FTP is commonly used for transferring files. The process responsible for FTP service on Mac OS X is /usr/libexec/ftpd. Mac OS X Server uses a different FTP daemon (/usr/libexec/xftpd) with different configuration parameters. You use the Sharing pane of System Preferences to stop and start the FTP service. The configuration file /System/Library/LaunchDaemons/ftp.plist controls the startup of the daemon when the computer is started. The files ftpchroot, ftpusers, and ftpd.conf in /etc control the behavior of the daemon. The files /etc/motd and /etc/ftpwelcome contain the welcome messages users see before and after logging in, respectively. A property in com.apple.sharing.firewall.plist controls whether the FTP Access port in the firewall is open. The daemon writes messages to /var/log/ftp.log and the system log. In addition, launchd writes some FTP-related messages to the system log. Note FTP is not enabled by default because it is considered an insecure protocol. Before you enable FTP, consider the fact that it is not encrypted and passwords may be passed as clear text. As an alternative to FTP, there is another, more secure protocol called Secure FTP SFTP, which is included with Mac OS X as part of the Secure Shell Protocol (SSH). Starting FTPStarting FTP consists of the follwing steps:
When you stop FTP Access in Sharing preferences, the files change back to their original state and launchd rereads its configuration file. The ftpd process stops when the last connected user disconnects. You can start and stop FTP sharing from the command line by using one the following methods:
Note If you have an account with the name administrator, you will have to modify this file to grant that user access via FTP. For security reasons, do not grant FTP access to root. Configuring FTPThere are several commands that enable you to customize some of FTP's features from the command-line interface. ftpusers and ftpchrootSometimes you might need to prevent certain users from logging in to your computer using FTP. To do that, add the user's name to /etc/ftpusers. By default, the file contains the following list of users who are not allowed to log in using FTP: Administrator administrator root uucp daemon unknown www Sometimes you need to restrict an FTP user's access to the file system. You can do that by changing the user's root folder for FTP sessions. For example, if you change student17's root folder to be his home folder, when the user logs in using FTP, commands like pwd, cd, and get will act as if "/Users/student17" is "/". This prevents student17 from seeing the rest of the file system. To change a user's FTP root folder to be the user's home folder, create the file /etc/ftpchroot, if necessary, and add the user's name. If you want a user's FTP root to be a different folder, you must set the chroot (change root) directive in /etc/ftp.conf. More Info For more information, see the man page for ftpusers and ftpchroot. The following illustrates what happens when different users log in remotely via FTP. Depending on where the user's name is located, he or she will have different default directories and permissions to search other directories.
ftpd.confIf you want a user's FTP root folder to be somewhere other than the user's home folder, you can use the chroot directive in ftpd.conf. For example, if you want all the users in ftpchroot to have /Users/special as their root, create /etc/ftpd.conf, if necessary, and add the following line: chroot CHROOT /Users/special Sometimes users might need to download large files from your computer. You could speed up the FTP downloads by converting all your files to a smaller format. Alternatively, you can keep your files in their original format and allow FTP to perform an automatic file conversion. To do that, you use the conversion directive in ftpd.conf. For example, if you want users to be able to gzip files before copying them, you could add the following line to ftpd.conf, as shown in the following figure: conversion all .gz f xyz /usr/bin/gzip c %s The f means only files, not folders, can be converted. If the file xyz exists in the folder, it prevents conversion. These fields are mandatory. Then, if the user types get tarfile.gz in a folder that contains a file called tarfile but not tarfile.gz, a shell on your computer will execute the command /usr/bin/gzip c tarfile and copy the output of the command to the user's computer as tarfile.gz. |