SlimFTPd: Config File: Difference between revisions
Jump to navigation
Jump to search
m
Reverted edits by Upazixorys (Talk); changed back to last version by Ric
Upazixorys (talk | contribs) No edit summary |
m (Reverted edits by Upazixorys (Talk); changed back to last version by Ric) |
||
Line 1: | Line 1: | ||
<span id="top"></span> | |||
<div style="padding:0;margin:0; border-bottom:3px inset #000000"> | |||
{| | {| | ||
| [[Image:uc_small_logo.gif | MPG UniCenter]] || | | [[Image:uc_small_logo.gif | MPG UniCenter]] || | ||
Line 13: | Line 12: | ||
|} | |} | ||
</div> | |||
{| cellpadding= | {| cellpadding="2" | ||
| | | | ||
__TOC__ | __TOC__ | ||
Line 31: | Line 30: | ||
Your configuration file ('''''slimftpd.conf''''') must contain these six commands, in most cases the default values are adequate. | Your configuration file ('''''slimftpd.conf''''') must contain these six commands, in most cases the default values are adequate. | ||
{|style= | {|style="background:#666666" border="0" cellpadding="4" cellspacing="1" | ||
|-style= | |-style="background:#eeeeee" | ||
|valign= | |valign="top"| BindInterface | ||
|valign= | |valign="top"| All | ||
| Which network interface should be used to listen for incoming connections. | | Which network interface should be used to listen for incoming connections.<br>Available options are All, '''LAN''', '''WAN''', '''Local''', or you can specify an IP address. | ||
|-style= | |-style="background:#eeeeee" | ||
|valign= | |valign="top"| BindPort | ||
|valign= | |valign="top"| 21 | ||
| The BindPort directive specifies which TCP port should be used to listen for incoming connections. | | The BindPort directive specifies which TCP port should be used to listen for incoming connections.<br>The standard FTP port is '''21'''. | ||
|-style= | |-style="background:#eeeeee" | ||
|valign= | |valign="top"| CommandTimeout | ||
|valign= | |valign="top"| 300 | ||
| The CommandTimeout directive specifies how many seconds to wait for a connected client to issue a command before dropping the connection. | | The CommandTimeout directive specifies how many seconds to wait for a connected client to issue a command before dropping the connection.<br>Default is 300 (5 minutes). | ||
|-style= | |-style="background:#eeeeee" | ||
|valign= | |valign="top"| ConnectTimeout | ||
|valign= | |valign="top"| 15 | ||
|The ConnectTimeout directive specifies how many seconds to wait for a data socket to connect with a client. This value applies to both active-mode and passive-mode connections. | |The ConnectTimeout directive specifies how many seconds to wait for a data socket to connect with a client. This value applies to both active-mode and passive-mode connections.<br> Default is 15. | ||
|-style= | |-style="background:#eeeeee" | ||
|valign= | |valign="top"| MaxConnections | ||
|valign= | |valign="top"| 20 | ||
| The MaxConnections directive specifies an upper limit on the number of connections that may be made to the server at any one time. | | The MaxConnections directive specifies an upper limit on the number of connections that may be made to the server at any one time.<br> Default is 20. | ||
|-style= | |-style="background:#eeeeee" | ||
|valign= | |valign="top"| LookupHosts | ||
|valign= | |valign="top"| on | ||
|The LookupHosts directive tells SlimFTPd whether it should look up the corresponding host names for IP addresses when logging connections. Note that this may take slightly more network bandwidth and may cause a short delay for users during initial connection. | |The LookupHosts directive tells SlimFTPd whether it should look up the corresponding host names for IP addresses when logging connections. Note that this may take slightly more network bandwidth and may cause a short delay for users during initial connection.<br> Default is On. | ||
|} | |} | ||
Line 63: | Line 62: | ||
Below the global server variables you add user profiles. Each user profile is constructed from the following tags (commands/directives). | Below the global server variables you add user profiles. Each user profile is constructed from the following tags (commands/directives). | ||
{|style= | {|style="background:#666666" border="0" cellpadding="4" cellspacing="1" | ||
|- | |- | ||
