Pure-FTPd Question

Hey guys,

I’m wanting to allow users of my app to send me diagnostic data when they need to. Up to now, I’ve been doing this by sending myself an e-mail from within the software. This works but not 100% of the time due to firewall issues, etc. I’d like to investigate using FTP to send the log files to an FTP server.

I’ve found Pure-FTPd as an option to run on one of my Mac Minis. Yes, OS X has built in FTP, but from what I’ve read Pure-FTPd has more functionality and is better. So I’ve downloaded the source and compiled it and it runs fine. I can connect to it via an anonymous session. However, I can’t write any files. I don’t have write permission to the directory.

If I enter PWD in an FTP session, Pure-FTPd reports back that I’m in the / or root directory. But there are no files there that are being listed. I’m not sure if that root directory is the root directory of my Mac or some other file location elsewhere. Problem is I can’t find where it might be or how to change where the default anonymous user file location is at. I’ve looked in the Pure-FTPd docs and can’t find it. And I’ve asked this question on the Pure-FTPd mailing list but have not received a response yet.

So I figured I would ask here and see if anyone else is using Pure-FTPd with Xojo.

Or would someone recommend a different FTP server.

Also - would you recommend against using anonymous FTP to send the log files?

Thanks,

Jon

Hello

I’ve used PureFTP for long in Linux but no in OS X but i can tell you:

The Pure-FTP server will show you as “root” / directory the user’s home directory (as in /etc/passwd)

For Anon users, the directory used is the one specified in FTP_ANON_DIR in the configuration file.

Check also AnonymousCantUpload in config.

Hope this helps

Thanks. Where is the configuration file stored. I found a pure-ftpd.conf file but it stated that it was to be used in place of the default one. I also don’t remember finding the FTP_ANON_DIR in that config file, so that is helpful news.

And finally, since there is no “anonymous” user in OS X, where would pure-ftpd end up sticking it?

Jon

Hello

The anonymous user is a FTP server thing, because of that, there is no OS user for it and has a configuration for its home folder.

Don’t know where the config file is in OS X, but you can try find from / (perhaps with sudo). In Linux it uses to be in /etc/pure-ftpd.conf (something like sudo find / -name ‘pure-ftpd.conf’ -print

You can add the missing variables (i.e.: FTP_ANON_DIR) to the config file

I used Pure-FTP on my MacMini colo for years as the MacOS X FTP doesn’t support FTP-SSL or SFTP. I moved away as the Mac app hadn’t been updated for years and was showing it’s limitations with CURL FTP MBS.

I have moved to CrushFTP for Mac (http://www.crushftp.com) which is cross-platform, supports all modern FTP protocols and is still being updated (this year). CrushFTP does way more than I need, but it’s nice to know it’s capable. It is not free but the 10-user licence (simultaneous) is fine for me. I’ve run it for about two years now without a problem.

OS X Server supports sftp (plus a pile of other stuff) and it is only $20

Thanks David and Norman.

I’ve thought about using OS X Server. I already have a license to it except this particular machine I am running is a few OS rev’s behind. I think it’s on 10.8. I just haven’t updated it yet!

I’m still having problem setting the anonymous directory with pure-ftpd. It advertises itself as being “simple” to use. Yeah - right.

I run OS X Server but have turned more and more off over the years as it has proved very a pain to manage. Maybe your eyes are better than mine, but I can’t see where I get anything more than plain vanilla non-encrypted FTP from OS X Server:

I followed http://lennonlam.logdown.com/posts/216849-setup-sftp-on-osx

Well, I tried all the tricks I could to get the “easy to use” pure-ftp server to work. I never could. Adding the FTP_ANON_DIR variable in the .conf file didn’t help.

I DID find out how to set up an anonymous FTP server using OS X’s built in FTP server by modifying /etc/ftpd.conf and that’s all I needed. Here’s what you set /etc/ftpd.conf to if you are interested:

# match umask from Mac OS X Server ftpd
umask all 022
chroot GUEST /Users/USERNAME/SOMEDIRECTORY
modify guest off
umask  guest 0707
upload guest on

Where /Users/USERNAME/SOMEDIRECTORY is the path to where you want the files to go. I added an FTP folder to my Public directory and put it there.

And to start the server:

sudo -s launchctl load -w /System/Library/LaunchDaemons/ftp.plist

Works just fine…

This is the version that I used to use. It is very easy to set up new users and set their home directories:
http://jeanmatthieu.free.fr/pureftpd/

Download:
http://jeanmatthieu.free.fr/pureftpd/pkg/PureFTPd-Manager-1.6.3.dmg

Secure FTP actually uses the ssh sever on port 22 to connect, and is available under OSX Server, but it can be a lot of trouble if you are supporting a lot of users. I do believe curl supports it however, so you should be able to work with that.

Or just encrypt the files you transmit before you transmit them. What you really want to avoid is leaving an anonymous FTP sever - with upload capability - open to the internet. Just an open invitation to abuse.

If you really really want that, turn off the capability to list directories in the FTP server, and set the umask to prevent uploaded files from being read by the anonymous user.

[quote=205749:@Jon Ogden]Hey guys,

I’m wanting to allow users of my app to send me diagnostic data when they need to. Up to now, I’ve been doing this by sending myself an e-mail from within the software. This works but not 100% of the time due to firewall issues, etc. I’d like to investigate using FTP to send the log files to an FTP server.

I’ve found Pure-FTPd as an option to run on one of my Mac Minis. Yes, OS X has built in FTP, but from what I’ve read Pure-FTPd has more functionality and is better. So I’ve downloaded the source and compiled it and it runs fine. I can connect to it via an anonymous session. However, I can’t write any files. I don’t have write permission to the directory.

If I enter PWD in an FTP session, Pure-FTPd reports back that I’m in the / or root directory. But there are no files there that are being listed. I’m not sure if that root directory is the root directory of my Mac or some other file location elsewhere. Problem is I can’t find where it might be or how to change where the default anonymous user file location is at. I’ve looked in the Pure-FTPd docs and can’t find it. And I’ve asked this question on the Pure-FTPd mailing list but have not received a response yet.

So I figured I would ask here and see if anyone else is using Pure-FTPd with Xojo.

Or would someone recommend a different FTP server.

Also - would you recommend against using anonymous FTP to send the log files?

Thanks,

Jon[/quote]
Keep in mind that if you have firewall issues with email, you may also have issues with FTP. IT departments usually lock down those ports too. You may simply want to create a file and ask the user to save/send it to you manually.

[quote=205956:@Paul Raulerson]Secure FTP actually uses the ssh sever on port 22 to connect, and is available under OSX Server, but it can be a lot of trouble if you are supporting a lot of users. I do believe curl supports it however, so you should be able to work with that.
[/quote]

I’ve thought about that. But there’s nothing that I am sending that’s in real need of security. It’s just things like log transcripts and error reports, etc. So I figured FTP would likely be fine.

[quote]
Or just encrypt the files you transmit before you transmit them. What you really want to avoid is leaving an anonymous FTP sever - with upload capability - open to the internet. Just an open invitation to abuse.

If you really really want that, turn off the capability to list directories in the FTP server, and set the umask to prevent uploaded files from being read by the anonymous user.[/quote]

So I’ve felt the same way - that anonymous with upload can create a problem. But what’s the solution around that? Even using SFTP would still be the same thing. Otherwise, I have to create a user and then store the password for that user in my app. Maybe that’s the lesser of two evils?

What I’ve thought about doing is setting up a port forward in my router with a really high TCP port number that is above where most people would do port scans. So say 35344. Then translate that to port 21 internally on my LAN. That would at least keep away the people snooping for an open FTP server on port 21.

I’ve tried that too. Problem is that a lot of the machines where my software is installed do not have email clients set up. Then it becomes somewhat of a headache explaining what to do especially with people who’s native language is not English…

Much easier to say “Push a button.”

I can see that, and FTP is fine in that case, I think.

Being a security guy, yeah, having separate users is usually preferable, but not always practical. :slight_smile:

So why not have one non-anonymous FTP user you use for uploads?

Then have all uploads go into a special folder and in that folder, you set the FTP server to disallow listing the contents of the folder (i.e. no ls) and set the umask for the FTP server to allow writing but not reading. Then users can upload into that folder, but not read from it. You an of course, retrieve the files and set them to a more normal permission when you want to work with them.

I often do this as a matter of course, and it does stop a few of the kiddies, but not any of the people who have talent and skill.

