PureFTPd Manager is now compatible with Mac OS X 10.6 Snow Leopard. The FTP server package combines a simple graphical interface with a powerful and secure FTP server engine to provide remote file access to specific folders or an entire computer, depending on your needs.

PureFTPd Manager 1.8 [1] installs and configures the necessary server software for you, as did previous releases. The software's developer makes the package available at no cost, but requests donations for those who find it worthwhile.

The reason to use FTP, a hoary method from the depths of Internet time, is that FTP can allow account-based access to separate collections of data, with users unable to view all the contents of a drive or other accounts' data. FTP is also highly efficient, because of its origins at a time when bandwidth was precious.

With the right software on the server side, it's easy to create an account that can be used only during certain hours, that's restricted to a specific throughput level and storage total, and which can access only the contents of a targeted folder. It's possible to do some or all of that with WebDAV and a Web server, but you'll have pulled out your hair first.

[image link] [2]

PureFTPd Manager provides a graphical interface to the many features for access control and security available in the BSD-based pureftpd FTP server. The pureftpd server was designed years ago as a from-scratch effort to build a secure FTP server after exploitable flaws were found repeatedly in some older, much-patched systems.

Those flaws are now lost in history, but pureftpd remains a strong alternative to tnftpd [3] (formerly known as lukemftpd, after its initial developer), which Apple uses in Mac OS X. tnftpd isn't inherently problematic, but Apple configures it poorly in both Mac OS X and Mac OS X Server, while also making it effectively impossible to override the company's choices. And, believe me, I've tried. (I explain more of the limits of FTP and alternatives to it in my recently released "Take Control of Sharing Files in Snow Leopard [4]." PureFTPd Manager isn't covered in the book because the developer hadn't committed to a Snow Leopard-compatible version as of the time it was written.)

I've long been a fan of PureFTPd Manager because it addresses the weaknesses in Mac OS X's built-in tnftpd, while eliminating the need for the technical knowledge necessary to use pureftpd. You don't want to configure pureftpd server yourself, as it requires a very long sequence of command-line flags instead of configuration files.

Beyond the ease of setting up users with specific restrictions, and other configuration details, PureFTPd Manager also makes it easy to enable a secure FTP mode. FTP is an inherently insecure file transfer protocol - passwords are sent in the clear. If you use FTP in a public place, like a Wi-Fi hotspot, without using a VPN to protect your data, any casual sniffer can obtain your FTP account name and password. For many people, that username and password also provides access to other parts of an ISP or hosting account, possibly as well as banking and ecommerce sites.

You can wrap FTP in encryption or simulate FTP in one of three typical ways: SFTP, which isn't FTP at all; FTP over SSH; and FTP over SSL/TLS.

• SFTP relies on an SSH component that uses an entirely different protocol from FTP, and lacks all the account management and provisioning tools of FTP. It's appropriate for access to a machine to which a user already has complete access via a terminal using SSH, but not for any accounts that need limited access. SFTP is enabled in Mac OS X by turning on Remote Access in the Sharing system preference pane. (Bare Bones Software's Rich Siegel has commented that SFTP and FTP have three letters in common, but nothing else.)
• FTP over SSH is a pain to configure for average mortals, and it encrypts only the control channel, or the part of the transaction over which account details and commands are sent. The data channel through which files are sent or downloaded is left in the clear.
• FTP over SSL/TLS can also be hard to set up for normal folk, but that's where PureFTPd Manager comes in. FTP over SSL/TLS relies on the same encryption used for secure Web transactions, while still using FTP to move files. You get all the management and restriction benefits of FTP, while layering security on top.

In PureFTPd Manager, after you install the package and walk through a simple initial setup assistant, you can pull up the program's preferences, and click SSL/TLS Sessions. In this screen, you can click Create a Certificate, and either import an existing SSL/TLS certificate you're already using on a computer or create a self-signed certificate.

[image link] [5]

Self-signing means that no external certificate authority validates that the certificate is genuine. However, self-signed certificates are often good enough for personal use or with a workgroup. You can get free certificates [6] that work with pureftpd from StartCom's StartSSL service. (For a detailed look at SSL and TLS, read Chris Pepper's "Securing Communications with SSL/TLS: A High-Level Overview [7]," 25 June 2007.)

If you set PureFTPd Manager's TLS Sessions pop-up menu to TLS Only, then only FTP clients that support SSL/TLS with FTP can connect. In Interarchy 9, for instance, the standard FTP connection tries to create a secure link by default. If a self-signed certificate is found, Interarchy notes that fact in its transcript (Window > Transcript), but connects anyway. (You can disable using unverified certificates in Interarchy > Preferences in the Advanced tab by checking Verify Server Certificates.)

While the world may have seemed to pass FTP by, there are still plenty of cases in which FTP is the best solution for file transfer needs, and there are many client software packages among which to choose: Fetch [8], Captain FTP [9], Interarchy [10], and Transmit [11] are just a few that are built around FTP or support it among other protocols. With PureFTPd Manager, you can get the best of FTP while securing it, too.

[1]: http://jeanmatthieu.free.fr/pureftpd/
[2]: http://www.tidbits.com/resources/2009-10/pureftpd_manager_user_prefs.jpg
[3]: http://freshmeat.net/projects/tnftpd
[4]: http://www.takecontrolbooks.com/snow-leopard-sharing?pt=TB1002
[5]: http://www.tidbits.com/resources/2009-10/pureftpd_manager_ssl_configuration.jpg
[6]: https://www.startssl.com/
[7]: http://db.tidbits.com/article/9049
[8]: http://fetchsoftworks.com/
[9]: http://captainftp.xdsnet.de/cftp/features.html
[10]: http://nolobe.com/interarchy/
[11]: http://www.panic.com/transmit/

Permanent article URL: http://db.tidbits.com/article/10693
This is a specially formatted version of this TidBITS article that removes colors, and optionally removes images; it's designed to minimize the use of ink and paper.
Unless otherwise noted, this article is copyright © 2009 TidBITS Publishing, Inc.. TidBITS is copyright © 2008 TidBITS Publishing Inc. Reuse governed by this Creative Commons License: http://www.tidbits.com/terms/.