Novell Documentation: NetWare 6 - Configuring FTP Server

Configuring FTP Server

Before you start the NetWare FTP Server software, you should configure it by setting the configuration parameters in the configuration file. The default configuration file is SYS:/ETC/FTPSERV.CFG. The parameters in this configuration fils are commented with their default values.

When the NetWare FTP Server is started, the IP address of the host (HOST_IP_ADDR) and the port number of the NetWare FTP Server (FTP_PORT), as defined in the configuration file, are used to bind to and listen for FTP client connection requests. If these parameters are not defined in the configuration file, the FTP Server binds to all configured network interfaces and the standard FTP ports.

Multiple instances of the NetWare FTP Server can run on a single machine with different IP addresses, or port numbers. The various parameters in the configuration file along with the default values are described in the following tables:

Guidelines for Modifying Configuration File

Use the 8.3 file naming format for the configuration, restriction, welcome banner, message files, and the log files. Long name for these files is not supported.
If you specify a non-integer value for parameters that expect an integer value, then the FTP Server takes the value to be 0.

Table 1. Multiple Instances Parameters

Parameter	Default Value	Description
HOST_IP_ADDR	IP address of the host	The IP address of the host that the FTP Server software is being loaded on. The valid range is 0.0.0.0 to 255.255.255.254.
FTP_PORT	21 (Standard FTP port)	The port number that the FTP server should bind to and listen for connection requests from. The maximum port number is 65534.

Parameter

Default Value

Description

HOST_IP_ADDR

IP address of the host

The IP address of the host that the FTP Server software is being loaded on.

The valid range is 0.0.0.0 to 255.255.255.254.

FTP_PORT

21 (Standard FTP port)

The port number that the FTP server should bind to and listen for connection requests from.

The maximum port number is 65534.

Table 2. FTP Session Parameters

Parameter	Default Value	Description
MAX_FTP_SESSIONS	30	Maximum number of FTP sessions that can be active at any point of time. Minimum value is 1. The maximum value can be 2³¹ (2147483648). If this parameter value is set to zero, the FTP Server takes the default value.
IDLE_SESSION_TIMEOUT	600 (seconds)	Duration in seconds that any session can remain idle. The session will never time out if the value is set as negative, for example -1. The maximum value is 2³² (4294967296) seconds.

Parameter

Default Value

Description

MAX_FTP_SESSIONS

Maximum number of FTP sessions that can be active at any point of time. Minimum value is 1.

The maximum value can be 2³¹ (2147483648). If this parameter value is set to zero, the FTP Server takes the default value.

IDLE_SESSION_TIMEOUT

600 (seconds)

Duration in seconds that any session can remain idle. The session will never time out if the value is set as negative, for example -1.

The maximum value is 2³² (4294967296) seconds.

Table 3. Data Transfer Parameter

Parameter Default Value Description

Parameter	Default Value	Description
DATA_BUFF_SIZE	32 KB	Specifies the buffer size in kilobytes for the file transfer. It is applicable to both record and file structures. This parameter applies to the commands `put`, `ls,` `get`, and `dir`. Enter the value in the following format: `DATA_BUFF_SIZE = 32` Range = 4 to 1020 KB. The value can be set based on system memory available. If the value is less than 4, then the FTP Server takes the value as 4 KB. If the value is greater than 1020, then the FTP Server takes 1020 KB.

DATA_BUFF_SIZE

32 KB

Specifies the buffer size in kilobytes for the file transfer. It is applicable to both record and file structures.

This parameter applies to the commands put, ls, get, and dir.

Enter the value in the following format:

DATA_BUFF_SIZE = 32

Range = 4 to 1020 KB.

The value can be set based on system memory available.

If the value is less than 4, then the FTP Server takes the value as 4 KB.

If the value is greater than 1020, then the FTP Server takes 1020 KB.

Table 4. Anonymous User Access Parameters

Parameter	Default Value	Description
ANONYMOUS_ACCESS	No	Specifies whether anonymous user access is allowed. Valid values are Yes and No.
ANONYMOUS_HOME	SYS:/PUBLIC	The anonymous user's home directory. This path can contain up to 512 bytes.
ANONYMOUS_PASSWORD_REQUIRED	Yes	Specifies whether to ask for an e-mail ID as the password for anonymous user to log in. Valid values are Yes and No.

Parameter

Default Value

Description

ANONYMOUS_ACCESS

Specifies whether anonymous user access is allowed.

Valid values are Yes and No.

ANONYMOUS_HOME

SYS:/PUBLIC

The anonymous user's home directory.

This path can contain up to 512 bytes.

ANONYMOUS_PASSWORD_REQUIRED

Yes

Specifies whether to ask for an e-mail ID as the password for anonymous user to log in.

Valid values are Yes and No.

