Sponsored in part by... Bare Bones Software Yojimbo 1.5 from Bare Bones Software: Your effortless, reliable
information organizer for Mac OS X. It will change your life,
without changing the way you work. Download the demo or buy it
today! <http://www.barebones.com/products/yojimbo/>

[F] TidBITS / TidBITS / TidBITS Talk /

Setting up a secure FTP site on my Mac

[merry]merry - 02:26pm Nov 16, 2004 PST

Because of the delayed email problems I have been experiencing, I am wondering whether I can bypass the email system entirely by setting up a secure FTP site on my Mac to send to and receive data from my clients.

I know it’s possible to set up an FTP connection as I’ve read the Take Control book on sharing files, Pogue’s Missing Manual and Panther in a Nutshell, but all these seem to emphasise internal connections not ones to external clients. Connectivity is not my strong point, in fact I try to avoid it as much as possible. I do not really care about the difference between DHCP and BootP, just so long as I have *some* connection....

There is not enough traffic to justify the cost of a web hosting, so what I want to do is:

1. Have a secure area of hard drive to which I can upload data for my clients to download at their end. (a) Would it be necessary to have this area as a separate partition on my hard drive? (b) I’d prefer to have my clients download the stuff as a complete file name which, after asking for a password, automatically downloads to their PC.

2. Have separate drop boxes for each client, individually password-protected, into which they can upload data for me. All they will be able to see is their drop box and nothing else or, better still, have an application asking them to choose the file they want to upload and then just copy the file(s) across.

I have a static IP address, if that’s required for an FTP (or SFTP) site, and can use Transmit or an Interarchy upgrade to use for uploading. However, most of my clients use PCs so what software can they use to upload? They can download my stuff via a browser.

If this possible? Will it be secure? If so, can anyone can point me in the direction of instructions - preferably of the “do this as follows, 1., 2., 3.” sort - I’d really appreciate it.

[Take Control of Sharing Files does include this information, but the reason it's not laid out the way you want is that it's a bit tricky. You'd have to create a user account for each person you wanted to login (unless you want to let them share an account) and the book does include instructions for limiting FTP access for such users. There are lots of PC FTP programs, and Windows can access FTP sites directly too. There are lots of other solutions as well, though they end up trading money against ease of use. For instance, Creo Tokens is easy (though it would suffer from the email slowdown as well, since the tokens themselves are sent via email, even if the files aren't) and Web Crossing, which we're using for our main server, does this kind of thing really well with serious granularity (but it's hugely overkill otherwise). -Adam]

<http://www.tidbits.com/takecontrol/panther/sharing.html>

Thanks

Merry


Mark as Read
  OutlineAll MessagesOlder MessagesOldest MessagesNewest MessagesNewer Messages

Lewis Butler (apparently) - Nov 17, 2004 12:13 pm (#1 Total: 6)  

Reply to this message
via email  

Photo of Author
Posts: 989
Re: Setting up a secure FTP site on my Mac

On Tue, 16 Nov 2004 13:26:35 -0800, merry <merriedial.pipex.com> wrote:
> 1. Have a secure area of hard drive to which I can upload data for my
> clients to download at their end.
> (a) Would it be necessary to have this area as a separate partition on my
> hard drive?
> (b) I'd prefer to have my clients download the stuff as a complete file
> name which, after asking for a password, automatically downloads to their
> PC.

There are a lot of ways to do this, and even a lot that do not require
creating multiple users.

1) Use WEBDAV. This will mean either getting a dynamic dns domain
(dydns.org and others) or having your clients access via your IP. The
advantage to webdav is that once they've mounted the webdav location
on their machines it acts just like any other network location (Mac or
PC).

2) use http-auth. The advantage to this is you don't need to explain
setting up the webdav to windows users, and they just use their normal
browser to access the data. Again, a dynamic domain is likely needed.

3) use proftp or other ftpd server that supports sftp. These
programs, unlike apple's included ftpd, allow the creation of users
that exist only in the ftp configuration.

you do not want to use normal ftp as it is ridiculous insecure, but
sftp/ftp-ssh is secure.

