2.1 Configuring by Using Files

The default configuration file is sys:/etc/ftpserv.cfg. After you install NetWare FTP Server, this configuration file has all the parameters, commented with their default values.

If you enter a non-integer value for parameters where integer values are required, then the FTP Server sets the value to 0 or default value of the parameter, if 0 is an invalid value.

If invalid values are specified for parameters in the file, they are replaced by the default values where necessary.

The following tables describe the configuration file parameters with the default values and range:

Table 2-1 General Configuration Parameters

Parameter

Default Value

Description

HOST_IP_ADDR

IP address of the host

The IP address of the host, where NetWare FTP Server software is loaded.

Make sure that this value is in the standard IP address format and does not exceed 15 characters. It should not contain any special characters such as @ # $ % & * ( )?< >;.

Range = 0.0.0.0 to 255.255.255.254

FORCE_PASSIVE_ADDR

The public IP address to be exposed in a passive reply to FTP clients. This address need not bind to the NetWare server. It usually binds to a NAT device that routes between a private FTP server and a public FTP client. If commented out or set to 0.0.0.0, FTP Server uses the HOST_IP_ADDR.

Make sure that this value is in the standard IP address format and does not exceed 15 characters. It should not contain any special characters such as @ # $ % & * ( )?< >;.

Range = 0.0.0.0 to 255.255.255.254.

Anytime FORCE_PASSIVE_ADDR is used and private clients need to contact the FTP server, a separate instance of FTP should be running on a secondary private-side IP address, with no public address set by the FORCE_PASSIVE_ADDR.

This parameter is useful in the following scenarios:

  • When FTP is on a secure connection

  • Where the NAT device is not enhanced to look inside PASV replies to translate addresses there

  • Where SSL is in use, so the data portion is encrypted and not visible to the NAT device

FTP_PORT

21 (Standard FTP port)

The port number that the NetWare FTP Server should bind to and listen for connection requests from.

Range = 0 to 65535

If the port number value is not within the specified range, the FTP Server uses the default value.

MAX_FTP_SESSIONS

30

Maximum number of FTP sessions that can be actived at any point of time. Minimum value is 1.

Maximum value = 231 -1 (2147483647)

If this value is set to less than 0, the FTP Server uses the default value.

IDLE_SESSION_TIMEOUT

600

The time (in seconds) that any session can remain idle.

Maximum value = 231 -1 (2147483647)

The session never times out if the value is set negative.

SECURE_CONNECTIONS_ONLY

No

Restricts the use of non-secure FTP connections.

Select NO, to allow both secure and non-secure data and control connections.

Select YES, to allow secure control connections and both secure and non-secure data connections.

Select STRICT, to allow secure data and control connections.

DEFAULT_NAMESPACE

Long

The default name space.

The valid values are DOS and LONG.

DATA_BUFF_SIZE

64

Specifies the buffer size (in kilobytes) for the file transfer. It is applicable to both record and file structures.

This parameter applies to the commands put, ls, get, and dir.

Enter the value in the following format:

DATA_BUFF_SIZE = 64

Range = 4 to 1020 KB

If the value is less than 4, the FTP Server takes the value as 4 KB.

If the value is greater than 1020, the FTP Server takes 1020 KB.

Optimum Buffer Size for Mixed Operations: 64 KB.

Optimum Buffer Size for Store Operations: Increase the buffer size for large files.

When setting the value, consider system resources such as memory, network bandwidth, and speed available.

TRANSMITFILE_SUPPORT

NO

This new parameter has been added in ftpserv.cfg to improve the performance of downloading large files.

If this is set to YES, the FTP server uses new TransmitFile calls to transfer the file to the FTP client. Information is read from the file and directly written to the TCP socket.

If this is set to NO, the FTP server uses a data buffer to read the information from file and writes it to the socket.The FTP Server uses the TransmitFile interface only while sending data from local volumes to an FTP client.

Files being received (uploaded) by the FTP server are not impacted by this parameter.

Record structure file transfer and remote server file transfer are not supported by TransmitFile. They use the existing data buffer transfer mechanism.

KEEPALIVE_TIME

10

Specifies the timeout time (in minutes) to close a connection that might be broken on one side.

Range = 5 to 120

If the value is less than 0, the FTP Server takes the value as 0.

A value less than or equal to 0 minutes means no keep alive check is done. A value between 1 and 4 (both inclusive) or greater than 120 minutes is taken as 120 minutes.

Vary the time based on FTP service usage. Typically, 10 minutes is adequate. However, for frequently broken connections (as is common with dial-up connections), decrease the timeout to clear broken connections faster.

Some FTP clients might process keep alive packets incorrectly. In such a scenario, increase or disable the timeout to allow longer sessions without a keep alive check.

WELCOME_BANNER

sys:\etc\welcome.txt

The content of this file displays when the FTP client establishes a connection.

The path with the filename can contain up to 512 bytes.

MESSAGE_FILE

message.txt

The content of this file displays when the user changes the directory. For this to occur, a file with that name must exist in the directory.

The path with the filename can contain up to 512 bytes.

PASSIVE_PORT_MIN

1

Minimum port number used for establishing passive data connection.

Range = 1 to 65534

If this value is not within the range, the FTP Server uses the default value.

If this value is greater than the value specified for the maximum port number, the FTP Server uses the default values of both parameters.

PASSIVE_PORT_MAX

65534

Maximum port number used for establishing a passive data connection.

Range = 1 to 65534

If this value not within the range, the FTP Server uses the default value.

PSEUDO_SERVER_FLAG

0

Specifies how the Netware FTP server should simulate UNIX FTP server behavior.

