The FTP protocol is fairly old (more than 20 years) and many features were added. The wuftpd server supports quite a few of those. Today, there are many other file sharing protocol out there (HTTP + dynamic content) often offering more control and ease of use for clients.
In general, ftp is used for basic file sharing. We will describe here the basic settings supported by this module. You may want to consult the man page ftpaccess to learn more.
You enter the email address of the administrator responsible for this
server. This information is printed as part of the banner file. You must
write one and include the magic sequence %E. The sequence will
be replaced by the value entered in this field.
You enter a list of user groups considered guest. wuftpd has three independant settings for normal, guest and anonymous users. You may enter zero of more groups here separated by spaces.
This is the path of a text file (ASCII) presented everytime a user log in. You can edit the file using the edit banner button.
This specifies the path of a control file. If the file exists, the server will check the file regularly to see if the server is going to be shut down. If a shutdown is planned, the user is notified, new connections are denied after a specified time before shutdown and current connec tions are dropped at a specified time before shut down.
The file is structured as follows:
<year> <month> <day> <hour> <minute> <deny_offset> <disc_offset> <text>
where
The external program ftpshut(8) can be used to auto mate the process of generating this file.
You can enable or disabled anonymous access using this check-box. If you enable anonymous access, make sure the anonftp package is installed.
For the various access mode (user,guest,anonymous), you can limit the features available. Note that the ftp server generally execute with the same privilege as the user connected, so even if this user has a given privilege, the operating system may still limit his ability to perform the operation. Said differently, the FTP server may allow the user to try or not an operation, but the operating system as the final say about the result.
A user may request a file with the extension .Z or .gz. If this file does not exist, but the corresponding file without the extension do exist, the server will compress it on the fly.
If a tar file (with extension .tar) is request, but only a corresponding directory exist, a TAR is produced on the fly. This allows the users to grab complete directories in a single command.
The user is allowed to change the permissions of a file.
The user is allowed to delete files.
The user is allowed to overwrite existing files.
The user is allowed to rename existing files.
For every file received, an entry is written in the transfer log. You can disable this behavior.
For every file transmitted, an entry is written in the transfer log. You can disable this behavior.
You control various timeout for the various operations done during a session.
How long the daemon will wait for an incoming (PASV) data connection.
How long the daemon will wait attempting to establish an outgoing (PORT) data connection. This effects the actual connetion attempt. The daemon makes several attempts, sleeping a while between each, before completely giving up.
How long the daemon will wait for some activity on the data connection. You should keep this long because the remote client may have a slow link and there can be quite a bit of data queued for the client.
How long the daemon will wait for the next command. The default can also be overridden by the command line -a option. This access clause overrides both.
The SITE IDLE command allows the remote client to establish a higher value for the idle timeout. This sets the upper limit the client may request. The default can also be overrid den by the command line -A option. This access clause overrides both.
The maximum time the daemon allows for the entire RFC931 (AUTH/ident) con versation. Setting this to zero (0) completely dis ables the daemon's use of this protocol. The infor mation obtained via RFC931 is recorded in the system logs and not actually used in any authentication.