| iMatix home page|
| Xitami home page
| << | < | > | >>
Xitami supports the FTP (file transfer) protocol. The FTP service was designed to be simple and easy to administer, while providing the security and speed necessary for a web site. You can administer the FTP service from the WBA screens, in the same way as you administer the rest of Xitami.
The current implementation of FTP does not support virtual hosts, so the FTP configuration applies to all virtual hosts defined for a web site.
The FTP service recognises these commands, and handles those not marked by '*':
USER PASV STOU* MAIL* ALLO* CWD PWD XMKD PASS TYPE SYST MSND* REST CDUP RMD XRMD ACCT* STRU XSYS* MSOM* RNFR XCWD SITE* XPWD REIN MODE PASV MSAM* RNTO LIST STAT* XCUP* QUIT RETR APPE MRSQ* ABOR MKD HELP XEXC* PORT STOR MLFL* MRCP* DELE NLST NOOP SIZE
The configuration of the FTP service is handled by specific sections in the standard configuration file.
This section controls the FTP service.
This section controls the FTP access log.
This section lets you define multiple FTP file roots. Each alias alias specifies a name and a path. For example:
The alias name itself may not contain '/'. It is not case sensitive. FTP aliases are only shown to 'root' users, i.e. those with an empty root value, or those who have the 'aliases=1' option defined (see below). Like HTTP aliases, the FTP alias is always the first component of a filename (e.g. /volume-c/somefile). Aliases are shown only if the user has no GET access, and if the specified user's root directory actually exists.
This section controls the FTP error log.
The FTP user file defines all users that may log-in to the FTP server. This is a typical user file:
[Admin] Access=* Password=- Root="" Aliases=1 # Will have access to aliases [Anonymous] Access=G Password=* Root=pub [Guest] Access=G Root=c:\public\guest [Upload] Access=P Password=upload Root=/tempfiles/upload Use-quotas=1 Soft-quota=10 Hard-quota=12
The user name is specified like this: [Admin]. User names are not case-sensitive. The password may be any text. The password may be one of these special values:
The access rights are any combination of:
The 'root' option defines where the user can work. If this is not specified, the user can work anywhere below the FTP root directory. You can also specify a full path, for instance:
The 'aliases' option defines whether or not a user has access to the FTP aliases. By default this is true for all 'root' users, i.e. those with an empty root value. You can override this default by specifying an explicit value for the aliases option.
Note that put-only directories should be treated as special cases, and used only as a user's root directory. You cannot 'chdir' to a put-only directory.
You can enable/disable quotas per user. We defined a 'soft quota' and a 'hard quota'. Above the soft quota, the user gets warning messages. Above the hard limit, uploads are refused, and warnings are sent to the web server console. The quota is calculated quite simply: it is the limit for all files in the user's login directory and subdirectories. You can therefore share a quota between users, or allocate a quota to individual users. The site administrator can decide whether log files are part of the quota or not, by putting them into the user's space, or into separate (non-quota) directories. For quotas to work, keep a user limited to the login subtree. I.e. do not allow writeable aliases. Quotas are managed by the three configuration keys: use-quota, soft-quota, and hard-quota.
The FTP directory file defines access rights per user for specific directories. Each section is a directory name; either an absolute directory (e.g. [/pub]) or a child of the ftproot directory (specified without a leading slash: [pub]). To define rights for an alias directory, you must use the child's root directory plus the alias directory. For instance if you define an aliase like 'info' which maps to a CD-ROM drive, protection for a user 'guest' who's initial root directory is 'guest' looks like this:
For instance, if the guest user has access to aliases, but you want to disable access to the 'info' alias, you could use an entry like this:
A directory entry covers all child directories, unless a more specific directory is defined for that user. Directory names are not case significant.
Each entry specifies access rights for a user; the user must have been defined in the FTP users file. The same access right codes are used.
This material for this section was provided by Paul C. Fretz, <firstname.lastname@example.org>.
Install Xitami in its own directory. Have your web pages in a separate directory such as c:\webpages
Setup 'defaults.cfg' to include:
[Server] Webpages=c:\webpages [Ftp] Root=c:\webpages welcome="Welcome" # text or @filename login-text="Login" # text or @filename user-file=ftpulist.aut # Users authorization file [Security] password-case=1 # Case-sensitive passwords filename=password.aut # Authorization file
Setup 'ftpulist.aut' to include:[Anonymous] Access=G Password=* Root=AnonFTP [WEBRoot] Access=G Password=123456 Root="" [U101] Access=GPDMR Password=123101 Root=User/U101 [U102] Access=GPDMR Password=123102 Root=User/U102
There are several things to keep in mind:
- The directory structure for the above is as follows:c:\webpages |-AnonFTP |-User |-U101 |-U102 |-...
- For FTP access to c:\webpages\User\U101 the userid is U101 and the password is 123101.
- The WEBRoot entry gives FTP 'get' access to your whole website.
Setup 'password.aut' as follows if you want to password protect the same subdirectories for browsing:[/admin] Admin=- # By default, admin access is disabled Webmask=local # <== when 'local', remote access is not allowed [User/U101] U101=123101 [User/U102] U102=123102
- 'Admin=-' disables web-based administration. Change this if you wish.
- When you try to access with your browser anything located in c:\webpages\User\U101 (by using http://yourdomain/User/U101/) the browser will ask for user name and password. The username is U101 and the password is 123101. The first line [User/U101] refers to the subdirectory. The second line U101=123101 is the user name and password and does not have to be anything like the first line.
- A scheme like this allows users to have their own private subdirectory on the web server. They can access just theirs by FTP using Netscape or a program like WS-FTP. These pages are then available for anyone to browse or if you protect them as shown above in 'password.aut', they are private.
- Note that the default Xitami configuration requires that CGIs start with the string '/cgi-bin'. The above configuration does not allow users to upload and run arbitrary CGIs, something that usually presents a security risk.
| << | <
| > | >>
| Welcome To Xitami | Table Of Contents | Installing Xitami | Administration | Configuration | Using The Common Gateway Interface (CGI) | Using SSI and Filters | Image Maps | Virtual Hosts | The FTP Service | A Beginner's Guide | Writing Web Server Extension (WSX) Agents | Extending Xitami with External Peer Processes | FAQ | Technical Implementation | Getting Support | Release History | License Agreement
Copyright © 1996-99 iMatix Corporation