功能强大的一塌糊涂呀...
比pure,pro等...(用户可设置功能)...
偶英文菜,付上安装文档,哪位大大看懂了,在这里讲一下(分享一下)好嘛??
.------------------------.
| 1. Installation |
`------------------------'
*** NOTE: installgl.sh is an install script that eliminates the following
tasks. Try using that before attempting to do this by hand.
*** NOTE: If running this script more then once you will get an error, please
do the following to remove it and start over again:
edit /etc/inetd.conf, /etc/services and remove all glftpd instances.
rm -rf /glftpd /etc/glftpd.conf
1. Extract the archive to your root directory.
(tar zxvf glftp-XXX.x.xx.tgz -C /)
*** NOTE: Steps 2-5 are only needed for scripts, like zipscript, to work. They are not necessary for glftpd itself. Also, if your rootpath is /, you can skip these steps.
2. Copy the required library files and the 'ldconfig' utility to your ftp-structure.
(cp /lib/* /glftpd/lib; cp /sbin/ldconfig /glftpd/bin)
* NOTE: Depending on your OS, your libs maybe be in /usr/lib or other directories
3. Now do this:
(cd /glftpd/dev; mknod null c 1 3; chmod 666 null)
(cd /glftpd/dev; mknod zero c 1 5; chmod 666 zero)
* NOTE: This is the syntax for linux; other OSes may have different syntax. Do ls -l /dev/null on your box to see which numbers you need (exmp: fbsd uses "2 2" for null and "2 12" for zero, instead of "1 3" and "1 5")
4. Create 'ld.so.cache' in your ftp-structure.
(chroot /glftpd /bin/ldconfig)
If this doesn't work, try: chroot /glftpd /bin/ldconfig /lib
(some systems, like OpenBSD, use /usr/lib as default path). You may also
need to copy ld.so to /glftpd/usr/libexec on OpenBSD and similar - see where
that file is on your system and replicate this path under /glftpd.
NOTE: /glftpd/etc/ld.so.cache is what this is under LINUX. Other OSes use other files, for example
OBSD uses /glftpd/var/run/ld.so.hints, so you need to create /glftpd/var/run. Do a
"man ldconfig" and check what it creates, then create that directory under /glftpd
before performing step #4.
* NOTE: This will only work right if the libs are copied right. You can be anywhere when performing
* this task, a good idea would be to cd /glftpd/etc and ls after you have typed this command to make
* sure that ld.so.cache is there.
You might need to create ld.so.conf in /glftpd/etc and put "/lib" inside.
You will probably get an error-message like this, just ignore it:
bin/ldconfig: warning: can't open /usr/lib (No such file or directory), skipping
Ignore other errors that mention missing files or symlinks
Check that '/glftpd/etc/ld.so.cache' (or whatever it is on your OS) exists,
if not go back to step 2 and try again.
5. cp /bin/sh /glftpd/bin; cp /bin/kill /glftpd/bin;
cp /bin/cat /glftpd/bin; cp /bin/echo /glftpd/bin;
cp /bin/grep /glftpd/bin; cp /bin/unzip /glftpd/bin
cp /usr/bin/gunzip /glftpd/bin; cp /bin/bash /glftpd/bin
Make sure all permissions are set correctly in '/glftpd/bin' and
that your incoming directory is world-wide-read/writeable.
(chmod -R 755 /glftpd/bin)
(chmod -R 755 /glftpd/lib)
(chmod 777 /glftpd/site/incoming)
* NOTE: If using bkpack you will need to follow what he has written in the faq.
6. Copy the config file to '/etc' and edit it to your likes.
More about this below.
*** NOTE: DO NOT USE NOTEPAD OR MS-WORD TO EDIT THIS FILE ***
*** NOTE: Also get into the habit of using tabs for spaces ***
(cp /glftpd/glftpd.conf /etc/glftpd.conf)
*VERY IMPORTANT* glftpd.conf is your server configuration file. you MUST edit this!!!!
* NOTE: READ all of this file..it has many variables that are easy to follow.
7. Add the following line to '/etc/inetd.conf':
glftpd stream tcp nowait root /usr/sbin/tcpd /glftpd/bin/glftpd -l -o -i
(If your system uses xinetd instead of inetd, like Readhat7, you need to add an entry
for xinetd instead. There is an example entry in README.xinetd)
*NOTE* If you do not use tcpd then you need to use a bogus flag ('-' isn't
needed in front) to make the first real option work (this is usually -l, so
without the bogus flag logging to glftpd.log will not work).
A good idea is to use the word 'glftpd':
glftpd stream tcp nowait root /glftpd/bin/glftpd glftpd -l -o -i
If you ARE using tcpd, make sure you modify hosts.allow to allow connections
to glftpd (something like GLFTPD: ALL)
The following switches can be used in inetd.conf:
-B This will only allow connections from the port bouncer
(connecting from localhost [127.0.0.1] will still work)
-b This allows connections from a port bouncer or direct connections.
-e This will use european week (Mon-Sun) when modifying stats
-l Logs new dirs,deleted dirs,nukes,unnukes,logins,logouts to
/glftpd/ftp-data/logs/glftpd.log and login.log in ascii.
-L Works just like -l, but it will always log creation and
deletion of directories to glftpd.log. The -l option only logs
those if they are in dirlog path (specified in glftpd.conf).
Most likely, you want to use -l, this is for special cases.
-i Logs uploads to /glftpd/ftp-data/logs/xferlog.
-I Disables ident lookups. Note that if you use tcpd, it will do
an ident lookup independently from glftpd.
-o Logs downloads /glftpd/ftp-data/logs/xferlog.
-d Logs connections and all user commands to system logs as debug
(usually /var/log/debug, but refer to your /etc/syslog.conf).
-r <file>; Use alternate glftpd.conf file.
-t <seconds>; Sets the default idle timeout period.
-T <seconds>; Sets the maximum idle timeout period a user may select using
the 'site idle' command if he/she doesn't have a personal
idle time set (site change user idle_time xx).
-n <#>; Number of DNS retries, 0 disables DNS resolving.
-s <path>; The full path to the glstrings binary (default is /glftpd/bin/glstrings.bin)
Example: -s/home/glftpd/bin/myownglstrings.bin
-x makes glftpd only log ips on errors. (by default everything will be logged)
-X forces glftpd not to log ips (not even for error messages in login.log)
Add the following line to '/etc/services'
glftpd <Port you want glftpd on>;/tcp
* NOTE: e.g.: glftpd 8000/tcp # Glftpd
* NOTE: Do not initially put your ftpd on port 21...stick it on a really high port so you know it works *
* NOTE: DO NOT PUT THE PORT RIGHT NEXT TO ANOTHER PORT, SPACE THEM OUT BY AT LEAST 5-10 PORTS *
7.1 Read README.TLS, and set your certificate
8. Restart INETD.
(killall -HUP inetd) or (kill -HUP <PID of inetd>;
*** NOTE: This is only needed when modifying inetd.conf, glftpd.conf has nothing to do with inetd. For changes in glftpd.conf to take effect, you need to relogin.
