- Table of Contents
- Copyright
- About the Author
- Acknowledgments
- Tell Us What You Think!
- Introduction
- Part I: Introduction to Mac OS X
- Chapter 1. Mac OS X Component Architecture
- Chapter 2. Installing Mac OS X
- Chapter 3. Mac OS X Basics
- Chapter 4. The Finder: Working with Files and Applications
- Chapter 5. Running Classic Mac OS Applications
- Part II: Inside Mac OS X
- Chapter 6. Native Utilities and Applications
- Chapter 7. Internet Communications
- Chapter 8. Installing Third-Party Applications
- Part III: User-Level OS X Configuration
- Chapter 9. Network Setup
- Chapter 10. Printer and Font Management
- Chapter 11. Additional System Components
- Part IV: Introduction to BSD Applications
- Chapter 12. Introducing the BSD Subsystem
- Chapter 13. Common Unix Shell Commands: File Operations
- Part V: Advanced Command-Line Concepts
- Chapter 14. Advanced Shell Concepts and Commands
- Chapter 15. Command-Line Applications and Application Suites
- Chapter 16. Command-Line Software Installation
- Chapter 17. Troubleshooting Software Installs, and Compiling and Debugging Manually
- Chapter 18. Advanced Unix Shell Use: Configuration and Programming (Shell Scripting)
- Part VI: Server/Network Administration
- Chapter 19. X Window System Applications
- Chapter 20. Command-Line Configuration and Administration
- Chapter 21. AppleScript
- Chapter 22. Perl Scripting and SQL Connectivity
- Chapter 23. File and Resource Sharing with NetInfo
- Chapter 24. User Management and Machine Clustering
- Chapter 25. FTP Serving
- Chapter 26. Remote Access and Administration
- Chapter 27. Web Serving
- Part VII: Server Health
- Chapter 28. Web Programming
- Chapter 29. Creating a Mail Server
- Chapter 30. Accessing and Serving a Windows Network
- Chapter 31. Server Security and Advanced Network Configuration
- Chapter 32. System Maintenance
- Appendix A. Command-Line Reference
- Appendix B. Administration Reference
Setting Up Anonymous FTP
As you have seen, setting up the FTP server to allow real users to have FTP access is not difficult. Setting up the FTP server to allow anonymous FTP takes some work. Be warned that setting up anonymous FTP makes your machine vulnerable to yet more attacks. For whatever reason, you might have a need to conveniently distribute or receive files. An anonymous FTP server can provide an easy cross-platform way to accomplish those goals.
To set up an anonymous FTP site, do the following:
-
Create an ftp user in the NetInfo database. Follow the pattern of one of the generic users, such as user unknown. You might start by duplicating the unknown user and editing the duplicate user. Create your ftp user with the basic parameters shown in Table 25.2.
Table 25.2. Basic Parameters for an ftp User
Figure 25.2 shows the values we used for our ftp user.Property Value name ftp realname <some generic reference to ftp> uid <some unused uid number> passwd * home <some suitable location> shell /dev/null gid <some unused gid number> change 0 expire 0 
Figure 25.2 Here is how we chose to create our ftp user, as seen in the NetInfo Manager.
- Create an ftp group in the NetInfo database. Make sure that you assign the ftp group the same gid that you indicated for the ftp user.
- Create a home directory for user ftp. Make sure that you create the directory that you specified in the NetInfo database. The directory should be owned by root and have permissions 555.
- Create a ~ftp/bin directory, owned by root with permissions 555.
- Copy the system's /bin/ls to ~ftp/bin/.
- Create ~ftp/usr/lib. Each of those directories should be owned by root with permissions 555.
- Copy the system's /usr/lib/dyld to ~ftp/usr/lib. This is one of the files that helps ls function properly in this chrooted environment.
- Copy the system's /usr/lib/libSystem.B.dylib to ~ftp/usr/lib. This is another file that helps ls function properly in the chrooted environment.
- Create ~ftp/System/Library/Frameworks/System.framework/Versions/B. Each of those directories should be owned by root with permissions 555.
- Copy the system's /System/Library/Frameworks/System.framework/Versions/B/System to ~ftp/System/Library/Frameworks/System.framework/Versions/B. This is another file that helps ls function properly in the chrooted environment.
- Create a ~ftp/pub directory where files could be stored for download. Recommended ownership of this directory includes some user and group ftp or user root. Typical permissions for this directory are 755.
- If you also want to make a drop location where files could be uploaded, create ~ftp/incoming, owned by root. Recommended permissions include 753, 733, 1733, 3773 or 777. You could also create ~ftp/incoming with permissions 751 and subdirectories that are used as the drop locations with any of the recommended drop-off permissions.
