| The File Transfer Protocol (FTP) service is by far the most ubiquitous file-sharing protocol available from Mac OS X Server. Almost anything with network access can connect to an FTP server, because FTP is a simple protocol to implement. However, this simplicity is a double-edged sword from a technological standpoint. As a default, FTP is highly compatible and easy to implement because it uses clear-text passwords and unencrypted data transfers. This behavior is a potential security issue if any of your FTP traffic travels through insecure networks. A nefarious hacker can easily spot and intercept your FTP traffic. If security is an issue, then your alternative is to use the Secure FTP (SFTP) protocol. When you enable SSH on your Mac OS X Server, SFTP is automatically enabled. You don't need to enable FTP for SFTP to be enabled. Other limitations of FTP include file-handling issues. Standard FTP can't handle folders because it only supports single file transfers. The FTP service also has problems with the forked files and Unicode filenames that are natively supported by Mac OS X. You can easily overcome these limitations by using modern FTP client software that automatically archives and/or compresses requested files before they're transferred via FTP. The FTP service provided by Mac OS X Server includes support for automatic file archival and/or compression. To set FTP access options: 1. | Launch the Server Admin tool located in /Applications/Server, and authenticate as the administrator (Figure 5.75).
| 2. | Select the FTP service for your server in the Computers & Services list (Figure 5.76).
| 3. | Click the Settings button  and then the General tab  (Figure 5.77).
| 4. | By default, FTP authentication via any method is allowed. Click the Authentication pop-up menu to configure a specific authentication method (Figure 5.78):
Standard uses clear-text passwords.
Kerberos uses MIT's advanced key distribution system.
See Chapter 3 for more information about user authentication.
| 5. | Select the "Enable anonymous access" check box to enable guest access via the FTP service (Figure 5.79).
By default, anonymous FTP access is turned off.
| 6. | When you've finished making changes, click the Save button  .
If you make changes to the FTP service while it's running, you'll be prompted to restart the service (Figure 5.80).
Be sure to check for connected users before restarting the service, so you don't kick them off.
| 7. | Click the Overview button  .
Verify that the FTP service is running (Figure 5.81). If it isn't, click the Start Service button  to activate the FTP server (Figure 5.82).
The rest of the tasks in this chapter provide more information about configuring the FTP service.
|
 Tips
Anonymous access is another way of saying guest access. A small green dot  to the left of the FTP service in the Computers & Services list indicates that the File Transfer Protocol is running. In order to allow anonymous access, you must also enable guest access for each share point. Refer to the task "To configure FTP share-point settings" for more information about enabling guest access for individual share points. You can limit the number of simultaneous authenticated and anonymous users by entering values in the associated fields (Figure 5.83). The default of 50 users is a good starting point, because FTP servers are susceptible to performance issues if too many users connect. 
| Discussing the many third-party FTP clients for Mac OS X could easily fill a book. Try for yourself: Go to http://www.versiontracker.com/, and type ftp client in the search field. You'll probably find about two-dozen FTP clients for Mac OS X alone. As tempting as those options are, this book sticks to the FTP clients built into Mac OS X. For SFTP, search for and download Fugu, an SFTP application. If you prefer the command line, you can use the ftp or sftp command to connect to your server. On the other hand, if you prefer the graphical user interface, do the following: 1. | In the Finder, click the Network icon  to browse for your server. Mac OS X Client can browse for FTP servers via the Rendezvous protocol.
You can connect directly in the Finder by selecting Go > Connect to Server from the menu bar and entering an FTP address or by pressing Command-K from the keyboard (Figure 5.84).
| 2. | Authenticate to the server (Figure 5.85). As an option, you can have the client computer remember your login.
| 3. | With FTP, you don't select a share point; you're automatically sent to a default location set by the server's administrator. Default settings dictate that the FTP server icon mounts on the Finder's desktop  .
|
You only have read access to an FTP share point when using the Connect to Server option. Use a third-party utility to enable read/write access to the FTP share point. |
FTP messages When FTP was initially developed, all server connections were via the command-line environment. You didn't just connect to a shared folder, you actually connected to an FTP command-line environment. Upon initially connecting to the FTP server, you were greeted with a banner message. After authentication, you saw a welcome message. These messages usually contained information regarding server usage, availability, disclosure agreements, or anything else the administrator wished to communicate to connected users. Although FTP banner and welcome messages are rarely used by modern graphical FTP clients, Mac OS X Server still supports them. To change FTP messages: 1. | In Server Admin, navigate to your server's FTP service settings (Figure 5.86).
