Editor's Note: This article is an excerpt adapted for the Mac DevCenter from the latest revision of Glenn Fleishman's Take Control of Sharing Files in Panther, a $10 eBook from the Take Control series.
The built-in FTP software in both Mac OS X releases (Jaguar and Panther) is an Apple-modified version of FTP software that works fine with other Unix and Linux variants. Unfortunately, when Apple modified the code so that it worked with their particular idea of how FTP should function with Mac OS X users and accounts, they introduced a number of problems.
For instance, it works well for one purpose only: user logins and guest access to specific user folders for uploading and downloading. If you want to set up a secure and configurable FTP server for any other purpose, you will likely run into trouble. The fact that it's difficult to turn guest FTP service off shows how little effort Apple put into making FTP a robust part of Mac OS X; they just put it in because it was available.
Another good point: Security Update 2004-09-07 broke Apple's built-in FTP software because the included FTP server was misconfigured. Apple fixed the problem in a security update a few weeks later, but the fact that the component was tested so minimally (if at all) shows how little attention Apple is paying to FTP.
In light of these problems, I recommend that you avoid Apple's built-in FTP server software. (Note: To turn off Apple's built-in FTP server, open the Sharing pane in System Preferences. Click the Services tab and uncheck FTP Access.)
Let me tell you about a much, much better and vastly easier and safer way to operate FTP on the Mac. You need Pure-FTPd, a free, sophisticated, and superb package that's a bear to configure by hand. Fortunately, you can use PureFTPd Manager, by Jean-Matthieu Schaffhauser, to help with configuration. PureFTPd Manager provides not only a graphical user interface to this free FTP server software, but also a fully compiled and configured version of Pure-FTPd. PureFTPd Manager works under Mac OS X 10.2 and 10.3.
Download PureFTPd Manager and follow its installation directions. If you are running Mac OS X 10.2, follow the instructions in the Read Me section of the installer for version 10.2.
(PureFTPd Manager is a remarkable piece of freeware. The author asks for donations, and after using his software for an hour, I donated €15, or about $20. I encourage you to do the same if you become a regular user--or addict, as I have.)
When you launch PureFTPd Manager for the first time, it prompts you for your administrative password because its Setup Assistant will change some directories and needs the password to carry out those operations. After you log in, the Setup Assistant appears. As you work through the Setup Assistant, if you have specific knowledge of Unix user and group permissions, you might modify some of these settings. However, the defaults are quite good, and you should stick with them if you don't know what you are doing, and I don't instruct you otherwise. Also, you can skip any step by checking the Skip checkbox. The following steps help you work through the Setup Assistant:
(Note: You can't bypass the assistant--you can check Skip or use defaults for each of these steps, and you must reach Step 6 and click Configure to run the actual manager software.)
chroot(for "change root" in Unix parlance), and is often a huge hassle to set up. With PureFTPd Manager, though, it's easy. If you want to turn on anonymous FTP, just click Continue. If you won't need anonymous access, check Skip Anonymous Account Setup and click Continue. You can turn on anonymous access later.
Virtual Users (Step 3 of 6): Virtual Users let you separate your Mac OS X users from FTP-only users (Figure 2). It's a nice feature when you have remote access that you want to keep isolated from your main computer's file system. If you want to turn on Virtual Users, click Continue. Otherwise, check the Skip box and then click Continue.
You can run through this assistant again at any time from the Server Status tab of PureFTPd Manager by clicking Easy Setup Assistant.
Surely, anonymous FTP is one of the greatest uses of the Internet. With anonymous FTP, users don't need special accounts. This has been particularly difficult to set up securely under Mac OS X, and PureFTPd and the manager software finally give us that clean ability.
To turn on anonymous FTP access in PureFTPd Manager, follow these steps:
I recommend the following settings:
To apply the settings, close the Preferences window.
A virtual user in PureFTPd Manager can optionally have access only to directories with a particular login name in the location you have chosen. This allows you to create users without creating a full Mac OS X login account. To create a virtual user, follow these steps:
In the General pane, enter the basic details for this user, such as full name (used to display information in the Server Status dialog), user name (in the Login field), and password (Figure 4). If you want to set the Home Directory to something other than the default, click Choose. Checking Restrict User Access to His Home Directory allows a user (of either gender) to view only the files in that directory and deeper. Unchecking it gives access to the entire computer. Restrict Time Access is a terrific option if you want certain users to have access just during work hours or at night. Checking Disabled keeps all the settings in place, but disables the account as long as the box is checked.
S) or click the Save button to save these changes and have them applied. (You'll be prompted if the server needs to be restarted.)
You can modify the default virtual user folder area in PureFTPd Manager's preferences. In the Mac OS X preference pane, click the Choose button to the right of the Virtual Users Base Directory field (Figure 5).
Mac OS X users have access to Pure-FTPd with their existing user names and passwords via a system called
pam, which is used for authentication. You can disable access for all OS X users, not just a subset, through PureFTPd Manager. Here are the steps:
One of PureFTPd Manager's neatest features is the ability to easily create (or import) an SSL/TLS certificate, which is required for a form of encrypted and secured FTP called FTP-SSL/TLS. (Find out what this is by reading the sidebar "Secure FTP (SFTP) Versus FTP-SSL/TLS.") Follow these steps to set up an SSL/TLS certificate:
Click Create a Certificate to open the Create a Certificate dialog (Figure 7).
