Advice on Apache as ftp server?

r. h. · April 6, 2002 4:31PM

I'm finally thinking about making the shift to MacOS X as my primary OS -- in part, because some of the end-users that I do tech support for are diddling around with it themselves -- and I'm wondering if I could get some advice: I have used NetPresenz under pre-OS X systems for so long, that I've gotten a little bit attached to the way it handles user privledges by going through Apple's file sharing settings, so my stop-gap measure until I have a better understanding of Apache has been to manually turn on Classic file-sharing, for use with NetPresenz. Of course, I'd like to shift over to Apache for this, but I haven't been able to figure out how to configure user access restrictions for other users; any account I create appears to be able to view everything on my computer -- and that's not necessarily a good thing.

Also, I'd like to be able to specify a common login directory for a particular group of users. Any suggestions?

mithras · April 6, 2002 8:20PM

First of all, Apache is the *web server* that comes with OS X. FTP is a different sack of potatoes. The FTP server is named wu-ftp.

To do what you want, you need a configuration known as 'chroot', for 'change root'. The idea is that you present a user's home folder as the 'root directory' of FTP, rather than the actual root directory of your whole computer.

To set it up, do the following:

Step 1 pen chroot file

Open a Terminal, and type the following:

[code]

sudo pico /etc/ftpchroot

</pre><hr></blockquote>

If this is the first time you've used the 'sudo' command, you'll get a little warning message. Enter your password at the prompt.

sudo is a command that means 'give me administrator access for the next command'.

pico is a text editor, like Simpletext or BBEdit, except that it works in the Terminal.

/etc/ftpchroot is the file you have created.

Step 2: Enter users and groups

This is really easy. Just enter, each on its own line, the name of each user you want to restrict to their home folder. To restrict a whole group of users, put @groupname on a line.

For example:

oneuser

rh

anotheruser

@clientusers

@friends

Step 3: Save the file

When you are done editing the file:

*press control-O to save the file, then

*press command-X to exit.

You can now close the Terminal.

Step 4: Restart FTP

Go to Sharing Preferences in the System Preferences, and first uncheck, then recheck, the FTP option.

It should now work that each of those users you put in the file are restricted to their home directories.

Allowing different users to share a common space is a bit trickier. If you plan on allowing them only FTP access, and not secure shell logins or local access to your machine, you could safely change everyone's home directory to the same folder. You can do that in NetInfo Manager; I'll post more on that if you're interested.

mithras · April 6, 2002 8:24PM

Just a quick addendum: if you have BBEdit 6.5, you can use that instead of the Terminal to edit the file. If you're new to OS X and the Terminal you might prefer that.

You can't just use Textedit, because you need to be able to authenticate as an administrator to edit files in that folder.

smircle · April 7, 2002 11:53AM

Originally posted by Mithras:

[quote]

Allowing different users to share a common space is a bit trickier. <hr></blockquote>

I have written up a (somewhat detailed) tutorial on this for a friend (and as a reminder for me). You can find it on <a href="http://www.hierundda.de/scratchpad/ftpusershowto.html"; target="_blank">my site</a>.

Comments and improvements are encouraged.

[ 04-07-2002: Message edited by: Smircle ]</p>

r. h. · April 7, 2002 5:07PM

Interesting... I'll have to play around with those tidbits. Many thanks to both of you for setting me on the right path -- I'll let you know how it goes! :cool: