Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Lack of security when serving FTP/ SFTP! Broken on OS X?

RedTomato

RedTomato

macrumors 601
Original poster
Mar 4, 2005
4,162
446
.. London ..
I'm trying to give my clients at a charity a way of backing up their important files onto my server (an offsite powermac g3 running OS X 10.4.7)

I simply just can't seem to get it working properly :(

First I tried setting up a new user and enabling FTP in the Sharing Preferences.

No go. Couldn't log in with any of my FTP client software (Cyberduck, Fetch etc)

Then I tried SFTP. Aha! works!

But once logged in, the user can navigate through my entire HD array - look at all my files and the files of my other clients. Oi! Stop!

Tried out PureFTPd Manager - it came highly recommended as able to 'jail' users to their own directory.

Lovely interface. But it still won't work. Users couldn't FTP in, and PureFTPd Manager can't handle SFTP.

Is FTP in OS X fundamentally broken?

Read somewhere that OSX from about 10.4.3 onwards no longer supports FTP as it dislikes passwords being sent to it in cleartext.

Wish Apple would stop advertising it as 'run your own FTP server' in that case.

I tried setting the new user accounts to the minimum level of permissions (highly managed / restricted account in System / Preferences / Users), and logging via standard OSX SFTP but they can still look in each others filesystems, which is a no go.

I also tried to set up a 'chroot jail' so that FTP / SFTP users would be confined to their own home directories, but apparently from 10.4.3 onwards, chroot jails no longer work, making the system less secure.

To be honest, if this is true, this is the biggest disappointment I've had with OS X so far. I'm used to things 'just working' and being secure by default.

I tried some alternatives:

- tried FTP/SSL-TLS via a home-brew certificate, but it doesnt seem suitable for my non-computer literate clients - too many dire warnings to click through.

- also tried setting up a HTML upload/download files website (password protected) on the server, but all the kits I could find on the web required extensive setting up of Java, PHP, CGI etc. I can deal with setting up one or two of them, but they needed to all be set up (apparently) and the instructions soon got over my head.

If you can recommend a simple way of allowing people to upload /download files while not giving them free roam of the system, I'd be very thankful.
 
RedTomato said:
I'm trying to give my clients at a charity a way of backing up their important files onto my server (an offsite powermac g3 running OS X 10.4.7)

....
Click to expand...
Which OS are your clients using? Are they all on Macs, all on Wintel PCs, all on Linux, or are they using a mixture?

Why FTP?

Why not AFP or SMB?

Rather than fixating on a particular file access protocol, you will do well to decribe your problem in three or four lines. Include the data asked in my first and second sentences. Ask for suggestions how best to solve your problem.
 
I believe that what's accessible via ftp is decided by the standard UNIX filesystem rules.

If you change permissions for the different users' directories to only let the user read and write, and do that recursively, then they won't be able to browse each others' directories.
 
if your smart enough go install other FTP servers or play around with the config files for the built in servers most configs are in places like /etc/
 
MisterMe Thanks for asking - I'll try to answer:

Clients are all on Macs, (tho that could well change in future)

Server is offsite, and clients connect through internet. I don't know much about AFP, but I thought that was local network only.

I know even less about SMB, but it seems it would be overkill for this situation. If you feel that would be a good solution then give me some tips and I'll try to read up on it.

There's no central server in the office (a deaf theatre charity) just 5 laptops, a networked printer and a broadband connection. I want to give them file storage space on my old powermac / raid5 array at home.

Email is already backed up by running mail.app on the powermac / raid5 array and downloading a copy of all incoming/outgoing mail from everyones accounts. That's an example of how low-budget we are.
 
AFP/SMB work are not limited to local subnets. As long as they have the IP address of the destination box and there's appropriate forwarding of ports through NATs/Firewalls/Routers, then they would work fine for you.
 
yellow said:
chroot'd SFTP/SCP still works on 10.4.4 (and beyond? give it a shot).

http://www.schwie.com/brad/macosxsftpchroot/
Click to expand...

