SlimFTPd: Config File

Revision as of 17:36, 24 November 2010 by Olajideolaolorun (talk | contribs) (Reverted edits by Upazixorys (Talk); changed back to last version by Ric)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

SlimFTPd Configuration file - Details

Configuration file - Detail

In the configuration file you will find one piece of archaic terminology the term MOUNT. Today it stands for connect to either a hard drive or file system or even some other media. In the dark ages it meant phone up an administrator and ask for a tape to be taken to the tape reader and that person would MOUNT the tape into a machine. A bit slow by today's standards but then programming was done using hand punches and card readers.

SlimFTPd Configuration file - Detail

Do not be deceived by the simplicity or lack of configuration commands the few there are is more than enough to give FTP access to any file on your computer.

Global server variables

Your configuration file (slimftpd.conf) must contain these six commands, in most cases the default values are adequate.

BindInterface All Which network interface should be used to listen for incoming connections.
Available options are All, LAN, WAN, Local, or you can specify an IP address.
BindPort 21 The BindPort directive specifies which TCP port should be used to listen for incoming connections.
The standard FTP port is 21.
CommandTimeout 300 The CommandTimeout directive specifies how many seconds to wait for a connected client to issue a command before dropping the connection.
Default is 300 (5 minutes).
ConnectTimeout 15 The ConnectTimeout directive specifies how many seconds to wait for a data socket to connect with a client. This value applies to both active-mode and passive-mode connections.
Default is 15.
MaxConnections 20 The MaxConnections directive specifies an upper limit on the number of connections that may be made to the server at any one time.
Default is 20.
LookupHosts on The LookupHosts directive tells SlimFTPd whether it should look up the corresponding host names for IP addresses when logging connections. Note that this may take slightly more network bandwidth and may cause a short delay for users during initial connection.
Default is On.

Top

User accounts

Below the global server variables you add user profiles. Each user profile is constructed from the following tags (commands/directives).

<User "name"> Opening tag for user profile. Name of user do not use spaces or any special characters

(A name "anonymous" used with password set to "", allows anyone access no authentication required.)

</User> Closing tag for user profile
Password "value" Use the Password directive to set a password for a user. If no password is set, the user will be allowed to login without a password, however a user name is still required unless that has been set to anonymous see above ).
Mount [virtual file path][local file path] Use the Mount directive to attach a local file system path to a virtual file system path.
Allow
Deny
Allow and Deny directives to set permissions on paths in the virtual file system. Valid permission tokens are Read, Write, List, Admin, or All to indicate all four permission types.

Top

Basics

Every access to your FTP server is controlled by user accounts (profiles) these have the following format:

<User "[name]">
  Password "[password]"
  Mount [public virtual path] [internal local path]
  Allow [public virtual path] [permissions]
  Deny [public virtual path] [permissions]
</User>

User name and password are obvious and need no explanation however Mount is all-important and you need to understand how it works.

Using either a browser or client to view your FTP site is not quite what it appears to be, what is visible is not the real file system but a virtual one.

You are looking at the FTP root folder this appears to be a real representation however in reality it is just a mapping to your real folders and files. Any permission you set in a user profile acts only on the FTP root folder.

If that sounds confusing look at it another way, when you create a user profile you are building a virtual window know as the FTP root folder. Inside this folder you create sub-folders with names that you want a user to see, these may be the same as the real folders on your system.

  • Mount has the following elements:
  • [public virtual path] What you want a user to see.
       and
  • [internal local path] The real location on your system.


You set permissions of Allow and Deny on the [public virtual path] element contained within the FTP root.

With this knowledge lets re-visit the user profile from the previous page

  1. User name is “ric
  2. Password is “unicenter
  3. Mount “/” refers to the FTP root folder in this example no subfolder is defined
  4. Mount / C:/uc_slimftpd_tutorial means take every thing contained in folder uc_slimftpd_tutorial on disk C: and display it in the FTP root folder.
  5. The user is allowed full access to all the folders and files as displayed in the FTP root folder.

<User "ric">
  Password "unicenter"
  Mount / C:/uc_slimftpd_tutorial
  Allow / All
</User>


Well that was painful from here on it gets easier I will provide a few more examples leaving the anonymous user until later. Not that it is difficult but because it conflicts with simple browser testing. The truth is I am lazy it saves typing email like addresses into the browser address bar.

