Allowing FTP Access

The Mac OS X Web sharing feature is of little help when what you want to share are files, rather than Web pages. Another feature that Mac OS X inherits from Unix, known as FTP (file transfer protocol), enables other computers on your local network or the Internet to copy files to and from your computer.

Turning FTP access on or off

The software that provides FTP service is built into Mac OS X, and you can turn it on or off quite easily. First, open System Preferences and choose View Sharing (or click the Sharing button). When the Sharing preference pane appears, click the Services tab, click on FTP Access in the list box, and then click the Start button to turn it on or off. Figure 16-6 shows FTP ready to be turned on in the Sharing preference pane.

Figure 16-6: Turn the built-in FTP server on or off in the Sharing pane of System Preferences.

If the Sharing preference pane settings are locked, you must unlock them before you can turn FTP access on or off. The settings are dim when they are locked, and the lock button looks locked. To unlock the settings, click the security button and enter an administrator’s user account name and password in the dialog that appears.

If you’ve never used FTP before, you may think that it sounds like Mac OS X’s file-sharing feature, which is described in Chapter 16. Actually, FTP differs from file sharing in a couple of significant ways. For one, file sharing is mainly for Macs, but FTP works across platforms. Computers running Windows and Unix operating systems can copy files to and from your computer using a native FTP client program.

Another key difference concerns how people use your files on other computers. With file sharing, other computer users see your shared files in Finder windows and Open dialogs. These computer users can open and save files directly on your computer. With FTP, other computer users see your files in FTP client applications, and these other users must copy files between your computer and theirs. They work with copies of your files on their computers.

Avoiding file damage

FTP was designed to transfer plain text files. Other kinds of files such as pictures, software, and formatted text files lose vital information unless first encoded as binary files before being transferred. Files that must be encoded before being sent over the Internet are known as binary files. Encoding Mac files also preserves information used by the Finder, such as the type of file and which application created it. Encoded files must be decoded after being received before they can be used. Read below for information regarding encoding and decoding.

Unlike other FTP software for Macs, the FTP server in Mac OS X is not able to automatically encode Mac files before sending them to another computer. Nor does the Mac OS X FTP server recognize encoded Mac files and automatically decode them when it receives them from another computer.

Because the Mac OS X FTP server doesn’t handle any encoding or decoding automatically, you should encode files that you want other users to download from your computer by using FTP. Conversely, if other users upload encoded files to your computer by using FTP, you must decode the files before you can use them. You can use the StuffIt Expander utility application included with Mac OS X to decode files. You can encode files by using the StuffIt Deluxe application or the DropStuff application, both from Aladdin Systems (www.aladdinsys.com).

A future version of Mac OS X may include an FTP server that automatically encodes and decodes transferred files.

Considering security

Although convenient, allowing FTP access to your computer poses a serious security risk. Anyone who knows the name and password of a user account on your computer can connect to your computer from anywhere on your local network, and if your computer has an active Internet connection, from anywhere on the Internet.

Additionally FTP transfers both username and password information used to connect to your server. If someone is listening in to network traffic, either on your side or on the network you’re connecting to, then he can see your username and password as you connect to the server.

Additional information on SFTP, the secure FTP client distributed as part of OpenSSH and installed by default on Mac OS X computers is provided later in this Chapter.

Please refer to Chapter 26 for further discussion on FTP security, and information on configuring the SFTP server if you wish to provide FTP access to your machine.

Unprotected passwords

FTP’s authentication method, a user account name and password, protects your computer against casual snooping, but it is no defense at all against a skilled attacker. FTP does not encrypt the name and password before sending them across the network or the Internet. An attacker can use well-known tools and methods to capture names and passwords of everyone who connects to your computer for FTP access. Your name and password are just as vulnerable as those of other users of your computer. If you use FTP to get files from your computer while you’re away from it, then your name and password can be captured.

Unprotected file transfers

Similarly, FTP does nothing to protect files transferred to and from your computer. Sure, you can encrypt files on your computer, and encrypted files are secure from snoops if they are transferred as encrypted files. If you follow this route, remember to give the key to the person you are sharing files with, or else they will be unable to open your documents.

Protecting with privilege settings

You don’t have to encrypt files inside several of the folders in your home folder to keep other users from seeing them. Other users can see and change folders and files on your computer according to the privileges set for each folder and file. In this regard, FTP access is the same as being logged in locally. For example, the preset privileges of your home folder’s Desktop, Documents, Library, Movies, Music, and Pictures folders allow only you to see their contents. Anything you put in these six places, and in other folders you create with the same privilege settings, are safe from FTP access unless someone gets your user account name and password.

The preset privileges of your Public and Sites folders allow other users to see and copy their contents. Other users can’t put files in these folders, although they can put files in the Drop Box folder that’s inside your Public folder.

Outside your home folder and other users’ home folders, the privileges of most other folders and files allow everyone with FTP access to see and copy them. In fact, many folders and files that are hidden in Finder windows can be seen by everyone with FTP access to your computer.

