Sharing Remotely: FTP

Personal File Sharing is probably the most feature-rich and flexible OS X method of sharing files over the Internet or a network. However, it has the distinct disadvantage of only allowing sharing between Macs (unless you install special software on a Windows computer, but that's beyond the scope of this book). Because of this, Mac OS X also provides a number of ways to share files between Macs and non-Macs. FTP, which stands for File Transfer Protocol, is one of these: OS X has an FTP server built in. FTP has been a staple of Unix servers since well before the Mac OS and Windows even existed, and is largely platform agnostic (it allows connections between Macs, Windows, Unix, Linux, and many other operating systems).

What Does It Share?

With FTP Access enabled, users will have the same level of access to files that they would have if they were sitting at the computer. In other words, normal users will have full Read & Write access to their home directory, Read Only access to other users' Public folders and the Shared user folder, and Read Only access to most other files on your computer. (An admin user will have much more leeway.)

Although this type of access should be fine if you know and trust your users, it does post some added security risk, especially if you're providing access to unknown or untrustworthy people. With FTP, Read & Write access means the ability to download, upload, rename, and delete files, and Read Only access means the ability to download files. Thus, any admin-level user who connects via FTP will be able to perform some pretty serious file operations, and even non-admin users will be able to download (and thus view the contents of) many non-private files (i.e., files not located inside private user directories). For example, in the stock configuration of OS X's FTP Access, a normal user could connect and then download all of the files in /Library/Preferences— some of which may contain software licenses—or a file like /var/db/SystemConfiguration/preferences.xml, which contains all of your network settings.

Who Can Access Files?

If FTP Access is enabled, anyone with a user account on your computer can connect to it via an FTP client (from any platform: Windows, Mac, or Unix). However, it's possible to restrict the list of users who can connect over FTP; I've explained how to do this under "How Do I Configure It?"

How Do I Configure It?

To enable FTP Access, check the box next to FTP Access in the Services tab of Sharing preferences. If you want to configure some of the more advanced options that the FTP server offers, you need to manually edit configuration files or use a third-party utility as described below.

Disallowing FTP Access to Certain Users

If you're going to enable FTP Access, I recommend disallowing access to everyone but the specific users you want to use it. To do this, you need to edit the file /private/etc/ftpusers (you'll need to launch a text editor as root to edit the file). At the bottom of the list of usernames, type the short username of any user to whom you don't want to provide FTP access. Save the file, disable FTP Access, and then enable it again.

Confining User Access to Certain Folders

It's actually possible to configure Mac OS X's FTP server to restrict access to certain directories; unfortunately, space constraints prevent me from covering that topic (especially since I don't recommend FTP in general). In addition, Mac OS X 10.2 "broke" the common method of restricting access on FTP servers; I hope by the time you're reading this, Apple has fixed the FTP server to honor these methods. If you're interested in how you would do this, and more, check out the Unix configuration utility The Moose's Apprentice (http://www.wundermoosen.com/wmTMA.htm), which is not only an excellent utility for configuring FTP options, but also provides a great deal of information about many Unix configuration files in its documentation (which is available online at http://www.wundermoosen.com/TMAHelp/TMA_Help.htm).

Compressing/Encoding Files

Another drawback of FTP is that sometimes Mac files transferred over FTP lose their resource forks (those that have resource forks, that is). For this reason it's often a good idea to use a utility like DropStuff to not only "stuff" files that will be transferred via FTP, but to also encode them in BinHex format (available from the DropStuff preferences dialog). See "When to Compress Files for Sharing" for more info.

How Do Others Access Files?

Users will be able to access files via FTP from any platform using any standard FTP client. In their FTP client, they should enter your IP address (or your domain name, if applicable) as the server address, and should use their username and password on your computer as their login name and password. (Again, keep in mind the caveats about IP addresses I've mentioned throughout this chapter.)

Alternatively, many web browsers also understand FTP; users can generally enter ftp://youripaddress/ as the URL, and their browser will then ask them for their username and password.

Finally, since FTP is technically a command-line application (it's been in use since long before graphical computing interfaces made their debut—graphical FTP clients are simply providing you with a pretty face to hide the command line), anyone with a terminal or console application and Internet access can connect using the command ftp youripaddress. They'll be prompted for their username and password; once they're logged in, they can use standard ftp commands to access files.