allow_fxp_pasv <*|flag|-user|=group>
Specifies who is allowed to use FXP for passive transfers (PASV).
Users that are allowed to use FXP can make data connections on
a different IP address than their control connection. Use
"allow_fxp_pasv 0" to completely disable FXP for passive transfers.
| NOTE: | Passive FXP must be enabled on servers that allow remote |
| | connections. |
| EXAMPLE: | allow_fxp_pasv 1 2 =SiteOps =STAFF -admin |
| | This will allow passive mode FXP to be used by users with |
| | the flags 1 or 2, in the SiteOps or STAFF group, or the |
| | user named admin. |
| | allow_fxp_pasv !8 * |
| | This will allow passive mode FXP to be used by all users |
| | except users with the 8 flag. |
back
|
allow_fxp_port <*|flag|-user|=group>
Same as allow_fxp_pasv except applies to active transfers (PORT).
back
|
allow_service_ports <0|1>
Sets if the PORT command (active mode transfers) can specify a data
port below 1024 (standard service ports range).
If allow_service_ports is set to 0, the PORT command will only allow
ports greater than 1024 to be used.
back
|
auth_mode <0|1>
Authentication mode.
0 = allow clear and SSL connections
1 = allow SSL connections only
back
|
bind_ip <xxx.xxx.xxx.xxx>
The IP address the server should listen on (bind to). By default the
server will listen on all IPs (bind to all IPs).
| NOTE: | The IP must be in dotted notation (Ex. 127.0.0.1). |
| | The server must be restarted to change this. |
back
|
cscript <cmd name> <when to run> <path/filename>
Custom scripts (or binaries) to be executed before/after any command.
The first parameter is the name of the command before/after which to
execute the script. The second parameter can be either "pre" or "post",
to run before or after, respectively. The third parameter is the full
path to the script to be executed, relative to the rootpath of the site.
If using a command with a space in it, like a SITE command, you need
to use "[:space:]" between the words (Ex: SITE[:space:]WHO).
Both "pre" and "post" scripts will be passed 4 parameters:
$1 = full command string the user used
$2 = user's login name
$3 = user's group
$4 = user's absolute CWD path
"Post" scripts cannot echo anything to the client --they are executed
after the response is sent to the client. If the last line echoed by
a "pre" script starts with "4xx" or "5xx", or if the script can't be
executed, the FTP command that should run after the script will not be
executed. Any lines that are echoed by a "pre" script should contain
the proper FTP prefix code. In general successful results should start
with "2xx" and failure should start with "5xx" (Ex. "200- Success").
Also, when multiple lines are sent back to the client, the intermediate
lines should start with "xxx-" (Ex. 200- success) and the final line
should start with "xxx " (Ex. 500 Error). Only error responses should
contain a final line since successful responses will be followed by the
response to the FTP command that was specified.
| NOTE: | EXEC commands that specify a file ending in .sh will be passed |
| | to the "bash" program. Files with any other extension will be |
| | run as a binary. |
back
|
custom <cmd name> <*|flag|-user|=group>
Sets the permissions for a custom SITE command. After a command is
specified with site_cmd the permissions for the custom command should
be set with "custom".
| NOTE: | When using the IS mode, only the specified permissions are used. |
| | The permissions for the internal command will not be applied. |
| Example1: | site_cmd L MYUSERS IS USERS |
| | custom MYUSERS * |
(In this example all users will be allowed to use the "SITE MYUSERS"
command. However, the permissions for "SITE USERS" will remain
unchanged.)
| Example2: | site_cmd L TEST EXEC /bin/test.sh arg1[:space:]arg2 |
| | custom test =SiteOps 1 2 -admin |
back
|
datapath <data directory path>
Path to the server data --always relative to the "rootpath".
back
|
default_homedir <home directory path>
default_homedir is used to set the homedir for newly created users.
If the path starts with "./", the path will be taken relative to the
rootpath. Otherwise the path will be treated as absolute.
back
|
dupe_check <ndays>
Sets the number of days back to check for dupes. Setting dupe_check
to 0 will disable dupe-checking. Dupe checking is always case insensitive.
back
|
fs_sync_freq <minutes>
Filesystem synchronization cycle time (minutes). This is the
frequency at which the filesystem in memory will be synchronized with
the *.fs files (located in ROOTPATH/fs). This operation can also be
performed manually using the "SITE FSSYNC" command (must be siteop).
If fs_sync_freq is set to 0, synchronization will only be done when
the server is stopped.
back
|
ignore_type <filemask> [<filemask> ...]
Specifies filemasks for files that should not be added to the dupe log.
Dupe checking will not apply to these files. Use [:space:] to enter
filemasks with spaces. The mask are always treated as case insensitive.
Multiple ignore_type commands can be used.
back
|
log_access_format <format string>
Formatting string for the access log file
%d -> date (format is specified using log_date_format)
%s -> server IP
%l -> server listening port
%c -> client IP
%p -> client port
%u -> user name
%m -> FTP command (method)
%a -> argument to the command
%r -> 3-digit response code from the server
%t -> response text from the server
back
|
log_access_name <access log name>
Access log file name.
Uses the same format options as log_date_format.