9. Login to your newly created site.
Login/Pass = glftpd/glftpd
Please note that you must use ftp to localhost since the ipmask
on the predefined account 'glftpd' is *@127.0.0.1.
(ftp localhost <Port you have chosen>;)
### NOTE: For SECURITY reasons you will either need to delete this account or change the ip and password.
*** If you are getting a "421 Service not available" message or something similar, you didn't install glftpd correctly. Check your system logs (you might need to configure your syslog to start logging errors and warnings - i believe redhat doesn't do that by default!, try man syslog.conf), glftpd logs, permissions, config file settings, and try installing again.
10. Now add your own account and enable the siteop flag.
(site adduser <user>; <password>; <ident@ip>;)
(site change <user>; flags +1)
*** NOTE: The 1 flag is NOT god mode...you must add any flags you wish to perform, those flags are listed later in this doc.
11. Set up a crontab entry for root to run the included 'reset' bin
every night at midnight.
Sample Entry.
0 0 * * * /glftpd/bin/reset
(Reset is a binary that resets users' daily/weekly/monthly
upload/download/nuke statistics. Try reset -? for help. You do not
normally need any arguments, reset will make it's own decision on
what to reset based on the system date. If you use switches to reset
specific stats, this automated resetting will not kick in.)
12. Logs
Log rotation won't be covered here - you should know how to do that.
However, there are 2 utils that you should regularly use to keep
your dirlog in shape (list of directories on site).
- glupdate, to re-add moved directories to dirlog, or to add new
directories that were not created through glftpd.
- olddirclean (olddirclean2 as of Nov 2000), to remove old entries from
your dirlog (when you move/delete directories) and to sort your
dirlog after glupdate runs.
For more info, look in /glftpd/bin/sources.
hgkrt 回复于:2005-02-09 13:01:52
同时付上Glftpd.conf说明文档...大大比较一下,看看功能...
.------------------------------------.
| II. Glftpd.conf |
`------------------------------------'
NOTE: All these variables should be in lower case in the config file -
if you make them upper case glftpd won't see them. Order doesn't matter,
you can add these anywhere in the file.
SPECIAL CHARACTERS:
* If you want to use a space in an argument, you need to use
[:space:] instead. Glftpd will convert it to ' '.
* When glftpd sees the character #, it will replace it with null
(meaning everything that follows it will be disregarded). All
comments should be done this way.
* To represent the # character, use [:hash:].
* You can use "include" to split the main config file into several
pieces, kind of like it's done in C (but without the # in front). Just
add a line "include /path/to/config.file" to glftpd.conf.
RECOGNIZED SETTINGS:
ifip IP [IP2 IP3 ...]
elseip
endifip
Settings in glftpd.conf can be conditional - depending on the IP mask
of the person connecting. The "ifip" setting takes one or more IP
masks. If the connecting IP matches one of those masks, settings that
follow (on lines below) will be used, until "elseip" or "endifip" is
encountered. If the IP does not match any of the masks, settings that
follow it will be ignored. If "elseip" is encountered, settings that
follow it will be used instead.
Nesting in the elseip part is ok, but I wouldn't recommend nesting in
the if part, it might screw up.
Examples: this was mainly created for the pasv_addr setting, so that
people connecting locally could have a different pasv_addr than people
connecting from the Internet, but it can be used with any settings:
ifip 192.168.* 10.*
pasv_addr 10.10.10.1
sitename_long MyLanSite
elseip
ifip 127.0.0.1
include /glftpd/etc/myspeciallocalsettings.conf
elseip
pasv_addr 128.1.2.3 1
sitename_long MyInternetSite
endifip
endifip
ascii_downloads <size>; [<mask1>; <mask2>; ...]
<size>; is the maximum byte size that can be downloaded in ASCII mode.
Set it to 0 or any string (like 'disabled') to disable size check.
<mask>; is file masks which are allowed for ASCII mode. Files that
don't match them have to be downloaded in BINARY mode. Omitting this
setting is the same as using *, meaning all files will be downloadable.
Exmp: ascii_downloads 20000 *.[Tt][Xx][Tt] *.[Dd][Ii][Zz]
This will only allow downloading of .txt and .diz files that are 20
thousand bytes or smaller in ASCII mode.
Note: directory listings are not affected by this.
shutdown flag|-user|=group [flag|-user|=group ...]
Shuts glftpd down for everyone EXCEPT the people specified on the right
'shutdown 0' is the same as 'shutdown *'
glftpd will display the /ftp-data/text/shutdown file to users that
are denied login because of this setting.
exmp: shutdown 1 =STAFF
this will only allow users with flag 1 and members of group STAFF to
log in
exmp: shutdown !*
this will not allow anyone to log in
free_space xxx
This will prevent people from uploading if your free space on current drive is
equal to or smaller than xxx megs.
ex. Without this, if there is only 1 meg of free space and someone is uploading
files 3 megs in size, all of them would fail the test and be deleted, resulting
in a big waste of bandwidth.
use_dir_size k|b|m path1 [ path2 path3 ... ]
This will make glftpd show directories' size (the total size of all
files in that directory), instead of the number of bytes the directory
itself takes up, when a user does a "LIST".
k = kilobytes, b = bytes, m = megs
*NOTE* For slow processors/hard drives, this might cause slow dir listing.
path1 is mandatory - it should be the path for which this option will
work. You may specify several paths. No wildcards. You don't even need
full paths, instead of /site you can use /si and it will work for /site
as well as every other directory starting with /si, and every
subdirectory of that directory.
exmp: use_dir_size k /
This will show directory size, in kilobytes, for every directory on
your site.
exmp: use_dir_size m /site/incom /site/priva
This will show directory size, in megabytes, for every directory that
begins with "/site/incom" and "/site/priv", like /site/incoming,
/site/incoming/whatever, /site/private, /site/privateer, etc.
timezone +-#
This modifies the timezone + or - for different regions.
eg: timezone -4 will show the time 4hours behind what it was showing originally
NOTE: this command has been reported to slow down glftpd for some people - I have no
idea why, it works fine for most. Because of this, I decided not to bother fixing
a bug that it has - new files/directories will have the system time, not the
timezone-corrected time.
It's best to use the 'localtime fix' instead of this setting - search the FAQ
for how to do that.
color_mode 0|1
This option determines whether colors are present in directory listing
when a user has the color flag.
Use "color_mode 0" to prevent glftpd from using color codes in directory
listing. The control connection (the dialog between client and server)
will show colors when the user has the color flag turned on.
Use "color_mode 1" to make glftpd act like before, using colors both in
the control connection and directory listing. This is the default
action.
sitename_long <name>;[:space:]<name>;
Your site's name.
sitename_short <abb>;
The abbreviation for your site.
login_prompt <string>;
String to replace the standard login prompt.
rootpath <path>;
The path where all your system directories reside. (bin, etc, lib...)
