sabato 10 ottobre 2015

Standard user can't FTP on OS X default FTP service


If you, like me, are used to work with a standard user and need, for a number of reason, to enable OS X's FTP service ( Enable FTP service in OS X Lion ), typical case is multifunction printer sending scanned documents to your Mac, you'll be surprised to know that you cannot login successfully unless you are an administrator.

host01:~ admin$ ftp localhost
Trying ::1...
Connected to localhost.
220 ::1 FTP server (tnftpd 20100324+GSSAPI) ready.
Name (localhost:admin):
331 User admin accepted, provide password.
Password: 
230 User admin logged in.
Remote system type is UNIX.
Using binary mode to transfer files.

This is what happen trying to login with a standard user

host01:~ example$ ftp localhost
Trying ::1...
Connected to localhost.
220 ::1 FTP server (tnftpd 20100324+GSSAPI) ready.
Name (localhost:example): 
331 User example accepted, provide password.
Password: 
530 User example denied by SACL.
ftp: Login failed

User example denied by SACL

SACL stands for Service Access Control List, that is, Access Control List applied to services.

Honestly I don't know if this is a normal behavior on pre OS X Yosemite's version. I'm actually running 10.10.5.

Anyway, the problem is easy solvable following the instructions below.

Open Terminal and issue the command

dseditgroup -o edit -u admin -a example com.apple.access_ftp

The password asked is admin's password. The command above add (-a) the user example to the group com.apple.access_ftp by the administrator user admin. It also works if the user you are issuing it, is a standard user. 

To remove (-d) example from the com.apple.access_ftp group issue

dseditgroup -o edit -u admin -d example com.apple.access_ftp

 Addendum 

The procedure described above is also valid for OS X El Capitan

1 commento:

Rob Robinett ha detto...

Thanks so much, this saved me hours of searching.