Yes, I worked through that, but no it doesn't work on 10.4.7. That's why I was a bit upset.

I'm considering reinstalling 10.4 just so that I can get chroot working.

gekko513 i'm not quite leet enough to be confidient in manipulating permissions so as to make a directory user readable, but make all other directories above it and system directories unreadable to the same user. And doing the same for several differerent users. And have the machine working properly afterwards.

What you're describing is basically done more easily by the chroot function.

semja2 Yes, I've played around with installing other FTP servers, and as far as I can see, FTP is disabled on OS X 10.4.7. What seems to happen is that a connection is made, and then all passwords, even correct ones, are refused. Several other people are also saying that PureFTPd Manager is now broken after recent OSX upgrades.
 
ClimbingTheLog said:
Is this new to 10.4.7? I installed scponly on 10.4.6 recently.
Click to expand...

Hmm.. I don't see anything in the 10.4.7 update list.

http://docs.info.apple.com/article.html?artnum=303771

Maybe in one of the rolled-in security patches?

Well, nothing about ssh (which handled sftp), but there is a blurb about the FTP server:

http://docs.info.apple.com/article.html?artnum=303737

FTPServer

CVE-ID: CVE-2006-1445

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.6, Mac OS X Server v10.4.6

Impact: FTP operations by authenticated FTP users may lead to arbitrary code execution

Description: Multiple issues in FTP server path name handling could result in a buffer overflow. A malicious authenticated user may be able to trigger this overflow which may lead to arbitrary code execution with the privileges of the FTP server. This update adresses the issue by properly handling the boundary conditions.
Click to expand...
 
ClimbingTheLog said:
Is this new to 10.4.7? I installed scponly on 10.4.6 recently.
Click to expand...

How did you manage it? I'd be interested.

I thought I followed the instructions on the linked page above pretty well, tho I had to make changes cos of different library versions.

Which version of each file did you use?

EDIT: ah I think yellow above has found a possible reason why scponly and ftp no longer work
 
yellow said:
well scp and sftp are handled strictly by ssh, not ftp.
Click to expand...

Yes thats right. They can be run by enabling 'remote login' in the sharing panel. Enabling FTP is not required for these two services.

FTP runs off port 21, while SSH is over port 22.

I'm happy to use SFTP [already working] or AFP, anything as long as I can keep users to their home directories, which is the sticking point at the moment.

Even a web based file upload/download page would work, and would score on ease of use, if I could just work out how to set the damn thing up :)
 
Avoid web-based uploads if possible, IMO. Based on PHP it's slow and no good for large files and clumsy and prone to breakage.
 
live4ever said:
Would SharePoints help with the permissions? I've used it to only share certain folders locally (don't know if it'd work over the 'net). It's pretty easy to set up AFS or SMB.

http://www.hornware.com/sharepoints/
Click to expand...

Thanks, I'll have a play with it tonight and let you know tomorrow.

It does say
A File Sharing Only user is defined as a user that cannot login via telnet or ssh and does not have a home directory assigned.
Click to expand...
but we'll see if that applies to SFTP / AFS.
 
I've now had a go at using Hornware's SharePoints.

I'm completely baffled. I couldn't figure out how on earth to make it do what I wanted or how the various panels interacted with my OS.

It seemed aimed only for users on local networks so not suited for my needs.

Thanks for the suggestion anyway.
 
RedTomato said:
Is FTP in OS X fundamentally broken?
Click to expand...

Somebody else mentioned it, but what you need to look into is CHROOT.

This makes a particular directory look like the filesystem root ,which means somebody who logs on to their FTP account can only see the directory structure below their home directory -- and nothing else. I don't know how/if you can enable this from the OS X GUI.

You can set your permissions from the GUI, however, so that nobody can look at your files, run your programs, or see inside of your folders. CHROOT is a better idea though

http://en.wikipedia.org/wiki/Chroot
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back