Glftpd will chroot itself to this directory when a user connects, meaning
nothing above this directory can be accessed through ftp. If no path is specified
glftpd will assume /glftpd as its rootpath.
reload_config <path>;
The config file used when we recieve a SIGHUP signal.
Glftpd will reload the config file when it recieves the SIGHUP signal. This
will only happen if there is a reload_config line in the config file. The
path specified is relative to the rootpath and to make this work the
file must be within the rootpath.
NOTE: When a bad config path is specified and glftpd gets a SIGHUP signal
the user will be logged out with an error telling its impossible to
read the config file.
master <user>; [<user>; ...]
Here you can specify the master(s) of the site. The master(s) can change
anyone's flags, including all siteops.
ipc_key #
Glftpd uses shared memory, so it needs to use an ipc_key. The default
key that glftpd uses is "0x0000DEAD". If you want to run another
glftpd server, you need to define a different key for it in its own
config file. The key can be any 8-digit hexadecimal string, like:
0x01234567, 0xDEADBABE, 0xBEEFBABE, 0xBADC0FEE, etc.
If you're using ftpwho.c, it's ipc key will also need to be modified.
secure_ip <min num of fields>; <nnhostname>; <need ident?>; <flags/=groups/-usernames>;
Glftpd will not allow users to add an IP address that doesn't pass these rules.
<min num of fields>; specifies the minimum number of fully numeric fields
that need to be in the IP address.
<nnhostname>; can be 1 to allow hostnames (non-numeric IP addresses), or 0 to disallow them.
<need ident?>;, if set to 1, will require a valid ident for this IP.
ex. secure_ip 2 1 0 =STAFF 1
this will allow STAFF and siteops to add numeric IPs with 2 or more fully
numeric fields, and it will let them add hostnames, as in a@b.com. A
valid ident will not be required.
ex. secure_ip 3 0 1 *
this will allow everyone else to add IPs with 3 or more fully-numeric
fields and it will not allow anyone to add hostnames. A valid ident
will be required.
You can have several secure_ip entries; glftpd will go through all of
them. If a match for the user adding the IP is found in the flags,
users and groups on the right, and the security settings allow the IP,
the search will stop. Otherwise, glftpd will continue until either
another rule allows the IP or there are no more rules. In the second
case, if there were any rules that matched the user but denied the IP,
the IP will be denied, otherwise it will be allowed.
secure_pass <mask>; <flags/=groups/-usernames>;
Glftpd will not allow passwords that do not match <mask>;.
The mask's length sets the minimum password length. You can also specify the
minimum number of capital and lowercase letters, numbers, or "other symbols".
The '.' is a placeholder to "fill in" to the minimum length you want.
You can use any letter, number, or "other character" (remember, '.' has a
special meaning) in this string.
ex. "secure_pass Ab1... *" will only allow passwords 6 characters or longer
that contain at least one capital letter, one lowercase letter, and one number.
In this example, everyone who changes a password (through either "site passwd" or
"site chpass" will have to stick to this mask. If you replace '*' with flags,
groups, etc, only users that match them will be forced to stick to this rule.
You can have multiple secure_pass rules; if the first rule's
permissions don't match the user, glftpd will go on to the next rule.
If they do match, but the password does not meet the security
requirement for that rule, glftpd will try other rules, until either a
rule is found that matches the user and allows the password, or there
are no more rules. In the second case, if there were any rules that
matched the user but denied the password, the password will be denied,
otherwise it will be allowed.
ex. secure_pass ZZf3$. !1 !=STAFF *
This will force everyone but siteops and members of STAFF to have passwords at
least 6 characters long, with at least 2 upper case letters, one lower case letter,
one digit, and one "other character".
datapath <path>;
The path where you keep all data-files (default ftp-data).
This is relative to your rootpath.
If your rootpath is /glftpd, this should be /ftp-data.
If your rootpath is /, this should be /glftpd/ftp-data.
pwd_path <path/file>;
The path of where you want glftpd passwd file stored.
(default is /etc/passwd, but for rootpath / set this to /glftpd/etc/passwd).
grp_path <path/file>;
The path of where you want your glftpd group file stored.
(default is /etc/group)
botscript_path <path>;
The path to your bot script.
The botscript will be executed after a directory is created, deleted,
nuked or unnuked.
You can use it to signal your bot to 'announce' the newest directory.
bouncer_ip XXXX [ XXXX ... ]
..where XXXX is either an IPv4 address or a hostname.
If you have (an) ftp bouncer(s), you have to put their IP(s) here so that glftpd
knows when the connection is from a bouncer and when it's from a regular user.
exmp:
bouncer_ip 1.2.3.4 another.bouncer.dynamicip.net static.bouncer.com
speed_limit <path>; <dl_limit>; <up_limit>; [flags/=groups/-usernames]
Global bandwidth limit based on directory (first match is the one being used)
The number is in bytes, so 50000 is 50 thousand bytes per second (almost 50K/s)
The third argument is the familiar X (flag), -user or =group.
If you have multiple speed_limit rules, first path/permission match decides
which rule is active.
exmp: speed_limit /site/Incoming* 150000 0
speed_limit /site/Archives* 50000 0 1
speed_limit /* 200000 0 =group -user
(0 = unlimited)
sim_xfers max_downloads [max_uploads]
Global setting controlling maximum simultaneous downloads and uploads
on the whole site. -1 means unlimited.
*NOTE* Users with the EXEMPT flag will not be affected, they can
download even if this limit is reached.
exmp: sim_xfers 10 -1
This will only allow 10 downloads at a time. If a user tries to
download something and there are already 10 other downloads in
progress, he/she will receive an error message.
calc_crc [<filemask>;|<path>;] ...
This is for on-the-fly CRC checking. It can take multiple arguments.
You can use filemasks or paths or you can mix them.
exmp: calc_crc *.rar /site/rars/games/* *.[Mm][Pp][3]
This will calculate CRC for all rars, all files uploaded to the
/site/rars/games directory (and its subdirectories), and all mp3s,
including different cases (like .MP3 or .Mp3). The CRC will be passed
to zipscript as the third argument. If you upload a file that does not
match any mask listed and is not in any path listed, '000000' will be
passed to zipscript.
xdupe filemask1 [filemask2 filemask3 ...]
If the user turns x-dupe on, only files which match any of the filemasks
will be reported.
ex. filemask *.zip *.r?? *.gz *.tgz
This will report zips, rars, gzips and gzipped tarballs on the x-dupe line.
mmap_amount <#>;
# can be a number from 1 to 50. It represents the size (in MB's) of files being
downloaded to keep in memory (a little faster download).
The default is 4 (files smaller than 4 megs are kept in memory during download)
If you have little memory and big files, setting this to a low number may improve speed.
dl_sendfile <#>;
This option determains if we should use the zerocopy systemcall sendfile() on systems
where this is available. This option overrules mmap_amount which is one of the 3
possible downloading methods, being: plain, mmaped and zerocopy.
