FTP Security Disaster with 2007-04 Update on OS X Server

Posted by:
Date: Friday, April 27th, 2007, 08:00
Category: Software

Apple has caused a major disaster with the 2007-04 Security Update.
The 2007-004 Security Update replaced the ftp.plist in /System/Library/LaunchDaemons from Mac OS X server with the version from Mac OS X *Client*. There is no check in the installer if the update installs on client or Server, and it is the same update for both.
The problem this occurred is that when a client uploads something via FTP, the file permissions are wrong, and are set to -rw-r—– instead of -rw-r–r–.
Why is this a problem? My server, for example is a web server, and ever since I applied the security update 2 days ago, new files uploaded to the server would not work, resulting in this error:
Forbidden
You don’t have permission to access [name of file] on this server.
Apache/1.3.33 Server at www.XXXXXX.com Port 16080
How do you fix it? Find out after the jump…


Apple has caused a major disaster with the 2007-04 Security Update.
The 2007-004 Security Update replaced the ftp.plist in /System/Library/LaunchDaemons from Mac OS X server with the version from Mac OS X *Client*. There is no check in the installer if the update installs on client or Server, and it is the same update for both.
The problem this occurred is that when a client uploads something via FTP, the file permissions are wrong, and are set to -rw-r—– instead of -rw-r–r–.
Why is this a problem? My server, for example is a web server, and ever since I applied the security update 2 days ago, new files uploaded to the server would not work, resulting in this error:
Forbidden
You don’t have permission to access [name of file] on this server.
Apache/1.3.33 Server at www.XXXXXX.com Port 16080
How do you fix it? The answer is to replace the ftp.plist file with the prior version. FTP services on client and server are very different. With the client ftp.plist from client on the server, it is ftpd which is launched, not xftpd.
The solution is to replace the ftp.plist with a previous version from Mac OS X Server. If you don’t have it, here is its content :


Label
com.apple.xftpd
Program
/usr/libexec/xftpd
ProgramArguments

xftpd
-a

Sockets

Listeners

SockPassive

SockServiceName
ftp
SockType
SOCK_STREAM


inetdCompatibility

Wait


Restart the server (relaunching the FTP service is not enough), and you should be up and running.
Contributed by: vicorly

Recent Posts

Comments are closed.