Example: log_access_name %d%m%Y_access.log
back
|
log_date_format <format string>
Formatting string for the log date field
%a = abbreviated weekday name according to the current locale
%A = full weekday name according to the current locale
%b = abbreviated month name according to the current locale
%B = full month name according to the current locale
%d = day of the month as a decimal number (range 01 to 31)
%H = hour as a decimal number using a 24-hour clock (range 00 to 23)
%I = hour as a decimal number using a 12-hour clock (range 01 to 12)
%j = day of the year as a decimal number (range 001 to 366)
%m = month as a decimal number (range 01 to 12)
%p = current locale's AM/PM. indicator for 12-hour clock
%S = second as a decimal number (range 00 to 61)
%w = day of the week as a decimal, range 0 to 6, Sunday being 0
%y = year as a decimal number without a century (range 00 to 99)
%Y = year as a decimal number including the century
%z = time-zone as hour offset from GMT
%Z = time zone or name or abbreviation
%O = display the 5-digit (w/ + or -) UTC offset in minutes (Ex. EST -> -0300)
%% = A literal `%' character
back
|
log_prog_format <format string>
Formatting string for the program log file
%D -> date (format is specified using log_date_format)
%S -> sub-system (where in the prog the log is coming from)
%M -> message (message that is passed in)
back
|
log_prog_name <program log name>
Program log file name.
Uses the same format options as log_date_format.
back
|
login_prompt <login string>
Login prompt to display to the user.
back
|
max_users <max users> <max when full>
Max number of users allowed on the site, max allowed when full
(must have flag 1 or 4).
back
|
nuke_empty <kbytes>
The amount of kbytes that will be removed from the user if
the nuked directory is empty.
back
|
nuke_mult_max <multiplier>
The highest multiplier a nuker can use. If nuke_mult_max is set
to 0, there is no limit.
back
|
nukedir_style <prefix> <0|1|2> <kbytes>
Settings for site NUKE command. The first parameter is a prefix string
to use for nuked directories (Ex. NUKED-). The prefix string is added
to the directory name when it is nuked. The second parameter specifies
how the nuke command should behave. 0 -> delete all nuked directories
(permanently removes all files and dirs). 1 -> delete all files, but
keep directories. 2 -> keep files and directories. Using 2 enables
unnuke to restore the nuked directory. The third parameter is used to
determine if a directory should be treated as empty. If the total size
of the files in the directory are less than or equal to this value, the
directory will be treated as empty.
back
|
pasv_port_range <low> <high>
Range of ports to use for PASV mode data connections (default = any port).
If <high> is 0 any port will be used (OS will assign ports).
| NOTE: | When a range of ports is specified with the "pasv_port_range" option, |
| | only <high>-<low>+1 data connections will be able to be made at one |
| | time. Also, <low> should be at least greater than 1024 to avoid |
| | conflicts with standard services (in general make <low> > 5000). |
back
|
resolve_dns <0|1>
Will resolve an IP. If set to 0 will not bother resolving the IPs to names.
back
|
rootpath <full path to Dftpd root>
The root path of the server.
This must come before all other relative paths.
back
|
server_ip <xxx.xxx.xxx.xxx>
IP address the server should use when making data connections
(this will be the address returned in the PASV command).
This is useful when the server is behind a firewall and is assigned an
internal IP address.
By default the IP address of the network interface the client is
connected to is used.
Example: server_ip 66.149.100.243
back
|
server_port <port>
Port the server will listen on (default 21).
NOTE: The server must be restarted to change this.
back
|
server_sslport <port>
Port the implicit SSL server will listen on.
By default the server will not listen for implicit SSL connections.
The standard implicit SSL listening port is 990.
NOTE: The server must be restarted to change this.
back
|
shutdown <0|1|2>
Server shutdown: 1=deny all but siteops, 2=deny all, 0=sever open
back
|
site_cmd <remote mode> <cmd name> <exec/text/is> <filename> [optional arg]
Used to define a custom SITE command. There is no limit to how many
site_cmd can be specified. The first argument can be D, G, or L:
D -> the command should be forwarded to aliased (remote) DFTPD sites.
G -> the command should be forwarded to any aliased site.
L -> the command should not be forwarded (local only).
The second argument for "site_cmd" is the name of the custom command.
The name of the custom command can only be 1 word --with no spaces.
The command name is not case sensitive. The third parameter can be one
of three posibilities:
EXEC will execute a script/binary.
TEXT will display a text file.
IS will execute the internal SITE command specified afterwards.
The fourth parameter is the name of the script/binary, text file, or
internal command depending on the type of custom command. The path for
the fourth parameter is relative to the root directory (rootpath). A
fifth argument is only used with the EXEC and IS options to specify
arguments to pass to the script/binary or internal command. If multiple
arguments need to be passed, use [:space:] between the arguments.
| NOTE: | EXEC commands that specify a file ending in .sh will be passed |
| | to the "bash" program. Files with any other extension will be |
| | run as a binary. |
Example: site_cmd L TEST EXEC /bin/test.sh arg1[:space:]arg2
back
|
site_flags <SITE command> <flags>
The first argument specifies the SITE command to set flags for. The
remaining arguments specify the flags required to access the command.
The flags arguments can also specify specific users and groups to
allow/disallow. To specify a user use -<username> to specify a group
use =<groupname>. '*' is used to specify all users. To disallow
flags, users, or groups add a '!' before the flag, username, or
groupname. The flags are processed in order (from left to right) until
a match is found (either allow or disallow). For example, specifying
"!8 *" will first reject any user with the '8' flag and then allow
anybody else. The flags specified with site_flags will replace the
default flags for the command.
back
|
site_ip <xxx.xxx.xxx.xxx>
IP address used to identify the server when making remote connections
to other DFTPD servers.
By default the IP address of the first network interface is used
(not 127.0.0.1).
Example: server_ip 66.149.100.243
back
|
sitename_long <long site name>
Long name for the site.
back
|
sitename_short <short site name>
Short name for the site.
back
|
speed_limit <DL_LIMIT> <UP_LIMIT>
Max transfer speed, in Kb/sec, for the site (0 = unlimited).
back
|
