SlimFTPd: Config File: Difference between revisions

From The Uniform Server Wiki
Jump to navigation Jump to search
No edit summary
m (Reverted edits by Upazixorys (Talk); changed back to last version by Ric)
 
Line 1: Line 1:
=[http://ecacoraqosy.co.cc This Page Is Currently Under Construction And Will Be Available Shortly, Please Visit Reserve Copy Page]=
<span id="top"></span>
&lt;span id=&quot;top&quot;&gt;&lt;/span&gt;
<div style="padding:0;margin:0; border-bottom:3px inset #000000">
&lt;div style=&quot;padding:0;margin:0; border-bottom:3px inset #000000&quot;&gt;
{|  
{|  
| [[Image:uc_small_logo.gif | MPG UniCenter]] ||
| [[Image:uc_small_logo.gif | MPG UniCenter]] ||
Line 13: Line 12:


|}
|}
&lt;/div&gt;
</div>
{| cellpadding=&quot;2&quot;
{| cellpadding="2"
|
|
__TOC__
__TOC__
Line 31: Line 30:
Your configuration file ('''''slimftpd.conf''''') must contain these six commands, in most cases the default values are adequate.
Your configuration file ('''''slimftpd.conf''''') must contain these six commands, in most cases the default values are adequate.


{|style=&quot;background:#666666&quot; border=&quot;0&quot; cellpadding=&quot;4&quot; cellspacing=&quot;1&quot;
{|style="background:#666666" border="0" cellpadding="4" cellspacing="1"
|-style=&quot;background:#eeeeee&quot;
|-style="background:#eeeeee"
|valign=&quot;top&quot;| BindInterface
|valign="top"| BindInterface
|valign=&quot;top&quot;| All
|valign="top"| All
| Which network interface should be used to listen for incoming connections.&lt;br&gt;Available options are All, '''LAN''', '''WAN''', '''Local''', or you can specify an IP address.
| Which network interface should be used to listen for incoming connections.<br>Available options are All, '''LAN''', '''WAN''', '''Local''', or you can specify an IP address.
|-style=&quot;background:#eeeeee&quot;
|-style="background:#eeeeee"
|valign=&quot;top&quot;| BindPort
|valign="top"| BindPort
|valign=&quot;top&quot;|  21
|valign="top"|  21
| The BindPort directive specifies which TCP port should be used to listen for incoming connections.&lt;br&gt;The standard FTP port is '''21'''.
| The BindPort directive specifies which TCP port should be used to listen for incoming connections.<br>The standard FTP port is '''21'''.
|-style=&quot;background:#eeeeee&quot;
|-style="background:#eeeeee"
|valign=&quot;top&quot;| CommandTimeout
|valign="top"| CommandTimeout
|valign=&quot;top&quot;| 300
|valign="top"| 300
| The CommandTimeout directive specifies how many seconds to wait for a connected client to issue a command before dropping the connection.&lt;br&gt;Default is 300 (5 minutes).
| The CommandTimeout directive specifies how many seconds to wait for a connected client to issue a command before dropping the connection.<br>Default is 300 (5 minutes).
|-style=&quot;background:#eeeeee&quot;
|-style="background:#eeeeee"
|valign=&quot;top&quot;| ConnectTimeout
|valign="top"| ConnectTimeout
|valign=&quot;top&quot;|  15
|valign="top"|  15
|The ConnectTimeout directive specifies how many seconds to wait for a data socket to connect with a client. This value applies to both active-mode and passive-mode connections.&lt;br&gt; Default is 15.
|The ConnectTimeout directive specifies how many seconds to wait for a data socket to connect with a client. This value applies to both active-mode and passive-mode connections.<br> Default is 15.
|-style=&quot;background:#eeeeee&quot;
|-style="background:#eeeeee"
|valign=&quot;top&quot;| MaxConnections
|valign="top"| MaxConnections
|valign=&quot;top&quot;|  20
|valign="top"|  20
| The MaxConnections directive specifies an upper limit on the number of connections that may be made to the server at any one time.&lt;br&gt; Default is 20.
| The MaxConnections directive specifies an upper limit on the number of connections that may be made to the server at any one time.<br> Default is 20.
|-style=&quot;background:#eeeeee&quot;
|-style="background:#eeeeee"
|valign=&quot;top&quot;| LookupHosts
|valign="top"| LookupHosts
|valign=&quot;top&quot;|  on
|valign="top"|  on
|The LookupHosts directive tells SlimFTPd whether it should look up the corresponding host names for IP addresses when logging connections. Note that this may take slightly more network bandwidth and may cause a short delay for users during initial connection.&lt;br&gt; Default is On.
|The LookupHosts directive tells SlimFTPd whether it should look up the corresponding host names for IP addresses when logging connections. Note that this may take slightly more network bandwidth and may cause a short delay for users during initial connection.<br> Default is On.
|}
|}


Line 63: Line 62:
Below the global server variables you add user profiles. Each user profile is constructed from the following tags (commands/directives).
Below the global server variables you add user profiles. Each user profile is constructed from the following tags (commands/directives).