It can take decimal values from 0 through 3. This value is converted to binary format and each bit is assigned a behavior. The LSB (least significant bit) denotes the reply string that is sent for the SYST command.

If it is set to 1, the string is UNIX Type: L8. By default, it is NETWARE Type: L8.The next bit to the LSB denotes the format that the permissions should use when sent to the FTP client during a directory listing.

If it is set to 1, then the UNIX-like format is sent. By default, the permissions are sent in NetWare trustee rights format.

PSEUDO_FILE_PERMISSIONS

644

Specifies the pseudo permissions displayed for files in the FTP client. This does not impact the actual trustee rights available for the files.

This parameter is considered only when the PSEUDO_PERMISSIONS parameter is set to ON; otherwise it is ignored. The value must be a three-digit octal value. Maximum value = 777.

PSEUDO_DIR_PERMISSIONS

755

Specifies the pseudo permissions displayed for directories in the FTP client. This does not impact the actual trustee rights available for the directories in any way.

This parameter is considered only when the PSEUDO_PERMISSIONS parameter is set to ON; otherwise it is ignored.The value must be a three-digit octal value. Maximum value = 777.

DISABLE_PATH_DIR_LISTING

No

Enables or disables prefixing of the command argument path to the results while listing directories.

The valid values are Yes and No.

Table 2-2 Login Configuration Parameters

Parameter

Default Value

Description

DEFAULT_USER_HOME_SERVER

Server where FTPis running

The name of the server, where the default home directory is on.

The path can contain up to 97 bytes.

DEFAULT_USER_HOME

sys:\public

The default home directory of the user.

The path with the filename can contain up to 512 bytes.

IGNORE_REMOTE_HOME

No

Specifies whether to ignore the home directory set in the Novell eDirectory user object, if it is on a remote server, and go to the default directory.

The valid values are Yes and No.

IGNORE_HOME_DIR

No

Specifies whether to ignore the home directory set in the eDirectory user object and go to the default directory.

The valid values are Yes and No.

DEFAULT_FTP_CONTEXT

Specifies the default context in which the users will be searched. Specify this as fully distinguished name (FDN). If you do not set the default FTP context, or if the specified context is invalid, then the bindery context of the server, if available, is set as default FTP context; otherwise, the context of the server object is used.

SEARCH_LIST

A list of fully distinguished names of containers (contexts) in which FTP users are to be looked for (without any spaces), separated by commas. The length of this string including the commas should not exceed 2048 bytes.

Each context specified by a fully distinguished name must begin with a leading dot (.).

You can specify a maximum of 30 containers.

To enable searching the user in the subtree under a search #container, append ':s' to the search container.

RESTRICT_FILE

sys:\etc\ftprest.txt

NetWare FTP Server can define access restrictions to various levels of users, hosts, etc. These restrictions are defined in a file, which can be specified here.

The path with the filename can contain up to 512 bytes.

ANONYMOUS_ACCESS

No

Specifies whether anonymous user access is allowed.

The valid values are Yes and No.

ANONYMOUS_HOME

sys:\public

The home directory of the anonymous user.

The path format is

volumename:[/directory_name/...]

This path can contain up to 512 bytes.

If colon (:) does not exist in the anonymous home directory, then the FTP Server uses the default (sys:/public) to be the anonymous user home directory.

ANONYMOUS_PASSWORD_REQUIRED

Yes

Specifies whether to ask for an E-mail ID as the password for an anonymous user to log in.

The valid values are Yes and No.

Table 2-3 Security Configuration Parameters

Parameter

Default Value

Description

INTRUDER_HOST_ ATTEMPTS

20

The number of unsuccessful login attempts before intruder host detection activates.

The maximum value is 2 31 -1 (2147483647) attempts.

HOST_RESET_TIME

5

Time interval (in minutes) during which the intruder host is not allowed to log in.

INTRUDER_USER_ATTEMPTS

5

The number of unsuccessful login attempts before intruder user detection activates.

The maximum value = 2 31 -1 (2147483647)

USER_RESET_TIME

10

Time interval (in minutes) during which the intruder user is not allowed to log in.

Table 2-4 Log Configuration Parameters

Parameter

Default Value

Description

FTP_LOG_DIR

sys:\etc

The directory where log files are stored.

This path can contain up to 512 bytes.

Do not give a filename that ends with a backslash ( \ ) or a forward slash ( / ). Otherwise, the log file is not created.

MAX_LOG_SIZE

1024

Maximum size (in KB) of the log files up to which messages will be logged.

Range = 1 to 4194303

LOG_LEVEL

7

Indicates the level of messages logged.

1 = ERROR

2 = WARNING

4 = INFORMATION

The following combinations can be given:

3 = ERROR, WARNING

5 =ERROR, INFORMATION

6 = INFORMATION, WARNING

7 = ERROR, WARNING, and INFORMATION

FTPD_LOG

FTPD

The ftpd.log file is created automatically. This file contains all the internal system-related information that NetWare FTP Server encounters.

The path with the filename can contain up to 512 bytes.

AUDIT_LOG

FTPAUDIT

The ftpaudit.log file is created automatically. This file contains details of user login activities.

The path with the filename can contain up to 512 bytes.

INTRUDER_LOG

FTPINTR

The ftpintr.log file is created automatically. This file contains details of unsuccessful login attempts.

The path with the filename can contain up to 512 bytes.

STAT_LOG

FTPSTAT

The ftpstst.log file is created automatically. This file contains details of all active sessions.

The path with the filename can contain up to 512 bytes.