Forums
New posts
Articles
Product Reviews
Policies
FAQ
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Menu
Log in
Register
Install the app
Install
Forums
macOS & iOS Developer Playground
macOS - Development and Darwin
Install pure-ftpd
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="gatorparrots" data-source="post: 129"><p>Apple's decision to switch ftp daemons from <strong>ftpd</strong> in 10.1 to <strong>lukemftpd</strong> in 10.2 is of questionable merit. Their lack of updated documentation to reflect that decision is truly lamentable. Most users upgrading from 10.1.x are left hobbled or with malfunctioning ftp servers (especially in regards to ftpchroot functionality), with no changes in the man pages to help them configure their new ftp daemon.</p><p></p><p>Rather than remaining in that state, I elected to replace the built-in ftp server with <strong>pure-ftpd</strong>, a robust and feature-rich ftp server that also boasts no root exploits.</p><p></p><p>The first step is to download and unpack the source. First, change directories to wherever you keep you downloads or source code:</p><p><span style="color: blue">cd /downloads</span></p><p><span style="color: blue">curl -O ftp://ftp.pureftpd.org/pub/pure-ftpd/rele...d-1.0.14.tar.gz</span></p><p><span style="color: blue">tar xzf pure-ftpd-1.0.14.tar.gz </span></p><p><span style="color: blue">cd pure-ftpd-1.0.14/</span></p><p><span style="color: blue">./configure --with-everything --without-banner --without-humor --with-virtualchroot</span></p><p><em>(This will configure a 'big server' with a plethora of options, including throttling, ratios, ftpwho, quotas, but will leave off the guady initial banner and the sprinkling of colorful banter in the error messages, etc.)</em></p><p><span style="color: blue">sudo make install-strip</span></p><p></p><p>At this point you will need to choose which server type you desire, as pure-ftpd can run in either standalone or xinetd mode:</p><p></p><p><strong>Standalone Mode</strong></p><p>You can run the server in standalone mode with this command:</p><p><span style="color: blue">sudo /usr/local/sbin/pure-ftpd &</span></p><p>or if you desire, use command line switches to configure the server at runtime:</p><p><span style="color: blue">sudo /usr/local/sbin/pure-ftpd -A -E -p 40000:50000 -c 5 -C 1 -I 5 -T 25 -u 1 &</span></p><p></p><p>The command line switches I have chosen tell the server the following:</p><p><strong>-A</strong> chroots everyone</p><p><strong>-E</strong> only allows authenticated users; anonymous users disallowed</p><p><strong>-p 40000:50000</strong> specifies the port range for passive connections</p><p><strong>-c 5</strong> specifies the number of clients</p><p><strong>-C 1</strong> specifies the number of connections per IP address</p><p><strong>-I 5</strong> changes the idle timeout; default 15 minutes seems excessive</p><p><strong>-T 25</strong> throttles the bandwidth to 25KB/sec per user</p><p><em>Many other switches are available. See the documentation for a complete list.</em></p><p></p><p>To get the standalone server to launch automagically at startup, you would have to write a Startup Item:</p><p>macfora.com/forums/showthread.p...=&threadid=6314 (dead link removed)</p><p></p><p><strong>xinetd Mode</strong></p><p><em>(As always, before editing a system level file, it is wise to create a backup first.)</em></p><p><span style="color: blue">cd /etc/xinetd.d/</span></p><p><span style="color: blue">sudo -s</span></p><p><span style="color: blue">cp ftp ftp.default</span></p><p><span style="color: blue">pico ftp</span></p><p></p><p>Modify the <span style="color: blue">server</span> and <span style="color: blue">server_args</span> lines as folows:</p><p>[code]</p><p>service ftp</p><p>{</p><p> disable = no</p><p> socket_type = stream</p><p> wait = no</p><p> user = root</p><p> server = /usr/local/sbin/pure-ftpd</p><p> server_args = -A -E -p 40000:50000 -c 5 -C 1 -I 5 -T 25 -u 1</p><p> groups = yes</p><p> flags = REUSE</p><p>}[/code]</p><p>Restart xinetd to affect the changes (if you have the existing ftp server running):</p><p><span style="color: blue">kill -1 `cat /var/run/xinetd.pid`</span></p><p><span style="color: blue">exit</span></p><p></p><p>Test to confirm that it is working:</p><p><span style="color: blue">ftp 0</span></p><p></p><p>If you get something like this:</p><p>[code][gatorparrots:] gator% ftp 0</p><p>Connected to 0.</p><p>220-FTP server ready.</p><p>220 This is a private system - No anonymous login</p><p>Name (0:gator):[/code]</p><p>Congratulations! Your new FTP server is working as advertised. To enable the chroot to a single directory, simply assign your ftp users' home directories to your ftp root directory via NetInfo (and possibly put them in a dedicated ftp user group for added flexibility). Otherwise, the individual users will be chrooted to their <strong>/Users/username</strong> home directory.</p></blockquote><p></p>
