- Table of Contents
- Copyright
- About the Author
- Acknowledgments
- Tell Us What You Think!
- Introduction
- Part I: Introduction to Mac OS X
- Chapter 1. Mac OS X Component Architecture
- Chapter 2. Installing Mac OS X
- Chapter 3. Mac OS X Basics
- Chapter 4. The Finder: Working with Files and Applications
- Chapter 5. Running Classic Mac OS Applications
- Part II: Inside Mac OS X
- Chapter 6. Native Utilities and Applications
- Chapter 7. Internet Communications
- Chapter 8. Installing Third-Party Applications
- Part III: User-Level OS X Configuration
- Chapter 9. Network Setup
- Chapter 10. Printer and Font Management
- Chapter 11. Additional System Components
- Part IV: Introduction to BSD Applications
- Chapter 12. Introducing the BSD Subsystem
- Chapter 13. Common Unix Shell Commands: File Operations
- Part V: Advanced Command-Line Concepts
- Chapter 14. Advanced Shell Concepts and Commands
- Chapter 15. Command-Line Applications and Application Suites
- Chapter 16. Command-Line Software Installation
- Chapter 17. Troubleshooting Software Installs, and Compiling and Debugging Manually
- Chapter 18. Advanced Unix Shell Use: Configuration and Programming (Shell Scripting)
- Part VI: Server/Network Administration
- Chapter 19. X Window System Applications
- Chapter 20. Command-Line Configuration and Administration
- Chapter 21. AppleScript
- Chapter 22. Perl Scripting and SQL Connectivity
- Chapter 23. File and Resource Sharing with NetInfo
- Chapter 24. User Management and Machine Clustering
- Chapter 25. FTP Serving
- Turning On the FTP Server
- Available Options in the FTP Server
- Setting Up Anonymous FTP
- Using wu-ftpd as a Replacement for the Default ftpd
- Alternatives to FTP
- Summary
- Chapter 26. Remote Access and Administration
- Chapter 27. Web Serving
- Part VII: Server Health
- Chapter 28. Web Programming
- Chapter 29. Creating a Mail Server
- Chapter 30. Accessing and Serving a Windows Network
- Chapter 31. Server Security and Advanced Network Configuration
- Chapter 32. System Maintenance
- Appendix A. Command-Line Reference
- Appendix B. Administration Reference
Available Options in the FTP Server
You have just turned on your FTP server. If you looked at the ftp entry in your /etc/inetd.conf file, you noticed that the server runs by default with the -l option, which is the option that forces the logging of successful and unsuccessful FTP sessions.
Many other options are available in the FTP server, and they are detailed in the command documentation table, Table 25.1. To implement any of the options, edit the ftp entry in the /etc/inetd.conf file. Remember to back up /etc/inetd.conf before making any changes.
To cause the changes you have made to the /etc/inetd.conf file to take effect, you must make the inetd process reread its configuration file. To do so, find the process ID and issue a kill -HUP to that process ID, as shown here:
[localhost:/Users/joray] root# ps -aux | grep inetd
root 233 0.0 0.0 1260 112 ?? Ss 0:00.01 inetd
root 768 0.0 0.0 5708 0 std T 0:00.00 grep inetd
[localhost:/Users/joray] root# kill -HUP 233
Nothing obvious will occur after you have issued the preceding commands. You might not even see anything in the log file to indicate that the hangup signal was issued. Test the FTP server to make sure that the options you specified are being observed. If you find they are not, you can always reboot the machine to ensure that the inetd process rereads its configuration file. But in a multi-user environment, it is polite to keep the number of times you have to reboot to a minimum.
Table 25.1. Command Documentation Table for ftpd
| ftpd | Internet File Transfer Protocol server. |
| ftpd [-AdDhlMSU] [-T <maxtimeout> ] [-t <timeout> ] [-u <mask> ] | |
| ftpd is the Internet File Transfer Protocol process. It uses the TCP protocol and runs on the port specified as ftp in services directory of the NetInfo database. | |
| -A | Permits only anonymous FTP connections. All others are refused. |
| -d | Turns on debugging. Debugging information is written to the syslog using LOG_FTP. |
| -D | Detaches and becomes a daemon. Accepts connections on the FTP port and forks child processes to handle them. This has a lower overhead than starting the service from inetd(8) and is useful on busy servers to reduce the load. |
| -h | Uses data ports in the high port range (usually 40000–44999) for passive connections. |
| -l | Each successful and failed ftp (1) session is logged to the syslog using LOG_FTP. If specified twice (-l -l), the logging of retrieve (get), store (put), append, delete, make directory, remove directory, and rename operations and their arguments also occurs. |
| -M | Enables multihomed mode. Instead of using ~ftp for anonymous transfers, a directory matching the fully qualified domain name of the IP address of the connected client, located in ~ftp, is used instead. |
| -S | Logs all anonymous transfers to /var/log/ftpd, if the file exists. |
| -U | Logs each concurrent ftp (1) session to the file /var/log/ftpd, making them visible to commands such as who (1). |
| -T <maxtimeout> | A client may also request a different timeout period. The maximum period may be set to <timeout> in seconds. Default is two hours. |
| -t <timeout> | Sets the inactivity timeout period to <timeout> seconds. Default is 15 minutes. |
