enabling anonymous ftp [tutorial]

vertigo

Swollen Member
Setting Up Anonymous FTP on MacOS X

Introduction

This manual applies to MacOS X 10.x, not MacOS X Server. The procedure on Server is very similar, but requires a little more tweaking because it uses a different FTP server by default.

The FTP server built into MacOS X (ftpd) is already fully capable of handling anonymous FTP users. You just need to know how to enable it. When accepting anonymous FTP users, ftpd wants a user named 'ftp' with no password. Here's how you set it up.

Creating the 'ftp' user

Open your System Preferences. In the Users panel, click New User. Make the name "Anonymous FTP" (so you know what it is at a glance) and the short name "ftp". Leave the password blank.

Configuring the 'ftp' user

Open NetInfo Manager (it's in /Applications/Utilities). Click the lock and authenticate yourself. In the column browser on top, click / at the far left, then click users, then click ftp (the user you just created). You should see a bunch of stuff in the property/value list. First, you want to delete all but the following lines (keep these):

uid
name
shell
passwd
home
realname
gid

After you have deleted all but these properties, change the value of gid to -1, change the value of shell to "/dev/null" (so you can't telnet/ssh in as ftp), and make the value of passwd blank. Hit Command-S (or go to Domain->Save) and tell it to update when it asks. Your ftp user should look like the screenshot below.

Then simply go under the Options menu and select Restart All NetInfo Domains on Local Host. This should tell ftpd to restart so it can see the new anonymous user.

Setting Up The Directory

You can set up /Users/ftp however you want. I simply delete everything in it and put whatever i want accessible in there. I would suggest changing ownership of the ftp folder to whatever user/group you want to modify it from. For instance, if your login was "joebob" and you were in the group "staff", you could do "sudo chown -R joebob.staff /Users/ftp" from the terminal, which would allow you to edit the ftp directory directly from your account. This also disallows uploading to the root directory of the anonymous ftp. You could then create an uploads folder in the finder by setting its privleges so that the owner and group have read&write, but everyone else has write only (drop box).But this isn't a unix tutorial, so I leave it to the user to do as he or she wishes with this :)

Disclaimer

I take no responsibility for whatever this may do to your particular configuration. It works for me, and I just thought I would share :)


Dan Watson
dcwatson@mac.com

------------------------------------------------------------

an RTF version of this document with a screenshot is available at http://vertigo.avara.net/anon_ftp.tar.gz. hope this helps, feedback is welcome :)
 
So I could do this same thing but create users with passwords instead. So then I would have users with home directories and a webspace that they could publish things to. But would they be able to login from the OS X startup login screen? Or would I need to something slightly different for non-anonymous users with FTP only access?

__________________
RHITMacMan
 
MacAddict also had an excellent anonymous FTP tutorial in their magazine 2 issues ago. It may be on their web site. Their instructions also covered restricting anonymous FTP users to directories of your specifications. ie. chroot jail.
 
Back
Top