# How to enable root access for FTP (pure-fptd)



## aurora (Jan 14, 2014)

Hello

First of all I should mention that the FTP I'm talking about is pure-ftpd (sourceforge.net/projects/pureftpd) running on a Mac mini with Mac OS X Lion. The reason why I 'm here is because I couldn't get any solution on all of the other forums related to Mac OS X, such as macosxhints.com and apple.stackexchange.com. I hope I get some solution here. Here's my question: I've just compiled pure-ftpd (1.0.33) using `$ ./configure --with-pam --with-puredb` on my Lion Mac mini and it (pure-ftpd) works fine but I can't access it because of the authentication problem.

`# /usr/local/bin/pure-pw useradd root -u 0 -g 0 /private/var/root` doesn't work, it tells me to provide non-root UID and GID (root UID and root GID are both 0). I want the FTP server to provide a root access. On my Leopard Mac mini, I had compiled the same program (pure-ftpd-1.0.33) 2 years ago and on it the pure-ftpd accepts the root user and provides true root access, i.e. when I log in the directory listed is /private/var/root and I do rwx rights to every folder.

On the pure-ftpd installation folder there's this line in config.log as the invocation command line:  `$ ./configure --with-pam`, so it's got PAM support but seemingly no "virtual user" support.

The last thing I want to note is that the password I enter for pure-ftpd's root is different than the password for the root on the OS itself. How can I enable root access on this Lion Mac mini?

Any suggestion is appreciated, thanks.


----------



## SirDice (Jan 14, 2014)

First of all I would seriously recommend choosing a different strategy. FTP is a very insecure protocol and allowing full root access is just asking for trouble. If I needed to have that kind of access I would at least use the SFTP capabilities of SSH. That should be available on OS-X too. 

If I recall correctly the root user account is disabled by default, you have to search how to enable it. Shouldn't be too difficult to find. You then need to enable root logins over SSH. On FreeBSD you can do that by editing /etc/ssh/sshd_config and setting PermitRootLogin to yes. There should be a similar file for OS-X's sshd. With that there are GUI applications that can do SCP/SFTP for OS-X, on Windows I use WinSCP. 

Same thing, just a little more secure


----------



## ShelLuser (Jan 14, 2014)

I can't help you directly because I don't have any experience with MacOS, but I do want to stress out as well that enabling root access like this is an extremely bad idea, one which you should give some _serious_ reconsideration.

Think about it: in this scenario you're basically trusting the security of your system entirely to Pure-FTPd. Because as you hopefully realize (you really should): root access boils down to total control over your system. So coming back to Pure-FTPd; I know the system claims to be built with security in mind, and I'm also not questioning that.

But the thing is; while it may be set up with security in mind, this doesn't mean that it doesn't suffer from security vulnerabilities. And before you now comment that most of those entries are at least 2 years old; that's beside the point (also because all the other sources were sites which actually showed how to breach security, even on more modern versions, which I don't think is appropriate reference material for this thread). My point is that even software such as Pure-FTPd suffers from bugs, just check the (up to date) news section on the Pure-FTPd site itself.

Do you really want to rely on that to keep your system secure?

You should really reconsider. The best solution here is to set up a better permission scheme which allows user X (no pun intended) to access the sections he needs to. And if he can't access things directly then simply set up a periodic script of some sort which checks for any modifications to be present and then applies them for you.

All of that is a much better approach. Because allowing root access is just asking for serious problems.


----------



## aurora (Jan 14, 2014)

Thank you for the comments. Well I use this Mac mini for many projects and app developments inside the LAN and FTP port (21) is not open to Internet so security is not a concern. 

I need root access because I frequently need to access and edit folders such as /usr and /Library; having root is extremely convenient for this case. But the puzzling thing is, I have somehow managed to set[]up perfect root access for one Mac but I can't for the second Mac. The root login over SSH is enabled, I can SSH as root anyway. I still cannot access FTP either as root or as a guest user.


----------



## SirDice (Jan 15, 2014)

If root over SSH is already enabled use SFTP. It works exactly the same as FTP.


----------



## aurora (Mar 4, 2014)

I have solved the issue.

1- In OSX Lion, the PAM scheme is a bit different than OSX Leopard, in particular the /etc/pam.d/pure-ftpd file is different. As a quick fix, OSX' built-in ftp server 's PAM file at /etc/pam.d/ftpd can be substituted as the pure-ftpd's PAM file. So 
	
	



```
# cp /etc/pam.d/ftpd /etc/pam.d/pure-ftpd
```

2- You have to set a password for the user you want to use. In case of PAM authentication for the root password:

```
# passwd root
```

That explains why the root password can be different from the OSX users with root privileges. This root is in the Unix context, whereas the OSX users with root privileges are in the OSX context.


----------