)
If you decide to allow anonymous FTP, make sure that you regularly check the anonymous FTP area and your logs for any unusual activity. In addition, regularly check Apple's Web site for any updates for OS X that include ftp updates. Security holes are regularly found in ftpd and regularly fixed.
For your convenience, we include a listing of our ftp user's home directory:
[localhost:/Users] root# ls -lRaF ftp
total 0
dr-xr-xr-x 7 root wheel 194 May 8 14:59 ./
drwxr-xr-x 12 root wheel 364 May 10 14:24 ../
dr-xr-xr-x 3 root wheel 58 May 8 13:28 System/
dr-xr-xr-x 3 root wheel 58 May 8 13:22 bin/
drwxr-x-wx 2 root wheel 24 May 10 14:32 incoming/
drwxr-xr-x 2 root wheel 24 May 8 15:01 pub/
dr-xr-xr-x 3 root wheel 58 May 8 13:22 usr/
ftp/System:
total 0
dr-xr-xr-x 3 root wheel 58 May 8 13:28 ./
dr-xr-xr-x 7 root wheel 194 May 8 14:59 ../
dr-xr-xr-x 3 root wheel 58 May 8 13:28 Library/
ftp/System/Library:
total 0
dr-xr-xr-x 3 root wheel 58 May 8 13:28 ./
dr-xr-xr-x 3 root wheel 58 May 8 13:28 ../
dr-xr-xr-x 3 root wheel 58 May 8 13:29 Frameworks/
ftp/System/Library/Frameworks:
total 0
dr-xr-xr-x 3 root wheel 58 May 8 13:29 ./
dr-xr-xr-x 3 root wheel 58 May 8 13:28 ../
dr-xr-xr-x 3 root wheel 58 May 8 13:30 System.framework/
ftp/System/Library/Frameworks/System.framework:
total 0
dr-xr-xr-x 3 root wheel 58 May 8 13:30 ./
dr-xr-xr-x 3 root wheel 58 May 8 13:29 ../
dr-xr-xr-x 3 root wheel 58 May 8 13:31 Versions/
ftp/System/Library/Frameworks/System.framework/Versions:
total 0
dr-xr-xr-x 3 root wheel 58 May 8 13:31 ./
dr-xr-xr-x 3 root wheel 58 May 8 13:30 ../
dr-xr-xr-x 3 root wheel 58 May 8 13:35 B/
ftp/System/Library/Frameworks/System.framework/Versions/B:
total 2464
dr-xr-xr-x 3 root wheel 58 May 8 13:35 ./
dr-xr-xr-x 3 root wheel 58 May 8 13:31 ../
-r-xr-xr-x 1 root wheel 1260748 May 8 13:35 System*
ftp/bin:
total 56
dr-xr-xr-x 3 root wheel 58 May 8 13:22 ./
dr-xr-xr-x 7 root wheel 194 May 8 14:59 ../
-r-xr-xr-x 1 root wheel 26984 May 8 13:22 ls*
ftp/incoming:
total 0
drwxr-x-wx 2 root wheel 24 May 10 14:32 ./
dr-xr-xr-x 7 root wheel 194 May 8 14:59 ../
ftp/pub:
total 0
drwxr-xr-x 2 root wheel 24 May 8 15:01 ./
dr-xr-xr-x 7 root wheel 194 May 8 14:59 ../
ftp/usr:
total 0
dr-xr-xr-x 3 root wheel 58 May 8 13:22 ./
dr-xr-xr-x 7 root wheel 194 May 8 14:59 ../
dr-xr-xr-x 3 root wheel 58 May 8 13:26 lib/
ftp/usr/lib:
total 640
dr-xr-xr-x 3 root wheel 58 May 8 13:26 ./
dr-xr-xr-x 3 root wheel 58 May 8 13:22 ../
-r-xr-xr-x 1 root wheel 327528 May 8 13:26 dyld*
-r-xr-xr-x 1 root wheel 1260748 May 11 13:25 libSystem.B.dylib*
For additional thoughts on anonymous FTP configuration, you might want to check these Web sites:
| CERT Coordination Center Tech Tips | http://www.cert.org/tech_tips/ |
| WU-FTPD Resource Center's Related Documents link | http://www.landfield.com/wu-ftpd/ |
| AppleCare Tech Info Library | http://til.info.apple.com |
Using wu-ftpd as a Replacement for the Default ftpd | Next Section
Account Sign In
View your cart