{|style=&quot;background:#666666&quot; border=&quot;0&quot; cellpadding=&quot;4&quot; cellspacing=&quot;1&quot;
{|style="background:#666666" border="0" cellpadding="4" cellspacing="1"
|-
|-
|style=&quot;background:#eeeeee&quot; valign=&quot;top&quot;| '''&lt;nowiki&gt;&lt;User &quot;name&quot;&gt;&lt;/nowiki&gt;'''
|style="background:#eeeeee" valign="top"| '''<nowiki><User "name"></nowiki>'''
|style=&quot;background:#ffffff&quot; valign=&quot;top&quot;| Opening tag for user profile. Name of user do not use spaces or any special characters&lt;br&gt;
|style="background:#ffffff" valign="top"| Opening tag for user profile. Name of user do not use spaces or any special characters<br>
(A name &quot;'''anonymous'''&quot; used with password set to '''&quot;&quot;''', allows anyone access no authentication required.)
(A name "'''anonymous'''" used with password set to '''""''', allows anyone access no authentication required.)
|-
|-
|style=&quot;background:#eeeeee&quot; valign=&quot;top&quot;| '''&lt;nowiki&gt;&lt;/User&gt;&lt;/nowiki&gt;'''
|style="background:#eeeeee" valign="top"| '''<nowiki></User></nowiki>'''
|style=&quot;background:#ffffff&quot; valign=&quot;top&quot;| Closing tag for user profile
|style="background:#ffffff" valign="top"| Closing tag for user profile
|-
|-
|style=&quot;background:#eeeeee&quot; valign=&quot;top&quot;| '''Password &quot;value&quot;'''
|style="background:#eeeeee" valign="top"| '''Password "value"'''
|style=&quot;background:#ffffff&quot; valign=&quot;top&quot;| Use the Password directive to set a password for a user. If no password is set, the user will be allowed to login without a password, however a user name is still required unless that has been set to '''anonymous''' see above ).
|style="background:#ffffff" valign="top"| Use the Password directive to set a password for a user. If no password is set, the user will be allowed to login without a password, however a user name is still required unless that has been set to '''anonymous''' see above ).
|-
|-
|style=&quot;background:#eeeeee&quot; valign=&quot;top&quot;| '''Mount&amp;nbsp;[virtual&amp;nbsp;file&amp;nbsp;path][local&amp;nbsp;file&amp;nbsp;path]'''
|style="background:#eeeeee" valign="top"| '''Mount&nbsp;[virtual&nbsp;file&nbsp;path][local&nbsp;file&nbsp;path]'''
|style=&quot;background:#ffffff&quot; valign=&quot;top&quot;| Use the Mount directive to attach a local file system path to a virtual file system path.
|style="background:#ffffff" valign="top"| Use the Mount directive to attach a local file system path to a virtual file system path.
|-
|-
|style=&quot;background:#eeeeee&quot; valign=&quot;top&quot;| '''Allow'''&lt;br&gt;'''Deny'''
|style="background:#eeeeee" valign="top"| '''Allow'''<br>'''Deny'''
|style=&quot;background:#ffffff&quot; valign=&quot;top&quot;| Allow and Deny directives to set permissions on paths in the virtual file system. Valid permission tokens are '''Read''',''' Write''', '''List''', '''Admin''', or '''All''' to indicate all four permission types.
|style="background:#ffffff" valign="top"| Allow and Deny directives to set permissions on paths in the virtual file system. Valid permission tokens are '''Read''',''' Write''', '''List''', '''Admin''', or '''All''' to indicate all four permission types.
|}
|}


Line 87: Line 86:
Every access to your FTP server is controlled by user accounts (profiles) these have the following format:
Every access to your FTP server is controlled by user accounts (profiles) these have the following format:


&lt;pre&gt;
<pre>
&lt;User &quot;[name]&quot;&gt;
<User "[name]">
   Password &quot;[password]&quot;
   Password "[password]"
   Mount [public virtual path] [internal local path]
   Mount [public virtual path] [internal local path]
   Allow [public virtual path] [permissions]
   Allow [public virtual path] [permissions]
   Deny [public virtual path] [permissions]
   Deny [public virtual path] [permissions]
&lt;/User&gt;
</User>
&lt;/pre&gt;
</pre>


User name and password are obvious and need no explanation however '''Mount''' '''''is all-important''''' and you need to understand how it works.
User name and password are obvious and need no explanation however '''Mount''' '''''is all-important''''' and you need to understand how it works.
Line 105: Line 104:


* '''Mount''' has the following elements:
* '''Mount''' has the following elements:
* ['''public virtual path'''] What you want a user to see.&lt;br&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;and
* ['''public virtual path'''] What you want a user to see.<br>&nbsp;&nbsp;&nbsp;and
* ['''internal local path'''] The real location on your system.
* ['''internal local path'''] The real location on your system.


Line 113: Line 112:
With this knowledge lets re-visit the user profile from the previous page
With this knowledge lets re-visit the user profile from the previous page


{|width=&quot;80%&quot; style=&quot;background:#333333&quot; cellpadding=&quot;4&quot; cellspacing=&quot;1&quot;
{|width="80%" style="background:#333333" cellpadding="4" cellspacing="1"
|-style=&quot;background:#eeeeee&quot;
|-style="background:#eeeeee"
|
|
# User name is “'''ric'''”
# User name is “'''ric'''”
Line 122: Line 121:
#The user is allowed full access to '''all''' the '''folders''' and '''files''' as displayed in the '''FTP root folder'''.
#The user is allowed full access to '''all''' the '''folders''' and '''files''' as displayed in the '''FTP root folder'''.
|
|
'''&lt;User &quot;ric&quot;&gt;'''&lt;br&gt;
'''<User "ric">'''<br>
'''&amp;nbsp;&amp;nbsp;Password &quot;unicenter&quot;'''&lt;br&gt;
'''&nbsp;&nbsp;Password "unicenter"'''<br>
'''&amp;nbsp;&amp;nbsp;Mount&amp;nbsp;/&amp;nbsp;C:/uc_slimftpd_tutorial'''&lt;br&gt;
'''&nbsp;&nbsp;Mount&nbsp;/&nbsp;C:/uc_slimftpd_tutorial'''<br>
'''&amp;nbsp;&amp;nbsp;Allow / All'''&lt;br&gt;
'''&nbsp;&nbsp;Allow / All'''<br>
'''&lt;/User&gt;'''
'''</User>'''
|}
|}


Line 137: Line 136:
After making configuration file changes '''stop''' (uc_kill_process.bat) and '''restart''' (SlimFTPd.exe) your FTP server for the changes to take place.
After making configuration file changes '''stop''' (uc_kill_process.bat) and '''restart''' (SlimFTPd.exe) your FTP server for the changes to take place.


After each example restart your browser, this will ensure you are challenged for a name and password. You can use a client for testing or use a browser however remember to type the following when using a browser '''&lt;nowiki&gt;ftp://localhost&lt;/nowiki&gt;'''
After each example restart your browser, this will ensure you are challenged for a name and password. You can use a client for testing or use a browser however remember to type the following when using a browser '''<nowiki>ftp://localhost</nowiki>'''


'''''[[#top | Top]]'''''
'''''[[#top | Top]]'''''
Line 143: Line 142:
I have two friends that are very trustworthy, they would like to upload and download files to their folders hosted on the FTP server. Open the configuration file and add a suitable block for each person as show below
I have two friends that are very trustworthy, they would like to upload and download files to their folders hosted on the FTP server. Open the configuration file and add a suitable block for each person as show below


