| The File Transfer Protocol (FTP) service is by far the most ubiquitous file-sharing protocol available from Mac OS X Server. Almost anything with network access can connect to an FTP server, because FTP is a simple protocol to implement. However, this simplicity is a double-edged sword. As a default, FTP is highly compatible and easy to implement because it uses clear-text passwords and unencrypted dataa potential security issue if any of your FTP traffic travels through unsecure networks. To compensate for this, Mac OS X Server supports using Kerberos for authentication, thus removing clear text passwords as a security issue. However, sending the data unencrypted is still a problem. A nefarious hacker can easily spot and intercept your FTP traffic. If security is an issue, then your alternative is to use the Secure FTP (SFTP) protocol. When you enable SSH on your Mac OS X Server, SFTP is automatically enabled. You don't need to enable FTP for SFTP to be enabled. Other limitations of FTP include file-handling issues. Standard FTP can't handle folders because it only supports single file transfers. The FTP service also has problems with the forked files and Unicode filenames that are natively supported by Mac OS X. You can easily overcome these limitations by using modern FTP client software that automatically archives and/or compresses requested files before they're transferred via FTP. The FTP service provided by Mac OS X Server includes support for automatic file archival and/or compression. To set FTP access options 1. | Launch Server Admin, select the FTP service for your server in the Computers & Services list, click the Settings tab, and click the General tab (Figure 5.37).
Figure 5.37. Select FTP from the services list of Server Admin to begin the process of setting up FTP service options. 
| 2. | From the Authentication pop-up menu, choose an FTP authentication method (Figure 5.38):
- Standard uses clear-text passwords.
- Kerberos uses MIT's Kerberos authentication.
- Any method is enabled by default.
Figure 5.38. The FTP service can be forced to use either standard authentication or Kerberos. 
See Chapter 3 for more information about user authentication.
| 3. | Select the "Enable anonymous access" check box to enable guest access via the FTP service and click Save.
For security reasons, anonymous FTP access is turned off by default. Anonymous access is another way of saying guest access.
| 4. | If you make changes to the FTP service while it's running, you'll be prompted to restart the service; otherwise, when you've finished making changes, click Save.
Be sure to check for connected users before restarting the service, so you don't kick them off.
| 5. | Click the Overview button at the bottom of the window.
| 6. | Verify that the FTP service is running and if it isn't, click Start Service to activate the FTP server.
|
 Tips
In order to allow anonymous access, you must also enable guest access for each share point. Refer to the "To configure FTP share-point settings" task for more information about enabling guest access for individual share points. You can limit the number of simultaneous authenticated and anonymous users by entering values in the associated fields. The default of 50 users is a good starting point, because FTP servers are susceptible to performance issues if too many users connect.
Connecting via FTP Discussing the many third-party FTP clients for Mac OS X could easily fill a book. Try for yourself: Go to www.versiontracker.com/ and type ftp client in the search field. You'll probably find about two dozen FTP clients for Mac OS X alone. As tempting as those options are, this book sticks to the FTP clients built into Mac OS X. For SFTP, search for and download Fugu, an SFTP application. If you prefer the command line, you can use the ftp or sftp command to connect to your server. On the other hand, if you prefer the graphical user interface, simply follow the first step in the "To connect Mac OS X via SMB" task earlier in this chapter and then authenticate to the server. Mac OS X Client can browse for FTP servers via the Bonjour protocol. As an option, you can have the client computer remember your login. With FTP, you don't select a share point; you're automatically sent to a default location set by the server's administrator. Default settings dictate that the FTP server icon mounts on the Finder's desktop. You only have read access to an FTP share point when using the Connect to Server option. Use a third-party utility to enable read/write access to the FTP share point. |
Creating FTP messages When FTP was initially developed, all server connections were done through the command-line environment. You didn't just connect to a shared folder; you actually connected to an FTP command-line environment. Upon initially connecting to the FTP server, you were greeted with a banner message and then after authentication, you saw a welcome message. These messages usually contained information regarding server usage, availability, disclosure agreements, or anything else the administrator wished to communicate to connected users. Although FTP banner and welcome messages are rarely used by modern graphical FTP clients, Mac OS X Server still supports them. To change FTP messages 1. | Launch Server Admin and select the FTP service for your server in the Computers & Services list.
| 2. | Click the Settings tab and click the Messages tab (Figure 5.39).
Figure 5.39. Here's where you'll enter your welcome message text and your banner message text. 
| 3. | Select the "Show welcome message" check box and enter the desired text string in the field below.
| 4. | Select the "Show banner message" check box and enter the desired text string into the field below.
| 5. | When you've finished making changes, click Save.
| 6. | If you make changes to the FTP service while it's running, you'll be prompted to restart the service. Be sure to check for connected users first, so you don't kick them off.
| 7. | Test these messages via the command line by entering ftp serveraddress and then authenticating to the server.
|
Tips
Configuring the FTP user environment Typically, when an authenticated user connects to an FTP server, they don't get to choose a share point; they're dropped off in a predefined folder. Mac OS X Server lets you configure this aspect of the FTP user environment. To configure the FTP user environment 1. | Launch Server Admin and select the FTP service for your server in the Computers & Services list.
| 2. | Click the Settings tab and click the Advanced tab.
| 3. | From the "Authenticated users see" menu, select one of the following options (Figure 5.40):
- FTP Root and Share Points connects users to the FTP root folder (defined in step 4). In the FTP root folder, the system creates symbolic links to your other share points.
- Home Directory with Share Points connects authenticated users to their home folder. They also have access to the other share points. If a user doesn't have a home folder, they're automatically connected to the FTP root folder.
- Home Directory Only connects authenticated users only to their home directory. If a user doesn't have a home folder, they're automatically connected to the FTP root folder.
Figure 5.40. Choose the Advanced tab in the FTP service to change the FTP mount point. 
| | | 4. | To specify a custom FTP root folder, enter a new path to the appropriate field and click Save.
By default, the predefined FTP root folder is /Library/FTPServer/FTPRoot. You can also click the ellipsis button to the right of the FTP root folder field to specify a new folder in a file browser dialog.
| 5. | If you make changes to the FTP service while it's running, you'll be prompted to restart the service. Otherwise, when you've finished making changes, click Save.
First check for connected users so you don't kick them off.
|
Tips See the "Connecting via FTP" sidebar earlier in this chapter for more information about various FTP clients. Any administrative account always defaults to its home folder via FTP. However, folder permissions allow administrators to navigate outside their home folder. Because FTP servers often fall victim to hackers, thoroughly test any access configurations you choose. You should also test access from various FTP clients so you know what to expect for your users.
Configuring FTP share-point settings When you create a share point on Mac OS X Server, it's automatically shared via FTP (as well as AFP and SMB), assuming the FTP service is running. Share points are also automatically configured for both registered user and anonymous access via FTP. You can configure such settings individually for each share point using Workgroup Manager. See the "Configuring Share Points" section earlier in this chapter for more information about creating share points. To configure FTP share-point settings, simply follow steps 1-4 in the "To configure Windows share-point settings" task. If you ever disable a share point, the symbolic link for FTP functionality may remain in the FTP root folder. You'll have to delete this symbolic link manually after you disable the share point. To do so, move the original item, delete the link, and move the original back. Because FTP doesn't natively support multiple share points, the system creates symbolic links in the FTP root folder that point to your other share points. |
