Setup guide
13. Check the box for "Show Banner Message" and enter a banner message in
accordance with site policy. Do not reveal any software information, such
as operating system type or version, in the banner.
14. Click on the Logging tab.
15. Check all boxes on this screen. Even though authenticated users will not
be allowed to log in, their attempts should be logged in order to take
corrective action.
16. Click on the Advanced tab.
17. Set "Authenticated users see:" to FTP Root and Share Points. Although
the anonymous user is not really authenticated, his or her FTP root will be
the same.
18. Verify that “Authenticated user FTP root:” is set to
/Library/FTPServer/FTPRoot.
19. Click Save.
20. Open the folder /Library/FTPServer/FTPRoot and drag the contents
(Users, Groups, Public) to the trash.
21. Drag the files into /Library/FTPServer/FTPRoot that you wish to share
with anonymous users.
22. Verify that the file permissions on /Library/FTPServer/FTPRoot do not
allow public write access.
23. Open the file /Library/FTPServer/Configuration/ftpaccess for editing.
24. Delete any lines (two by default) that begin with
upload.
25. Insert the following line to prevent advertisement of operating system and
version information:
greeting terse
26. Insert the following lines to prevent any users from authenticating:
deny-gid %-99 %65535
deny-uid %-99 %65535
allow-gid ftp
allow-uid ftp
4.10.3.6 Configuring the NFS Server
The NFS server included with Mac OS X allows administrators to limit access to a
share point based on a client system’s IP address. Access to a share point exported
via NFS should be restricted to those systems that require it. To restrict access to a
share point:
1. Open Workgroup Manager.
2. Click the Sharing icon in the toolbar.
3. Select the Share Point you wish to configure.
54
UNCLASSIFIED