{|width=&quot;80%&quot; style=&quot;background:#333333&quot; cellpadding=&quot;4&quot; cellspacing=&quot;1&quot;
{|width="80%" style="background:#333333" cellpadding="4" cellspacing="1"
|-
|-
|style=&quot;background:#ffffff&quot;|
|style="background:#ffffff"|
I have top level access hence can check if they are abusing their privilege of being able to upload to the server.
I have top level access hence can check if they are abusing their privilege of being able to upload to the server.
|style=&quot;background:#eeeeee&quot;|
|style="background:#eeeeee"|
&lt;User &quot;ric&quot;&gt;
<User "ric">
&amp;nbsp;&amp;nbsp;Password &quot;unicenter&quot;&lt;br&gt;
&nbsp;&nbsp;Password "unicenter"<br>
&amp;nbsp;&amp;nbsp;Mount / C:/uc_slimftpd_tutorial&lt;br&gt;
&nbsp;&nbsp;Mount / C:/uc_slimftpd_tutorial<br>
&amp;nbsp;&amp;nbsp;allow / All&lt;br&gt;
&nbsp;&nbsp;allow / All<br>
&lt;/User&gt;
</User>
|-
|-
|style=&quot;background:#ffffff&quot;|
|style="background:#ffffff"|
Save and login to Dave's account. You will see three files. You can delete, download these files. Try uploading files.
Save and login to Dave's account. You will see three files. You can delete, download these files. Try uploading files.
|style=&quot;background:#eeeeee&quot;|
|style="background:#eeeeee"|
&lt;User &quot;'''dave'''&quot;&gt;&lt;br&gt;
<User "'''dave'''"><br>
&amp;nbsp;&amp;nbsp;Password &quot;'''dave123'''&quot;&lt;br&gt;
&nbsp;&nbsp;Password "'''dave123'''"<br>
&amp;nbsp;&amp;nbsp;Mount&amp;nbsp;/&amp;nbsp;'''C:/uc_slimftpd_tutorial/dave'''&amp;nbsp;&amp;nbsp;&lt;br&gt;
&nbsp;&nbsp;Mount&nbsp;/&nbsp;'''C:/uc_slimftpd_tutorial/dave'''&nbsp;&nbsp;<br>
&amp;nbsp;&amp;nbsp;Allow / All&lt;br&gt;
&nbsp;&nbsp;Allow / All<br>
&lt;/User&gt;
</User>
|-
|-
|style=&quot;background:#ffffff&quot;|
|style="background:#ffffff"|
Repeat the same for Johns's account. Generally have a play with FTP'ing.
Repeat the same for Johns's account. Generally have a play with FTP'ing.
|style=&quot;background:#eeeeee&quot;|
|style="background:#eeeeee"|
&lt;User &quot;'''john'''&quot;&gt;&lt;br&gt;
<User "'''john'''"><br>
&amp;nbsp;&amp;nbsp;Password &quot;'''john123'''&quot;&lt;br&gt;
&nbsp;&nbsp;Password "'''john123'''"<br>
&amp;nbsp;&amp;nbsp;Mount /  '''C:/uc_slimftpd_tutorial/john'''&lt;br&gt;
&nbsp;&nbsp;Mount /  '''C:/uc_slimftpd_tutorial/john'''<br>
&amp;nbsp;&amp;nbsp;Allow / All&lt;br&gt;
&nbsp;&nbsp;Allow / All<br>
&lt;/User&gt;
</User>
|}
|}


Line 178: Line 177:
You have set-up three user accounts (Virtual Hosts) in Apache's configuration file and have their corresponding web sites located in the www folder under the following three sub-folder names user1, user2 and user3. They each need to use FTP to upload their site. All you need to do is add three new user profiles to the bottom of the FTP configuration file as follows.
You have set-up three user accounts (Virtual Hosts) in Apache's configuration file and have their corresponding web sites located in the www folder under the following three sub-folder names user1, user2 and user3. They each need to use FTP to upload their site. All you need to do is add three new user profiles to the bottom of the FTP configuration file as follows.