If set to >;0 this option is enabled, 0 or no line is disabled.
The number specifies size ( in kbytes) of block for one sendfile() system call. During the call
sharedmem (user info) is not updated, so for slower sites use smaller number !.
If user has speed rate limit or transfer is using SSL glftpd will automatically fallback
to mmap or normal upload.
We strongly recommend you use this function unless you use a lot of speed limiting.
As of v2.0RC5 this option is enabled by default unless specified otherwise (with 512kb blocks)
NOTE: This system is not available on all operating systems, confirmed to support
this are Linux, FreeBSD, Solaris and AIX. Also, this is only available on plain
binary file transfers (no TLS/SSL).
ul_buffered <#>;
# can be a number from 0 to 50. It represents the size (in MB's) of the upload buffer
where the data read from the network is buffered to decrese disk writes. This option
should make uploads a little faster.
When set to 0 or when no line is present this option is disabled and the data will
not be buffered.
min_homedir <path>;
You need this set to allow siteops to change users' home directories with "site change".
ex. min_homedir /site will allow homedir to be inside the /site dir but not outside.
NOTE: This setting has nothing to do with the actual users' homedirs,
it is a simple security setting to stop siteops from allowing people to
start in protected directories. To change actual homedirs, either edit
/glftpd/etc/passwd for existing users, or modify the HOMEDIR line in
/glftpd/ftp-data/users/default.* for new users.
valid_ip <ip>; [<ip>; ...]
If you have multiple IP's on your system, enter the ones you want glftpd to
listen on. Only connections to the listed IP(s) will be allowed, so if you add
"valid_ip 127.0.0.1" to the config file, you will only be able to connect
by typing "ftp 127.0.0.1 port" or "ftp localhost port", but not if you try
"ftp 1.2.3.4 port".
active_addr <ip/hostname>;
Tells glftpd which interface to bind to when doing active file
transfers. Without this, glftpd uses the same interface that the user
connected to.
If you have multiple active_addr lines, glftpd will cycle through them
in a round-robin style each time the user transfers a file.
pasv_addr <ip>; [1]
Determines what IP/Host is used for passive mode.
If you want glftpd to bind to this interface (for example, if you use
more than one NIC in the same box and you want passive connections to
not use the default one), just do "pasv_addr x.x.x.x". If you want
glftpd to only report this IP to the client but to bind to the default
interface (as in when your box only has an internal IP and you're using
NAT), do "pasv_addr x.x.x.x 1".
If you have multiple pasv_addr lines, glftpd will cycle through them in
a round-robin style each time a file is transferred using passive mode.
pasv_ports <X1[-Y1]>; [<X2[-Y2]>; ...]
Causes glftpd to pick an open port between X and Y when making a
passive connection, instead of picking a random port.
If Y isn't present, glftpd will just use X. If Y is present, glftpd
will pick a random port between X and Y. If there are too many
errors trying to pick a port from the current range, glftpd will move
on to the next one.
Exmp: pasv_ports 10000-11000 20 21 22 23 80 110 1600-1610 35000-35050
Maximum is 50 arguments. It makes most sense to use the biggest range
as the first argument, since it'll be used most often.
You should have at least 10 ports per user, so if you have 30 users
online, this range should be 300, i.e. pasv_ports 2000-2300
active_ports <X1[-Y1]>; [<X2[-Y2]>; ...]
Causes glftpd to pick an open port between X and Y when making a
active connection, instead of picking a random port.
If Y isn't present, glftpd will just use X. If Y is present,
glftpd will pick a random port between X and Y. If there are too
many errors trying to pick a port from the current range, glftpd
will move on to the next one.
Maximum is 50 arguments. It makes most sense to use the biggest
range as the first argument, since it'll be used most often.
You should have at least 10 ports per user, so if you have 30
users online, this range should be 300, i.e. active_ports
13000-13300
This option together with pasv_ports will control which ports that
will be used on the server by glftpd
allow_fxp <yes/no>; <yes/no>; <yes/no>; [flag|-user|=group]
downloads uploads logging permissions
Defaults are: allow_fxp yes yes no *
Fxp is an unofficial name for site-to-site transfers, where a user
can directly upload from, or download to, another ftp server. This
is done by "cheating" the ftp server, and using another server's
IP and port in the PORT command.
This setting can check whether the IP in the PORT command is the
same as the IP the user connected from. If it isn't, that means the
user is trying to establish a connection to another ftp server, and
he will be denied if he doesn't match permissions. This will also
check whether an incoming data connection, when using the PASV command,
is from the user or not (this is another way to cheat).
The third setting, if set to yes, will log all attempted transfers
(whether successful or not) to foreign addresses to sysop.log for
users that match permissions.
Permissions are the familiar X (flag), -user or =group.
If you have multiple allow_fxp rules, first permission match decides
which rule is active.
Exmp: allow_fxp no yes no =Leech 8
This will allow people in group Leech or anonymous users to upload from
foreign addresses (like other ftp sites), but will not allow them to
download to foreign addresses. All other users are allowed both.
Exmp: allow_fxp yes yes yes *
This will allow everyone to do site-to-site transfers, but it will log
each of them to login.log
Exmp: allow_fxp yes yes no =STAFF
allow_fxp no yes no *
This will allow users in group STAFF to both download and upload using
fxp, and it will deny downloads for everyone else.
welcome_msg <path/filename>; <flags/groups/users>;
A file displayed at login, after the user has entered his password.
If you have multiple lines, glftpd will try to match the user with
flags/groups/usernames on the right.
The first match will display the file (first argument) and stop the search.
goodbye_msg <path/filename>; <flags/groups/users>;
Displayed at logoff.
Same as above.
newsfile <path/filename>; <flags/groups/users>;
Displayed after the first cd-command you issue.
Same as above, but glftpd will NOT stop on the first match - all matches will
be displayed.
banner <path/filename>;
Displayed before the prompt for username.
alias <alias>; <directory>;
Defines an alias for a directory.
ex. alias util /incoming/utils
This would allow a user to issue the command 'cd util' anywhere, and it
would take him to 'homedir/incoming/utils' where homedir is his home
directory like /site (in which case it'd be /site/incoming/utils).
cdpath <cdpath>;
Defines a search-path when changing directories.
ex. cdpath /incoming/utils
cdpath /incoming/games
If a user tries to cd to the directory 'foo' it will be searched for in the
following order:
./foo
an alias called 'foo'
homedir/incoming/utils/foo
homedir/incoming/games/foo
... where homedir is the user's home directory (/site by default)
This only works with the cd command.
ignore_type <filemask>; [<filemask>; ...]
Will ignore the assigned file types from being recognized in the directory race info,
nukes, unnukes, and dupes.