Table 5. Access Restrictions Parameters

Parameter	Default Value	Description
RESTRICT_FILE	SYS:/ETC/FTPREST.TXT	FTP Server can define access restrictions to various levels of users, hosts, etc. These restrictions are defined in a file, which can be specified here. The path with the filename can contain up to 512 bytes.

Parameter

Default Value

Description

RESTRICT_FILE

SYS:/ETC/FTPREST.TXT

FTP Server can define access restrictions to various levels of users, hosts, etc. These restrictions are defined in a file, which can be specified here.

The path with the filename can contain up to 512 bytes.

Table 6. Login Parameters

Parameter	Default Value	Description
DEFAULT_USER_HOME-SERVER	Server where FTP is running	The name of the server that the default home directory is on. The path can contain up to 97 bytes.
DEFAULT_USER_HOME	SYS:\PUBLIC	The default home directory of the user. The path with the filename can contain up to 512 bytes.
IGNORE_REMOTE_HOME	No	Specifies whether to ignore the home directory set in the NDS user object. Valid values are Yes and No.
IGNORE_HOME_DIR	No	Specifies whether to ignore the home directory set in the NDS user object. Valid values are Yes and No.
SEARCH_LIST		A list of fully distinguished names of containers in which FTP users are to be looked for (without any spaces), separated by commas. The length of this string including the commas should not exceed 2048 bytes. Each context specified by fully distinguished name must begin with a leading dot You can specify a maximum of 25 containers.
DEFAULT_FTP_CONTEXT		Specifies the default context in which the users will be searched. Specify this as fully distinguished name (FDN).If you do not set the default FTP context, or if the specified context is invalid, then the bindery context of the server, if available, is set as default FTP context, otherwise the context of the server object is used.
KEEPALIVE_TIME	10	Specifies the timeout time (in minutes) to close the connection which might be broken on one side. Range = 5 to 120 minutes. If the value is less than 0, then the FTP Server takes the value as 0.If the value is greater than 120 or between 1 to 4 (both inclusive) then the FTP Server takes 120 minutes. A value less than or equal to 0 minutes is taken as 0, which means no keep alive check is done. A value between 1 and 5 (both inclusive) or greater than 120 minutes is taken as 120 minutes. Vary the time based on FTP service usage. Typically, 10 minutes is adequate. However, for frequently broken connections (as is common with dial-up connections), decrease the timeout to clear broken connections faster. Some FTP clients might process keep alive packets incorrectly. In such a scenario increase or disable the timeout to allow longer sessions without a keep alive check.

NOTE: When logging in for the first time without specifying the context, the search criteria used by NWFTPD to find them will be in the following order:

The first bindery context of the server, if it is set.
The NetWare server object's context, if bindery context is not set.
The contexts listed in the SEARCH_LIST parameter of FTPSERV.CFG, in the order listed.

On logging in successfully, the FTP server context gets set to the user's context. Therefore, if a user is logged in to an FTP session, and decides to authenticate as another user (without specifying a context), with the command, user username, this new username will be searched for under the context of the previous user.

Table 7. Intruder Detection Parameters

Parameter	Default Value	Description
DEFAULT_NAMESPACE	Long	The default name space. The valid values are DOS and LONG.
INTRUDER_HOST_ ATTEMPTS	20	The number of unsuccessful log in attempts for intruder host detection. The maximum value is 2 ³² (4294967296) attempts.
INTRUDER_USER_ATTEMPTS	5	The number of unsuccessful log in attempts for intruder user detection. The maximum value is 2³² (4294967296) attempts.
HOST_RESET_TIME	5	Time interval in minutes during which the intruder host is not allowed to log in. The maximum value is 2³² (4294967296) minutes.
USER_RESET_TIME	10	Time interval in minutes during which the intruder user is not allowed to log in. The maximum value is 2 ³² (4294967296) minutes.

NOTE: To disable intruder detection, both intruder detection parameters, INTRUDER_HOST_ ATTEMPTS and INTRUDER_USER_ATTEMPTS, must be set to zero (0).

To enable intruder detection, both intruder detection parameters, INTRUDER_HOST_ ATTEMPTS and INTRUDER_USER_ATTEMPTS, must be set to a value greater than zero (0). Also, the parameter INTRUDER_HOST_ ATTEMPTS must be set to a value greater than the value set for the parameter INTRUDER_USER_ATTEMPTS.

Table 8. Firewall Support Parameters

Parameter	Default Value	Description
PASSIVE_PORT_MIN	1	Minimum port number used for establishing passive data connection. The port value range is 1 to 65534.
PASSIVE_PORT_MAX	65534	Maximum port number used for establishing passive data connection. The port value range is 1 to 65534.

Parameter

Default Value

Description

PASSIVE_PORT_MIN

Minimum port number used for establishing passive data connection.

The port value range is 1 to 65534.

PASSIVE_PORT_MAX

65534

Maximum port number used for establishing passive data connection.