After clicking the Go Self-Signed! Button, fill out the dialog that appears, entering values in every field (Figure 8). These values aren't cross-checked by anyone but you--you can enter "nonsense" into every field but the two-letter ones and it will still work. But I recommend that you include useful details. When I create a certificate like this, I change the Certificate Validity (in Days) field from 30 to 3000, because I don't want to create a new one each month. You can also increase the number of bits in the certificate; this decreases the chance of the certificate being broken, as unlikely as that now seems.
If you use a self-signed certificate, the FTP client used to access your FTP server must allow self-signed certificates. And be aware that some of these FTP clients may prompt you to confirm that the certificate is valid before allowing a connection for the first time. (Web browsers using SSL/TLS bypass this by using a third party that has its own validity installed in the browser; this third party, a certificate authority, vouches for the certificate.)
Although PureFTPd Manager can show you the certificate--after you complete Step 7, click View My Certificate in the SSL/TLS preference pane--it doesn't show a fingerprint, which is a short sequence of hexadecimal numbers that sort of summarizes the certificate's contents (Figure 8). You can extract the fingerprint by following these steps:
pico pureftpd.certto run a simple Terminal text editor and create a file named pureftpd.cert.
Command-Vto paste in the text.
Ctrl-Oto write out the file; then press
openssl x509 -noout -in pureftpd.cert \ -fingerprint
The resulting output is the fingerprint. You can distribute it to others in order to confirm that the FTP server that a user has connected to is really yours--not one disguised as yours.
Pure-FTPd can offer different files for different FTP server names that you set up. For instance, you could run Pure-FTPd on a single computer that acted as the FTP server for both ftp.glennf.com and ftp.oreillynet.com. The only limitation is that, unlike with a web server, each FTP server must have its own unique IP address. (Web server software can feed out a different web site at the same server IP address because the HTTP protocol lets a browser explain which server it wants. This feature is missing from FTP, so you must pair a host name for the FTP server with a unique IP address.)
Pure-FTPd calls these different servers virtual hosts, and you can configure them in PureFTPd Manager. To set up a virtual host, follow these steps:
en0for your primary Ethernet interface, or the one built into your computer. PureFTPd lets you add any IP address, not just legitimate ones for your network; see "Giant Warning!"
Giant Warning! In testing PureFTPd Manager, I invented an IP address to create a fake virtual server. I failed to delete this virtual server after testing it. Every time I rebooted my Macintosh thereafter, I could not reach any computers that were located on any address starting with the first number in that fake server's IP address! It took some figuring to understand what I'd done wrong. Deleting the fake virtual server eliminated the problem. This problem might bite you if you have a mobile machine that's using virtual servers.
Now click the Save button (on the toolbar).
Using PureFTPd Manager, you can control Pure-FTPd in a number of interesting ways; here are some that are worth reviewing, since they may be useful for your particular purpose:
FTP is an insecure protocol, meaning that by default, it sends all data, passwords, and other login information in the clear (that is, without scrambling them to hide their content). There are now two ways to secure FTP through encryption, both of which require servers and clients that support them. These methods aren't incompatible; some servers and clients can handle both. Here's more info about both techniques:
Secure FTP (SFTP): This more widely supported method is also known as "FTP over
or "FTP-SSH." (SSH
stands for "Secure Shell.") With SFTP, you open an encrypted tunnel using the Remote
Login service in Mac OS X or the
ssh service on other Unix systems. The tunnel is
opened, and then an FTP connection is passed through the tunnel. To enable SFTP on
any Mac, turn on the Remote Login service in the Services pane in System Preferences.
Any FTP server should support SFTP, if
ssh is enabled on that server computer. Many
FTP clients support SFTP, including Interarchy. In Interarchy, choose File -> SFTP
to start a secure FTP session.
FTP-SSL/TLS (Secure Sockets Layer/Transport Layer Security): SSL and TLS are the same thing; SSL is an older name for the standard from before its patent expired. With FTP-SSL/TLS, you use a server that has an SSL/TLS certificate installed. This certificate validates the server's identity, and is used to create an encrypted tunnel directly between the client and the FTP server. By contrast, with SFTP, the tunnel is more generically between the SSH software on both machines.
Pure-FTPd supports FTP-SSL/TLS, and PureFTPd Manager allows the simplest creation of a self-signed SSL/TLS certificate of any program I've seen. (Find the steps in "Create an SSL/TLS Certificate for FTP-SSL/TLS.")
FTP-SSL/TLS works only in a few clients on the Mac. I found that RBrowser handles a self-signed certificate correctly with Pure-FTPd (www.rbrowser.com, $29 license includes SSL/TLS). Interarchy's developer has put SSL/TLS support near the top of his future development list, and other FTP developers are considering it as well. If you find SSL/TLS compelling, tell your favorite FTP software company that you hope they'll add it.
To decide between SFTP and FTP-SSL/TLS, you'll need to consider ease-of-use versus
security. SFTP is much simpler to set up and more widely supported in FTP software.
On the other hand, if you use SSL/TLS, you don't need to run
ssh or Remote Login
on your server in order to have a secure connection. An SSL/TLS connection has
more integrity, in the networking sense, because the encryption runs end to end
from program to program; with SSH, data is routed in the clear on the client and
server machines from separate programs to the SSH software. SSH is thus slightly
less secure (but not by much).
Glenn Fleishman is a freelance technology journalist contributing regularly to The New York Times, The Seattle Times, Macworld magazine, and InfoWorld. He maintains a wireless weblog at wifinetnews.com.
Return to MacDevCenter.com.
Copyright © 2009 O'Reilly Media, Inc.