{|width=&quot;80%&quot; style=&quot;background:#333333&quot; cellpadding=&quot;4&quot; cellspacing=&quot;1&quot;
{|width="80%" style="background:#333333" cellpadding="4" cellspacing="1"
|-
|-
|style=&quot;background:#ffffff&quot;|
|style="background:#ffffff"|
All three sites map to the appropriate folder in www.
All three sites map to the appropriate folder in www.
|style=&quot;background:#eeeeee&quot;|
|style="background:#eeeeee"|
&lt;User &quot;dave_user1&quot;&gt;&lt;br&gt;
<User "dave_user1"><br>
&amp;nbsp;&amp;nbsp;Password &quot;fish123&quot;&lt;br&gt;
&nbsp;&nbsp;Password "fish123"<br>
&amp;nbsp;&amp;nbsp;Mount&amp;nbsp;/&amp;nbsp;W:/www/user1/&amp;nbsp;&amp;nbsp;&lt;br&gt;
&nbsp;&nbsp;Mount&nbsp;/&nbsp;W:/www/user1/&nbsp;&nbsp;<br>
&amp;nbsp;&amp;nbsp;Allow / All&lt;br&gt;
&nbsp;&nbsp;Allow / All<br>
&lt;/User&gt;
</User>
|-
|-
|style=&quot;background:#ffffff&quot;|
|style="background:#ffffff"|
The most difficult part is the choice of user names and passwords.
The most difficult part is the choice of user names and passwords.
|style=&quot;background:#eeeeee&quot;|
|style="background:#eeeeee"|
&lt;User &quot;john_doe&quot;&gt;&lt;br&gt;
<User "john_doe"><br>
&amp;nbsp;&amp;nbsp;Password &quot;dead123&quot;&lt;br&gt;
&nbsp;&nbsp;Password "dead123"<br>
&amp;nbsp;&amp;nbsp;Mount / W:/www/user2/&lt;br&gt;
&nbsp;&nbsp;Mount / W:/www/user2/<br>
&amp;nbsp;&amp;nbsp;Allow / All&lt;br&gt;
&nbsp;&nbsp;Allow / All<br>
&lt;/User&gt;
</User>
|-
|-
|style=&quot;background:#ffffff&quot;|
|style="background:#ffffff"|
Do not use their real names make sure the names and passwords are different and long and contain a mix of numeric and alpha characters.
Do not use their real names make sure the names and passwords are different and long and contain a mix of numeric and alpha characters.
|style=&quot;background:#eeeeee&quot;|
|style="background:#eeeeee"|
&lt;User &quot;football_team&quot;&gt;&lt;br&gt;
<User "football_team"><br>
&amp;nbsp;&amp;nbsp;Password &quot;lost123&quot;&lt;br&gt;
&nbsp;&nbsp;Password "lost123"<br>
&amp;nbsp;&amp;nbsp;Mount / W:/www/user3/&lt;br&gt;
&nbsp;&nbsp;Mount / W:/www/user3/<br>
&amp;nbsp;&amp;nbsp;Allow / All&lt;br&gt;
&nbsp;&nbsp;Allow / All<br>
&lt;/User&gt;
</User>
|}
|}


Line 213: Line 212:
John and Dave would like to have access to slimFTPd’s original unzipped files. For this I will create a virtual folder in the server’s root named “slim” and map folder slimFTPd to it. Notice I am not mapping the folder “original” because I don’t want them to have access to the zip file that it contains. Dave thinks he’s an artist! Well he likes to write over other peoples file hence will restrict him to read access only.
John and Dave would like to have access to slimFTPd’s original unzipped files. For this I will create a virtual folder in the server’s root named “slim” and map folder slimFTPd to it. Notice I am not mapping the folder “original” because I don’t want them to have access to the zip file that it contains. Dave thinks he’s an artist! Well he likes to write over other peoples file hence will restrict him to read access only.


{|width=&quot;80%&quot; style=&quot;background:#333333&quot; cellpadding=&quot;4&quot; cellspacing=&quot;1&quot;
{|width="80%" style="background:#333333" cellpadding="4" cellspacing="1"
|-
|-
|style=&quot;background:#ffffff&quot;|
|style="background:#ffffff"|
I have top level access hence can check if anyone is abusing their privileges.
I have top level access hence can check if anyone is abusing their privileges.
|style=&quot;background:#eeeeee&quot;|
|style="background:#eeeeee"|
&lt;User &quot;ric&quot;&gt;&lt;br&gt;
<User "ric"><br>
&amp;nbsp;&amp;nbsp;Password &quot;unicenter&quot;&lt;br&gt;
&nbsp;&nbsp;Password "unicenter"<br>
&amp;nbsp;&amp;nbsp;Mount / C:/uc_slimftpd_tutorial&lt;br&gt;
&nbsp;&nbsp;Mount / C:/uc_slimftpd_tutorial<br>
&amp;nbsp;&amp;nbsp;Allow / All&lt;br&gt;
&nbsp;&nbsp;Allow / All<br>
&lt;/User&gt;
</User>
|-
|-
|style=&quot;background:#ffffff&quot;|
|style="background:#ffffff"|
First we create a virtual folder in root named &quot;'''slim'''&quot; and them map the real folder to it.
First we create a virtual folder in root named "'''slim'''" and them map the real folder to it.