Example:
ignore_type *.[tT][xX][tT] *.[nN][fF][oO] [rR][eE][aA][dD][mM][eE] .message
ignore_type *.[sS][fF][vV] *.[cC][rR][cC] *.[dD][iI][zZ]
*RIGHTS SECTION*
Function Path Flags/Groups/Uusers
---------------------------------------------------------------
# who can delete any files where
delete /site/GRP_PRE/* =GRP
# who can delete their own files where
deleteown /site* !8 *
# who can overwrite existing files where
overwrite /site/GRP* =GRP
# who can upload resume where
resume /site* *
# who can rename any files where
rename /site/GRP_PRE/* =GRP 1 =STAFF
# who can rename their own files where
renameown /site/* =TRUSTED
# who can move files (rename to other directories) and
# from which paths can they be moved
filemove /site/incoming/* =STAFF
# who can create directories where
makedir /site* *
# who can upload files to which directories
upload /site/incoming/????/*/* *
upload /site/request/* *
# who can download files from which directories
download /site/* !-viewer *
# which paths can people with access to the nuke command nuke in
nuke /site/incoming/????/* *
# controls adding new directories to 'site search' database and to
# glftpd.log if using the -l switch in inetd.conf
dirlog /site/incoming/????/*/ *
# which users will be hidden from 'site who' while they are in which paths
hideinwho /private/pre/directory* !1 !=STAFF *
# who can download which files for free
freefile *.[Nn][Ff][Oo] *
# which users should not get files uploaded/downloaded statistics change
# when they download, and to which paths does this apply
nostats /site/requests/* *
*** NOTE: These are examples only..they do not necessarily reflect the tree you need to use.
*** NOTE: The ???? is used to match date directories, like 1214
See the file glftpd.conf-EXAMPLES for more examples
This rights section is read from top to bottom.
The first directory match will stop the search, so you should put the more
specific directories on top and the least specific ones on the bottom.
NOTE: As of glftpd 1.24, the rights section is case-sensitive.
Special variables:
If the paths in the settings above contain "[:username:]" or "[:groupname:]",
glftpd will replace them with username or primary group's name, respectively,
when it's checking those rules.
Exmp: upload /home/[:username:]/* *
This will allow only joe to upload in /home/joe.
*END RIGHTS SECTION*
stat_section <keyword>; <directory>; <separate credits>;
Here you can define up to 10 multiple statistic sections.
Keyword Directory Separate Creds
------- --------- --------------
stat_section DEFAULT * yes
THIS SECTION MUST ALWAYS BE ADDED IN THE CONFIG FILE AS THE FIRST SECTION!!
If you want to define more statistic sections simply add another
line. The directory option uses the same wildcard scheme as
delete, upload etc.
ex.
stat_section GAMES /site/incoming/games/* yes
stat_section UTILS /site/incoming/utils/* no
This would make 2 new sections, 1 Games and 1 Utils. The games
section is using a separate credit system which means that
all uploads/downloads/credits will change as soon as a user changes
to the games directory. If he goes into the utils directory
uploads/downloads will change but the credits will remain the same
as in the default section.
If you want to create one section from multiple paths, use the special
keyword [:and:] to separate the paths, like:
stat_section LINUX /slackware[:and:]/debian[:and:]/redhat yes
site USERS, site GIVE, site TAKE, site GINFO, ALL STATS, all show or
change data from current section only (based on which directory you
are in).
All stat commands that display text files with cookies in them
(wkup, gpal, etc) look for SECTIONfilename if you are invoking them
for a section other than DEFAULT.
*NOTE* The maximum number of sections specified is 10!! You can not add
more. This includes the default section.
path-filter <group>; <path/filename>; [<filter>; ...]
Sets rules for what characters a filename can have.
Group Message-file Filters
----- ------------ -------
path-filter * /ftp-data/misc/pathmsg ^[-A-Za-z0-9_.()[:space:]]*$ ^\. ^-
This line means that a filename may only be made up of the characters
A-Z, a-z,0-9, "._-()" and spaces, and that it may not start with "." or "-".
The filters are regular expressions - type `man re_exec` to learn more
about these rules. (For complete syntax, you might need to figure out
the right page, on debian it's 'man 7 regex').
If you want characters '[' and ']' in filenames, use this path-filter:
path-filter * /ftp-data/misc/pathmsg ^[][A-Za-z0-9_.'()[:space:]-]*$ ^\. ^-
If a filename is invalid the message-file will be displayed.
If you supply a group-name instead of '*' the rule will only apply to
users who belong to that group.
You can use multiple path-filter lines. The first match wins, so the
line with * in the group field should always be last.
You can disable path-filter by commenting it out, but this is a security
risk and it is not recommended. Just add the characters you need to
the list and leave it on.
max_users <#>; <#>;
The maximum amount of users allowed to login at once.
The first number specifies the maximum amount of users allowed to connect to the site.
The second number specifies how many exempt users can connect, if the site is already full.
They must have exempt flag for this to work. Exempt users take up a slot, just like everyone else,
so if you have max_users 5 5, and you have 5 exempt users logged in, non-exempt users won't be able to login.
*** NOTE: You cannot do this with people connected to the site; if you change this
you MUST have 0 users connect and no gl_spy running, otherwise you will
get a 220 Server Error: (SHMGET) Failed! error.
Look in the FAQ for a fix to this.
max_ustats <#>; [flag|-user|=group]
The maximum amount of results shown when the matching users use the user stats commands.
These commands include all, month, week and day up and download tops.
The first number specified the maximum number of results shown for the people that match
the flags/users/groups. If -1 is specified as the number the result is unlimited.
Please note that the first match always wins. Thus if you would like everyone with flag 1
to be able to see the complete top but other only the first 10 you would need:
max_ustats -1 1
max_ustats 10 *
max_gstats <#>; [flag|-user|=group]
The maximum amount of results shown when the matching users use the group stats commands.
These commands include all, month, week and day up and download tops.
The first number specified the maximum number of results shown for the people that match
the flags/users/groups. If -1 is specified as the number the result is unlimited.
Please note that the first match always wins. Thus if you would like everyone with flag 1
to be able to see the complete top but other only the first 10 you would need:
max_gstats -1 1
max_gstats 10 *
banned_users <user>; [<user>; ...]
To ban users (prevent accounts with their usernames from being created)
ex. banned_users root billgates
If present, file "/rootpath/ftp-data/help/site.adduser.banned" will be
displayed when someone attempts to add root or billgates.
show_diz <filename>; [rights]
A filename that will be shown, if it exists, when you change into a directory.
You can have multiple lines and they can be bound to rights.
ex. show_diz FILE_ID.DIZ 1
show_diz .message
This would show the print out the files FILE_ID.DIZ just for siteops
and .message for everyone when you change into any directory in which they exist.
Cookies present in this file will not be interpreted by glftpd (think
security).
show_totals <max lines>; <path>; [<path>; ...]
When a user cd's into a directory that matches <path>;, the totals for this
directory (race info) will be calculated and displayed, showing max <max lines>;
results.