|style= | |style="background:#eeeeee" valign="top"| '''<nowiki><User "name"></nowiki>''' | ||
|style= | |style="background:#ffffff" valign="top"| Opening tag for user profile. Name of user do not use spaces or any special characters<br> | ||
(A name | (A name "'''anonymous'''" used with password set to '''""''', allows anyone access no authentication required.) | ||
|- | |- | ||
|style= | |style="background:#eeeeee" valign="top"| '''<nowiki></User></nowiki>''' | ||
|style= | |style="background:#ffffff" valign="top"| Closing tag for user profile | ||
|- | |- | ||
|style= | |style="background:#eeeeee" valign="top"| '''Password "value"''' | ||
|style= | |style="background:#ffffff" valign="top"| Use the Password directive to set a password for a user. If no password is set, the user will be allowed to login without a password, however a user name is still required unless that has been set to '''anonymous''' see above ). | ||
|- | |- | ||
|style= | |style="background:#eeeeee" valign="top"| '''Mount [virtual file path][local file path]''' | ||
|style= | |style="background:#ffffff" valign="top"| Use the Mount directive to attach a local file system path to a virtual file system path. | ||
|- | |- | ||
|style= | |style="background:#eeeeee" valign="top"| '''Allow'''<br>'''Deny''' | ||
|style= | |style="background:#ffffff" valign="top"| Allow and Deny directives to set permissions on paths in the virtual file system. Valid permission tokens are '''Read''',''' Write''', '''List''', '''Admin''', or '''All''' to indicate all four permission types. | ||
|} | |} | ||
Line 87: | Line 86: | ||
Every access to your FTP server is controlled by user accounts (profiles) these have the following format: | Every access to your FTP server is controlled by user accounts (profiles) these have the following format: | ||
<pre> | |||
<User "[name]"> | |||
Password | Password "[password]" | ||
Mount [public virtual path] [internal local path] | Mount [public virtual path] [internal local path] | ||
Allow [public virtual path] [permissions] | Allow [public virtual path] [permissions] | ||
Deny [public virtual path] [permissions] | Deny [public virtual path] [permissions] | ||
</User> | |||
</pre> | |||
User name and password are obvious and need no explanation however '''Mount''' '''''is all-important''''' and you need to understand how it works. | User name and password are obvious and need no explanation however '''Mount''' '''''is all-important''''' and you need to understand how it works. | ||
Line 105: | Line 104: | ||
* '''Mount''' has the following elements: | * '''Mount''' has the following elements: | ||
* ['''public virtual path'''] What you want a user to see. | * ['''public virtual path'''] What you want a user to see.<br> and | ||
* ['''internal local path'''] The real location on your system. | * ['''internal local path'''] The real location on your system. | ||
Line 113: | Line 112: | ||
With this knowledge lets re-visit the user profile from the previous page | With this knowledge lets re-visit the user profile from the previous page | ||
{|width= | {|width="80%" style="background:#333333" cellpadding="4" cellspacing="1" | ||
|-style= | |-style="background:#eeeeee" | ||
| | | | ||
# User name is “'''ric'''” | # User name is “'''ric'''” | ||
Line 122: | Line 121: | ||
#The user is allowed full access to '''all''' the '''folders''' and '''files''' as displayed in the '''FTP root folder'''. | #The user is allowed full access to '''all''' the '''folders''' and '''files''' as displayed in the '''FTP root folder'''. | ||
| | | | ||
''' | '''<User "ric">'''<br> | ||
'''& | ''' Password "unicenter"'''<br> | ||
'''& | ''' Mount / C:/uc_slimftpd_tutorial'''<br> | ||
'''& | ''' Allow / All'''<br> | ||
''' | '''</User>''' | ||
|} | |} | ||
Line 137: | Line 136: | ||
After making configuration file changes '''stop''' (uc_kill_process.bat) and '''restart''' (SlimFTPd.exe) your FTP server for the changes to take place. | After making configuration file changes '''stop''' (uc_kill_process.bat) and '''restart''' (SlimFTPd.exe) your FTP server for the changes to take place. | ||