Instructions for this step are detailed in steps 14 of the task "To set FTP access options."
| 2. | Click the Messages tab.
| 3. | Select the "Show welcome message" check box, and enter the desired text string in the field below the check box (Figure 5.87).
| 4. | Select the "Show banner message" check box, and enter the desired text string into the field below the check box (Figure 5.88).
| 5. | When you've finished making changes, click the Save button .
If you make changes to the FTP service while it's running, you'll be prompted to restart the service.
Be sure to check for connected users before restarting the service, so you don't kick them off.
| 6. | Test these messages via the command line by entering ftp serveraddress and then authenticating to the server.
|
Tips
The FTP user environment Typically, when an authenticated user connects to an FTP server, they don't get to choose a share point; they're dropped off in a predefined folder. Mac OS X Server lets you configure this aspect of the FTP user environment. To configure the FTP user environment 1. | In Server Admin, navigate to your server's FTP service settings (Figure 5.89).
Instructions for this step are detailed in steps 14 of the task "To set FTP access options."
| 2. | Click the Advanced tab (Figure 5.90).
| 3. | Click the "Authenticated users see" pop-up menu, and select one of the following options (Figure 5.91):
FTP Root and Share Points Authenticated users connect to the FTP root folder (defined in step 4). In the FTP root folder, the system creates symbolic links to your other share points.
Home Directory with Share Points Authenticated users connect to their home folder. They also have access to the other share points. If a user doesn't have a home folder, they're automatically connected to the FTP root folder.
Home Directory Only Authenticated users are connected only to their home directory. If a user doesn't have a home folder, they're automatically connected to the FTP root folder.
| 4. | The predefined FTP root folder is /Library/FTPServer/FTPRoot. To specify a custom FTP root folder, enter a new path to the appropriate field (Figure 5.92).
You can also click the ellipsis button  to the right of the FTP root folder field to specify a new folder in a file browser dialog (Figure 5.93).
| 5. | When you've finished making changes, click the Save button .
If you make changes to the FTP service while it's running, you'll be prompted to restart the service.
Be sure to check for connected users before restarting the service, so you don't kick them off.
|
Tips See the sidebar "Connecting via FTP," earlier in this chapter, for more information about various FTP clients. The initial administrative account always defaults to its home folder via FTP. However, folder permissions allow administrators to navigate outside their home folder. Because FTP servers often fall victim to hackers, thoroughly test any access configurations you choose. You should also test access from various FTP clients so you know what to expect for your users.
FTP share-point settings When you create a share point on Mac OS X Server, it's automatically shared via FTP (as well as AFP and SMB), assuming the FTP service is running. Share points are also automatically configured for both registered user and anonymous access via FTP. You can configure such settings individually for each share point using Workgroup Manager. See the "Configuring Share Points" section of this chapter for more information about creating share points. To configure FTP share-point settings: 1. | Launch the Workgroup Manager tool located in /Applications/Server, and authenticate as the administrator (Figure 5.94).
| 2. | Click the Sharing icon  in the Toolbar.
| 3. | Choose to do one of the following:
Configure an existing share point by clicking the Share Points tab  and then selecting the share point you wish to edit from the sharing browser (Figure 5.95). 
Configure a new share point. See the task "To configure new share points" for detailed instructions.
| 4. | Once you've selected the share point you wish to configure, click the Protocols tab to the right of the sharing browser.
| 5. | Directly below the Protocols tab is the Protocols pop-up menu. From this menu, select FTP Settings (Figure 5.96).
| 6. | In this frame, configure FTP sharing and guest access (anonymous access) for this particular share point.
You can also configure a custom FTP share point name that differs from the original folder's name (Figure 5.97).
| 7. | When you've finished making changes, click the Save button .
|
Tips In order for guests to access a share point, its permissions must be set to give everyone read access. If you ever disable a share point, the symbolic link for FTP functionality may remain in the FTP root folder. You'll have to delete this symbolic link manually after you disable the share point. To do so, move the original item, delete the link, and move the original back. Because FTP doesn't natively support multiple share points, the system creates symbolic links in the FTP root folder that point to your other share points. Keep in mind that general FTP service settings may affect the settings you configure here. For instance, disabling anonymous access to the FTP service in Server Admin disables FTP guest access for every share point regardless of individual share settings. Remember to verify proper FTP service configuration in both Workgroup Manager and Server Admin. Changing the name of a share point can help disguise a disk as a folder name but can also backfire if the user is looking for the folder's original share name. Sharing the same folder over several different protocols and using different share point names can quickly become difficult to manage.
|
