Cyberon.org - Notebook

ProFTPDMacmini

ProFTPD on macOS. Macmini as FTP server.

Revised on: July 18, 2023

Testing new pages of your website on a local testing server before uploading them to the remote server of your provider, will safeguard from any embarassments when you go live.
So instead of giving my mid 2011 Macmini to Apple for recycling, why not use it as a local testing server? The latest version of macOS that supports my Macmini is High Sierra 10.13.6, which is not supported by HomeBrew. But MacPorts does! Installation instructions for MacPorts you may find on MacPorts' website: here.
Instructions how to install a modern AMP stack with MacPorts on an (old) Macmini or iMac you may find on my webpage Old Macmini as local webserver.
Your provider uses an ftp server, so why not have a ftp server on your local testing server?

Installation of ProFTPD.

Assuming that you already intalled MacPorts on your Mac, open Terminal and execute the following commands: 

$ sudo port install proftpd
Activate ProFTPD to make sure it launches at every startup of your mac: 
$ sudo port load proftpd

Configuration of ProFTPD.

Unlike other *nix systems, macOS doesn't allow to create users independent from the system. But to connect to ProFTPD you need username's with passwords. Therefore separate from the systems /etc/passwd file, we need to create a new file with ftp users allowed to connect to ProFTPD. And that file should have the same format as the systems password file. May sound complicated, but it's done easily with the command ftpasswd.
The directive AuthUserFile in the ProFTPD.conf file will give ProFTPD access to this list of ftp users. This is how it works:

Let's create a user with name steve: 

$ cd /opt/local/bin
$ sudo ftpasswd --passwd --name=steve --uid=1005 --home=/Users/yourmacusername/Sites --shell=/bin/bash
Upon execution ftpasswd will ask for a password for steve, and creates a file 'ftpd.passwd' in our current directory /opt/local/bin.
  • --uid: You may use any number, provided it is not used by macOS (check in /etc/passwd)
  • --home: Any directory on your system may be used as home directory for this ftp user. On a webserver you may use Apache's DocumentRoot like I did.
  • --gid: If you don't use the gid option, ftpasswd defaults to a groupid identical to the uid. If you don't want this, use the --gid option.
    •
    The ProFTPD configuration file is located at /opt/local/etc/. Before editing this file just for sure let's make a backup of it: 
    $ sudo cp /opt/local/etc/proftpd.conf /opt/local/etc/proftpd.conf.bak
    Open the ProFTPD config file: 
    $ sudo nano /opt/local/etc/proftpd.conf
    To make sure that ftp users will be linked to their home directory, remove the # in the following line: 
      #DefaultRoot ~
    and add below it this line: 
      AuthUserFile /opt/local/bin/ftpd.passwd
    Save the config file, and restart ProFTPD: 
    $ sudo port unload proftpd
    $ sudo port load proftpd

    Test ProFTPD.

    With an ftp client like Cyberduck or Filezilla on a remote computer, you can connect now to the ProFTPD server. You should use the ProFTPD server's IP address and an ftp username and password as created earlier.
    If you need to check if ProFTPD is running, use the following command on the mac server: 

    $ sudo ps -lx | grep ftp

    One More Thing:

    ProFTPD is highly configurable GPL-Licensed FTP server software. Editing the proftpd.config file allows to add any capability you might want. Checking their website: ProFTPD docs might be daunting. Before diving into it, please let me wetten your appetite with a simple example that gives more than one ftp user access and enables finetuning their rights of access. Just read the proftpd.conf file below, and give it a try.
    As an example, if you eliminate the FTP Command 'MKD' at the bottom of it, the ftp user steve can't create a new folder anymore.

    proftpd.conf
    # This example of a ProFTPD config file shows some of its flexibity.
# It shows how to give access to more ftp users. Also it shows how
# to limit the rights of ftp users to edit files and directories.

ServerName			"My Old Macmini"
ServerType			standalone
DefaultServer			on

# Port 21 is the standard FTP port.
Port				21

# Don't use IPv6 support by default.
UseIPv6				off

# Umask 022 is a good standard umask. 
Umask				022

# To prevent DoS attacks, set the maximum number of child processes
# to 30.
MaxInstances			30

# Set the user and group under which the server will run.
User				nobody
Group				nobody

# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
DefaultRoot ~

AuthUserFile /opt/local/bin/ftpd.passwd

# Normally, we want files to be overwriteable.
AllowOverwrite		on

# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
  DenyAll
</Limit>

# Deny all logins except for ftpuser (some user on your system).
<Limit LOGIN>
  DenyAll
  AllowUser steve
  AllowUser jobs
</Limit>

# Deny all ftp commands. Only commands defined lateron are allowed.
<Limit ALL>
  DenyAll
</Limit>

# Allow users to cd, ls, pwd and delete.
<Limit CDUP CWD LIST PWD DELE>
  AllowAll
</Limit>

# Allow access to the Apache2 DocumentRoot
<Directory /Users/steve/Sites>
  <Limit APPE GET RETR READ STOR STOU RMD MKD>
    AllowAll
  </Limit>
</Directory>

    And instead of just FTP, ProFTPD can be configurated easily for a safer connection with SFTP or FTPS. With the following command you can see which files were installed: 
    $ port content proftpd
    As you will see the modules for FTPS (mod_tls) and SFTP (mod_sftp) are included.