Main page

(frames) (no frames)
About FTP4ALL Getting started Controlling the Server Help and Support Debug and Development
concepts download SITE commands FAQs debug
credits compilation, installation, startup registry helpdesk F4ADP
history config files upgrade from 2.x changelog
license FTP messages

Registry

ftpd needs a registry file to set up the service. All registry keys are described below. It is recommended that you edit the registry file before runnig the server for the first time. After that, use the admin tool or SITE commands to modify the registry. Do not edit the registry manually !

adminport alternativeserverprogram basedir bouncer bouncertimeout
checktimeout chmod_allowed desencryption destroylogin destroypassword
dupecheck dupepath errlogfile filenameconversion ffpath
ftpserrlogfile groupfile gstatfile ident log
logfile loginkick loginretries logprogram nukebrokenuploads
other_ip permissionfile pidfile port port2
pre_download pre_upload private programname readmefile
reject resolver resolvesymlinks serverprogram shortcut
statdir statfile timeoutanon timeoutuser touch
umask umaskanon umaskroot umaskuser userfile

adminport
Syntax : adminport <n>
Example: adminport 10234
Default: 0 (=none)
This is used to set the admin port. This is the port that the admin GUI can connect to. Do not FTP to this port !

alternativeserverprogram
Syntax : alternativeserverprogram <path and file >
Example: alternativeserverprogram /usr/sbin/wu.ftpd
Default: disabled
This is to run two services on one port (Service Splitter). Must turn option private on. When a non-authorised connection is encountered, the alternative service is started. (Versions lower than 2.09 would close this connection immediately) Give alternative service program in configuration file with option: AlternativeServerProgram <path>
Alternative service is invoked in inetd mode. This means any serive that is run by inetd can be used. Therefore, it is not possible to run two ftp4all services ! Services that require root privileges require that you run ftp4all as root. Or use the following trick:
Example: Alternative service is wu-ftpd / You need superuser privileges to run wu-ftpd !!!

  1. Compile & install ftp4all as non-privileged user
  2. set AlternativeServerProgram (AlternativeServerProgram /usr/sbin/wu.ftpd)
  3. Activate set-user-bit on ftp4all ( chmod u+s ftpd )
  4. become root (superuser)
  5. run ftpd
Note: ftpd will run in non-privileged mode and will only temporary aquire superuser rights for the following two tasks:
1. to bind the service to a socket (ports <1024 are possible!)
2. to execute the alternative service wu-ftpd
ftps runs completely as non-privileged user. All files are stored with non-privileged user as owner (as usual).

basedir
Syntax : basedir <path>
Example: basedir /home/ftp/root
Default: /home/ftp

This specifies the base directory. The base directory appears as root directory when someone logges into the server.

bouncer
Syntax : bouncer <bouncer_ip> [<bouncer_ip>] ...
Example: bouncer 192.60.9.23 128.3.50.210
Default: (none)

With this option you can use your server with a so-called "bouncer". F4A is full working with the rftpd-bouncer. You can get it on the rFtpd-Homepage. It is also working with a more advanced bouncer, which was programmed exclusively for ftp4all: bnc4all. bnc4all is also capable of bouncing the data connection, thereby acting as a full FTP proxy. This means, with bnc4all you can run the daemon on a machine in the intranet, while bnc4all provides access from the internet to your site by running on a proxy server.

bouncertimeout
Syntax : bouncertimeout <seconds>
Example: bouncertimeout 10
Default: 30

This sets a maximum time that FTP4ALL waits for a bouncer message. If a message doesn't arrive in this time, FTP4ALL assumes that the connection doesn't come from a bouncer but from a normal FTP client.

checktimeout
Syntax : checktimeout <seconds>
Example: checktimeout 10
Default: 0 (disabled)

This sets a maximum time, which the uploadchecker can use before timeout and gives a error-message to the log and the user that the checker failed. The files remain on the server but the siteop have to check them manually.

