Always Remember: With Gusto Comes Data Loss.

Enabling FTP in OS X Server (10.8) and Common Problems You May Encounter

This article will go over how to setup FTP File Sharing in 10.8 server. There are a few things that can trip you up if you are not careful, so if you are running into weird connection errors, read on. In previous versions of OS X Server, you were able to share out as many directories as you wanted – this is not so in 10.8. Instead, the FTP service allows administrators to share a single directory out. This directory can be any share that has previously been configured in the File Sharing service or a website configured in the Websites service.

The very basic setup of FTP is very simple. It consists of navigating to the FTP service, choosing a share point from the drop-down, and turning the toggle to “on”.

Once you have done this, you can test it from any other Mac by connecting via Terminal:

ftp <user>@<server> (e.g. ftp josh@10.1.1.1)

You will then be prompted for the user password – if you are successfully able to connect, as indicated below, you have done everything perfectly and FTP is up and running. Obviously, you should test with various users to be sure it works with everyone that needs access (especially test OD users for reasons you will see below).

230 User josh logged in.
Remote system type is UNIX.
Using binary mode to transfer files.

 

However, as I mentioned, there are a few catches.

You may run into the following errors when trying to connect:

Error 1:

550 Can't change root.
ftp: Login failed

This indicates that there is a problem with the FTP Share path. In order for FTP to connect successfully, there can be NO spaces in the directory path. This means if you are trying to share:

 /Shared Items/Server/Documents/Scans

It is going to fail. To get this working you must rename “Shared Items” to something like “Shared_Items”. If that is not an option for whatever reason, you can create a symlink to Shared Items and place it in a path with no spaces (for example: /private/tmp). To do this you would use the “ln” command like so:

ln -s "/Shared Items/Server/Documents/Scans" /private/tmp/Scans

You would then just need to select the symlink as the destination for your share, rather than the file itself.

 

Error 2:

530 User josh may not use FTP.
ftp: Login failed

With this error, you may have noticed that Local Users are able to connect while OD users are not able to. This is likely caused by the OD users being “service only” users. Part of the implications of making a user “Service Only” is that that user is not assigned a Login Shell (or more accurately, the login shell is set to false). In order to allow one of these users to login, you must assign them a valid login shell. To do this, follow these steps:

Open Server.app and navigate to Users
Locate the desired user and right-click then select Advanced Options
You will notice that Login Shell is set to:

/usr/bin/false

Change this value to:

/bin/sh
This should allow this specific user to login correctly. Once you have verified that this works, you will need to make the same change to each user that will be accessing the FTP share.

11 thoughts on “Enabling FTP in OS X Server (10.8) and Common Problems You May Encounter

  1. This article was very helpful! I just got a MacMini I decided to configure as a server under 10.8 but I experienced both FTP errors and I couldn’t really figure it out. I had forgotten about spaces being illegal in the path to the FTP root. But I hadn’t experienced the “Service only” accounts before and because of the wording of the error I wouldn’t have even thought about the shell being set to /usr/bin/false.

    • I’m glad this could help! I spent far longer resolving that shell problem than I care to admit – the errors that it produces are, as you say, very misleading.

  2. I’ve encountered another problem that may be related to users needing the shell defined. I’ve been trying to setup anonymous or guest FTP access and I’ve allowed guest access to the FTP folder, but I get:
    Command: USER anonymous
    Response: 331 Guest login ok, type your name as password.
    Command: PASS *********
    Response: 530 User _ftp denied by SACL.
    Error: Critical error
    Error: Could not connect to server

    Have you been able to setup guest or anonymous FTP under 10.8?

    • To be honest, I have never tried – Anonymous FTP is against my religion ;-)

      If I had to give it my best guess, I would say you are right that it likely has to do with a lack of a valid shell. I wonder if you would get the same error if you turned on Guest Login in system preferences, then tried to connect to the FTP share as “guest”. Obviously you do not want to leave guest login turned on on your server permanently, but it may provide an interesting look at what is actually happening.

      Sadly I do not have the time to experiment with it on my own, but please let me know what you find, I am very curious.

      • I turned on guest access and even set the Everybody permission to Read Only but still get that error. I’m stumped. I am usually opposed to anonymous FTP, but there are times when it is needed – if even for only a short time.

  3. I agree – the lack of anonymous ftp is quite frustrating. There are times when it really is useful. There is zero documentation out there by Apple. Thanks, Apple, for yanking even more functionality in this new “server.”

  4. Thank you very much! After spending hours on the net looking for an answer, I found it here on your website. Thanks!

  5. Thanks for this tip. Apple is supposed to make stuff like this easy. But everytime we think we know what is going on they change things without any documentation and we are stuck trying to figure out stuff that should be straight forward. Just venting.

  6. Hi guys,
    I have a Canon Scanner, that was working well, scanning to a drive on an osx 10.8 Server until last week, when connection problems started.
    I found out the shell trick and am able to log in from an OS X (Finder) client, but with just read access.
    Through CyberDuck the login and also write access are no problem.
    Anyway, the Canon Scanner refuses to connect/authenticate/write to the server and I just cant find the missing piece of the puzzle.
    There are no fans of FTP but it sometimes is just needed, as also the new SMB is not working properly with many devices.
    Any solution to this one?
    Thanx and all the best,
    Christian

    • First off, sorry for the delay in getting this comment approved.

      Second, you are correct that connecting to an FTP folder via Finder will only connect in Read-Only mode. I’m not sure exactly where/why that decision was made, but I am not aware of any sort of workaround to that. As for the Canon Scanner, I have fought with more printers and scanners than I can count, and can honestly say they are all garbage at dealing with any sort of scan-to-server type situation. The best recommendation I can make is to verify that your FTP server is working correctly by connecting via a workstation. If you can connect from another computer, then you know the problem resides in the scanner (big surprise), and it just becomes a matter of screwing with the settings until you find the magic combination of checkboxes. I wish I could be more help than that, but network printers/scanners truly are the most finicky, frustrating devices you can possibly work with.

Leave a comment

Your email address will not be published. Required fields are marked *