Lack of security when serving FTP/ SFTP! Broken on OS X?

Discussion in 'Mac Apps and Mac App Store' started by RedTomato, Jul 12, 2006.

  1. RedTomato macrumors 68040

    RedTomato

    Joined:
    Mar 4, 2005
    Location:
    .. London ..
    #1
    I'm trying to give my clients at a charity a way of backing up their important files onto my server (an offsite powermac g3 running OS X 10.4.7)

    I simply just can't seem to get it working properly :(

    First I tried setting up a new user and enabling FTP in the Sharing Preferences.

    No go. Couldn't log in with any of my FTP client software (Cyberduck, Fetch etc)

    Then I tried SFTP. Aha! works!

    But once logged in, the user can navigate through my entire HD array - look at all my files and the files of my other clients. Oi! Stop!

    Tried out PureFTPd Manager - it came highly recommended as able to 'jail' users to their own directory.

    Lovely interface. But it still won't work. Users couldn't FTP in, and PureFTPd Manager can't handle SFTP.

    Is FTP in OS X fundamentally broken?

    Read somewhere that OSX from about 10.4.3 onwards no longer supports FTP as it dislikes passwords being sent to it in cleartext.

    Wish Apple would stop advertising it as 'run your own FTP server' in that case.

    I tried setting the new user accounts to the minimum level of permissions (highly managed / restricted account in System / Preferences / Users), and logging via standard OSX SFTP but they can still look in each others filesystems, which is a no go.

    I also tried to set up a 'chroot jail' so that FTP / SFTP users would be confined to their own home directories, but apparently from 10.4.3 onwards, chroot jails no longer work, making the system less secure.

    To be honest, if this is true, this is the biggest disappointment I've had with OS X so far. I'm used to things 'just working' and being secure by default.

    I tried some alternatives:

    - tried FTP/SSL-TLS via a home-brew certificate, but it doesnt seem suitable for my non-computer literate clients - too many dire warnings to click through.

    - also tried setting up a HTML upload/download files website (password protected) on the server, but all the kits I could find on the web required extensive setting up of Java, PHP, CGI etc. I can deal with setting up one or two of them, but they needed to all be set up (apparently) and the instructions soon got over my head.

    If you can recommend a simple way of allowing people to upload /download files while not giving them free roam of the system, I'd be very thankful.
     
  2. MisterMe macrumors G4

    MisterMe

    Joined:
    Jul 17, 2002
    Location:
    USA
    #2
    Which OS are your clients using? Are they all on Macs, all on Wintel PCs, all on Linux, or are they using a mixture?

    Why FTP?

    Why not AFP or SMB?

    Rather than fixating on a particular file access protocol, you will do well to decribe your problem in three or four lines. Include the data asked in my first and second sentences. Ask for suggestions how best to solve your problem.
     
  3. gekko513 macrumors 603

    gekko513

    Joined:
    Oct 16, 2003
    #3
    I believe that what's accessible via ftp is decided by the standard UNIX filesystem rules.

    If you change permissions for the different users' directories to only let the user read and write, and do that recursively, then they won't be able to browse each others' directories.
     
  4. semaja2 macrumors 6502a

    Joined:
    Dec 12, 2005
    Location:
    Adelaide
    #4
    if your smart enough go install other FTP servers or play around with the config files for the built in servers most configs are in places like /etc/
     
  5. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
  6. RedTomato thread starter macrumors 68040

    RedTomato

    Joined:
    Mar 4, 2005
    Location:
    .. London ..
    #6
    MisterMe Thanks for asking - I'll try to answer:

    Clients are all on Macs, (tho that could well change in future)

    Server is offsite, and clients connect through internet. I don't know much about AFP, but I thought that was local network only.

    I know even less about SMB, but it seems it would be overkill for this situation. If you feel that would be a good solution then give me some tips and I'll try to read up on it.

    There's no central server in the office (a deaf theatre charity) just 5 laptops, a networked printer and a broadband connection. I want to give them file storage space on my old powermac / raid5 array at home.

    Email is already backed up by running mail.app on the powermac / raid5 array and downloading a copy of all incoming/outgoing mail from everyones accounts. That's an example of how low-budget we are.
     
  7. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #7
    AFP/SMB work are not limited to local subnets. As long as they have the IP address of the destination box and there's appropriate forwarding of ports through NATs/Firewalls/Routers, then they would work fine for you.
     
  8. RedTomato thread starter macrumors 68040

    RedTomato

    Joined:
    Mar 4, 2005
    Location:
    .. London ..
    #8
    Yes, I worked through that, but no it doesn't work on 10.4.7. That's why I was a bit upset.

    I'm considering reinstalling 10.4 just so that I can get chroot working.

    gekko513 i'm not quite leet enough to be confidient in manipulating permissions so as to make a directory user readable, but make all other directories above it and system directories unreadable to the same user. And doing the same for several differerent users. And have the machine working properly afterwards.

    What you're describing is basically done more easily by the chroot function.

    semja2 Yes, I've played around with installing other FTP servers, and as far as I can see, FTP is disabled on OS X 10.4.7. What seems to happen is that a connection is made, and then all passwords, even correct ones, are refused. Several other people are also saying that PureFTPd Manager is now broken after recent OSX upgrades.
     
  9. ClimbingTheLog macrumors 6502a

    Joined:
    May 21, 2003
    #9

    Is this new to 10.4.7? I installed scponly on 10.4.6 recently.
     
  10. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #10
    Hmm.. I don't see anything in the 10.4.7 update list.

    http://docs.info.apple.com/article.html?artnum=303771

    Maybe in one of the rolled-in security patches?

    Well, nothing about ssh (which handled sftp), but there is a blurb about the FTP server:

    http://docs.info.apple.com/article.html?artnum=303737

     
  11. RedTomato thread starter macrumors 68040

    RedTomato

    Joined:
    Mar 4, 2005
    Location:
    .. London ..
    #11
    How did you manage it? I'd be interested.

    I thought I followed the instructions on the linked page above pretty well, tho I had to make changes cos of different library versions.

    Which version of each file did you use?

    EDIT: ah I think yellow above has found a possible reason why scponly and ftp no longer work
     
  12. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #12
    well scp and sftp are handled strictly by ssh, not ftp.
     
  13. RedTomato thread starter macrumors 68040

    RedTomato

    Joined:
    Mar 4, 2005
    Location:
    .. London ..
    #13
    Yes thats right. They can be run by enabling 'remote login' in the sharing panel. Enabling FTP is not required for these two services.

    FTP runs off port 21, while SSH is over port 22.

    I'm happy to use SFTP [already working] or AFP, anything as long as I can keep users to their home directories, which is the sticking point at the moment.

    Even a web based file upload/download page would work, and would score on ease of use, if I could just work out how to set the damn thing up :)
     
  14. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #14
    Avoid web-based uploads if possible, IMO. Based on PHP it's slow and no good for large files and clumsy and prone to breakage.
     
  15. live4ever macrumors 6502a

    Joined:
    Aug 13, 2003
    Location:
    Thunder Bay, ON
    #15
    Would SharePoints help with the permissions? I've used it to only share certain folders locally (don't know if it'd work over the 'net). It's pretty easy to set up AFS or SMB.

    http://www.hornware.com/sharepoints/
     
  16. RedTomato thread starter macrumors 68040

    RedTomato

    Joined:
    Mar 4, 2005
    Location:
    .. London ..
    #16
    Thanks, I'll have a play with it tonight and let you know tomorrow.

    It does say
    but we'll see if that applies to SFTP / AFS.
     
  17. RedTomato thread starter macrumors 68040

    RedTomato

    Joined:
    Mar 4, 2005
    Location:
    .. London ..
    #17
    I've now had a go at using Hornware's SharePoints.

    I'm completely baffled. I couldn't figure out how on earth to make it do what I wanted or how the various panels interacted with my OS.

    It seemed aimed only for users on local networks so not suited for my needs.

    Thanks for the suggestion anyway.
     
  18. live4ever macrumors 6502a

    Joined:
    Aug 13, 2003
    Location:
    Thunder Bay, ON
    #18
  19. savar macrumors 68000

    savar

    Joined:
    Jun 6, 2003
    Location:
    District of Columbia
    #19
    Somebody else mentioned it, but what you need to look into is CHROOT.

    This makes a particular directory look like the filesystem root ,which means somebody who logs on to their FTP account can only see the directory structure below their home directory -- and nothing else. I don't know how/if you can enable this from the OS X GUI.

    You can set your permissions from the GUI, however, so that nobody can look at your files, run your programs, or see inside of your folders. CHROOT is a better idea though

    http://en.wikipedia.org/wiki/Chroot
     

Share This Page