[an error occurred while processing this directive]

Setting Up Your Own Anonymous FTP Server

by Peter Hein <>

HOW-TO - anonymous ftp server

Recently I had a support request from a professor on campus; he wanted to have an anonymous server setup on his Mac OS X Server box. I was quite familar how to setup FTP services for the average user, but had not implemented anonymous services.

After some digging through O'Reilly references, and some Apple Tech notes, I was able to piece together steps to take; they are detailed here.

The FTP user has access to only one directory tree. It is owned by root and is in the group of nobody. In combination with the chroot command, you can severly restrict access to the ftp directory. This prevents people from wandering through your entire directory tree.

On with the details:
Log into your system as root.

In the NetworkManager application create a user called ftp

  • Login shell set to none, but enable login
  • don't set a password
  • Default group is nobody
  • Create a home directory - e.g. pub_ftp

In a treminal window or from the WorkSpace Manager, go to the pub_ftp directory. Delete the directories Applications, Mailboxes, and Library. Using mkdir create the following directories:

  • bin - will store the ls command so users can list files
  • pub - where files will be stored
  • usr/lib - store dyld
  • System/Library/Frameworks/System.framework/Versions/B/

It is time to copy some files into the directories just created.

  • copy /bin/ls to ~ftp/bin
  • copy /usr/lib/dyld to ~ftp/usr/lib/
  • copy System/Library/Frameworks/System.framework/Versions/B/System
    to
    ~ftp/System/Library/Frameworks/System.framework/Versions/B/

For ls to work, you must have dyld and System copied in the proper directories. Otherwise the users will not be able to list the files.

Now, the pub_ftp directory is almost setup, there is one more thing. Since we don't want anyone to go above this directory, we need to make this the root for the user ftp. This means the ftp user won't be see any directories above pub_ftp. To do this, use the chroot command. An example is
chroot -u ftp /Local/Users/pub_ftp/

Lastly, set the permissions on all of the directories. Start with the pub_ftp set to

  • chown -R root.nobody ~ftp
    then chmod 555 the pub_ftp directory
  • cd into pub_ftp
  • chmod 555 ~ftp/bin
  • chmod 555 ~ftp/usr
  • chmod 555 ~ftp/System/Library/...

You can also chmod the pub directory if you don't want anyone to upload files to the account.

Your system should now be setup. Head to another Macintosh, fire up your favorite FTP application. Try and log in as user ftp and then your email address.

If you have any problems, check the FTP log. It can help in tracking down problems. It will also tell you who logged in and when. You can find the FTP log in /var/log/ftp.log.

Reference Material
  1. Managing Interne Information Services - OReilly & Assoc Inc. 1994 First Edition
  2. Tech Info Library - Article ID 60171
  3. OmniGroup Mac OS X Admin listserv - 1999 archive