Top

General note on testing

After making configuration file changes stop (uc_kill_process.bat) and restart (SlimFTPd.exe) your FTP server for the changes to take place.

After each example restart your browser, this will ensure you are challenged for a name and password. You can use a client for testing or use a browser however remember to type the following when using a browser ftp://localhost

Top

Multi User Hosting

I have two friends that are very trustworthy, they would like to upload and download files to their folders hosted on the FTP server. Open the configuration file and add a suitable block for each person as show below

I have top level access hence can check if they are abusing their privilege of being able to upload to the server.

<User "ric">   Password "unicenter"
  Mount / C:/uc_slimftpd_tutorial
  allow / All
</User>

Save and login to Dave's account. You will see three files. You can delete, download these files. Try uploading files.

<User "dave">
  Password "dave123"
  Mount / C:/uc_slimftpd_tutorial/dave  
  Allow / All
</User>

Repeat the same for Johns's account. Generally have a play with FTP'ing.

<User "john">
  Password "john123"
  Mount / C:/uc_slimftpd_tutorial/john
  Allow / All
</User>

Top

Multi User Hosting - Server example

You have set-up three user accounts (Virtual Hosts) in Apache's configuration file and have their corresponding web sites located in the www folder under the following three sub-folder names user1, user2 and user3. They each need to use FTP to upload their site. All you need to do is add three new user profiles to the bottom of the FTP configuration file as follows.

All three sites map to the appropriate folder in www.

<User "dave_user1">
  Password "fish123"
  Mount / W:/www/user1/  
  Allow / All
</User>

The most difficult part is the choice of user names and passwords.

<User "john_doe">
  Password "dead123"
  Mount / W:/www/user2/
  Allow / All
</User>

Do not use their real names make sure the names and passwords are different and long and contain a mix of numeric and alpha characters.

<User "football_team">
  Password "lost123"
  Mount / W:/www/user3/
  Allow / All
</User>

Top

Sharing Files

John and Dave would like to have access to slimFTPd’s original unzipped files. For this I will create a virtual folder in the server’s root named “slim” and map folder slimFTPd to it. Notice I am not mapping the folder “original” because I don’t want them to have access to the zip file that it contains. Dave thinks he’s an artist! Well he likes to write over other peoples file hence will restrict him to read access only.

I have top level access hence can check if anyone is abusing their privileges.

<User "ric">
  Password "unicenter"
  Mount / C:/uc_slimftpd_tutorial
  Allow / All
</User>

First we create a virtual folder in root named "slim" and them map the real folder to it.

All privileges are removed "Deny /slim All" and then allow Dave to Read and List the folder content.

<User "dave">
  Password "dave123"
  Mount / C:/uc_slimftpd_tutorial/dave
  Allow / All   Mount /slim C:/uc_slimftpd_tutorial/original/slimftpd 
  Deny /slim All
  Allow /slim Read List
</User>

John is given access with no restrictions.

Test this configuration in your browser or FTP client.

When both accounts are accessed a new folder "slim" will be seen. John can add new material if he wishes however Dave the rave cannot.

<User "john">
  Password "john123"
  Mount / C:/uc_slimftpd_tutorial/john
  Mount /slim C:/uc_slimftpd_tutorial/original/slimftpd
  Allow / All
</User>

The following provides another example of this:

Top

Sharing Files with friends

On my home PC I am running these servers permanently and do not require portability (memory stick) and wish to share files between family members and friends. I have already provided them with an ftp name and password to use. I only want them to read files from c:/personal/area/images/ and allow them to upload files to e:/personal/exchange/

This type of scenario requires only one user profile:

All sub-folders in FTP root inherit the server root's permissions:

  1. In this example all permissions are denied for root.
  2. Explicitly grant Read and List to root.
  3. These permissions are passed on to all sub-folders hence we need to explicitly grant Write to the upload folder.

<User "family_and_friends">
  Password "all123"
  Mount /upload e:/personal/exchange/
  Mount /download c:/personal/area/images/
  Deny / All
  Allow / Read List
  Allow /upload Write
</User>

Summary

Apart from the reliability of uploading pages to your web space an FTP sever has another powerful trick up it's sleeve. Not every one knows this because it's anonymous! Interested you should be, take a look at the next page.

Top


  Ric