Muscle Up Your Mac FTP

Editor's Note: This article is an excerpt adapted for the Mac DevCenter from the latest revision of Glenn Fleishman's Take Control of Sharing Files in Panther, a $10 eBook from the Take Control series.

The built-in FTP software in both Mac OS X releases (Jaguar and Panther) is an Apple-modified version of FTP software that works fine with other Unix and Linux variants. Unfortunately, when Apple modified the code so that it worked with their particular idea of how FTP should function with Mac OS X users and accounts, they introduced a number of problems.

For instance, it works well for one purpose only: user logins and guest access to specific user folders for uploading and downloading. If you want to set up a secure and configurable FTP server for any other purpose, you will likely run into trouble. The fact that it's difficult to turn guest FTP service off shows how little effort Apple put into making FTP a robust part of Mac OS X; they just put it in because it was available.

Another good point: Security Update 2004-09-07 broke Apple's built-in FTP software because the included FTP server was misconfigured. Apple fixed the problem in a security update a few weeks later, but the fact that the component was tested so minimally (if at all) shows how little attention Apple is paying to FTP.

In light of these problems, I recommend that you avoid Apple's built-in FTP server software. (Note: To turn off Apple's built-in FTP server, open the Sharing pane in System Preferences. Click the Services tab and uncheck FTP Access.)

Let me tell you about a much, much better and vastly easier and safer way to operate FTP on the Mac. You need Pure-FTPd, a free, sophisticated, and superb package that's a bear to configure by hand. Fortunately, you can use PureFTPd Manager, by Jean-Matthieu Schaffhauser, to help with configuration. PureFTPd Manager provides not only a graphical user interface to this free FTP server software, but also a fully compiled and configured version of Pure-FTPd. PureFTPd Manager works under Mac OS X 10.2 and 10.3.

Install PureFTPd Manager

Download PureFTPd Manager and follow its installation directions. If you are running Mac OS X 10.2, follow the instructions in the Read Me section of the installer for version 10.2.

(PureFTPd Manager is a remarkable piece of freeware. The author asks for donations, and after using his software for an hour, I donated €15, or about $20. I encourage you to do the same if you become a regular user--or addict, as I have.)

Configure PureFTPd Manager

When you launch PureFTPd Manager for the first time, it prompts you for your administrative password because its Setup Assistant will change some directories and needs the password to carry out those operations. After you log in, the Setup Assistant appears. As you work through the Setup Assistant, if you have specific knowledge of Unix user and group permissions, you might modify some of these settings. However, the defaults are quite good, and you should stick with them if you don't know what you are doing, and I don't instruct you otherwise. Also, you can skip any step by checking the Skip checkbox. The following steps help you work through the Setup Assistant:

(Note: You can't bypass the assistant--you can check Skip or use defaults for each of these steps, and you must reach Step 6 and click Configure to run the actual manager software.)

Figure 1.

1. Introduction (Step 1 of 6): The first screen presents an overview of the assistant's functions.
2. Anonymous Access (Step 2 of 6): Step 2 lets you choose settings for anonymous FTP (Figure 1). Pure-FTPd can isolate anonymous and regular users to special folders; this is called chroot (for "change root" in Unix parlance), and is often a huge hassle to set up. With PureFTPd Manager, though, it's easy. If you want to turn on anonymous FTP, just click Continue. If you won't need anonymous access, check Skip Anonymous Account Setup and click Continue. You can turn on anonymous access later.

3. Virtual Users (Step 3 of 6): Virtual Users let you separate your Mac OS X users from FTP-only users (Figure 2). It's a nice feature when you have remote access that you want to keep isolated from your main computer's file system. If you want to turn on Virtual Users, click Continue. Otherwise, check the Skip box and then click Continue.

   Figure 2.
4. Server Logging (Step 4 of 6): Tracking statistics and balancing Pure-FTPd's needs against the rest of your system are both useful options, so I recommend that you leave those checkboxes selected. However, if you are running just an FTP server on the computer on which you're installing this software, uncheck the option for fairly sharing processor resources. Click Continue.
5. System Settings (Step 5 of 6): In most cases, you want Pure-FTPd to launch every time the system launches. If you need to launch it manually just when an FTP need arises, uncheck Automatically Launch PureFTPd at System Startup. The program doesn't have an option to omit creating virtual users and hosts directories, but that shouldn't cause you any problems, even if you're not using either feature. Click Continue.
6. Conclusion (Step 6 of 6): The final screen shows a summary of your choices. Click Configure to implement them and launch PureFTPd Manager.

You can run through this assistant again at any time from the Server Status tab of PureFTPd Manager by clicking Easy Setup Assistant.

Turn on Anonymous FTP Access

Surely, anonymous FTP is one of the greatest uses of the Internet. With anonymous FTP, users don't need special accounts. This has been particularly difficult to set up securely under Mac OS X, and PureFTPd and the manager software finally give us that clean ability.

To turn on anonymous FTP access in PureFTPd Manager, follow these steps:

1. In PureFTPd's Preferences window, open the Anonymous pane.
2. If you followed the default setup with the Setup Assistant (as I explained in the steps just previously), Disable Anonymous Access is unchecked (Figure 3). Note that you can check that box to turn off anonymous access if and when you no longer need to allow anonymous access.

Figure 3.

I recommend the following settings:

• Check Disable Upload unless you're positive that anonymous users need to upload files. If so, your best bet is to create the anonymous account's file directory on a separate hard drive or disk partition from your boot disk. This will keep a malicious user from filling up your computer. (You can also set a preference to prevent this; see "Other Options," below.)
• Uncheck Anonymous Users Can Create Directories, because there is usually no reason to let just anyone create a directory.
• Check Anonymous Can't Download Files Uploaded by Anonymous. This protects your anonymous FTP server from becoming a pirated software or a "warez" hijacked repository. This happens quite frequently.
• Set Speed Limits to a percentage of your overall speed to prevent FTP users from overwhelming your Internet connection. If you have 768Kbps DSL, you might set Upload and Download to 512 or 256.

To apply the settings, close the Preferences window.

Create FTP Users Without Using Mac OS X Accounts

A virtual user in PureFTPd Manager can optionally have access only to directories with a particular login name in the location you have chosen. This allows you to create users without creating a full Mac OS X login account. To create a virtual user, follow these steps:

1. Click the User Manager button in the PureFTPd Manager toolbar.
2. Click the New button (in the toolbar). A new entry appears in the Virtual Users list at the left.

3. In the General pane, enter the basic details for this user, such as full name (used to display information in the Server Status dialog), user name (in the Login field), and password (Figure 4). If you want to set the Home Directory to something other than the default, click Choose. Checking Restrict User Access to His Home Directory allows a user (of either gender) to view only the files in that directory and deeper. Unchecking it gives access to the entire computer. Restrict Time Access is a terrific option if you want certain users to have access just during work hours or at night. Checking Disabled keeps all the settings in place, but disables the account as long as the box is checked.

   Figure 4.
4. Click the Virtual Folders tab to add directories that a user can view (or have read/write access to) that would otherwise be unavailable, because the user would be restricted to a home directory.
5. Click the Transfers tab to set a variety of quotas and limits, such as maximum storage size for that user. I highly recommend setting a megabyte limit--even a quite large one--if the user's home directory is on your boot disk.
6. Click the Other tab to create a banner message that this user sees on login if his FTP client displays banners; some, such as Fetch, don't.
7. Also in the Other pane, you can set the IP Restrictions fields in order to limit or exclude from access just specific IP ranges or addresses. This can be useful if you see abuse or if you're working just with a specific set of people with static addresses.
8. Choose File -> Save (Command-S) or click the Save button to save these changes and have them applied. (You'll be prompted if the server needs to be restarted.)

Figure 5.

You can modify the default virtual user folder area in PureFTPd Manager's preferences. In the Mac OS X preference pane, click the Choose button to the right of the Virtual Users Base Directory field (Figure 5).

Related Reading Mac Annoyances By John Rizzo

Disable Mac OS X Users

Mac OS X users have access to Pure-FTPd with their existing user names and passwords via a system called pam, which is used for authentication. You can disable access for all OS X users, not just a subset, through PureFTPd Manager. Here are the steps:

1. Open the Authentication pane in PureFTPd Manager's preferences.
2. Select the line whose type is PAM.
3. Click Remove.
4. Close the Preferences window.

