Utilizing FTP
The File Transfer Protocol (FTP) allows the transfer of files between networked computers. The FTP service provided with iTools is integrated into the iTools suite of applications and provides advanced features such as anonymous FTP, FTP virtual hosting, and fine-tuned controls on upload and download access to the iTools server. The iTools FTP implementation can also be configured to allow or deny anonymous or iTools user access to the server's filesystem.
File Encodings
The iTools FTP server supports text and binary file transfers. By default, only the data fork of any file is transferred. It is possible to transfer complete Macintosh files, including their creator and type fields and their resource forks, by encoding these files in a Macintosh compression format such as StuffIt?. MacBinary file encodings are not supported in iTools FTP.
Uploading and Executing CGI Scripts
The default iTools configuration has a strict policy on CGI script upload and execution. iTools will permit the uploading of CGI scripts only into the main
/cgi-bin directory and only for an FTP user configured for access to the content directories of all virtual hosts. iTools by default will permit the URL-based execution of CGI scripts by network browsers only from the /cgi-bin directory.
You may override the policy regarding uploading of CGIs by modifying the ftpaccess file in the /etc directory.
This might be necessary if, for example, you created individual cgi-bin directories within each virtual host's content tree on your system and wanted to give unrestricted CGI upload access to the directory to FTP users configured for access to each individual virtual host. In this case, you would add a directive to the ftpaccess file that read:
upload /Local/Library/WebServer/WebSites/yourvhost.com /cgi-bin yes ftpuser ftpuser 0755
The first path parameter of the "upload" directive must exactly match the home directory of the configured FTP client. FTP client home directories are configured via the Users form in the iTools Administration Server. The second path parameter is the relative path from the FTP home directory to the directory to contain the CGIs.
Once configured for FTP upload access, CGIs to be run outside of the main /cgi-bin directory must be given permission to be browsed using the iTools Administration Server. Use the cgi-script Action Handler override described in the "Access Controls" section to permit URL-based execution of the CGI.
The directory name cgi-bin has a special function and capability under iTools. If you create individual cgi-bin directories within the document root directories of each virtual host, you are taking the risk of allowing users to upload potentially damaging CGI scripts that can be executed by any web user.
FTP Settings
The FTP Settings table contains some options that control the iTools FTP service. The FTP server is an integrated component of iTools and is designed to provide separate access points based on virtual hosts for different FTP users. The FTP server can also be configured to permit or deny anonymous FTP access, and FTP transfers can be logged for either anonymous or password-based accesses.
Anonymous
The Anonymous checkbox enables or disables anonymous FTP access. When a user accesses the iTools system via anonymous FTP, the iTools FTP server automatically places that user in their FTP home directory. Anonymous FTP users are thus restricted from accessing any other directories on the system. The FTP directory generally contain some default sub-directories which provide different kinds of access to the anonymous FTP clients.
The pub directory is the generic placeholder for documents targeted for public consumption. Anonymous FTP users can get files from this directory, but they cannot put files into this directory, or modify any files within this directory. Generally the iTools administrator controls the organization and contents of this directory. However, password-based FTP users can place files in this directory if their FTP Home directory is either All iTools directories or Anonymous FTP .
The hidden directory provides a level of security by obscurity. Anonymous FTP users cannot list or see any of the files within this directory, but if they know the exact name of the file they are looking for, they can get that file from this directory. A hidden directory is created by using the command "makedir dirname" to create the specified directory "dirname" and then the command "chmod 511 dirname" to set permissions on the fictitious "dirname" which will not allow listing of the folder by anyone except the root user.
The incoming directory provides a place for anonymous FTP users to put files on this server. Generally these files are deposited here for consumption by the administrator of the iTools system. Anonymous FTP users cannot list or see the files in the incoming directory, so other anonymous FTP users cannot get a file deposited by a different FTP user unless they know the exact name of that file. An incoming directory is created by using the command "makedir dirname" to create the specified directory "dirname" and then the command "chmod 733 dirname" to set permissions on the fictitious "dirname" which will not allow listing of the folder by anyone except the root user, but will allow anyone to upload to it.
User-Pass
The User- Pass checkbox enables or disables password-based FTP access. When a user accesses the iTools system via an FTP user name and password, the iTools server automatically places that user in the directory indicated by the FTP Home setting for that user.
Password-based FTP users can read or write files into the directories to which they have access.
Limit
The Limit setting controls how many simultaneous sessions the iTools FTP server will permit for each class of FTP service. Subsequent attempts to FTP into the server will be denied when this limit is reached. A message is provided to the FTP client that the limit has been reached and that they should try again later.
Virtual Anonymous FTP Service
iTools's FTP server supports virtual or "multihomed" anonymous FTP service for each IP address iTools is serving. The virtual FTP service allows an anonymous FTP user to connect to "ftp1.domain.com" and receive one FTP banner message and content location while another anonymous FTP user connecting to "ftp2.domain.com" receives another banner and location, even though they are on the same machine and port.
Note that password-based FTP clients (all users other than the "anonymous" user) have an explicit home directory under iTools and will be placed in that home directory regardless of which server domain name or IP address they use to connect to the server. Configuration of FTP users and their home directories is discussed in the "Users" section of this manual.
Follow these steps to configure one or more virtual anonymous FTP servers under iTools:
- Set up any number of IP-based virtual hosts using the iTools Administration Server).
- Create unique directories to contain the content for each virtual hosts anonymous FTP server:
- To change the default banner for a virtual FTP server, edit the etc/ftpaccess file and customize the lines similar to the following:
virtual 192.1.2.3 /usr/local/etc/httpd/ftp-virtual1 /nobanner
virtual 192.1.2.4 /usr/local/etc/httpd/ftp-virtual2 /usr/local/etc/httpd/ftp-virtual2/banner.msg
The first argument is the IP address of the virtual FTP server. The IP address matches one of the IP-based virtual hosts you configured using the iTools Administration Server. The second argument is the path to the "home" folder created in the previous step, and the third argument is a file containing the banner to display to the FTP client upon login. Use /nobanner to display no login banner.
Additional FTP Capabilities
iTools's FTP server (wu-ftpd) has capabilities beyond those that are presented in the GUI provided by the iTools Admin Server. These features are configured by editing FTP's directives in the /etc/ftpaccess file. The manual page for the ftpaccess file is available by issuing the command "man ftpaccess" in the terminal.