> I have a static IP address, if that's required for an FTP (or SFTP) site,
> and can use Transmit or an Interarchy upgrade to use for uploading. However,
> most of my clients use PCs so what software can they use to upload? They can
> download my stuff via a browser.

we're back to webdav then. they will need to be running Windows XP,
although rumor has it it will work in a fully patched win 98. I use
webdav from both my macs and my lone PC to access my website and
upload files to it. I have a area within my website where either I or
my wife can upload, but she cannot upload elsewhere.

> If this possible? Will it be secure? If so, can anyone can point me in the
> direction of instructions - preferably of the "do this as follows, 1., 2.,
> 3." sort - I'd really appreciate it.

Setting up webdav is pretty trivial. Setting up individual boxes will
not be hard, only tedious. if you want a sample setup from my
http.conf file just drop me an email.

There is one gotcha with webdav and windows, at least in my
experience, the url needs to be absolute with no paths.
http://www.kreme.com/webdav/ did not work (it connected but showed no
files) and I was forced to use a url of http://webdav.kreme.com/

--
 ::::::=== <http://2blog.kreme.com> ===::::::

matthews (apparently) - Nov 17, 2004 12:17 pm (#2 Total: 6)  

Reply to this message
via email  

Photo of Author
Posts: 18
Re: Setting up a secure FTP site on my Mac

I usually recommend that people in your situation get an FTP-only
account for $6/month from Pair.com. Pair includes anonymous FTP
access, so your clients can upload files that only you can download.
For sending files to clients you can use .htaccess files to
password-protect folders in the web space, or encrypt files with
DropStuff (or StuffIt Deluxe) before putting them online.

Your clients would need an FTP client to upload, and a web browser to download.

Using a commercial web host does cost something, but it will be
available 24/7, and you won't have to expose your machine (since a
machine running FTP service typically can't be behind a firewall or
NAT device).
--
Jim Matthews
Fetch Softworks
http://fetchsoftworks.com

butchfag (apparently) - Nov 17, 2004 12:17 pm (#3 Total: 6)  

Reply to this message
via email  

Photo of Author
Posts: 64
Re: Setting up a secure FTP site on my Mac

There is another option that may be a little easier to deal with. You
could set up a web site under Plone. (Plone is a content management
system running on the Zope application server.) Plone and Zope are
both open source and available for numerous platforms including an
excellent installer for Mac OS X. (http://www.plone.org - http://www.zope.org)

It's very straightforward to set up a password protected web
accessible area for each of your clients (actually this is done by
default) and would require minimal configuration of a shared area to
make accessible to people you grant access.

Depending on factors like the size of attachments and the speed of
your server there may be performance issues, some of which can be
mitigated through configuration changes (using the filesystem to
physically store the transferred files for example). From a Mac OS X
system, this kind of set up will be up and running in minutes to allow
your clients a password protected way to send data to you thanks to
the excellent Plone installer from Jim Roepcke of Tyrell Software
(tyrell.com). The Mac installer includes all the pieces you need
(Plone, Zope, Python) and sets up a default site automagically. To be
fair to the excellent people working on the Windoze and other systems
installers, they do mostly the same thing, if just in a little less
polished way. And course, no matter what platform you need it for,
it's still free. ;-)

YMMV of course, but I for one would see this as a more simple way to
accomplish what you were hoping to do with secure FTP.

Good luck to you,

Christopher Appell
zope.freerecuiting.com

merry (apparently) - Nov 17, 2004 12:17 pm (#4 Total: 6)  

Reply to this message
via email  

Photo of Author
Posts: 11
Re: Setting up a secure FTP site on my Mac

Hi Christopher

Thanks for this information. From what you say, it seems that Plone
might be the solution I want.

Can you please let me know if my clients will also have to install
Plone on their PCs or Macs in order to use the system, or does my
Plone setup enable them to download (and upload) via their usual web
browsers?

Also, is the rest of my Mac secure when using Plone?