chmod_allowed
Syntax : chmod_allowed [on|off]
Example: chmod_allowed on
Default: on

With this option you can turn off the ability for users to chmod anything. The root is still allowed to do so.

desencryption
Syntax : desencryption on|off
Example: desencryption off
Default: on
This controls if the user and group files are saved DES encrypted (in case you compiled FTP4ALL with DES encryption support). It is safe to set it on, even if you didn't compile FTP4ALL with DES encryption support. In this case, this option is ignored. Its purpose is to switch from and to encryption. FTP4ALL detects automatically if a file is encrypted or not and does the appropriate actions to read it. If you compiled with encryption, f4a will ask you for a DES key every time you run the daemon. Enter a key with a maximum length of 8. The key is not stored anywhere for security reasons, so be sure to remember it.

destroylogin
Syntax : destroylogin <login>
Example: destroylogin kill
Default: (none)

Whenever someone identifies himself with the destroylogin and destroypassword at login, the server closes down and deletes all files. Both the login name and the password must be set.

destroypassword
Syntax : destroypassword <password>
Example: destroypassword all
Default: (none)

This sets the password for the destroylogin username.

dupecheck
Syntax : dupecheck <wildcard>
Example: dupecheck *.zip
Default: (none)

This option prevents files from being uploaded twice. Files matching the wildcard cannot be uploaded when a file with the same filename exists somewhere on the server. You can specify more than one wildcard by entering this option several times with different wildcards.

dupepath
Syntax : dupepath <directory>
Example: dupepath /upload
Default: /

This options specifies a path from that the dupe checking should be performed. Dupe checking is only performed for uploads in directories below the specified one. Only one directory can be given.

errlogfile
Syntax : errlogfile <filename>
Example: errlogfile /home/ftp/ftpd.err
Default: log/ftpd.err

ftpd stores runtime error information in this file. Specify a full filename, because otherwise the file is created in the current directory. It is recommended not to set this entry to use the default.

filenameconversion
Syntax : filenameconversion <n>
Example: filenameconversion 0x11
Default: 0
This option sets a filename conversion function, that is called every time a file is uploaded or directory is created. If one of the events occurr, the name of the file or directory is converted in a special way. The number gives says how the name should be converted. Add values for files and directories:

0x00no conversion
0x01convert file name to lowercase
0x02convert file name to uppercase
0x03convert first letter of filename to uppercase
0x04convert all spaces of filename into underscores _
0x10convert directory name to lowercase
0x20convert directory name to uppercase
0x30first letter of directory name to uppercase
0x40convert all spaces of directory name to underscores _

ffpath
Syntax : ffpath <dir>
Example: ffpath /pub
Default: (no default value)
ffpath defines the default path for the SITE FF command.

ftpserrlogfile
Syntax : ftpserrlogfile <filename>
Example: ftpserrlogfile /tmp/ftps.log
Default: log/ftps.err
Sets the name of the ftps error log file. It is recommended not to set this entry to use the default.

groupfile
Syntax : groupfile <filename>
Example: groupfile /home/ftp/groups
Default: etc/groups
File to read more user groups from. It is recommended not to set this entry to use the default.

gstatfile
Syntax : gstatfile <filename>
Example : gstatfile /site/old/groups.txt
Default: none

Specifies the file to which the group list is saved in the old format. This is used for backwards compatibility with v2.x scripts. Whenever ftpd receives a USR1 signal, it writes user and group file in the old format to disk.

ident
Syntax : ident [on|off]
Example: ident on
Default: off
This option enables the built in ident-support. If it is enabeled, the server sends on an connection attempt an ident request to the clients host. The response of this request is logged into the logfile, also connections get refused if the server is in private mode and there is no user with a suitable ident@ip added in the userbase.

