access.

or just read 'man ftpusers'