| -u <mask> | Changes default umask from 027 to <mask> . |
| ftpd supports the following FTP requests, case ignored. | |
| ABOR | Aborts previous command. |
| ACCT | Specifies account (ignored). |
| ALLO | Allocates storage (vacuously). |
| APPE | Appends to a file. |
| CDUP | Changes to the parent directory of the current working directory. |
| CWD | Changes current working directory. |
| DELE | Deletes a file. |
| HELP | Gives help information. |
| LIST | Gives list files in a directory (ls -lgA). |
| MKD | Makes a directory. |
| MDTM | Shows last modification time of file. |
| MODE | Specifies data transfer mode. |
| NLST | Gives name list of files in directory. |
| NOOP | Does nothing. |
| PASS | Specifies password. |
| PASV | Prepares for server-to-server transfer. |
| PORT | Specifies data connection port. |
| PWD | Prints current working directory. |
| QUIT | Terminates session. |
| REST | Restarts incomplete transfer session. |
| RETR | Retrieves a file. |
| RMD | Removes a directory. |
| RNFR | Specifies rename-from filename. |
| RNTO | Specifies rename-to filename. |
| SITE | Nonstandard commands (see next section). |
| SIZE | Returns size of file. |
| STAT | Returns status of server. |
| STOR | Stores a file. |
| STOU | Stores a file with a unique name. |
| STRU | Specifies data transfer structure. |
| SYST | Shows operating system type of server system. |
| TYPE | Specifies data transfer type. |
| USER | Specifies username. |
| XCUP | Changes to parent of current working directory (deprecated). |
| XCWD | Changes working directory (deprecated). |
| XMKD | Makes a directory (deprecated). |
| XPWD | Prints the current working directory (deprecated) |
| XRMD | Removes a directory (deprecated). |
| The following nonstandard commands are supported by the SITE request: | |
| UMASK | Changes the umask; for example, SITE UMASK 002. |
| IDLE | Sets the idle timer; for example, SITE IDLE 60. |
| CHMOD | Changes the mode of a file; for example, SITE CHMOD0 0CHMOD1 1CHMOD2. |
| HELP | Gives help information. |
| The remaining FTP requests specified in Internet RFC 959 are recognized, but not implemented. | |
| ftpd interprets filenames according to the globbing conventions by csh (1). This allows users to use the metacharacters: *, ?, [], {}, and ~. | |
| ftpd authenticates users according to these rules: | |
| 1. Login name must be in the password database and not have a null password. | |
| 2. Login name must not appear in /etc/ftpusers. | |
| 3. User must have a standard shell returned by getusershell (3). | |
| 4. If the username appears in /etc/ftpchroot, the sessions root is changed to the user's home directory by chroot (2), as for an anonymous or FTP account. The user must still supply a password. This feature is a compromise between an anonymous account and a fully privileged account. This account should also be set up as for an anonymous account. | |
| 5. If the username is anonymous or ftp, an anonymous FTP account must be present in the password file for user ftp. The connecting user may specify any password, customarily an e-mail address. | |
| Associated files: | |
| /etc/ftpusers | List of unwelcome/restricted users. |
| /etc/ftpchroot | List of normal users who should be chrooted. |
| /etc/ftpwelcome | Welcome notice. |
Restricting Access to the FTP Server Using Its Tools
The FTP server provides some ways for you to limit access to the service. An /etc/ftpusers file comes by default. This file contains the list of users who are not allowed FTP access to the machine:
[localhost:~] joray% more /etc/ftpusers
# list of users disallowed any ftp access.
# read by ftpd(8).
Administrator
administrator
root
uucp
If you have any additional users who should not be granted FTP access, include them in this file.
The FTP server also allows for chrooted FTP access, which is a compromise between full access and anonymous-only access. With this compromise access, a user is granted FTP access only to his home directory. List any users who should have this type of access in the /etc/ftpchroot file. Note, however, that if you decide to make anonymous FTP available, OS X currently ignores the /etc/ftpchroot file. In other words, if you decide to make anonymous FTP available, only anonymous FTP receives the behavior of chroot being used to limit the root directory of the FTP session to that of the user's home directory. Real users have full access.
Logging
The FTP server logs connections to /var/log/ftp.log. Typical entries in the log look like this:
Jul 19 14:56:00 localhost ftpd[20313]: connection from calvin.biosci.ohio-state.edu
Jul 19 14:56:01 localhost ftpd[20313]: FTP LOGIN FROM calvin.biosci.ohio-state.edu as marvin
Jul 19 15:01:44 localhost ftpd[20327]: connection from calvin.biosci.ohio-state.edu
Jul 19 15:01:45 localhost ftpd[20327]: FTP LOGIN FROM calvin.biosci.ohio-state.edu as marvin
Jul 19 15:19:39 localhost ftpd[20358]: connection from calvin.biosci.ohio-state.edu
Jul 19 15:19:39 localhost ftpd[20358]: ANONYMOUS FTP LOGIN FROM calvin.biosci.ohio-state
.edu, marvin@
)
The ftp.log file shows who logged in and where the user logged in from. In the case of an anonymous connection, the password used identifies the user. The file logs only the initial connections, not anything about the transfers.
Setting Up Anonymous FTP | Next Section
Account Sign In
View your cart