Create (or Import) an SSL/TLS Certificate

One of PureFTPd Manager's neatest features is the ability to easily create (or import) an SSL/TLS certificate, which is required for a form of encrypted and secured FTP called FTP-SSL/TLS. (Find out what this is by reading the sidebar "Secure FTP (SFTP) Versus FTP-SSL/TLS.") Follow these steps to set up an SSL/TLS certificate:

Figure 6.

1. Open the SSL/TLS Sessions preference pane (Figure 6).

2. Click Create a Certificate to open the Create a Certificate dialog (Figure 7).

   Figure 7.
3. If (and only if) you are importing an existing certificate, one that you created using your own software or a certification authority (CA) such as VeriSign, click Import a Certificate. After selecting the certificate file, you're done and you can skip the rest of these steps.
4. To create a certificate that isn't validated by anyone else, but is perfectly fine for personal use or use with colleagues, click Go Self-Signed! (See "Checking the Self-Signed Certificate.")

5. After clicking the Go Self-Signed! Button, fill out the dialog that appears, entering values in every field (Figure 8). These values aren't cross-checked by anyone but you--you can enter "nonsense" into every field but the two-letter ones and it will still work. But I recommend that you include useful details. When I create a certificate like this, I change the Certificate Validity (in Days) field from 30 to 3000, because I don't want to create a new one each month. You can also increase the number of bits in the certificate; this decreases the chance of the certificate being broken, as unlikely as that now seems.

   Figure 8.
6. Click Generate My Certificate. On slower machines, it might take a moment before the certificate is finished and you're returned to the preference pane.
7. From the TLS Sessions menu, leave Disabled selected, if you don't want to allow SSL/TLS sessions; otherwise, choose Mixed Mode to allow clients that support FTP-SSL/TLS to use it, or choose TLS Only in order to restrict access to just those clients with TLS support. That last option might be useful only for very specific projects in which security is paramount.

Checking the Self-Signed Certificate

If you use a self-signed certificate, the FTP client used to access your FTP server must allow self-signed certificates. And be aware that some of these FTP clients may prompt you to confirm that the certificate is valid before allowing a connection for the first time. (Web browsers using SSL/TLS bypass this by using a third party that has its own validity installed in the browser; this third party, a certificate authority, vouches for the certificate.)

Although PureFTPd Manager can show you the certificate--after you complete Step 7, click View My Certificate in the SSL/TLS preference pane--it doesn't show a fingerprint, which is a short sequence of hexadecimal numbers that sort of summarizes the certificate's contents (Figure 8). You can extract the fingerprint by following these steps:

1. In PureFTPd Manager, open the SSL/TLS Sessions preference pane.
2. Click View My Certificate.
3. Copy the part that starts with the line that contains BEGIN CERTIFICATE all the way through the line that contains END CERTIFICATE.
4. Launch Terminal.
5. Type pico pureftpd.cert to run a simple Terminal text editor and create a file named pureftpd.cert.
6. Press Command-V to paste in the text.
7. Press Ctrl-O to write out the file; then press Ctrl-X to exit pico.
8. Now, type at the Terminal prompt:

   openssl x509 -noout -in pureftpd.cert \
   -fingerprint

The resulting output is the fingerprint. You can distribute it to others in order to confirm that the FTP server that a user has connected to is really yours--not one disguised as yours.

Create Multiple Servers

Pure-FTPd can offer different files for different FTP server names that you set up. For instance, you could run Pure-FTPd on a single computer that acted as the FTP server for both ftp.glennf.com and ftp.oreillynet.com. The only limitation is that, unlike with a web server, each FTP server must have its own unique IP address. (Web server software can feed out a different web site at the same server IP address because the HTTP protocol lets a browser explain which server it wants. This feature is missing from FTP, so you must pair a host name for the FTP server with a unique IP address.)

Pure-FTPd calls these different servers virtual hosts, and you can configure them in PureFTPd Manager. To set up a virtual host, follow these steps:

Figure 9.

1. Click the Virtual Hosts button on the toolbar to open the Virtual Hosts window (Figure 10).
2. Click New (located just to the right of the Virtual Hosts button) to create an empty virtual host. An entry for it appears in the Virtual Hosts lists at the left.
3. Enter the name (for reference only), the IP address, and the root directory of the virtual host. The root directory is the start of the path from which files will be fed on that virtual host. If the IP isn't set up on your computer, PureFTPd Manager will add the IP address to the network interface you select, like en0 for your primary Ethernet interface, or the one built into your computer. PureFTPd lets you add any IP address, not just legitimate ones for your network; see "Giant Warning!"