Many thanks

Merry

Jeff Porten (apparently) - Nov 19, 2004 9:04 am (#5 Total: 6)  

Reply to this message
via email  

Photo of Author
Posts: 342
Re: Setting up a secure FTP site on my Mac

Two more thoughts on this topic.

1) I think you dismissed the built-in software a bit too quickly. You
can turn on sftp access to your computer as simply as clicking "Remote
Login" in the Sharing System Preference. Users and passwords can be
controlled in the Accounts pane. Very simple, all already available.

Your users will be limited in what they can access if they're all
Standard users. Your primary concern here is that they can also ssh in
at the command line (i.e., open a Terminal window to your machine on
their computer). They won't be able to touch any other files from
there, but they could theoretically run Unix utilities that eat up your
CPU. Most users, though, don't have the technical skill to do this.
And you can always watch your CPU with various utilities and boot the
miscreants.

The hardest part about this is that each user will only have access to
their own filespace, and you want a distribution system. There are
ways to do this in the file system, but the simplest technique would be
a series of AppleScripts that synchronizes a central folder (that only
you can read and write) to everyone else's folders. This is wasteful
of disk space, but if you don't care, it's totally secure.

2) If you're happy with regular FTP, then check out WebCrossing
Express. It's very powerful, gives you complete control over who can
do what, and it's free. The main advantage of WebX Express here is
that since the FTP protocol is insecure, you want to be sure that most
of your hard drive is invisible to the FTP server. WebX does that; if
it's not in the realm of the WebX server, there's no way to get to it.

<http://www.webcrossing.com/>

[Jeff makes a good point - Web Crossing Express is free and gives you some of the power of Web Crossing; when the question was first posed, I immediately thought "That's trivial in Web Crossing" but didn't say anything because Web Crossing itself is massive overkill. Web Crossing Express might be just right though. -Adam]

Best,
Jeff

merry - Dec 6, 2004 9:06 am (#6 Total: 6)  

Reply to this message
 

Photo of Author
Posts: 11
Re: Setting up a secure FTP site on my Mac

Thanks for all the advice on this. By trying some of the suggestions I realise that this is much more complicated than what I thought it would be and all I’ve achieved so far is getting my portable Mac to speak to my Motorola mobile phone! That was unduly protracted because Motorola won’t support Macs (why don’t they state this in their ads so we won’t waste time and money by buying their products); and it took me a while to find out where Vodafone hides its information for setting up some of its services.

There are workarounds for getting mobiles (even Motorola ones) and Macs to speak to each other. I would especially recommend Nova Media’s Mobile High Speed for Mac OSX.

As for the rest, I have also tried setting up Apache but I haven’t got much further than getting the test page... And for FTP transfers, a Mac Genius at the newly-opened Apple Store on Regent Street, London, has recommended Cyberduck 2.3.3, though probably Transmit, Fatch and Interarchy are all as good.

I have also found two really useful books: MacOSX Hacks and MacOSX Panther Hacks both published by O’Reilly. The first book really goes into detail in the way I like “Do this, 1, 2, 3...” for various networking things, such as mounting a WebDAV share, as well as web things, for example setting up Apache. It also covers setting up your own mail server but this has been superseded by the Postfix discussed in MasOSX Panther Hacks. I think it’s a pity MacOSX Hacks seems to be going out of print because it covers many things which are still valid for Panther. The MacOSX Panther Hacks is not a revision, rather it provides another 100 Hacks.

IF I finally achieve what I wanted to do, I hope I can let this list know how I did it. Unfortunately I cannot focus on doing this right now because I am working for another client for a while. The life of a freelancer is ever varied.

Thanks again for the responses



Merry



  OutlineAll MessagesOlder MessagesOldest MessagesNewest MessagesNewer Messages


 Content:

Read New | Search

 Guest:

New User Registration | Email to Sysop | Login

 Add:

Post Message

[F] TidBITS / TidBITS / TidBITS Talk / Setting up a secure FTP site on my Mac




Add a message

To add a message to this discussion, you must be a registered user. Enter your email address below. If you have an account associated with the email address you enter, you will be prompted for your password. If not, you'll be able to create a new account with no fuss.

Enter your email address:

Submit