Install pure-ftpd

G

gatorparrots

Guest
Apple's decision to switch ftp daemons from ftpd in 10.1 to lukemftpd in 10.2 is of questionable merit. Their lack of updated documentation to reflect that decision is truly lamentable. Most users upgrading from 10.1.x are left hobbled or with malfunctioning ftp servers (especially in regards to ftpchroot functionality), with no changes in the man pages to help them configure their new ftp daemon.

Rather than remaining in that state, I elected to replace the built-in ftp server with pure-ftpd, a robust and feature-rich ftp server that also boasts no root exploits.

The first step is to download and unpack the source. First, change directories to wherever you keep you downloads or source code:
cd /downloads
curl -O ftp://ftp.pureftpd.org/pub/pure-ftpd/rele...d-1.0.14.tar.gz
tar xzf pure-ftpd-1.0.14.tar.gz
cd pure-ftpd-1.0.14/
./configure --with-everything --without-banner --without-humor --with-virtualchroot

(This will configure a 'big server' with a plethora of options, including throttling, ratios, ftpwho, quotas, but will leave off the guady initial banner and the sprinkling of colorful banter in the error messages, etc.)
sudo make install-strip

At this point you will need to choose which server type you desire, as pure-ftpd can run in either standalone or xinetd mode:

Standalone Mode
You can run the server in standalone mode with this command:
sudo /usr/local/sbin/pure-ftpd &
or if you desire, use command line switches to configure the server at runtime:
sudo /usr/local/sbin/pure-ftpd -A -E -p 40000:50000 -c 5 -C 1 -I 5 -T 25 -u 1 &

The command line switches I have chosen tell the server the following:
-A chroots everyone
-E only allows authenticated users; anonymous users disallowed
-p 40000:50000 specifies the port range for passive connections
-c 5 specifies the number of clients
-C 1 specifies the number of connections per IP address
-I 5 changes the idle timeout; default 15 minutes seems excessive
-T 25 throttles the bandwidth to 25KB/sec per user
Many other switches are available. See the documentation for a complete list.

To get the standalone server to launch automagically at startup, you would have to write a Startup Item:
macfora.com/forums/showthread.p...=&threadid=6314 (dead link removed)

xinetd Mode
(As always, before editing a system level file, it is wise to create a backup first.)
cd /etc/xinetd.d/
sudo -s
cp ftp ftp.default
pico ftp


Modify the server and server_args lines as folows:
Code:
service ftp
{
       disable = no
       socket_type     = stream
       wait            = no
       user            = root
       server          = /usr/local/sbin/pure-ftpd
       server_args     = -A -E -p 40000:50000 -c 5 -C 1 -I 5 -T 25 -u 1
       groups          = yes
       flags           = REUSE
}
Restart xinetd to affect the changes (if you have the existing ftp server running):
kill -1 `cat /var/run/xinetd.pid`
exit


Test to confirm that it is working:
ftp 0

If you get something like this:
Code:
[gatorparrots:] gator% ftp 0
Connected to 0.
220-FTP server ready.
220 This is a private system - No anonymous login
Name (0:gator):
Congratulations! Your new FTP server is working as advertised. To enable the chroot to a single directory, simply assign your ftp users' home directories to your ftp root directory via NetInfo (and possibly put them in a dedicated ftp user group for added flexibility). Otherwise, the individual users will be chrooted to their /Users/username home directory.
 
OP
G

gatorparrots

Guest
I have updated the above directions to reflect the newer 1.0.14 release of pure-ftpd. (This should be one of the last major releases before 2.0 is released.)
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top