Before Mac OS X Lion, in System Preferences > Sharing > File Sharing > Options… you had the option to use FTP to share your files. Note that this did not enable the FTP anonymous user, which needed some Terminal wizardry. Instead, you could use PureFTPd Manager to have a nice GUI to configure FTP with anonymous user access, but Lion is not supported (yet?).

Since Mac OS X Lion, Apple removed the GUI to enable FTP file sharing. FTP protocol has probably been deemed too unsecure (your password string and any data would travel the ether without any encryption).

Only AFP or SMB (CIFS) remain in Lion’s File Sharing Preference Pane. The FTP checkbox is gone…

What if I simply want a quick and easy way to share files with others without the need for an account or password?

This is the whole point of setting up a FTP server with an anonymous user!

So what’s the alternative for Lion’s users?

You can still enable FTP in Lion, but now only via the Terminal with administrative permissions:

  1. Add the FTP service to the launchd database (the FTP daemon will be started at the same time and restarted on demand):
    sudo launchctl load -w /System/Library/LaunchDaemons/ftp.plist
  2. Stop (temporarily) the FTP daemon: 
    sudo launchctl stop com.apple.ftpd
  3. Start (after a stop) the FTP daemon: 
    sudo launchctl start com.apple.ftpd
  4. Remove the FTP service from the launchd database:
    sudo launchctl unload /System/Library/LaunchDaemons/ftp.plist

Easy for the Terminal addicts, but like before via the GUI, FTP in Mac OS X still lacks an anonymous user (see man ftpd for more info).

Luckily, for the rest of Mac users, there is a more secure protocol and it can be easily configured using only the System Preferences GUI.

Simply create a standard user in the Users & Groups System Preference Pane. You can decide to set it with a password that you will share with others (e.g. the same as its userid).

In the absence of a pre-configured anonymous FTP user in Mac OS X, the next best thing is to create a dummy user with permissions restricted to only upload / download files…

You can further limit what this user could do (particularly locally) by enabling Parental Controls (i.e. degrade it from standard to managed user).

If you go for a no password dummy user account, remember to enable Parental Controls to restrict what this user can do (e.g. disable changing the password, Time Limits…)

Finally, enable Remote Login in the Sharing Preference Pane. This will enable ssh remote login, but implicitly and more importantly for us: sftp.

Enabling Remote Login will also enable the SecureFTP service. Also consider limiting access only to the dummy user if you created one…

Others can now access the files held by user with the address sftp://user@<ip or hostname> or by using the equivalent command in a Terminal: sftp user@<ip or hostname>.

If you do not want to have to share an IP address, consider using a free dynamic DNS service

Advertisements