Everyone with FTP access to your computer can see and make changes in several of your top-level folders. Anyone with an administrator account can make changes in additional folders. People who log in to your FTP server don’t see your top-level folders at first; they see their own home folder on your computer initially but they can easily navigate to your top-level folders. Thus an attacker who captures a user account name and password for your computer could upload files to a folder where you may not notice them, such as the Volumes folder.

Back door to network volumes

The Volumes folder is actually an insidious security problem on a network where people use file sharing or file servers. The Volumes folder gives everyone who logs in to a computer’s FTP server a back door entrance to all network volumes mounted on the computer. For example, suppose your computer has FTP access turned off but file sharing is turned on. Someone named Sue connects to your computer as a file-sharing guest, and your Public folder is mounted on Sue’s computer. Our friend Sue has FTP access turned on. Using a third computer, Tim logs in to the FTP server on Sue’s computer, goes to Sue’s Volumes folder, and through it can access your Public folder. If Sue connects to your computer as a file-sharing administrator and mounts your hard drive as a network volume, then Tim would have access to your entire hard drive through Sue’s Volumes folder.

The FTP server normally allows remote users to go outside their home folders, but it can be configured to restrict users individually to their own home folders. This configuration requires the use of the Terminal application and the System Administrator (root user) account.

First, you create a text file containing a list of user accounts that you want to restrict. You put the short name of each user account on a separate line, making sure to press return after the last name. For example, the following list restricts users craigz and ender to their home folders when they log in for FTP access:

craigz ender

In addition to restricting FTP access for individual users, you can restrict access for groups of users. For each group that you want to restrict, you simply add a line to the text file consisting of an at-sign (@) symbol followed by the group name. Because all Mac OS X user accounts belong to the staff group, a file containing the following lines (the last line being blank) restricts all users to their home directories when they log in for FTP access to your computer:

@staff

When you save the text file, name it ftpchroot and put it in your home folder. This file must be plain text. If you want to use the TextEdit application to create this file, you must choose Format Make Plain Text before saving the file. After saving the file, change the file name so that it does not end with .txt.

After saving the file ftpchroot in your home folder, open the Terminal application and type the following command:

sudo mv ~/ftpchroot /etc/ftpchroot

When you are prompted in the Terminal window to enter a password, enter your own account password.

Allowing anonymous guest access

Considering the security problems that FTP access has, you may understandably balk at allowing guests to connect without user account names and passwords. Yet ironically, anonymous FTP access is arguably more secure than FTP access with a name and password. One reason is that anyone who connects anonymously is restricted to the contents of one folder. They can’t ransack your other folders as users with passwords can. Furthermore, if everyone connects anonymously, their names and passwords aren’t being sent over the network or Internet; what isn’t there can’t be captured. With that said, providing anonymous guest access to your machine can make your computer a very attractive target to some of the more unscrupulous users on the Internet. It is very likely that an unmonitored anonymous FTP server will be used for a purpose not intended by its owner. Although you may not think there is anything special about your home computer, its disk space and bandwidth are very attractive to file swappers, and other network hoodlums.

Although it is possible to use the FTP Server provided by Apple in a default Mac OS X installation to enable and provide anonymous ftp access, we recommend replacing the Apple-provided FTP Server with one that allows greater control over access to the server, and one with much greater logging facilities. This is discussed in Chapter 26.

Connecting to your FTP server

If your computer has FTP access turned on, people can use any FTP client application to connect to your computer’s FTP server. They can also use a Web browser, although Web browsers have limited abilities with FTP.

Connecting with an FTP client

The FTP client needs to know the identity of the server or host, and this is just your computer’s IP address or name. The client also needs to know the user’s account name and password on your computer. If you have set up anonymous FTP access on your computer, the user can specify anonymous as the name (also called username or user ID) or leave the name blank.

There are many FTP clients available for Mac OS X. For this Chapter, we use Transmit by Panic Software. Transmit is available at www.panic.com/transmit. Transmit has a very simple two-pane interface, as shown in Figure 16-7. When you open the program, the left window is labeled Your Stuff, and it shows you your home directory. You can navigate through your hard drive in this window. The right side initially is waiting for you to type in login information for a remote server. This typically is the server address, your username, and password, as described previously. There is a space to enter the initial path, if you wish to start somewhere other than your home directory. Additionally Transmit offers a choice between traditional FTP and secure FTP, which is described later in the Chapter.

Figure 16-7: Using Transmit to log into a remote FTP server.

Connecting with a Web browser

Instead of connecting to your FTP server with an FTP client, people can use a Web browser, such as Safari, Internet Explorer or Netscape Communicator. A Web browser can download files from your computer but can’t upload files to it. With a Web browser, people connect to your FTP server with an Internet address (URL) like one of these:

• ftp://192.168.0.1

• ftp://mycomputer.mydomain.com

Substitute your computer’s IP address or name. As the Web browser is connecting to your computer, it displays a dialog asking for a user account name (also called the username or user ID) and password. For FTP access to your computer from a Web browser, specify ftp:// and your computer’s IP address or name as the Internet address; then enter a user account name and password in the resulting dialog. Figure 16-8 shows Safari with the Internet address for an FTP server and the dialog for entering name and password.

Figure 16-8: FTP File System Authentication.