On the other paw, setting up a SFT server buys you all the same benefits, plus, you can generate and embed a security certificate in your application that uniquely identifies whomever is trying to send or download information, and allows you to simply invalid the cert if you need to cut them off.

That involves a little more setup work, but provides a pretty big payoff when you get it all working. As well, your transmissions are also encrypted, which isn’t a bad idea at all in the crazy times we live in.

Yours,
-Paul

[quote=206225:@Paul Raulerson]I can see that, and FTP is fine in that case, I think.

Being a security guy, yeah, having separate users is usually preferable, but not always practical. :slight_smile:

So why not have one non-anonymous FTP user you use for uploads?

Then have all uploads go into a special folder and in that folder, you set the FTP server to disallow listing the contents of the folder (i.e. no ls) and set the umask for the FTP server to allow writing but not reading. Then users can upload into that folder, but not read from it. You an of course, retrieve the files and set them to a more normal permission when you want to work with them. [/quote]

OK. So help me understand here. If I have a non-anymous FTP user that does the upload from my code, then why would I need to set the permissions? No one else would have that user’s info. Or are you saying that I would use that non-anonymous user for myself? I definitely have things set right now that anonymous users cannot download files, but they can still list them. I will look at removing the listing ability. Still, having an open door for someone to write to my machine is something I don’t like…

[quote]
On the other paw, setting up a SFT server buys you all the same benefits, plus, you can generate and embed a security certificate in your application that uniquely identifies whomever is trying to send or download information, and allows you to simply invalid the cert if you need to cut them off.

That involves a little more setup work, but provides a pretty big payoff when you get it all working. As well, your transmissions are also encrypted, which isn’t a bad idea at all in the crazy times we live in. [/quote]

So how would I generate and embed the security certificate in my app then? And would that still be an anonymous user or would that be a user account? If it’s an account, it’s the idea of storing the password in my app that I don’t like…

Anonymous FTP has some special settings, like allowing users to log with with an email address and other such stuff that is a little “loosey goosey” in 2015. It was perfectly reasonable in the 1990s, but times have changed. using a single, non-anonymous account means anyone with that username and password could login in if they wanted to. Embedding the username/password in your application means you don’t have to distribute it, but no matter how you obfuscate it, someone can sniff it off the wire with virtual no effort and no cost. A little paranoid, yes, but a little paranoia is a good thing when you take into account the crazy people on the network. An open FTP server gets so many login attempts per day it is - well - unnerving.

That is where certificates can help you out. The precise details depend upon what system you choose to create the certs on and how you wish to deploy them.

  1. Trust me on this, you will probably want to spend $10-$30 to buy an SSL certificate for your server. You don’t strictly need it, but it sure helps.

  2. You do not need to buy the certificates you would embed in your application, those can be “self signed” since it only between your application and a server you control. You create these, at no cost, with something like OpenSSL, then embed the generated self-signed certificate in your application. You can do that as simply as including the .cer file, to you can read it into your app at the time you are bundling it up to send out to a new purchaser. Each bundle you send out will have a unique self-signed certificate.

When your software tries to connect via sftp- it will use your certificate and the user does not need to enter any username or password information, it is all encrypted within the certificate. The ssh/ssl protocol will do all the negotiation and other setups processes securely, and either authorize the access or not. All the transmissions are nicely encrypted and very hard to snoop.

  1. What that buys me in my apps:

I have some users that are rather slow to renew their maintenance agreements. I don’t disable the software, but an expired certificate (did I mention you can set expiration dates in the certificates?) won’t allow them to pull in updates and causes a nag screen to display at randomly annoying intervals.

When users share their software, which they inevitably do, I notice it and usually have a nice chat with them at renewal time. Almost always they claim no knowledge, but it does give me an excuse to lock things down tighter. I offer to help them out by locking the software down to each computer if feasible, or more often, only allow connections from their registered IP addresses. (You can do all with certificates too. Amazing stuff…)

Of course, it works best if you automate the certificate creation and packaging. it isn’t hard, and took me about an hour to do the automation, and then another hour and several curses to set the FTP server, Firewall, and .xhosts files up right. I wonder if XoJo has any facilities to generate and package up security certificates?

https://www.openssl.org/docs/

The above link is to openssl, which is free and does a spectacular job with certificates. :wink:

-Paul