After each example restart your browser, this will ensure you are challenged for a name and password. You can use a client for testing or use a browser however remember to type the following when using a browser ''' | After each example restart your browser, this will ensure you are challenged for a name and password. You can use a client for testing or use a browser however remember to type the following when using a browser '''<nowiki>ftp://localhost</nowiki>''' | ||
'''''[[#top | Top]]''''' | '''''[[#top | Top]]''''' | ||
Line 143: | Line 142: | ||
I have two friends that are very trustworthy, they would like to upload and download files to their folders hosted on the FTP server. Open the configuration file and add a suitable block for each person as show below | I have two friends that are very trustworthy, they would like to upload and download files to their folders hosted on the FTP server. Open the configuration file and add a suitable block for each person as show below | ||
{|width= | {|width="80%" style="background:#333333" cellpadding="4" cellspacing="1" | ||
|- | |- | ||
|style= | |style="background:#ffffff"| | ||
I have top level access hence can check if they are abusing their privilege of being able to upload to the server. | I have top level access hence can check if they are abusing their privilege of being able to upload to the server. | ||
|style= | |style="background:#eeeeee"| | ||
<User "ric"> | |||
& | Password "unicenter"<br> | ||
& | Mount / C:/uc_slimftpd_tutorial<br> | ||
& | allow / All<br> | ||
</User> | |||
|- | |- | ||
|style= | |style="background:#ffffff"| | ||
Save and login to Dave's account. You will see three files. You can delete, download these files. Try uploading files. | Save and login to Dave's account. You will see three files. You can delete, download these files. Try uploading files. | ||
|style= | |style="background:#eeeeee"| | ||
<User "'''dave'''"><br> | |||
& | Password "'''dave123'''"<br> | ||
& | Mount / '''C:/uc_slimftpd_tutorial/dave''' <br> | ||
& | Allow / All<br> | ||
</User> | |||
|- | |- | ||
|style= | |style="background:#ffffff"| | ||
Repeat the same for Johns's account. Generally have a play with FTP'ing. | Repeat the same for Johns's account. Generally have a play with FTP'ing. | ||
|style= | |style="background:#eeeeee"| | ||
<User "'''john'''"><br> | |||
& | Password "'''john123'''"<br> | ||
& | Mount / '''C:/uc_slimftpd_tutorial/john'''<br> | ||
& | Allow / All<br> | ||
</User> | |||
|} | |} | ||
Line 178: | Line 177: | ||
You have set-up three user accounts (Virtual Hosts) in Apache's configuration file and have their corresponding web sites located in the www folder under the following three sub-folder names user1, user2 and user3. They each need to use FTP to upload their site. All you need to do is add three new user profiles to the bottom of the FTP configuration file as follows. | You have set-up three user accounts (Virtual Hosts) in Apache's configuration file and have their corresponding web sites located in the www folder under the following three sub-folder names user1, user2 and user3. They each need to use FTP to upload their site. All you need to do is add three new user profiles to the bottom of the FTP configuration file as follows. | ||
{|width= | {|width="80%" style="background:#333333" cellpadding="4" cellspacing="1" | ||
|- | |- | ||
|style= | |style="background:#ffffff"| | ||
All three sites map to the appropriate folder in www. | All three sites map to the appropriate folder in www. | ||
|style= | |style="background:#eeeeee"| | ||
<User "dave_user1"><br> | |||
& | Password "fish123"<br> | ||
& | Mount / W:/www/user1/ <br> | ||
& | Allow / All<br> | ||
</User> | |||
|- | |- | ||
|style= | |style="background:#ffffff"| | ||
The most difficult part is the choice of user names and passwords. | The most difficult part is the choice of user names and passwords. | ||
|style= | |style="background:#eeeeee"| | ||
<User "john_doe"><br> | |||
& | Password "dead123"<br> | ||
& | Mount / W:/www/user2/<br> | ||
& | Allow / All<br> | ||
</User> | |||
|- | |- | ||
|style= | |style="background:#ffffff"| | ||
Do not use their real names make sure the names and passwords are different and long and contain a mix of numeric and alpha characters. | Do not use their real names make sure the names and passwords are different and long and contain a mix of numeric and alpha characters. | ||