All privileges are removed &quot;'''Deny /slim All'''&quot; and then '''allow''' Dave to '''Read''' and '''List''' the folder content.
All privileges are removed "'''Deny /slim All'''" and then '''allow''' Dave to '''Read''' and '''List''' the folder content.
|style=&quot;background:#eeeeee&quot;|
|style="background:#eeeeee"|
&lt;User &quot;dave&quot;&gt;&lt;br&gt;
<User "dave"><br>
&amp;nbsp;&amp;nbsp;Password &quot;dave123&quot;&lt;br&gt;
&nbsp;&nbsp;Password "dave123"<br>
&amp;nbsp;&amp;nbsp;Mount / C:/uc_slimftpd_tutorial/dave&lt;br&gt;
&nbsp;&nbsp;Mount / C:/uc_slimftpd_tutorial/dave<br>
&amp;nbsp;&amp;nbsp;Allow / All
&nbsp;&nbsp;Allow / All
'''&amp;nbsp;&amp;nbsp;Mount&amp;nbsp;/slim&amp;nbsp;C:/uc_slimftpd_tutorial/original/slimftpd&amp;nbsp;'''&lt;br&gt;
'''&nbsp;&nbsp;Mount&nbsp;/slim&nbsp;C:/uc_slimftpd_tutorial/original/slimftpd&nbsp;'''<br>
'''&amp;nbsp;&amp;nbsp;Deny /slim All'''&lt;br&gt;
'''&nbsp;&nbsp;Deny /slim All'''<br>
'''&amp;nbsp;&amp;nbsp;Allow /slim Read List'''&lt;br&gt;
'''&nbsp;&nbsp;Allow /slim Read List'''<br>
&lt;/User&gt;
</User>
|-
|-
|style=&quot;background:#ffffff&quot;|
|style="background:#ffffff"|
John is given access with no restrictions.
John is given access with no restrictions.


Test this configuration in your browser or FTP client.
Test this configuration in your browser or FTP client.


When both accounts are accessed a new folder &quot;slim&quot; will be seen. John can add new material if he wishes however Dave the rave cannot.
When both accounts are accessed a new folder "slim" will be seen. John can add new material if he wishes however Dave the rave cannot.
|style=&quot;background:#eeeeee&quot;|
|style="background:#eeeeee"|
&lt;User &quot;john&quot;&gt;&lt;br&gt;
<User "john"><br>
&amp;nbsp;&amp;nbsp;Password &quot;john123&quot;&lt;br&gt;
&nbsp;&nbsp;Password "john123"<br>
&amp;nbsp;&amp;nbsp;Mount / C:/uc_slimftpd_tutorial/john&lt;br&gt;
&nbsp;&nbsp;Mount / C:/uc_slimftpd_tutorial/john<br>
'''&amp;nbsp;&amp;nbsp;Mount /slim C:/uc_slimftpd_tutorial/original/slimftpd'''&lt;br&gt;
'''&nbsp;&nbsp;Mount /slim C:/uc_slimftpd_tutorial/original/slimftpd'''<br>
&amp;nbsp;&amp;nbsp;Allow / All&lt;br&gt;
&nbsp;&nbsp;Allow / All<br>
&lt;/User&gt;
</User>
|}
|}


Line 262: Line 261:
This type of scenario requires only one user profile:  
This type of scenario requires only one user profile:  


{|width=&quot;80%&quot; style=&quot;background:#333333&quot; cellpadding=&quot;4&quot; cellspacing=&quot;1&quot;
{|width="80%" style="background:#333333" cellpadding="4" cellspacing="1"
|-
|-
|style=&quot;background:#ffffff&quot;|
|style="background:#ffffff"|
All sub-folders in FTP root inherit the server root's permissions:
All sub-folders in FTP root inherit the server root's permissions:


Line 270: Line 269:
# Explicitly grant '''Read''' and '''List''' to '''root'''.
# Explicitly grant '''Read''' and '''List''' to '''root'''.
# These permissions are passed on to all sub-folders hence we need to explicitly grant '''Write''' to the '''upload''' folder.
# These permissions are passed on to all sub-folders hence we need to explicitly grant '''Write''' to the '''upload''' folder.
|style=&quot;background:#eeeeee&quot;|
|style="background:#eeeeee"|
&lt;User &quot;family_and_friends&quot;&gt;&lt;br&gt;
<User "family_and_friends"><br>
&amp;nbsp;&amp;nbsp;Password &quot;all123&quot;&lt;br&gt;
&nbsp;&nbsp;Password "all123"<br>
&amp;nbsp;&amp;nbsp;Mount /upload e:/personal/exchange/&lt;br&gt;
&nbsp;&nbsp;Mount /upload e:/personal/exchange/<br>
&amp;nbsp;&amp;nbsp;Mount /download c:/personal/area/images/&lt;br&gt;
&nbsp;&nbsp;Mount /download c:/personal/area/images/<br>
&amp;nbsp;&amp;nbsp;Deny / All&lt;br&gt;
&nbsp;&nbsp;Deny / All<br>
&amp;nbsp;&amp;nbsp;Allow / Read List&lt;br&gt;
&nbsp;&nbsp;Allow / Read List<br>
&amp;nbsp;&amp;nbsp;Allow /upload Write&lt;br&gt;
&nbsp;&nbsp;Allow /upload Write<br>
&lt;/User&gt;
</User>
|}
|}