You can have multiple lines with multiple arguments each.
ex. show_totals 30 /site/incoming/????/*/
This will show statistics for all directories in /incoming/0301, but
not for their subdirectories (remove the trailing / if you want that)
dl_incomplete <1/0>;
Whether or not to allow users to download a file before it is completely
uploaded.
It is best to have this set to 1; if a file is still being uploaded and
a user tries to download it, glftpd will not close the transfer until
the file is finished, so you won't download incomplete files if you
download faster than the uploader is uploading. This setting causes the
file that's being uploaded to have 755 permissions; if it is set to 0,
the file will be 600.
NOTE: this only works if the upload is steady; if there are long
periods of inactivity during upload (over 30 seconds), glftpd stops
waiting and closes the transfer. It does this by checking the file's
modification time, so older files with 755 permissions will be sent
without waiting.
file_dl_count <1/0>;
1 is the default - glftpd changes each file's GID by +1 when that file
is downloaded (up to 99 times). This number is displayed when you do
long listing (list -l) and your color is on (so it's safe to assume
you're in UNIX; Windows clients choke on listing like that).
Setting this to 0 turns it off, so GID will not be incremented, and
listing will not display the number of times each file was downloaded.
dupe_check <#>; [yes/no]
The amount of days back to check for dupes.
Set this to 0 to disable dupe-checking.
The second parameter is optional - "no" is assumed if it's missing.
It refers to ignoring file case when checking dupes. If you set it to
yes, it will act like Windows, so file.zip will be treated the same as
FILE.zip and glftpd will say it's a dupe.
logs/dupefile is automatically "compressed" and glftpd will randomly
(1/1000) decide to remove all entries older than your days limit.
3 built-in scripts:
The paths to these scripts must be full. If your rootpath is "/", these
paths have to be /glftpd/bin/scriptname (unless you move them to /bin).
For pre_check and pre_dir_check, you should only echo normal text if
the exit code that follows it will be >; 0 (meaning the file/directory
will be rejected). If you want to echo something and then exit with 0,
you have to put "#0" at the beginning of the echo string.
Exmp: echo "#0File will be accepted!"
pre_check /bin/dupescript [path mask]
pre_check runs BEFORE an upload begins
For path mask description, see post_check below.
See example dupescript in /glftpd/bin
pre_dir_check /bin/dirscript [path mask]
pre_dir_check runs BEFORE a directory is created
For path mask description, see post_check below.
See example dirscript in /glftpd/bin
post_check /bin/zipscript [path mask]
post_check runs AFTER an upload finishes
post_check can be defined multiple times. Path mask is optional; if
present, glftpd will only execute this script if the path mask matches
the full path to where the file was uploaded. If the path doesn't
match, glftpd will try to find another post_check declaration whose
path does match, or one that doesn't have a path mask.
Example:
post_check none /site/public/* # disables zipscript in /site/public
post_check /bin/special.sh /site/special/* # special zipscript
post_check /bin/zipscript * # normal zipscript for all other paths
If you want to enable upload resume in a certain path, you should
disable the zipscript for that path, so that partial files are not
deleted when the uploader loses connection.
The post_check script receives 3 parameters from glftpd:
$1 - the name of file uploaded
$2 - the directory the file was uploaded to
$3 - the CRC code of that file (if calc_crc was enabled, or 000000 otherwise)
NOTE: If the uploader times out the CRC code will also be 000000, this to
prevent that if one reconnected and started uploading the same file
again but left an stalled upload session alive a bad crc would be passed,
and the file would get deleted.
If zipscript exits with 1 or 127, glftpd assumes there was a problem executing
it. The file will not be deleted or unduped.
If zipscript exits with anything bigger than 1, glftpd will assume that the
file uploaded was bad and it will be deleted, the user's credits and stats will
not be added, and the file will be removed from the dupe database.
If zipscript exits with a number between 10 and 1010, glftpd will "sleep" for that
many seconds minus 10 before continuing. This might be helpful if you want to
prevent people from uploading a file that is being uploaded to their system over
and over until it is complete.
ex. To make a user wait 10 seconds after uploading a bad file, exit with 20.
NOTE: exit code 127 is exempted: it will NOT cause a delay, it will be
treated like exit code 1 instead.
idle_commands command1 [command2 command3 ...]
This sets what commands to ignore when resetting the idle counter.
ex. idle_commands noop pwd cwd* site[:space:]who
This will not reset the idle counter when a user issues noop, pwd, cwd
(alone or followed by other characters/arguments), or "site who", so
users who use these commands and not any others will be disconnected
after their idle timeout expires.
NOTE: The "idle time" that you see in site who, gl_spy, etc, is NOT
the same timer used to disconnect people, it is time idle since the
last command issued by the user. The "real" idle timer is internal and
cannot be seen (not that there is any reason to see it).
NOTE: The STOR, APPE and RETR commands can't be used as idle commands
because the timer *has to* be refreshed during transfer, otherwise
people would drop out downloading big files.
total_users <#>;
This sets a limit of how many users that can be added.
lslong <path/file options>; [<num of asterisks>;]
This sets the default 'ls' command parameters.
ex. lslong -a
This will make glftpd show hidden files by default
The second argument is optional; it specifies the number of asterisks
that glftpd will allow in arguments to LIST. The default is 2. If you
want unlimited, use 0. exmp: ls /*/* will work by default, but
ls /*/*/* will not - this is to prevent abuse of the globbing function
that could raise load average on the box to very high levels.
hidden_files <path>; <filemask>; [<filemask>; ...]
Specifies masks for files, directories, links, etc that will be
skipped during directory listing, even if the -a switch is used to show
standard hidden files (starting with .)
Exmp: hidden_files / .message hidden.*
noretrieve <filename>; [<filename>; ...]
Specifies files that cannot be downloaded.
Password files and other sensitive files should be listed here.
dir_names <1/0>; [<lower/upper>;] [XY] [XY] ...
Rules for new directory names.
Caps Upper or Lower Character Conversions
---- -------------- ---------------------
dir_names 1 lower [:space:]_ ,. [( ])
This will change the case of every character in new directories to lower
case, capitalize the first character, convert all spaces to underscores,
all commas to periods, and all brackets to parentheses.
If you don't want the second option active, just use any word other than
lower or upper, i.e. dir_names 1 blah [conversions...]
If the second of the character pairs in the third option is the word NULL,
the first character will simply be deleted. exmp:
dir_names 1 nothing ,NULL 'NULL [( ]) [:space:]_
this will delete commas and apostrophes
file_names <1/0>; [<lower/upper>;] [XY] [XY] ...
Rules for new file names.
See dir_names as the same rules apply.
tagline <string>;
If a user's tagline matches string, he will be forced to change it
before glftpd lets him download.
email <user@host.tld>;
Admin's e-mail (used with the e-mail cookie).
multiplier_max <#>;
The highest multiplier a nuker can use.
oneliners <#>;
This tells the number of oneliners to show on the site onel command.