|style= | |style="background:#eeeeee"| | ||
<User "football_team"><br> | |||
& | Password "lost123"<br> | ||
& | Mount / W:/www/user3/<br> | ||
& | Allow / All<br> | ||
</User> | |||
|} | |} | ||
Line 213: | Line 212: | ||
John and Dave would like to have access to slimFTPd’s original unzipped files. For this I will create a virtual folder in the server’s root named “slim” and map folder slimFTPd to it. Notice I am not mapping the folder “original” because I don’t want them to have access to the zip file that it contains. Dave thinks he’s an artist! Well he likes to write over other peoples file hence will restrict him to read access only. | John and Dave would like to have access to slimFTPd’s original unzipped files. For this I will create a virtual folder in the server’s root named “slim” and map folder slimFTPd to it. Notice I am not mapping the folder “original” because I don’t want them to have access to the zip file that it contains. Dave thinks he’s an artist! Well he likes to write over other peoples file hence will restrict him to read access only. | ||
{|width= | {|width="80%" style="background:#333333" cellpadding="4" cellspacing="1" | ||
|- | |- | ||
|style= | |style="background:#ffffff"| | ||
I have top level access hence can check if anyone is abusing their privileges. | I have top level access hence can check if anyone is abusing their privileges. | ||
|style= | |style="background:#eeeeee"| | ||
<User "ric"><br> | |||
& | Password "unicenter"<br> | ||
& | Mount / C:/uc_slimftpd_tutorial<br> | ||
& | Allow / All<br> | ||
</User> | |||
|- | |- | ||
|style= | |style="background:#ffffff"| | ||
First we create a virtual folder in root named | First we create a virtual folder in root named "'''slim'''" and them map the real folder to it. | ||
All privileges are removed | All privileges are removed "'''Deny /slim All'''" and then '''allow''' Dave to '''Read''' and '''List''' the folder content. | ||
|style= | |style="background:#eeeeee"| | ||
<User "dave"><br> | |||
& | Password "dave123"<br> | ||
& | Mount / C:/uc_slimftpd_tutorial/dave<br> | ||
& | Allow / All | ||
'''& | ''' Mount /slim C:/uc_slimftpd_tutorial/original/slimftpd '''<br> | ||
'''& | ''' Deny /slim All'''<br> | ||
'''& | ''' Allow /slim Read List'''<br> | ||
</User> | |||
|- | |- | ||
|style= | |style="background:#ffffff"| | ||
John is given access with no restrictions. | John is given access with no restrictions. | ||
Test this configuration in your browser or FTP client. | Test this configuration in your browser or FTP client. | ||
When both accounts are accessed a new folder | When both accounts are accessed a new folder "slim" will be seen. John can add new material if he wishes however Dave the rave cannot. | ||
|style= | |style="background:#eeeeee"| | ||
<User "john"><br> | |||
& | Password "john123"<br> | ||
& | Mount / C:/uc_slimftpd_tutorial/john<br> | ||
'''& | ''' Mount /slim C:/uc_slimftpd_tutorial/original/slimftpd'''<br> | ||
& | Allow / All<br> | ||
</User> | |||
|} | |} | ||
Line 262: | Line 261: | ||
This type of scenario requires only one user profile: | This type of scenario requires only one user profile: | ||
{|width= | {|width="80%" style="background:#333333" cellpadding="4" cellspacing="1" | ||
|- | |- | ||
|style= | |style="background:#ffffff"| | ||
All sub-folders in FTP root inherit the server root's permissions: | All sub-folders in FTP root inherit the server root's permissions: | ||
Line 270: | Line 269: | ||
# Explicitly grant '''Read''' and '''List''' to '''root'''. | # Explicitly grant '''Read''' and '''List''' to '''root'''. | ||
# These permissions are passed on to all sub-folders hence we need to explicitly grant '''Write''' to the '''upload''' folder. | # These permissions are passed on to all sub-folders hence we need to explicitly grant '''Write''' to the '''upload''' folder. | ||
|style= | |style="background:#eeeeee"| | ||
<User "family_and_friends"><br> | |||
& | Password "all123"<br> | ||
& | Mount /upload e:/personal/exchange/<br> | ||
& | Mount /download c:/personal/area/images/<br> | ||
& | Deny / All<br> | ||
& | Allow / Read List<br> | ||
& | Allow /upload Write<br> | ||
</User> | |||
|} | |} | ||