Page 142
Often for security purposes, you might want to log the actions of your FTP users. You do so by using the log commands option. Each command invoked by the clients is sent to your log file. The format of the command is
log commands <typelist>
where <typelist> is a comma-separated list specifying which kinds of users should be logged. The three kinds of users recognized are anonymous, guest, and real. (See the description of the class command earlier in this chapter for each user type's description.) For example, to log all the actions taken by anonymous and guest users, you specify the following:
log commands anonymous,guest
If you want to log only file transfers made by clients instead of their entire sessions with the log commands statement, you should use log transfers instead. The format of this command is
log transfers <typelist> <directions>
where <typelist> is a comma-separated list specifying which kinds of users should be logged (anonymous, guest, or real), and <directions> is a comma-separated list specifying which direction the transfer must take in order to be logged. The two directions you can choose to log are inbound and outbound.
For example, to log all anonymous transfers that are both inbound and outbound, you would use the following:
log transfers anonymous inbound,outbound
The resulting logs are stored in /var/log/xferlog. See the section on this file for additional information.
The following set of commands provide some miscellaneous configuration items. Each command adds a good deal of flexibility to the server making it that much more useful to you as its administrator.
The alias command allows you to define directory aliases for your FTP clients. They are activated when the clients use the cd command and specify the alias. This capability is useful to provide shortcuts to often requested files. The format of the command is
alias <string> <dir>
where <string> is the alias and <dir> is the actual directory the users should be transferred to. The following is an example of this command:
alias orb_discography /pub/music/ambient/orb_discography
Page 143
Hence, if clients connect and use the command cd orb_discography, they are automatically moved to the /pub/music/ambient/orb_discography directory, regardless of their current locations.
Similar to the UNIX PATH environment variable, the cdpath command lets you establish a list of paths to check whenever clients invoke the cd command. The format of the cdpath command is
cdpath <dir>
where <dir> is the directory on the server to be checked whenever clients use the cd command. Remember to use directories relative to the FTP home directory for your anonymous users. An example of the cdpath command is
cdpath /pub/music cdpath /pub/coffee
If clients enter the command cd instant, the server examines the directories in the following order:
The wu-ftpd server (the FTP server I have currently installed) offers a special feature that allows the server to compress or decompress a file before transmission: compress. This capability allows a client who might not have the necessary software to decompress a file to still be able to fetch it in a usable form. (For example, a file on your server is compressed using gzip, and a Windows client machine needs to get it but does not have the DOS version of gzip available.)
The format of the compress command is
compress <switch> <classglob>
where <switch> is either the string YES to turn on this feature or NO to turn off this feature. <classglob> is a comma-separated list of classes to which this compress option applies.
There is, of course, a catch to using this command. You need to configure the /etc/ftpconversions file so that the server knows which programs to use for certain file extensions. The default configuration supports compression by either /bin/compress or /bin/gzip.
Read the section on /etc/ftpconversions for details.
Page 144
Almost identical to the compress option, tar specifies whether the server will tar and untar files for a client on demand. The format of this command is
tar <switch> <classglob>
where <switch> is either the string YES to turn on this feature or NO to turn off this feature. The <classglob> option is a comma-separated list of classes that this tar command specifies.
Like the compress command, this feature is also controlled by the /etc/ftpconversions file. See the section on /etc/ftpconversions for details.
The shutdown command tells the server to check for a particular file periodically to see whether the server will be shut down. By default, the RPMs you installed invoke the FTP server whenever there is a request for a connection; therefore, you don't really need this option if you plan to continue using it that way. On the other hand, if you intend to change the system so that the server software is constantly running in the background, you might want to use this option to perform clean shutdowns and to notify users accessing the site.
The format of the shutdown command is
shutdown <path>
where <path> is the full path of the file to check for shutdown information. When that file does become available, it is parsed out and the information gained from it dictates the behavior of the shutdown process as well as the ftpshut program (discussed later in the chapter in the section "ftpshut"). While there isn't any standard place for keeping this file, you might find it handy to keep in /etc/ftpshutdown because it will be obvious along with the other FTP configuration files. Make sure that the file is readable by root.
The format of the file is
<year> <month> <day> <hour> <minute> <deny_offset> <disconnect_offset> <text>
where <year> is any year after 1970; <month> is from 0 to 11 to represent January to December, respectively; <day> is from 0 to 30; <hour> is from 0 to 23; and <minute> is from 0 to 59. The <deny_offset> parameter specifies the time at which the server should stop accepting new connections in the form HHMM, where HH is the hour in military format and MM is the minute. <disconnect_offset> is the time at which existing connections are dropped; it is also in the form HHMM.
The <text> parameter is a free-form text block displayed to users to alert them of the impending shutdown. The text can follow the format of the message command (see the description of this command earlier in the chapter) and have the following special character sequences available: