FTPd is dedicated to werner@rascal for his many years of devotion to the Macintosh Internet community. You have our thanks!
“rave reviews for FTPd”
- Australian MacWorld, pg 22, June 1993
1994 Derek Van Alstyne Rising Star Award - MacUser Dec 1994
Cool Tools award from Apple - Sep 1994
Contents
What FTPd Does
Features
Using FTPd Setup
Using FTPd
Serving Files Using Other File Servers
Gopher
Security Considerations
Remote Site Access Restrictions†
How to Avoid Being Killed by your Network Administrator
Limitations
Small Print
Warranty†
Fine Print†
Acknowledgements†
How It Works†
Version History†
†These sections are in FTPd Extra Documentation. SimpleText doesn’t handle more than 32k, and I don’t want to rely on any other editor.
What FTPd Does
FTPd is a Macintosh implementation of the Un*x FTP and Gopher server protocol. It should be compatible with most FTP clients, and all gopher clients. Basically it allows your mac to act as an FTP server so you (and others) can access your files from anywhere around the world. Obviously there are some serious security considerations you should look in to before using this software (see the Security Considerations section). FTPd requires System 7, MacTCP 1.1, and File Sharing enabled. It honours the Users&Groups privileges and passwords, and supports multiple logins, anonymous FTP (user name anonymous or ftp), as well as MacBinary and BinHex transfers, and the “MACB” FTP command. You can run “FTPd” as a foreground application (displaying the log), or “FTPd (Background)” as a background only application.
Features
Support both Gopher and FTP connections.
Multiple simultaneous users.
Honours System 7 Users & Groups (in fact depends on them!).
Suports BinHex and MacBinary transfers, including the MACB command.
Supports Alias resolution for directories and files.
Allows login to other AppleShare servers on the local network.
Allows different formats of a file to be fetched.
Pattern matching in change directory command.
Individual initial directory and commands for any user.
FTP site descriptions sent after login.
Directory descriptions sent after CD command.
Supports the CatSearch feature to allow very fast volume wide searches.
Remote site access restrictions
ISO international character translation
Allows setting of the owner, group and access permissions of directories.
Allows users to change passwords on all logged in servers.
Supports Scrambled&Two-way passwords.
Supports process control (launching, listing or quiting applications).
Runs in the foreground or the background.
Using FTPd Setup
NOTE: If you have problems logging in, check the Summary window and see if it gives you any clues.
NOTE: Some preferences are set with the Internet Config application (these are shared between many different Internet applications, so you only have to set them once and then all supporting applications will use them). So make sure you run Internet Config at least once and set your personal preferences.
Before you can run FTPd, you must be running System 7, with File Sharing turned on, and you must set up File Sharing to give appropriate privileges to users and guests (including enabling guest logins if you want to allow anonymous logins). For a user or guest to log in, at least one shared folder must be accessable to them.
Then you need to run FTPd Setup. Click on each icon in turn and set the configuration as you want it. You must set the access privs in FTP Setup for FTP access, and enable gopher in Gopher Setup for gopher access. Other than that, the defaults will do.
There are three types of users:
Owner - The macintosh owner (as defined by the Users & Groups owner name).
User - Anybody with a user name and password set up in the U&G settings.
Guest - Anonymous logins (username of “ftp” or “anonymous”, any password)
and there are four privileges:
None - No access.
Read Only - Access to read existing files, but no write access.
Upload - Access to read existing files, and add things to the file system, but not change what is already there (including not overwriting existing files).
Full - Full access to the file system, read/write files, delete files and (empty) directories, rename files.
You might also want to set up initial directories for some users. Use the FTP Users window to do this. Probably a default for all users will be sufficient, but you can set up each user with their own directory if you want. The string you type in to FTPd Setup is the directory path as seen by the user. So if you have a shared folder /harddisk/sharedfolder, and the user can only see the sharedfolder, not the harddisk, then the path should be “/sharedfolder”. The owner can usually see the entire volume so you would set the owner path to “/harddisk/folder”.
WARNING: This does not add any security to your site, it simply sets their initial directory, it does not constrain them to that directory.
When you have finished setting up the privileges, you can create or edit the files in the “Startup Messages” folder (which may reside either in FTPd’s folder or in the “FTPd Preferences ƒ” folder in the Preferences folder). The files in the Startup Messages folder will be returned when the user with that name logs in. So for example the “Peter Startup” file will be returned to the user named “Peter” when he logs in, and the “Anonymous Startup” file will be returned when a user logs in as either “ftp” or “anonymous”. If a file doesn’t exist for the user, the file “Default Startup” will be used instead if it exists. Also, you can put a file “!Folder Info” in any folder and it will be displayed to the user when they change into that directory. The files should be text-only and will be converted to ISO 8859-1 before being sent, and should be hard word wrapped to 70 columns. Note that some clients may not display this information. NOTE: At most 5k is returned at one time, so restrict your files to reasonable sizes. If you want to have the file listing of your site available (or any other large file), put the listing into a file, and then refer to that file in your Startup or Folder Info files.
The gopher server uses the Guest access of AppleShare to define the visible files and folders. As well, you can use the Gopher Listing menu item to change the names of files, and to add links to other gopher servers. One way of adding links is to use TurboGopher to find the place you want to link to, and add it to your bookmarks file, then export that. This only works for old versions of TurboGopher - the format changed in TurboGopher v2, so FTPd Setup can no longer read it. FTPd Setup will let you add those bookmarks into a folder, you can then edit them to change the names, or remove some of the links. You can also add an index entry, which will let the user find files by specifying part of the name. You can specify the root of the gopher tree using the Gopher Setup window. If you have a shared folder named “sharedfolder” and a folder names “gopher”, both of which are visible to guests, then type “/sharedfolder/gopher” into the Root Directory field.
If you are running FTPd on a server or other dedicated Mac, you may prefer to run it in the foreground, instead of as a background only app. It will get a little more processing time, and be able to display the log file in real time.
Using FTPd
First, make sure that your AppleShare privileges are set up correctly. Tom Daley reported to me that he had someone try to access his machine within three minutes of first launching FTPd! So don’t think you’ll be safe if you’re quick!
To use FTPd, simply put an alias to it in the Startup Folder and launch it. After that it will run in the background and allow users to connect to your Mac from anywhere in the world. You can then use any FTP client (eg Anarchie or Fetch on Macs, or the standard Un*x ftp program) to access your Mac. For information on how to use them, see their respective documentation. If you are also running NCSA/Telnet, make sure to disable it’s FTP server or people will (randomly) get either it’s server or FTPd. You can Quit FTPd by launching FTPd Setup and holding the option key down while you quit it.
As an extra feature, if a file “thefile” (for example) exists on the mac, then you can issue the following commands to get different formats of that file:
NOTE: All of these examples assume you're using the standard Un*x ftp client. If you're using some other system consult its documentation for the equivalent commands. BTW, when using the Un*x ftp client watch out for usernames with spaces in them. If you type “user fred bloggs” it thinks the username is fred and the password is bloggs, instead type “user "fred bloggs"”.
get thefile - get the file in the current transfer mode.
get thefile.data - retrieves the data fork (in ASCII or binary).
get thefile.rsrc - get the resource fork of the file (binary mode only).
get thefile.info - get the info fork of the file (binary mode only)
(the info fork is the same format as the first 128 bytes of the MacBinary file).
get thefile.hqx - get the file after converting it to BinHex format.
get thefile.bin - get the file after converting it to MacBinary format
(you can also use .mb, .macbin, .macbinary) (binary mode only).
Also, you can put binhex or macbinary files and they will be converted automatically:
put thefile.hqx - put the file after converting it from BinHex format.
put thefile.bin - put the file after converting it from MacBinary format.
(you can also use .mb, .macbin, .macbinary) (binary mode only).
Fetch and Anarchie will both transfer in MacBinary format, which means the file will be exactly duplicated from one Mac to the other.
The dir command also support various unix-like flags, including CspFl (for columnar display, display size in k, display directories with a / on the end, and long display), eg:
dir -CF
You can mount extra volumes after startup by using the “SMNT” command like this:
quote smnt volume:server@zone:username:password
@zone defaults to @*, and the username and password default to your loging username and password (this is a slight security risk, but you shouldn't leave any ftp connection unattended any more than you would leave a telnet connection unattended, so it should not be a problem). So to mount HardDisk on machine TheMac in your zone, using your username and password, you can type:
quote smnt HardDisk:TheMac
To mount all disks on a Mac named “server” in your zone, just type:
quote smnt server
By default only the owner can mount volumes, but you can allow users or guests to mount volumesusing the FTP Setup window.
You can also type SMNT and SITE commands into FTPd’s FTP Users window to have them automatically moutned when the user logs in.