Latest revision as of 17:36, 24 November 2010

MPG UniCenter

SlimFTPd: Home | Tutorial | Clients | Config File | Config Anonymous | Plugins |

SlimFTPd Configuration file - Details

Configuration file - Detail

In the configuration file you will find one piece of archaic terminology the term MOUNT. Today it stands for connect to either a hard drive or file system or even some other media. In the dark ages it meant phone up an administrator and ask for a tape to be taken to the tape reader and that person would MOUNT the tape into a machine. A bit slow by today's standards but then programming was done using hand punches and card readers.

SlimFTPd Configuration file - Detail

Do not be deceived by the simplicity or lack of configuration commands the few there are is more than enough to give FTP access to any file on your computer.

Global server variables

Your configuration file (slimftpd.conf) must contain these six commands, in most cases the default values are adequate.

BindInterface All Which network interface should be used to listen for incoming connections.
Available options are All, LAN, WAN, Local, or you can specify an IP address.
BindPort 21 The BindPort directive specifies which TCP port should be used to listen for incoming connections.
The standard FTP port is 21.
CommandTimeout 300 The CommandTimeout directive specifies how many seconds to wait for a connected client to issue a command before dropping the connection.
Default is 300 (5 minutes).
ConnectTimeout 15 The ConnectTimeout directive specifies how many seconds to wait for a data socket to connect with a client. This value applies to both active-mode and passive-mode connections.
Default is 15.
MaxConnections 20 The MaxConnections directive specifies an upper limit on the number of connections that may be made to the server at any one time.
Default is 20.
LookupHosts on The LookupHosts directive tells SlimFTPd whether it should look up the corresponding host names for IP addresses when logging connections. Note that this may take slightly more network bandwidth and may cause a short delay for users during initial connection.
Default is On.

Top

User accounts

Below the global server variables you add user profiles. Each user profile is constructed from the following tags (commands/directives).

<User "name"> Opening tag for user profile. Name of user do not use spaces or any special characters

(A name "anonymous" used with password set to "", allows anyone access no authentication required.)

</User> Closing tag for user profile
Password "value" Use the Password directive to set a password for a user. If no password is set, the user will be allowed to login without a password, however a user name is still required unless that has been set to anonymous see above ).
Mount [virtual file path][local file path] Use the Mount directive to attach a local file system path to a virtual file system path.
Allow
Deny
Allow and Deny directives to set permissions on paths in the virtual file system. Valid permission tokens are Read, Write, List, Admin, or All to indicate all four permission types.

Top

Basics

Every access to your FTP server is controlled by user accounts (profiles) these have the following format:

<User "[name]">
  Password "[password]"
  Mount [public virtual path] [internal local path]
  Allow [public virtual path] [permissions]
  Deny [public virtual path] [permissions]
</User>

User name and password are obvious and need no explanation however Mount is all-important and you need to understand how it works.

Using either a browser or client to view your FTP site is not quite what it appears to be, what is visible is not the real file system but a virtual one.

You are looking at the FTP root folder this appears to be a real representation however in reality it is just a mapping to your real folders and files. Any permission you set in a user profile acts only on the FTP root folder.

If that sounds confusing look at it another way, when you create a user profile you are building a virtual window know as the FTP root folder. Inside this folder you create sub-folders with names that you want a user to see, these may be the same as the real folders on your system.

  • Mount has the following elements:
  • [public virtual path] What you want a user to see.
       and
  • [internal local path] The real location on your system.


You set permissions of Allow and Deny on the [public virtual path] element contained within the FTP root.

With this knowledge lets re-visit the user profile from the previous page

  1. User name is “ric
  2. Password is “unicenter
  3. Mount “/” refers to the FTP root folder in this example no subfolder is defined
  4. Mount / C:/uc_slimftpd_tutorial means take every thing contained in folder uc_slimftpd_tutorial on disk C: and display it in the FTP root folder.
  5. The user is allowed full access to all the folders and files as displayed in the FTP root folder.