Giant Warning! In testing PureFTPd Manager, I invented an IP address to create a fake virtual server. I failed to delete this virtual server after testing it. Every time I rebooted my Macintosh thereafter, I could not reach any computers that were located on any address starting with the first number in that fake server's IP address! It took some figuring to understand what I'd done wrong. Deleting the fake virtual server eliminated the problem. This problem might bite you if you have a mobile machine that's using virtual servers.

Now click the Save button (on the toolbar).

Figure 10.

Other Options

Using PureFTPd Manager, you can control Pure-FTPd in a number of interesting ways; here are some that are worth reviewing, since they may be useful for your particular purpose:

• Limiting usage: You can use the Settings preferences pane to restrict the number of simultaneous sessions, the number of users per IP address, and the timeout for an FTP session to expire.
• Disable upload: In the Options preferences pane, you can limit how full your hard disk can become and halt uploads when that threshold is reached. If you put your FTP upload directory or directories on your boot disk, this limit can keep your system from becoming unusable--a full boot disk can crash or otherwise disable a system.
• Use a database to manage virtual users: PureFTPd Manager has hooks in the Authentication preferences pane for configuring Pure-FTPd to talk to database (MySQL and PostgreSQL) and LDAP servers. You could tie FTP access into a web-based system that would create users along with web accounts, for instance, or control account features.

Secure FTP (SFTP) Versus FTP-SSL/TLS

FTP is an insecure protocol, meaning that by default, it sends all data, passwords, and other login information in the clear (that is, without scrambling them to hide their content). There are now two ways to secure FTP through encryption, both of which require servers and clients that support them. These methods aren't incompatible; some servers and clients can handle both. Here's more info about both techniques:

Secure FTP (SFTP): This more widely supported method is also known as "FTP over SSH" or "FTP-SSH." (SSH stands for "Secure Shell.") With SFTP, you open an encrypted tunnel using the Remote Login service in Mac OS X or the ssh service on other Unix systems. The tunnel is opened, and then an FTP connection is passed through the tunnel. To enable SFTP on any Mac, turn on the Remote Login service in the Services pane in System Preferences. Any FTP server should support SFTP, if ssh is enabled on that server computer. Many FTP clients support SFTP, including Interarchy. In Interarchy, choose File -> SFTP to start a secure FTP session.

FTP-SSL/TLS (Secure Sockets Layer/Transport Layer Security): SSL and TLS are the same thing; SSL is an older name for the standard from before its patent expired. With FTP-SSL/TLS, you use a server that has an SSL/TLS certificate installed. This certificate validates the server's identity, and is used to create an encrypted tunnel directly between the client and the FTP server. By contrast, with SFTP, the tunnel is more generically between the SSH software on both machines.

Pure-FTPd supports FTP-SSL/TLS, and PureFTPd Manager allows the simplest creation of a self-signed SSL/TLS certificate of any program I've seen. (Find the steps in "Create an SSL/TLS Certificate for FTP-SSL/TLS.")

FTP-SSL/TLS works only in a few clients on the Mac. I found that RBrowser handles a self-signed certificate correctly with Pure-FTPd (www.rbrowser.com, $29 license includes SSL/TLS). Interarchy's developer has put SSL/TLS support near the top of his future development list, and other FTP developers are considering it as well. If you find SSL/TLS compelling, tell your favorite FTP software company that you hope they'll add it.

To decide between SFTP and FTP-SSL/TLS, you'll need to consider ease-of-use versus security. SFTP is much simpler to set up and more widely supported in FTP software. On the other hand, if you use SSL/TLS, you don't need to run ssh or Remote Login on your server in order to have a secure connection. An SSL/TLS connection has more integrity, in the networking sense, because the encryption runs end to end from program to program; with SSH, data is routed in the clear on the client and server machines from separate programs to the SSH software. SSH is thus slightly less secure (but not by much).

Glenn Fleishman is a freelance technology journalist contributing regularly to The New York Times, The Seattle Times, Macworld magazine, and InfoWorld. He maintains a wireless weblog at wifinetnews.com.

Return to MacDevCenter.com.

Copyright © 2009 O'Reilly Media, Inc.