FTPd also supports the “MACB” command in the same way NCSA Telnet does.
quote macb e - turns macbinary transfer mode on
quote macb d - turns macbinary transfer mode off
Other special features are:
quote site u - display current usage stats (memory, connection, users, etc)
quote site v - display site statistics (number of logins, total transfered, etc)
quote site s - use short (8.3) names. Looks like a PC (yuck)
quote site l - use long (31 character) names. Much better (default)
quote site h [e|d] - enable/disable adding “.hqx” to the end of all files in directory listings.
quote site q - quit the server (the user must be the owner).
quote site index <search> - list the files that contain <search> in their name.
Caveat: This doesn’t work for AppleShare 2.0.* volumes. Also, it only uses long (31 character) names, irrespective of the short/long setting.
quote site p <password> - change your password. You must issue this three times in succession without any intervening commands, the first one with your old password as a parameter, and the next two with your new password. This will change your password on all currently logged in servers.
quote site c p <rwxr-x---> <directory> - set the permissions for a directory.
quote site c o <owner> <directory> - set the owner of a directory (the owner name cannot have any spaces in it - sorry).
quote site c g <group> <directory> - set the group of a directory (the group name cannot have any spaces in it). You can use “none” as a group name to set it to no group.
quote site a list - list running processes
quote site a nlst - list names of running processes
quote site a oapp crea - launch application with creator type “crea”
quote site a quit crea - quit application with creator type “crea”
Also, you can use pattern matching in the cd command. Eg:
cd "/HD/System Folder"
cd /HD/System?Folder/pref*
cd /HD/syst*
cd /HD/Sys*fol*
You can use “quote help” to find out some information on the other commands.
quote help
quote help pass
quote help site
quote help "site f"
The multiline response returned by the login command sequence, the cd command and the help command may confuse some old FTP clients. This feature can be disabled by inserting a dash “-” before either your username or password (which means you will have to put an extra dash before any username or passwords which start with a dash, but that’s probably not a problem :-)
A log file named “FTPd Log” is kept in the Preferences folder that records who logged in or out and when, as well as what files the put or get. Make sure you enable logging in FTPd Setup if you want a log file.
Serving Files Using Other File Servers
To enable acces to another file server the appropriate users must have the “Remote Mounting” enabled in FTP Setup.
All privileges are contingent on having the appropriate privileges through AppleShare. Thus if a particular user can’t access a particular volume using AppleShare they won’t be able to through FTPd either (even if you give them Full access). The same applies for other servers of course.
FTPd works fine with CAP servers and Netware Macintosh servers, but you’ll have to enable Clear Text passwords in the Security window. This is a slight security flaw, but since the password gets to FTPd in plain text, it’s not much worse than normal.
If you normally want to have the users able to access a remote server right away then the easiest way to do this is to add an SMNT command in the “Login Commands” of the “Default” entry in FTP Users. Or you may want to tell the users about being able to mount other servers by putting a note in a "!Folder Info" or Startup Message file.
For gopher users, you can mount other servers by adding an SMNT command to the “Gopher Setup” window.
Note that mounting takes some time. If you mount too many file servers then the user will need to wait a long time for them to mount.
Gopher
FTPd also supports the gopher protocol, mainly designed to simplify anonymous ftp. You can get several Mac clients for Gopher, including TurboGopher, available from the usual places.
To allow gopher access to your machine you need to enable gopher in FTPd Setup’s preferences window, as well as enabling Guest access via AppleShare (since Gopher is effectively a gateway to anonymous (guest) ftp).
Gopher types are determined from the Mac file type (you can edit STR# 180 to add other types).
You can also add links from your machine to other servers. The easiest way to do this is to use TurboGopher to find the destination location you wish to link to, and add it to your bookmarks file, then export the bookmarks to a file. Then go in to FTPd Setup, choose Gopher Listing and select your gopher directory. Click the Add BookMarks button and FTPd will insert all your bookmarks (you can delete any you don’t want). While you’re there, you might also like to click the Add Index button to add an index entry to the directory - users who connect to your gopher server can use this to search for files by name.
Security Considerations
“Be afraid. Be very afraid” - The Fly
Allowing FTPd to run on your Mac poses huge security questions. Some of the same security questions are also posed by System 7 File Sharing. However with FTPd they are much worse because you’re making your Mac accessible to everyone on a world wide network. Things you definitely should do:
Disable guest logins unless you actually need them. Most people don’t. (Disable them in the <Any User> user in the Users & Groups folder, as well as in the FTPd Setup).
