publish−ftpd − non-anonymous read-only FTP and HTTP server |
publish-ftpd -f file [ −h ] [ −a accesslog ] [ −s sessionlog ] [ −d debuglog ] [ −r realm ] [ −b bannerfile ] |
Serve files by FTP or HTTP (not yet implemented) to known users secured by username and password. Warning: publish-ftpd provides neither high performance nor high security, and should not be used for serving files to the Internet generally. |
−f file, −−password−file=file |
specifies binary password file created by publish-ftpd-maint (mandatory) |
−h, −−httpd |
specifies HTTP service (not yet implemented) |
−a accesslog, −−access−log=accesslog |
file and directory access records are written to accesslog |
−s sessionlog, −−session−log=sessionlog |
session start and end records are written to sessionlog |
−d debuglog, −−debug−log=debuglog |
all lines of all transactions are written to debuglog |
−r realm, −−realm=realm |
specifies string used as FTP welcome banner and as the realm in HTTP basic authentication |
−b bannerfile, −−banner=bannerfile |
in FTP mode, specifies a plain text file to be displayed as a welcome banner; in HTTP mode, specifies an HTML file to be displayed in error returns |
−m mimetypesfile, −−mime−types mimetypesfile |
specifies a binary MIME-types file created by publish-ftpd-maint; required in HTTP mode, ignored in FTP mode (not yet implemented) |
−v, −−version |
output version information and exit |
publish-ftpd is a non-anonymous read-only FTP and HTTP server written in Perl. It requires no external programs other than a few standard Perl modules loaded at startup, and no configuration files other than the binary password and MIME-types files created by publish-ftpd-maint, its companion maintenance program. It is designed to be run from xinetd, or in a pinch inetd, which must be configured to specify the port on which publish-ftpd runs. xinetd can also control such things as the username and group used to run publish-ftpd (which may not be root) the IP addresses of valid client hosts, the maximum number of simultaneous instances of publish-ftpd either overall or per-client IP address, and the times of day when access is permitted. Therefore, publish-ftpd does not provide configuration options for any of these things. Each user is assigned a home directory, and can only access files and subdirectories within the home directory, known collectively as the home tree. The home directory appears to the user to be the root directory. Typically every user will have a separate home tree, but this is not required. The user cannot do anything to modify the home tree; neither FTP PUT nor FTP MKDIR nor HTTP POST is supported. Symbolic links can point out of the home tree; this can be considered a bug or a feature. It is essential that the local username running publish-ftpd has read access to all the files and execute access to all the directories in all the home trees. Unreadable files and directories will be invisible to clients. However, a readable file in an unreadable directory can be fetched by a client if its pathname is known. Clients cannot tell the difference between an actual file or directory and a symbolic link to one; attempting to use ‘‘..’’ to move upward from a directory outside the home tree will be ineffective. It is a baaaaaad idea to use the system /etc/passwd file directly to create the password file used by publish-ftpd. Instead, use it selectively, picking out just the records for FTP users. The uid, gid, and shell fields can contain anything; publish-ftpd doesn’t care, and publish-ftpd-maint will supply default values on output. If the accesslog, sessionlog, or debuglog pathnames contain %Y, %m, or %d escape sequences, they are replaced by the current year, month, or day respectively, in order to allow automatic log segmentation. The logfiles themselves are written in Common Log Format, using magic verbs for the sessionlog and the debuglog. The accesslog uses GET verbs even in FTP mode, so it can be analyzed by standard HTTP log file analyzers. If the error messages are thought to be insufficiently ‘‘professional’’, they can be changed by patching the source code. Messages that are sacred to the protocol are so marked. |
John Cowan <cowan@ccil.org> |
Copyright © 2005 John Cowan |
publish-ftpd-maint(8),xinetd(8),httpd(8) |