<User "ric">
  Password "unicenter"
  Mount / C:/uc_slimftpd_tutorial
  Allow / All
</User>


Well that was painful from here on it gets easier I will provide a few more examples leaving the anonymous user until later. Not that it is difficult but because it conflicts with simple browser testing. The truth is I am lazy it saves typing email like addresses into the browser address bar.

Top

General note on testing

After making configuration file changes stop (uc_kill_process.bat) and restart (SlimFTPd.exe) your FTP server for the changes to take place.

After each example restart your browser, this will ensure you are challenged for a name and password. You can use a client for testing or use a browser however remember to type the following when using a browser ftp://localhost

Top

Multi User Hosting

I have two friends that are very trustworthy, they would like to upload and download files to their folders hosted on the FTP server. Open the configuration file and add a suitable block for each person as show below

I have top level access hence can check if they are abusing their privilege of being able to upload to the server.

<User "ric">   Password "unicenter"
  Mount / C:/uc_slimftpd_tutorial
  allow / All
</User>

Save and login to Dave's account. You will see three files. You can delete, download these files. Try uploading files.

<User "dave">
  Password "dave123"
  Mount / C:/uc_slimftpd_tutorial/dave  
  Allow / All
</User>

Repeat the same for Johns's account. Generally have a play with FTP'ing.

<User "john">
  Password "john123"
  Mount / C:/uc_slimftpd_tutorial/john
  Allow / All
</User>

Top

Multi User Hosting - Server example

You have set-up three user accounts (Virtual Hosts) in Apache's configuration file and have their corresponding web sites located in the www folder under the following three sub-folder names user1, user2 and user3. They each need to use FTP to upload their site. All you need to do is add three new user profiles to the bottom of the FTP configuration file as follows.

All three sites map to the appropriate folder in www.

<User "dave_user1">
  Password "fish123"
  Mount / W:/www/user1/  
  Allow / All
</User>

The most difficult part is the choice of user names and passwords.

<User "john_doe">
  Password "dead123"
  Mount / W:/www/user2/
  Allow / All
</User>

Do not use their real names make sure the names and passwords are different and long and contain a mix of numeric and alpha characters.

<User "football_team">
  Password "lost123"
  Mount / W:/www/user3/
  Allow / All
</User>

Top

Sharing Files

John and Dave would like to have access to slimFTPd’s original unzipped files. For this I will create a virtual folder in the server’s root named “slim” and map folder slimFTPd to it. Notice I am not mapping the folder “original” because I don’t want them to have access to the zip file that it contains. Dave thinks he’s an artist! Well he likes to write over other peoples file hence will restrict him to read access only.

I have top level access hence can check if anyone is abusing their privileges.

<User "ric">
  Password "unicenter"
  Mount / C:/uc_slimftpd_tutorial
  Allow / All
</User>

First we create a virtual folder in root named "slim" and them map the real folder to it.

All privileges are removed "Deny /slim All" and then allow Dave to Read and List the folder content.

<User "dave">
  Password "dave123"
  Mount / C:/uc_slimftpd_tutorial/dave
  Allow / All   Mount /slim C:/uc_slimftpd_tutorial/original/slimftpd 
  Deny /slim All
  Allow /slim Read List
</User>

John is given access with no restrictions.

Test this configuration in your browser or FTP client.

When both accounts are accessed a new folder "slim" will be seen. John can add new material if he wishes however Dave the rave cannot.

<User "john">
  Password "john123"
  Mount / C:/uc_slimftpd_tutorial/john
  Mount /slim C:/uc_slimftpd_tutorial/original/slimftpd
  Allow / All
</User>

The following provides another example of this:

Top

Sharing Files with friends

On my home PC I am running these servers permanently and do not require portability (memory stick) and wish to share files between family members and friends. I have already provided them with an ftp name and password to use. I only want them to read files from c:/personal/area/images/ and allow them to upload files to e:/personal/exchange/

This type of scenario requires only one user profile:

All sub-folders in FTP root inherit the server root's permissions:

  1. In this example all permissions are denied for root.
  2. Explicitly grant Read and List to root.
  3. These permissions are passed on to all sub-folders hence we need to explicitly grant Write to the upload folder.

<User "family_and_friends">
  Password "all123"
  Mount /upload e:/personal/exchange/
  Mount /download c:/personal/area/images/
  Deny / All
  Allow / Read List
  Allow /upload Write
</User>

Summary

Apart from the reliability of uploading pages to your web space an FTP sever has another powerful trick up it's sleeve. Not every one knows this because it's anonymous! Interested you should be, take a look at the next page.

Top


Ric