SFTP Clients for Windows and Mac OS

von bez für Welt
12.12.2009 15:22 UTC neu
im Weblog TedescaCom

Trouble with shared drives

I provide a file space accessible by SFTP and WebDAV to users working with Windows or Mac OS. The big pro for Expandrive is its Finder/Explorer integration. I was excited when I saw this the first time and I was really happy with the stability and the resilience. After losing the connection and reconnecting the drive is in place again as if nothing happened.

The downside of Expandrive is in the settings of group "w" bits after upload (creation of the file or directory). I tried different clients - with good results for Forkloft and WinSCP and bad results for Expandrive and Cyberduck. 

Jesaja bez 18:32 /Users/bez/work/scratch $ ls -lisa
3317038 8 -rw-r--r--@ 1 bez staff 11 Dec 5 18:27 Cyberduck Transfer.txt
3317026 8 -rw-r--r--@ 1 bez staff 11 Dec 5 18:27 Expandrive Transfer.txt
3317042 8 -rw-r--r--@ 1 bez staff 11 Dec 5 18:27 Filezilla Transfer.txt
3317030 8 -rw-r--r--@ 1 bez staff 11 Dec 5 18:27 Forklift Transfer.txt
3317034 8 -rw-r--r--@ 1 bez staff 11 Dec 5 18:27 WinSCP Transfer.txt

Do file transfers with WinSCP, Forklift, Cyperduck, Filezilla and Expandrive, respectively, from Jesaja (Mac OS Snow Leopard) to Hiob (Debian Etch) ... 

hiob bez 17:32 /home/bez/sftptest $ ls -lisa
38830081 8 drwxrws---+  2 bez tedesca 4096 Dec  5 17:47 .
27197444 8 -rw-r--r--+  1 bez tedesca   12 Dec  5 17:27 Cyberduck Transfer.txt
27197443 8 -rw-r--r--+  1 bez tedesca   11 Dec  5 17:27 Expandrive Transfer.txt
27197445 8 -rw-rw----+  1 bez tedesca   11 Dec  5 17:27 Filezilla Transfer.txt
27197442 8 -rw-rw----+  1 bez tedesca   11 Dec  5 17:27 Forklift Transfer.txt
27197441 8 -rw-rw----+  1 bez tedesca   11 Dec  5 17:27 WinSCP Transfer.txt

Expandrive and Cyberduck propagate the access mode from the client (which is 644 as on every Unix machine) to the server and do not respect the ACL set to the server directory. This is pointless behaviour of a file transfer program if the directory on the server shall be shared by a number of users. The ACL on the server would help if it was not overridden by the SFTP client. 

hiob root 17:33 /home/bez/sftptest # getfacl /home/bez/sftptest /home/bez/sftptest/*
default:user::rwx
default:group::rwx
default:group:www-data:rwx
default:mask::rwx
default:other::---

file: Cyberduck Transfer.txt
user::rw-
group::rwx          #effective:r--
group:www-data:rwx  #effective:r--
mask::r--
other::r--

file: Expandrive Transfer.txt
user::rw-
group::rwx          #effective:r--
group:www-data:rwx  #effective:r--
mask::r--
other::r--

...

As you can see, files transferred with Cyberduck (the most popular SFTP client for the Mac, by the way) or Expandrive will not be writable by other users, not even with WebDAV because the server default ACL is being overridden. But no team using a shared filespace wants to fiddle around with access permissions.

Evaluation

I checked various SFTP clients for the Mac. See the results below:

Forklift:
o price USD 20
+ sets access rights in a user-friendly way, respects server ACL
- no Finder integration
+ supports Amazon S3 and WebDAV (the latter can also be mounted to the Finder directly)

Filezilla:
+ is free
+ sets access rights in a user-friendly way, respects server ACL
- poor handling
- can handle PPK (PuTTY) keys on local disk only without passphrase set
- no Finder integration

Cyberduck:
+ is free
- handles access rights similar to Expandrive
- no Finder integration

Flow:
- commercial, more expensive than Expandrive or Forklift
- handles access rights similar to Expandrive
- no Finder integration

Webdrive:
+ Finder integration
- commercial, more expensive than Expandrive or Forklift
-- only password authentication, no pubkey
-- only 1y or 2y of updates included

Fugu:
-- not maintained since 2005 (not tested therefore)

Macfusion:
-- only password authentication, no pubkey

Flow, CrossFTP, Transmit, Fetch, Netfinder, Interarchy:
- commercial, more expensive than Expandrive or Forklift (not tested therefore)

WinSCP (Windows):
+ is free
+ sets access rights in a user-friendly way, respects server ACL
- no Explorer integration
- supports only SFTP/FTP

Recommendation

Sadly, Expandrive's comment is: "At some point in the future, we will probably make this behavior configurable, but right now, it is hard-wired to use the client umask."

Therefore, my recommendations for now:

  • Forklift under Mac OS,
  • Filezilla if it has to be free (available for all major operating systems),
  • WinSCP under Windows,
  • or, if your filespace supports also WebDAV and your transfer volume is not too high, use WebDAV instead. It is now supported natively by all important OS (including Symbian S60).