If this is set to 0 or this line does not exist glftpd will consider the
oneliners to be disabled.
requests <path/filename>; <#>;
Location # of lines to store
-------- -------------------
requests /ftp-data/misc/requests 10
Tells glftpd where to look for the request display
file and how many lines to store.
lastonline <0/1/2>; [#]
This setting determains if we should log certain cases.
If it is 0, all users will be logged.
If it is 1, users who timed out and who didn't upload,
download, nuke or add users will not be logged. If it is 2,
users who quit, timed out, or lost connection (and who didn't upload,
download, nuke, or add users) will not be logged.
The second options is the default number of lines to show when
someone does site laston. If none specified the default is 10.
exmp:
lastonline 0 10
NOTE: If there is no lastonline line in the config we will nog log
the lastonline at all.
empty_nuke <#>;
The amount of kbytes that will be removed from the user if
his empty directory is nuked.
nodupecheck <path>;
This suspends both the internal dupe check (done by searching
ftp-data/logs/dupefile) and the execution of pre_check (also called
dupescript) for files uploaded under <path>;.
This uses the same default wildcard-scheme.
creditcheck <path>; <ratio>; [<-user|=group|flag>; ...]
Set other ratio than default on a directory.
If the user doesn't match the permissions on the right, glftpd will
move on to the next rule. Path is only checked if the permissions for
this rule apply. If you don't have any permissions, * is assumed, so
the rule applies to everyone.
This ratio is only used for uploading, people get file size * ratio
credits when they upload. This isn't used for downloading, so setting
this to 0 does not allow people to download for free. Use the
"creditloss" option for that.
The path uses the same default wildcard-scheme.
creditloss <multiplier>; <allow leechers yes/no>; <path>; <permissions>;
Sets the amount of credits lost in <path>;.
If multiplier is 0, users downloading files that match <path>; will not
lose any credits. If it's >;1, users that match this rule will lose that
number * filesize of credits for each file they download from <path>;.
If second argument is "no" and the user's active ratio (either main
ratio if sratio for the current section is -1, or sratio) is 0, the
user will be denied downloads that match <path>;. The error given will
be the same as if user had no 'download' right in glftpd.conf.
<path>; can be either /path/to/filename, or /path/*. The second is
recursive (obviously) and matches all files in that path.
<permissions>; are the same -user =group flag used in many other
settings.
You can have multiple creditloss statements - first path match wins.
Exmp: creditloss 0 yes /site/freestuff/* *
This will allow everyone to download for free from /site/freestuff
Exmp: creditloss 2 yes /site/heavystuff/* =somegroup
This will charge members of somegroup twice the amount of credits
they would lose for downloading files from /site/heavystuff without
this rule.
Exmp: creditloss 3 no /site/specialfile.zip *
This will cause file /site/specialfile.zip to cost 3 * filesize of
credits to people downloading it, and users with leech (ratio=0) will
not be allowed to download it at all.
nukedir_style <format>; <0/1/2>; <byte>;
Settings for site NUKE command.
2nd option: 0 = delete all nuked directories
1 = delete files, keep directories
2 = keep files and directories
nukedir_style NUKED-%N 2 50000
This would cause a nuked dir to be renamed to NUKED-Dirname.
It would also save all files inside - so if you unnuke the directory,
you get all files back.
If the size of all files in the dir is below 50000 (third option), the
dir will be treated as empty and nuked with the empty dir penalty.
hideuser <-user/=group/flag>; ...
Allows you to hide users from being displayed in site who, added to
the last-users-online file, or listed with "site users".
exmp: hideuser -Usurper =HIDDENGROUP 1 7 =LEECH
This will hide all users with siteop and useredit flags, all users
belong to groups HIDDENGROUP or LEECH, and user Usurper.
*NOTE* This setting does not affect siteops - they can see all.
If you want to hide users from stat commands, you need to chown
their userfiles to 99:99.
privgroup <group>; <description>;
Here you define your private groups.
ex. privgroup STAFF Siteops[:space:]And[:space:]Such
msgpath <path>; <filename>; <flag/=group/-user>;
Display a file when a user goes into the specified directory.
*NOTE* You NEED a trailing slash at the end of path if you don't have a wildcard there.
exmp: msgpath /site/incoming/ /ftp-data/misc/incoming.txt *
msgpath /site/incoming/????/* /ftp-data/misc/dir_and_subdirs.txt *
msgpath /site/incoming/????/*/ /ftp-data/misc/somedirs.txt *
NOTE: On the right, you need to specify which users this rule applies to.
privpath <path>; <flag/-user/=group>;
Here you define who will get access to certain directories.
Users that do not match any flags/groups/usernames will not see the directory.
*NOTE* You can't use wildcards in the path here. Wildcards would slow down
directory listing too much.
site_cmd <cmd name>; <exec/text/is>; <filename>; [optional argument]
Here you can define external site commands.
EXEC will execute a script/binary.
TEXT will display a text file, converting cookies to their values.
IS will execute the internal command specified afterwards.
site_cmd UPURGE EXEC /bin/upurge.sh
site_cmd RULES TEXT /ftp-data/misc/site.rules
site_cmd PICTURE TEXT /ftp-data/misc/picture.asc
site_cmd WEEKTOP IS WKUP
*NOTE* All custom commands need the access rights defined for them
in order to work. Exmp:
custom-rules *
custom-picture =STAFF -Usurper 1 7
custom-weektop !8 *
After defining here, you can use these as in "site rules" or "site
upurge".
Be aware that commands defined with the IS setting (like WEEKTOP above)
are subject to 2 sets of restrictions: first, the custom-weektop
setting, and then the -stats setting (which controls WKUP).
If using the EXEC mode, you can specify an optional argument that will
be passed to the program in front of any user arguments. To specify
multiple arguments, use [:space:]. Example:
site_cmd TEST EXEC /bin/test.sh arg1[:space:]arg2
custom-test *
Now when someone issues "site test moo", test.sh will be executed with
3 arguments: test.sh bleh blah moo.
max_sitecmd_lines #
Specifies the maximum number of output lines from a custom site
command that are shown to users. Default is 9999.
cscript <cmd name>; <when to run>; <path/filename>;
CScript is short for Custom Script.
Custom scripts (or binaries) to be executed before/after any command.
<cmd name>; - the name of the command before/after which to execute the script.
<when to run>; - can be either "pre" or "post", to run before or after, respectively.
<path/filename>; - the full path to the script to be executed.
If using a command with a space in it, like a site command, you need
to use "[:space:]" between the words, ex: site[:space:]who.
"post" scripts won't be able to echo anything because they are executed
after glftpd sends the response to the client - can't do this any other
way.
If a "pre" script exits with anything bigger than 0 (or if it can't be executed),
glftpd will NOT execute the command which should run after the script, nor will
it execute that command's "post" script.
Some "post" scripts will not be executed when the command they follow
fails (for example, if you try to add a user, but have no access to the
'site adduser' command). Here is the list of commands that behave
this way:
DELE, RMD, STOR, APPE, STOU, RETR, CWD, CDUP, RNFR, RNTO, MKD, PASV, TYPE;
and SITE commands: CHANGE, ADDUSER, GADDUSER, DELUSER, NUKE, UNNUKE,
WIPE, KILL, KICK, REQUEST, REQFILLED, ONEL.
