[2far]

It seems Apple is using a new FTP server (lukemftpd) as compared to 10.1.x. There are some good changes (forget ftpchroot) and others I'd like to overcome:

When logging in as a normal ftp user (10.2.4 client), your files get written without "everyone readable" permission, which is unusable for a website.

How can I change that? (Please ask for clarification, if my description was insufficient).

-greg


Setup: Mac OS X 10.2.4, web-/ftp server running, multiple users set up with System Preferences running their websites (VirtualHosts in httpd.conf).

[chris v]

I created a new user called Vreeland Graphics and re-directed its home folder in NetInfo Mgr. to my Drop Box folder. (users/chrisv/Public/Drop Box) Everything that goes in that folder is R+W by default.

That way, when someone accesses my machine via FTP using Vreeland Graphics as a username, they're FTP client logs directly into my drop box.

You've got to lock down to rest of your system (Apps, etc) to keep people from browsing higher directories, but that's not too much trouble, if you're the only regular user of the machine. I just set non-admins to no acccess for every thing else above the users folder.

For multiple users in the Library/Web Servers you might have to individually change permissions on each folder, but it should work.

CV

[2far]

Thanks for the hint, but I have had no success so far to make files transferred to the server readable for everyone by default.

I tried transferring to a folder within the user's folder where every right was enabled, no luck. The behaviour can be replicated on another system, and was not there in 10.1.5.

All files transferred still have the permissions user read/write, group read, everyone none (instead of read).

Other ideas, anyone?

[FatBastard]

Great info and I'm trying it now. I'd just like to see additional info on locking down the rest of my system?

I'd like to make sure that my FTP users cannot see any other directories.

Originally posted by chris v:
I created a new user called Vreeland Graphics and re-directed its home folder in NetInfo Mgr. to my Drop Box folder. (users/chrisv/Public/Drop Box) Everything that goes in that folder is R+W by default.

That way, when someone accesses my machine via FTP using Vreeland Graphics as a username, they're FTP client logs directly into my drop box.

You've got to lock down to rest of your system (Apps, etc) to keep people from browsing higher directories, but that's not too much trouble, if you're the only regular user of the machine. I just set non-admins to no acccess for every thing else above the users folder.

For multiple users in the Library/Web Servers you might have to individually change permissions on each folder, but it should work.

CV

[chris v]

Originally posted by FatBastard:
Great info and I'm trying it now. I'd just like to see additional info on locking down the rest of my system?

I'd like to make sure that my FTP users cannot see any other directories.

Make sure you're using a non-admin user for the FTP settings, then set permissions for Applications and System to Others: no access. (don't mess with owner or admin settings)

Also, in the accounts pref pane, disable everything for that user under Capabilities...

HTH,

CV