log
Syntax : log {[!]<action>}*
Example: log login logout get put
Example: log all !list !cd
Default: none
Log certain user activities. An exclamation mark (!) before the action means that this action is not logged. Not all actions can be logged. By now, only actions regarding Login/Logout and Files/Directories can be logged:

all log everything
cd log change of current directory
chmod log chmod commands
del log removal of files
get log file downloads
login log user logins and login retries
logout log user logout
ls log directory listings
md log make directory commands
put log uploads
rd log removal of directories
ren log rename of files

logfile
Syntax : logfile <filename>
Example: logfile /home/ftp/ftpd.log
Default: ftpd.log
File to log user activities. It is recommended not to set this entry to use the default.

loginkick
Syntax : loginkick <on/off>
Example: loginkick on
With this option you can enable the "ghost"-kick function for all users. If enabled it allows the user to wipe all their currently logged in clients with logging in as !username (and correct password of course).
The logging in user is not killed.

loginretries
Syntax : loginretries <n>
Example: loginretries 3
Default: 10
Specifies the maximum number of login retries. If the number is reached, the control connection to the client is closed.

logprogram
Syntax : logprogram <program> [<parameters>]
Example: logprogram /home/ftp/server/logger /home/ftp/server/ftpd.log
Default: (none)
This specifies a program that should perform the task of a log server. The program is started by FTP4ALL when the server starts. It receives all log messages that go into the log file. The log program must read the messages over stdin and terminate when stdin is closed. It can then perform own functions, e.g. create statistics out of the log information.

nukebrokenuploads
Syntax : nukebrokenuploads <on/off>
Example: nukebrokenuploads on
Default: off

Broken uploads can be deleted (default) or left on server.

other_ip
Syntax : other_ip <ip>
Example: other_ip 123.123.123.123
Default: none

The other_ip option will tell the ftp-daemon to which IP it should bind in case the host has multiple IP's.

permissionfile
Syntax : permissionfile <filename>
Example: permissionfile perm.$$$
Default: .permissions
File to store access permissions in. Must be a plain filename (without path), because it is created in every directory.

pidfile
Syntax : pidfile <filename>
Example: pidfile /home/ftpd/bin/ftp4all.pid
Default: /var/run/ftpd.pid
The processid (pid) of the serverprocess gets saved in there on daemon start

port
Syntax : port <n>
Example: port 2048
Default: 21
port to accept connections from.

port2
Syntax : port2 <n>
Example: port2 3456
Default: none
port to accept connections from. At least one of port and port2 must be given on startup

pre_download
Syntax : pre_download <script>
Example: pre_download /home/ftpd/dl_check
Default: (none)

This script gets executed before every download and the result of the script (better the exitcode) allows or denys the download. If the script returns a line of text, this is shown as reason for the user otherwise "no special reason" is shown. The intention is, to allow download i.e. at given times or don't allow more than 20 downloads at one time.

pre_upload
Syntax : pre_upload <script>
Example: pre_upload /home/ftpd/ul_check
Default: (none)

This script gets executed before every upload and the result of the script (better the exitcode) allows or denys the upload. If the script returns a line of text, this is shown as reason for the user otherwise "no special reason" is shown. The intention is, to allow uploads i.e. at given times or don't allow more than 20 uploads at one time.

private
Syntax : private [on|off]
Example: private on
Default: off
This option is used to make the server real private. When it is on, all connections from hosts that are not in the ip range of all users are closed immediately. When you activate this option, make sure that there is no ip range *.*.*.* with a user. Furthermore, anonymous access is no longer possible because of the ip limitation. But you must remove the anonymous user or disable the ip range of this user yourself.

programname
Syntax : programname <name>
Example: programname ftpd-server
Default: <serverprogram>
name of program, as shown by "ps"

readmefile
Syntax : readmefile <filename>
Example: readmefile readme.$$$
Default: (no default value)
File to display when directory is changed. This option has no default value. This means that readme files are disabled.