[QUOTE="gatorparrots, post: 129"] Apple's decision to switch ftp daemons from [B]ftpd[/B] in 10.1 to [B]lukemftpd[/B] in 10.2 is of questionable merit. Their lack of updated documentation to reflect that decision is truly lamentable. Most users upgrading from 10.1.x are left hobbled or with malfunctioning ftp servers (especially in regards to ftpchroot functionality), with no changes in the man pages to help them configure their new ftp daemon. Rather than remaining in that state, I elected to replace the built-in ftp server with [B]pure-ftpd[/B], a robust and feature-rich ftp server that also boasts no root exploits. The first step is to download and unpack the source. First, change directories to wherever you keep you downloads or source code: [COLOR=blue]cd /downloads curl -O ftp://ftp.pureftpd.org/pub/pure-ftpd/rele...d-1.0.14.tar.gz tar xzf pure-ftpd-1.0.14.tar.gz cd pure-ftpd-1.0.14/ ./configure --with-everything --without-banner --without-humor --with-virtualchroot[/COLOR] [I](This will configure a 'big server' with a plethora of options, including throttling, ratios, ftpwho, quotas, but will leave off the guady initial banner and the sprinkling of colorful banter in the error messages, etc.)[/I] [COLOR=blue]sudo make install-strip[/COLOR] At this point you will need to choose which server type you desire, as pure-ftpd can run in either standalone or xinetd mode: [B]Standalone Mode[/B] You can run the server in standalone mode with this command: [COLOR=blue]sudo /usr/local/sbin/pure-ftpd &[/COLOR] or if you desire, use command line switches to configure the server at runtime: [COLOR=blue]sudo /usr/local/sbin/pure-ftpd -A -E -p 40000:50000 -c 5 -C 1 -I 5 -T 25 -u 1 &[/COLOR] The command line switches I have chosen tell the server the following: [B]-A[/B] chroots everyone [B]-E[/B] only allows authenticated users; anonymous users disallowed [B]-p 40000:50000[/B] specifies the port range for passive connections [B]-c 5[/B] specifies the number of clients [B]-C 1[/B] specifies the number of connections per IP address [B]-I 5[/B] changes the idle timeout; default 15 minutes seems excessive [B]-T 25[/B] throttles the bandwidth to 25KB/sec per user [I]Many other switches are available. See the documentation for a complete list.[/I] To get the standalone server to launch automagically at startup, you would have to write a Startup Item: macfora.com/forums/showthread.p...=&threadid=6314 (dead link removed) [B]xinetd Mode[/B] [I](As always, before editing a system level file, it is wise to create a backup first.)[/I] [COLOR=blue]cd /etc/xinetd.d/ sudo -s cp ftp ftp.default pico ftp[/COLOR] Modify the [COLOR=blue]server[/COLOR] and [COLOR=blue]server_args[/COLOR] lines as folows: [code] service ftp { disable = no socket_type = stream wait = no user = root server = /usr/local/sbin/pure-ftpd server_args = -A -E -p 40000:50000 -c 5 -C 1 -I 5 -T 25 -u 1 groups = yes flags = REUSE }[/code] Restart xinetd to affect the changes (if you have the existing ftp server running): [COLOR=blue]kill -1 `cat /var/run/xinetd.pid` exit[/COLOR] Test to confirm that it is working: [COLOR=blue]ftp 0[/COLOR] If you get something like this: [code][gatorparrots:] gator% ftp 0 Connected to 0. 220-FTP server ready. 220 This is a private system - No anonymous login Name (0:gator):[/code] Congratulations! Your new FTP server is working as advertised. To enable the chroot to a single directory, simply assign your ftp users' home directories to your ftp root directory via NetInfo (and possibly put them in a dedicated ftp user group for added flexibility). Otherwise, the individual users will be chrooted to their [B]/Users/username[/B] home directory. [/QUOTE]
Verification
Post reply
Forums
macOS & iOS Developer Playground
macOS - Development and Darwin
Install pure-ftpd
Top