Note: You’ll need guest logins enabled to allow gopher connections or anonymous ftp.
If you want a few people to have access, perhaps a better idea than guest login is to give them a single account with a shared password. This is more secure than guest logins, since no matter how many people they tell the password to, it will always be less than the number of people who could log in as guests.
Disable remote mounting to guests or users. Again, most people don‘t need access to volumes other than those directly on your Macintosh (That is the Entire Volume and Shared Folder volumes). You Definitely Should Not allow access to other volumes on the network if you do not control them, and you Definitely Should inform the administrators of any other servers on the network that you will be allowing access to them so that they can secure their servers as well.
Only share a small portion of your file system. That way you don’t have to worry about the rest of it. You, as the owner, can still get access to it by turning the See Entire Volume checkbox on for your user in the Users & Groups info.
Verify that the file sharing privileges are set correctly. A good start is to change everything to owned by you and only visible/modifiable by you. Then change the privileges on areas that you want to give users and guests access.
Keep your password secure! Anyone on the Internet with your username, machine address and password will likely be able to delete every file on your harddisk. This is a scary thought. You should be scared. Don’t give your password out and don’t use an obvious password. Obvious passwords include, but are not limited to, any of the following patterns (in decreasing obviousness)...
• your user name.
• your real name.
• your initials.
• any of the above backwards.
• your husband’s/wife’s/girlfriend’s/boyfriend’s/dog’s/frog’s/machine’s etc name.
• your car licence plate, make, model, etc.
• your birthday.
• your student/MediCare/social security/tax file/etc number.
• any of the above backwards.
• any word from a dictionary (especially an electronic dictionary).
Good passwords can be found by making up nonsense words or using the first
letters from a common saying and by including non-alphanumeric ASCII
characters.
Invalid login attempts are logged to a log file in the Preferences folder (assuming logging is enabled). Turn logging on and check the log file regularly to improve your security.
If in doubt, don’t run FTPd. I can’t accept any liability for any problems. I have done my best to make sure it is secure. If that is not good enough, don’t use it. It’s as simple as that.
How to Avoid Being Killed by your Network Administrator
FTP can use a lot of bandwidth and so you should check with the system administrators on your network before setting up an FTP site for anything more than personal use.
Also, since FTPd can make other servers on the entire AppleTalk internet available for FTP, you should ensure that the administrators of such machines (including anyone who has File Sharing enabled on their mac) are aware of this before you allow FTP access to Mounted, Server or Far Server volumes.
I can’t accept any responsibility if you use this software in an irresponsible manner (in fact I won’t accept any responsibility not matter how you use this software!). As long as you disable remote mounting and don’t try to become the next Info-Mac archive, it shouldn’t be much of a problem, but check with your network administrators anyway.
Limitations
FTPd & FTPd Setup require System 7 with File Sharing turned on, MacTCP 1.1 (or later), probably require the 128k ROM (or later).
Small Print
This program is Shareware, which means if you use it, you must pay for it. The cost is:
Site Licensing:
World-Wide Source Code License: US$5000
World-wide license: US$2000
Universities or companies site license: US$500
Curtin University and the University of Western Australia are exempt.
Single-user license: US$10.
Australians may pay in Australian dollars direct to me if it is easier.
There is no upgrade fee, if you registered a previous version, that registration remains valid.
Use the Register program to fill out the registration form and send it together with your payment to Kagi Shareware, my US distributor. The address and payment options are shown in the Register program. You can pay using US$ cash, check, credit card (AmEx, VISA or MC).
If you purchase a site license, contact me for information on how to make this program automatically set the “I Paid” flag in the FTP Setup dialog (for those who are interested, I leave the “I Paid” checkbox off on my machine to ensure that the About box is not too annoying and it doesn’t trouble me, so live with it)
You may distribute this program any way you wish as long as you don't charge for it (reasonable download costs such as Compu$erve are ok I guess (although who would call Compu$erve’s download costs reasonable?)). It would probably be a good idea to keep this documentation file with the program, but I’m hardly likely to check up on you now am I! I don’t guarantee any support, but I always answer my Email. If I don’t answer Email its because your message didn’t get to me, or my reply bounced, so try again and include a valid Internet address if you can.
You MAY NOT DISTRIBUTE this program on any disk costing more than $5 without my explicit permission.