reject
Syntax : reject <ip_range> [<ip_range>] ...
Example: reject 149.22.33.* 127.*.*.*
Default: (no default value)
Specifies IP ranges, from which connections are rejected by default. Rejected means that if a connection from such an address comes in, the control connection is closed immideately. The purpose for this is to ban certain IPs or IP ranges.

resolver
Syntax : resolver [on|off]
Example: resolver off
Default: on

You can turn off dns-lookups in the log and within the "site user lista".

resolvesymlinks
Syntax: resolvesymlinks <on/off>
Example: resolvesymlinks on
Default: off

Included symlink-resolver when changing working directory.

serverprogram
Syntax : serverprogram <filename>
Example: serverprogram /home/ftp/ftps
Default: ftps
Name of program to serve client. Must be absolute or relative from <base_dir> Default value is "ftps", that means that "ftps" must be in <base_dir>

shortcut
Syntax : shortcut <command> [<command>] ...
Example: shortcut credit rules help
Default: (none)
This option creates additional SITE commands. Its name is shortcut, because it is only a shortcut to a user script. Normally, a user script is run with SITE RUN <name>. If you include <name> in the shortcut list, the script can be run with SITE <name>. This means you have a new SITE command.
Existing SITE commands can be overriden with this function. For example, if you create a shortcut help, this replaces the built-in help function. The built-in function can still be accessed by typing SITE two times, e.g. SITE SITE HELP.

statdir
Syntax : statdir <dir>
Example : statdir /tmp/stats
Default: log/

Specifies the directory in which the stat files are written.

statfile
Syntax : statfile <filename>
Example : statfile /site/old/users.txt
Default: none

Specifies the file to which the user list is saved in the old format. This is used for backwards compatibility with v2.x scripts. Whenever ftpd receives a USR1 signal, it writes user and group file in the old format to disk.

timeoutanon
Syntax : timeoutanon <time>
Example: timeoutanon 120
Default: 60
Timeout value for anonymous users. After expiration of this period the control connection is closed. This means that the user is being logged out.

timeoutuser
Syntax : timeoutuser <time>
Example: timeoutuser 600
Default: 300
Timeout value for registered users.

touch
Syntax : touch [on|off]
Example: touch on
Default: off
When this option is on, the file modification date of a file being opened is updated to the current time. This time will occurr in directory listings, so you can see when a file was last accessed.

umask
Syntax : umask <mask>
Example: umask 022
Default: 077
umask for server daemon. Not that the umask gives the permissions that are SUBTRACTED from the maximum permissions when a file or directory is created.

umaskanon
Syntax : umaskanon <mask>
Example: umaskanon 0x7F0000
Default: 0x230000
Sets the permissions a directory receives when created by an anonymous user. The first byte gives the rights of the owner, the second the right of the group and the third the rights of other users. The next table shows which bits mean which right. Add the values to form the permission:

0x01chdir
0x02list
0x04mkdir
0x08chmod
0x10get - files uploaded by user get read permission
0x20put
0x40overwrite - files uploaded by user get write permission
0x80no limit


The get and overwrite rights are no directory rights. They are for files only. This means that the right to download (get) and to upload to an exising file (overwrite) are determined by the file permissions and not by the directory permissions. The only exception are directories that are set in the cdpath. There are no separate file permissions, so the directory permissions apply.

umaskroot
Syntax : umaskroot <mask>
Example: umaskroot 0x7F1313
Default: 0x7F1300
Sets the permissions a directory receives when created by a superuser. See table above for meaning of the bits.

umaskuser
Syntax : umaskuser <mask>
Example: umaskuser 0x7F1313
Default: 0x7F1300
Sets the permissions a directory receives when created by a normal user. See table above for meaning of the bits.

userfile
Syntax : userfile <filename>
Example: userfile /home/ftp/users
Default: etc/users
File to read more user definitions from. It is recommended not to set this entry to use the default.