-->
Page 145
Option | Description | |
%s | The time the system will shut down | |
%r | The time when new connections will be denied | |
%d | The time current connections will be dropped |
Along with controlling logins and maintaining logs, you will need to keep the permissions of the files placed in the archive under tight control. The following commands will allow you to specify what permissions should be set under certain conditions.
The chmod command determines whether a client has the permission to change permissions on the server's files using the client's chmod command. The format of this command is
chmod <switch> <typelist>
where <switch> is either YES to turn on the feature or NO to turn off the feature. <typelist> is the comma-separated list of user types affected by this command. The user types available are anonymous, guest, and real.
The delete command tells the server whether client connections can delete files that are residing on the server via FTP. The format of the command is
delete <switch> <typelist>
where <switch> is either YES to turn on the feature or NO to turn off the feature. <typelist> is the comma-separated list of user types affected by this command. The user types available are anonymous, guest, and real.
To control whether FTP clients can upload files and replace existing files on the server, you use the overwrite command. The format of this command is
overwrite <switch> <typelist>
where <switch> is either YES to turn on the feature or NO to turn off the feature. <typelist> is the comma-separated list of user types affected by this command. The user types available are anonymous, guest, and real.
Client FTP software has the option of sending a rename request to the server to rename files. The rename command determines whether this request is acceptable. The format of this command is
rename <switch> <typelist>
Page 146
where <switch> is either YES to turn on the feature or NO to turn off the feature. <typelist> is the comma-separated list of user types affected by this command. The user types available are anonymous, guest, and real.
The umask command determines whether clients can change their default permissions in a similar fashion as the umask shell command. The format of the umask command is
umask <switch> <typelist>
where <switch> is either YES to turn on the feature or NO to turn off the feature. <typelist> is the comma-separated list of user types affected by this command. The user types available are anonymous, guest, and real.
Providing a valid e-mail address as your password is considered good manners when you're connecting to an anonymous FTP site. The passwd-check command lets you determine how strict you want to be with what string is submitted as an anonymous user's e-mail address. The format of the command is
passwd-check <strictness> <enforcement>
where <strictness> is one of three possible strings: none, trivial, or rfc822. <enforcement> is one of two possible strings: warn or enforce.
Selecting none for <strictness> will perform no check at all for the password. trivial is slightly more demanding by requiring that at least an @ (at) symbol appear in the password. rfc822 is the most strict, requiring that the e-mail address comply with the RFC 822 "Message Header Standard" (for example, sshah@domain.com).
Using warn as the <enforcement> warns the users if they fail to comply with the strictness requirement but allows them to connect with your server anyway. enforce, on the other hand, denies the users connections until they use acceptable passwords.
If you allow users to upload files to your server via FTP, you might want to dictate what are acceptable filenames. (For example, control characters in filenames are not acceptable.) You can enforce this restriction by using the path-filter command. The format of this command is
path-filter <typelist> <mesg> <allowed-regexp> <denied-regexp>
where <typelist> is a comma-separated list of users this command affects; the user types available are anonymous, guest, and real. <mesg> is the filename of the message that should be displayed if the file does not meet this criteria. <allowed-regexp> is the regular expression that the filename must meet to be allowed in. <denied-regexp> is the regular expression that, if met, causes the file to be explicitly denied; <denied-regexp> is an optional parameter.
Page 147
For example, the line
path-filter anonymous,guest /ftp/.badfilename UL* gif$
displays the file /ftp/.badfilename to anonymous or guest users if they upload a file that doesn't begin with the string UL or that ends with the string gif.
You can use the upload command, along with path-filter, to control files placed onto your server. The upload command specifies what permissions the client has to place files in certain directories as well as what permissions the files will take on after they are placed there. The format of this command is
upload <directory> <dirglob> <switch> <owner> <group> <mode> <mkdir>
where <directory> is the directory that is affected by this command, <dirglob> is the regular expression used to determine whether a subdirectory under <directory> is a valid place to make an upload, and <switch> is either YES or NO, thereby establishing either an upload can or cannot occur there. The <owner>, <group>, and <mode> parameters establish the file's owner, group, and permissions after the file is placed on the server. Finally, you can specify the <mkdir> option as either dirs or nodirs, which allows the client to able to create or not create subdirectories under the specified directory.
Here is a sample entry:
upload /home/ftp * no upload /home/ftp /incoming yes ftp ftp 0400 nodirs
This example specifies that the only location a file can be placed is in the /home/ftp/incoming directory (/incoming to the anonymous client). After the file is placed in this directory, its owner becomes ftp, group ftp, and the permission is 0400. The nodirs option at the end of the second line doesn't allow the anonymous client to create subdirectories under /incoming.
TIP |
Setting uploads to read-only is a good idea so that the /incoming directory doesn't become a trading ground for questionable materialfor example, illegal software. |
The format of the /etc/ftpconversions file is
<1>:<2>:<3>:<4>:<5>:<6>:<7>:<8>
where <1> is the strip prefix, <2> is strip postfix, <3> is an add-on prefix, <4> is an add-on postfix, <5> is the external command to invoke to perform the conversion, <6> is the type of file, <7> is the option information used for logging, and <8> is a description of the action.