[Pro] FTP & Accounts

Neil_Carter · March 24, 2010, 9:07am

Not strictly a Freeway question, but I’m having trouble finding answers elsewhere. One of the Sites I design is for a Uni Sports Club, and I am trying to find an “easy” way for a handful of student contributors, almost certainly 100% PC users, to upload the odd large file to my Mac.

If possible I want to give FTP Access to a specially created “blind” Account in order to receive fairly large files from named students. Normally, I only have two Accounts on my Mac, let’s call them Account #1 & Account #2. Account #1 is my secure Administrators Account, Account #2 is my own Standard everyday User Account. I have created Account #3, a third (empty) Standard Account for students to access via FTP. The FTP Access has been set up via Sharing Preferences and Airport Utility for my Time Capsule, and it has tested out OK, with full local, and external FTP access. All three Accounts are Password Protected with three different Passwords. I run an Intel Core Duo MBP, OSX 10.6, and my FTP client is Transmit.

As I understand it, one of the main purposes of creating Password protected separate Accounts on one OSX computer is that apart from the Public Folders, any given Account remains isolated in it’s own little Password protected private world, inaccessible from any other Account. In other words, none of the Folders on any of the “other” Accounts are accessible to me, on “my” Account, other than as Administrator via the Administrator Account.

Now, the problem I have is this. When Account #3 is accessed via Password Log-in, via FTP, all of the Account #3 folders and files, are, as we would expect, fully accessible. But, by navigating upwards through the Transmit drop down Menu, so are all the Standard Account #2 Folders, and so are all the Administrator Account #1 Folders, without any need to enter the individual Account Passwords. This is obviously unacceptable.

I have attempted to reduce access by varying Sharing Preferences Read & Write privileges, but have not managed to change anything. So, is there a solution? What am I doing wrong? Or is it inherently insoluble once FTP Access is granted?

Many thanks.

Neil Carter
Oxford UK

PS External FTP Access currently disabled, and NAT Port Mapping Services & Ports also disabled and closed !!!

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

waltd · March 24, 2010, 12:59pm

What you’re describing here goes by the name of a “chroot jail”. If
you google that term in conjunction with Mac OS X, you should find
plenty of advice how to enable it.

Basically you just need to convince the user’s account that the
beginning and end of the whole world is the user account folder. I
have done this on the regular client version of Mac OS X, but it was
many years ago, before I got a copy of Mac OS X Server and promptly
forgot how to do this sort of thing long-hand. If I recall correctly,
it wasn’t very hard to do.

Walter

On Mar 24, 2010, at 5:07 AM, Neil Carter wrote:

If possible I want to give FTP Access to a specially created “blind”
Account in order to receive fairly large files from named students.

Now, the problem I have is this. When Account #3 is accessed via
Password Log-in, via FTP, all of the Account #3 folders and files,
are, as we would expect, fully accessible. But, by navigating
upwards through the Transmit drop down Menu, so are all the Standard
Account #2 Folders, and so are all the Administrator Account #1
Folders, without any need to enter the individual Account Passwords.
This is obviously unacceptable.

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Tim3 · March 24, 2010, 1:19pm

I use something a lot like this drive enclosure;
<Amazon.co.uk

Although the NAS connectivity is less than perfect the ability to
connect to it via FTP makes it ideal for allowing users direct access
to storage without letting them close to production machines.
Basically if someone tries to hack this box they will get to see a
bunch of temporary files that either I’ve made available for others to
download or that they are sending me. Using the web interface on the
box also makes setting up temporary accounts a breeze.
Regards,
Tim.

FreewayActions.com - Freeware and commercial actions for Freeway
Express & Pro.
…
Protect your mailto links from being harvested by spambots with Anti
Spam.
Only available at FreewayActions.com
…
http://www.freewayactions.com

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options