OS X Server and Anonymous FTP Access

In a nutshell, I think it's safe to enable anonymous FTP and remove everything but the Public folder from guest access.

As OS X server is setup, an anonymous FTP user can see into the Users folder and glean usernames from it. Don't give a hacker half of the equation.

You want to use Workgroup Manager to remove the checkmark that allows FTP guest access on all but your Public folder.



Then use Server Admin to set the FTP and what you want Authenticated Users to see. They will be able to see sharepoints but the anonymous user won't. Authenticated users will be logged into their Home folder.


Questions? Comments? 

Comments

Popular Posts