This list might grow in the future.
It is YOUR responsibility to echo the correct MESSAGE CODE with every echo line
that you use - if you echo the wrong code, ftp clients may 'hang'. To find out
what code you need to use, just look at what glftpd uses when that command is executed.
Example: if you run a script before "site who", and you want to print
something from it, use: echo -e "200Your message here\r".
If you exit a pre script with 1 in order to prevent the user from
executing the command, you might want to use a generic error code with
your echo lines, like 500, which will tell the clients that this
command was denied - or use the error code that glftpd uses when
denying execution of this command.
Both kinds of scripts will be passed 3 parameters:
$1 = full command string the user used, $2 = user's login name,
$3 = user's primary non-private group.
ex:
cscript site[:space:]who pre /bin/sitewhoprescript.sh
cscript retr post /bin/postdownloadscript.sh
NOTE: There is no limit to how many cscript entries you can have.
The following environment variables can be used by external scripts:
$USER Username.
$FLAGS User flags.
$TAGLINE User tagline.
$GROUP User group.
$RATIO User ratio.
$PGROUP 1st priv group.
$SPEED Speed in K/s. This is exported after every upload/download.
$HOST User's ident@ip
$HOME User's home directory (from /glftpd/etc/passwd)
$SECTION The name of the section user is currently in
.------------------------------------.
| Who can use what site commands? |
`------------------------------------'
Below is a list of configurable site commands.
To the right of a command are flags - a user needs at least one of those
to be able to execute the command. You can also use groupname instead of
a flag (the format is =groupname) or username (format is -username).
'*' means "everyone". A ! in front of a flag/group/username means no access
if user matches this right - the scan through parameters will stop at this
point (so first match, whether positive or negative, ends the search. No
match is treated like a negative match - no access).
Note: by default, gadmins have access to the following commands:
-addip, -adduser, -changeratio, -chpass, -delip, -deluser,
-flags, -ginfo, -grpnfo, -readd, -userextra.
These commands are gadmin-restricted, meaning that if you are a
gadmin you can only use those commands on users who are in the
same group as your first (primary) group. Other commands are
not gadmin-restricted, so if you give gadmins access to them, they
will be able to use them on ANY user.
The "site purge" command is also gadmin-restricted, but gadmins don't
have access to it by default. Showing user comments when doing
"site user", controlled by -usercomment, is also restricted but not
enabled by default.
-addip 1 2 7
-adduser 1 2 7
-change 1 7
-changeallot 1 2 7 #(who should be able to change users allotments)
-changeflags 1
-changeratio 1 2 7
-changesratio 1 7
-changehomedir 1
-chmod 1
-chgadmin 1 7 #(who can set/unset gadmins)
-chgrp 1 7
-chgrp-priv 1 #(chgrp for private groups)
-chpass 1 2 7
-delip 1 2 7
-delownip !8 * #(let users delete their own ips)
-deluser 1 2 7
-dirs !8 * #(search dupe new nukes unnukes cdpath alias)
-emulate -specialuser
-errlog 1
-flags 1 2
-gadduser 1 7
-ginfo 2 H
-give G
-group !3 *
-groups *
-grp * #(who should be able to do site grp)
-groupcomment 1 #(who should see group.comment when doing site grp)
-grpadd 1
-grpchange 1 #(who should be able to change a grp)
-grpdel 1
-grplog 1
-grpnfo 1 2
-grpren 1
-grpstats *
-help !8 * #(help)
-info !8 * #(laston welcome)
-kick D
-kill E
-laston !8 *
-logins 1
-misc !8 * #(vers time color idle)
-msg * #(reading/sending messages. !* here will deny the 3 settings below, too)
-msg* 1 #(msg to everyone, msg * blah)
-msg= 1 #(msg to a group (members of group are exempted), msg =STAFF blah)
-msg{ * #(msg to several users, msg { a b c } blah)
-nuke A
-onel !8 * #(viewing oneliners with site onel)
-userothers !8 * #(viewing xfer stats ed form other users)
-oneladd !8 * #(adding oneliners with site onel something)
-passwd *
-predupe C
-purge 1
-readd 1 2 7
-renuser 1 7
-reqlog 1 A B 7
-request !8 * #(viewing request, using site reqfilled)
-requestadd !8 * #(adding requests)
-seen !8 * #(who should have access to site seen)
-show 1
-showhiddenusers 1 # Show hidden users in the site who and site swho
-stat * #(site stat, displaying of statline after transfers)
-stats !8 * #(wkup wkdn alup aldn monthup monthdn dayup daydn stats nuketop traffic gpal gpwk gpwd gpad)
-swho =STAFF 1 E
-take F
-syslog 1 =STAFF
-traffic 1 7
-undupe C
-unnuke B
-update 1
-user !8 * #(user seen unfo tagline)
-users H
-usercomment 1 7 #(who should see user.comment when doing site user)
-userextra 1 2 7 #(who should see user's IPs when doing site user)
-who *
-wipe -trusteduser
You can define your own "You do not have access to this command" for each
of the settings above.
First, create directory "ad" in /glftpd/ftp-data/misc. Then, create a file in
that directory with the same name as the restriction keyword shown above,
without the leading dash, and put whatever text you want displayed in it.
(so, if you want glftpd to say "You do not have access to see who is online"
when a user does "site who" and he/she doesn't have access to it, create a file
called "who").
Glftpd will try to display the individual file first; if that doesn't work,
it will show the generic no access error.
# Custom commands must also be bound to flags, just add "custom-"
# in front of the custom command's name
custom-rules *
divfor 回复于:2005-06-10 09:56:47
有事情可以联系我 divh@163.com
cxu123 回复于:2005-06-10 10:28:47
glftpd是做Dump Site的,专门合适交换盗版。
MYSQl,LDAP支持这些正经功能glftpd没有,比Pureftpd差远了。
divfor 回复于:2005-06-10 10:39:47
它确实是因交换0day资源而发展起来的(不同意你说的‘盗版’),但其长处是可以在客户端完全地管理整个ftp服务器。至于数据库和目录服务,无论从效率上还是安全上都不应该让ftp服务器连在一起使用。我不是很清楚这样连在一起使用有什么特别的需求,可以解释一下吗:)
cxu123 回复于:2005-06-10 10:58:33
作服务的FTP服务器,企业需要的是管理性,几百个用户用数据库或LDAP管理更方便。
单论做匿名下载服务器,性能glftpd比不上vs-ftpd,和pureftpd。
UNIX下的FTP服务器用SSH远端登陆也可以方便的管理,通常管理员都有Root权限,不需要那些SITE命令。glftpd那些SITE命令是让没有Root权限的人来管理FTP服务器的,这样的人通常是交换0day的某些地下管理员
|