The port value range is 1 to 65534.

Table 9. Welcome Banner and Message Files Parameters

Parameter	Default Value	Description
WELCOME_BANNER	SYS:/ETC/WELCOME.TXT	When the FTP client establishes a connection, the content of this file is displayed. The path with the filename can contain up to 256 characters.
MESSAGE_FILE	MESSAGE.TXT	When the user changes the directory, the contents of this file are displayed. For this, the file with that name should exist in the directory. The path with the filename can contain up to 256 characters.

Parameter

Default Value

Description

WELCOME_BANNER

SYS:/ETC/WELCOME.TXT

When the FTP client establishes a connection, the content of this file is displayed.

The path with the filename can contain up to 256 characters.

MESSAGE_FILE

MESSAGE.TXT

When the user changes the directory, the contents of this file are displayed. For this, the file with that name should exist in the directory.

The path with the filename can contain up to 256 characters.

Table 10. FTP Logs Parameters

Parameter	Default Value	Description
FTP_LOG_DIR	SYS:/ETC	The directory where log files will be stored. This path could contain up to 256 characters.
NUM_LOG_MSG	3200	Maximum number of messages that will be logged in each log file. The maximum value is 2³¹ messages. However, the maximum messages allowed is based on the memory available.
LOG_LEVEL	7	Indicates the level of messages logged. These are: 1= ERROR 2= WARNING 4= INFORMATION The following combinations can be given. 3= ERROR, WARNING 5=ERROR, INFORMATION 6= INFORMATION, WARNING 7=ERROR, WARNING, and INFORMATION
FTPD_LOG	FTPD	FTPD.LOG file is automatically created. This file contains all the internal system related information encountered by the FTP server. The path with the filename could contain up to 256 characters.
AUDIT_LOG	FTPAUDIT	FTPAUDIT.LOG file is automatically created. This file contains details about the login activities of the user. The path with the filename could contain up to 256 characters.
INTRUDER_LOG	FTPINTR	FTPINTR.LOG file is automatically created. This file contains information about unsuccessful login attempts. The path with the filename could contain up to 256 characters.
STAT_LOG	FTPSTAT	FTPSTAT.LOG file is automatically created. This file contains details about all active sessions. The path with the filename could contain up to 256 characters.

Table 11. Pseudo Permission Parameters

Parameter	Default Value	Description
PSEUDO_PERMISSIONS .	OFF	Specifies whether the FTP server should send UNIX-type permissions or trustee rights for display in the FTP client. When set to OFF (default), the FTP server sends the trustee rights to the FTP client. When set to ON, the FTP sends UNIX-type permissions to the FTP client. When this parameter flag is ON, the values for PSEUDO_FILE_PERMISSIONS and PSEUDO_DIR_PERMISSIONS are checked for length and validity. If their length exceeds 3 or the digits exceed 7, then the FTP Server takes the default values of these parameters.
PSEUDO_FILE_PERMISSIONS	644	Specifies the pseudo permissions displayed for files in the FTP client. This does not impact the actual trustee rights available for the files in any way. This parameter is considered only when the PSEUDO_PERMISSIONS parameter is set to ON, otherwise this is ignored. The value must be a three digit octal value. Maximum value = 777.
PSEUDO_DIR_PERMISSIONS	755	Specifies the pseudo permissions displayed for directories in the FTP client. This does not impact the actual trustee rights available for the directories in any way. This parameter is considered only when the PSEUDO_PERMISSIONS parameter is set to ON, otherwise this is ignored.The value must be a three digit octal value. Maximum value = 777.

Parameter

Default Value

Description

PSEUDO_PERMISSIONS .

OFF

Specifies whether the FTP server should send UNIX-type permissions or trustee rights for display in the FTP client.

When set to OFF (default), the FTP server sends the trustee rights to the FTP client. When set to ON, the FTP sends UNIX-type permissions to the FTP client.

When this parameter flag is ON, the values for PSEUDO_FILE_PERMISSIONS and PSEUDO_DIR_PERMISSIONS are checked for length and validity.

If their length exceeds 3 or the digits exceed 7, then the FTP Server takes the default values of these parameters.

PSEUDO_FILE_PERMISSIONS

644

Specifies the pseudo permissions displayed for files in the FTP client. This does not impact the actual trustee rights available for the files in any way.

This parameter is considered only when the PSEUDO_PERMISSIONS parameter is set to ON, otherwise this is ignored. The value must be a three digit octal value. Maximum value = 777.

PSEUDO_DIR_PERMISSIONS

755

Specifies the pseudo permissions displayed for directories in the FTP client. This does not impact the actual trustee rights available for the directories in any way.

This parameter is considered only when the PSEUDO_PERMISSIONS parameter is set to ON, otherwise this is ignored.The value must be a three digit octal value. Maximum value = 777.