setting up FTP server???

[iknownotwhoiam]

i am trying to set up an FTP server on my machine. i know how to start sharing and all of that. i want to know how i can restrict my visitors to only viewing certain files and folders. can anyone help me with this or point me to a web page where this is explained?
thanks.
axel.

 

[lombard]

The easiest method would be to go in to your user preferences in the system preferences and set up a new user with a name like "guest". Set up a password for that user and then make sure you don't give them administrator priviledges.

Then when the FTP in to your machine, the only files they'll be able to see will be the ones in their "Home" directories and the one's in any other user's "Public" directories.

 

[dougk_ff7]

Uh, well, it's all done in the UNIX file permissions. But if you're wanting to do anything other than anonymous file access, I recommend SCP, which is not as widely used, but it is more secure. If you want to use SCP, just use the SSH (which is something like "allow remote logins". But if you learn a little about file permissions, both will work the same way from there. Basically, on directories, if you set the eXecute bit to none, nobody can cd into that directory (which is pointess). You also can manually set it to owner, group, or world. In the numbered method of chmoding, that's OGW. Also, you can set Read to whatever you want, and Write to whatever you want. These can be used with chmod a+r for world readable, and so on. The numbering is a little different. Check out www.linuxdoc.org for more information, even though some stuff won't apply.

 

[iknownotwhoiam]

i tried this but the rest of the files on my machine could still be viewed when i signed on to the FTP. should i try changing the privledges and see what happens? that seems like a lot of hassle though...
any ideas?
thanks.
axel.

 

[macavenger]

In your /etc/ directory there is a text file named ftpChroot (if not you can probably create it) Simply put the name of each user that you want limited to their home directory on a new line in this file, and viola! You will need to use sudo or su to modify this file.

 

[dougk_ff7]

can you READ the files? or even write them? But before you actually use any public service, read a little on UNIX security. Also, home directories should be protected.

 

[billybob]

what macavenger said.
some more detailed instructions:

in the terminal, type cd /etc

then

sudo pico ftpchroot

enter your admin password and then type in each username (the short login name, not the long one) that you want to be limited to their home directory. for example on my home machine my user's short name is dmron. so it would be

dmron
macavenger
lombard
etc

each username must be on its own line. then hit control-o to save and control-x to exit. restart the ftp server and these users should be limited to seeing only their home directories when they login via ftp.

please be aware that ftp is totally insecure since username and password are transfered via plain text. so i would recommend NOT loggin in via ftp with an admin account.

 

[macavenger]

Except the command you need to type is "sudo pico ftpChroot" (rather than ftpchroot) the C is capital, at least on my system. Typing the c lower case will get you a different file.

 

[billybob]

well the file doesn't exist by default in OSX. I've always seen it as ftpchroot rather than ftpChroot. so typing sudo pico ftpchroot would create the file, not open the existing one (since it doesnt exist).

I dont know if it actually matters to the OS if the C is capital or not...

 

[throwthag]

Hi,

I have been trying to set up a guest ftp account so that people can safely "put" files there. I have created a guest account and added guest to /etc/ftpChroot. However, this does not block access to the rest of my system. When I ftp in as guest I can access my entire system!

What steps am I missing? (I have also tried it with "ftpchroot", and it didn't work either).

Thanks for any help.
-Sean

 

[macavenger]

This may be one of those stupid questions, but did you make sure that guest is not an administrative user?

 

[throwthag]

Yes, I made sure that my "guest" account was not an administrator. When logging into the guest account via FTP, there was still full access to the whole system.

Anyone else have any ideas?

Thanks again for any help.

-Sean