FlashFXP Forums - View Single Post

Yil · 11-18-2011, 09:38 PM

g.loth: I really hate the lack of documentation myself. Given time I can do a pretty good job of it, but it's not something I do quickly so it tends to not get done. On the plus side I have implemented 'site help' and documented every interactive built-in command with a description and examples as well as the commands for nxTools and ioNinja. This doesn't help much with configuring the server, but it sure is better than what was available when I picked the project up (though nxHelp wasn't bad).

Here's a list of things to check after you get through the trivial stuff in the README file and 'site help'. Speaking of 'site help', if you have an ANSI color enabled client like FlashFXP use the 'site color' feature because the online help looks MUCH nicer when arguments, other commands, etc are in different colors.

If you use FlashFXP grab one of the ioFTPD custom commands from the board here. There are a couple of good ones out there, and an "official" really cool version should be available when v8 comes out or shortly thereafter.

Don't forget the Changelog. This is the definitive guide to how things really work. I document every change, new feature, etc in this file and often include examples and/or reasons. It's not all in one place as changes happen over time, but search the file from the top for the keyword your interested in.

Check out the /docs folder. There's a Site-cmds.txt file that looks like the output of 'site help' for every build-in command so searching that can help you locate the command or arguments you need to do what you want.

The Forum. There's lots of useful stuff here over the years so try searching it, and if that fails just ask...

Read the .ini file all the way through. You would be surprised at how many features the server really has and what can be customized. It will also introduce you to a number of things you should be aware of.

Regarding your 2 questions.

You want to "classify" or "group" users so they can have different rights. There are two general ways to do that. If you are dealing with a handful of users on a small server you can use user flags. Just avoid the 1, M, L, etc ones reserved by the system (v8 will make this much cooler and easier).

If you have a lot of different groups of users or if the groups that a user belongs to should limit/allow directory access use traditional groups created via 'site grpadd'. Place users into one or more of those groups via 'site chgrp' and then set directory permissions via 'site chown' and 'site chmod'. I suggest you examine the idea behind new-user group defaults. Check out 'site help /Defaults'. In conjunction with 'site gadduser' you can setup each group of users to have different numbers of logins, default user-flags, additional groups to join, you name it. It's very useful and powerful.

In either case you will want to examine the VFS section of the .ini file to grant/deny the ability to upload, download, etc. I do NOT recommend using a lot of rules in the VFS section, but it makes sense to deny some users the right to delete files they don't own. Traditionally the 3 user flag is used for users who can upload and any user account without that can only download. So just define the global rules there and control access to directories by filesystem permissions. The "group owner" of a directory grants access if the user is a member of that group. Since users can be members of lots of groups this should handle most cases if you just remove the +r flag via 'site chmod' for "other" like UNIX filesystems would do. [As a side note: the +x bit currently does nothing. +r controls both look/enter]

If you really need to hide things (and not just deny access) from some groups don't use custom etc/group.vfs files. That will work fine but if you ever need to edit the .vfs file you'll have to apply the change to all the .vfs files and that sucks and is error prone. Instead, I suggest you use the 'site chattr +h' feature to enable private directories which means if the user doesn't match the user/group/flag glob then they can't even see the directory at all.

For SSL use 'Require_Encrypted_Auth' and 'Require_Encrypted_Data' options in the .ini file to control that per-service.

11-18-2011, 09:38 PM
Yil Too much time... Join Date: May 2005 Posts: 1,194	g.loth: I really hate the lack of documentation myself. Given time I can do a pretty good job of it, but it's not something I do quickly so it tends to not get done. On the plus side I have implemented 'site help' and documented every interactive built-in command with a description and examples as well as the commands for nxTools and ioNinja. This doesn't help much with configuring the server, but it sure is better than what was available when I picked the project up (though nxHelp wasn't bad). Here's a list of things to check after you get through the trivial stuff in the README file and 'site help'. Speaking of 'site help', if you have an ANSI color enabled client like FlashFXP use the 'site color' feature because the online help looks MUCH nicer when arguments, other commands, etc are in different colors. If you use FlashFXP grab one of the ioFTPD custom commands from the board here. There are a couple of good ones out there, and an "official" really cool version should be available when v8 comes out or shortly thereafter. Don't forget the Changelog. This is the definitive guide to how things really work. I document every change, new feature, etc in this file and often include examples and/or reasons. It's not all in one place as changes happen over time, but search the file from the top for the keyword your interested in. Check out the /docs folder. There's a Site-cmds.txt file that looks like the output of 'site help' for every build-in command so searching that can help you locate the command or arguments you need to do what you want. The Forum. There's lots of useful stuff here over the years so try searching it, and if that fails just ask... Read the .ini file all the way through. You would be surprised at how many features the server really has and what can be customized. It will also introduce you to a number of things you should be aware of. Regarding your 2 questions. You want to "classify" or "group" users so they can have different rights. There are two general ways to do that. If you are dealing with a handful of users on a small server you can use user flags. Just avoid the 1, M, L, etc ones reserved by the system (v8 will make this much cooler and easier). If you have a lot of different groups of users or if the groups that a user belongs to should limit/allow directory access use traditional groups created via 'site grpadd'. Place users into one or more of those groups via 'site chgrp' and then set directory permissions via 'site chown' and 'site chmod'. I suggest you examine the idea behind new-user group defaults. Check out 'site help /Defaults'. In conjunction with 'site gadduser' you can setup each group of users to have different numbers of logins, default user-flags, additional groups to join, you name it. It's very useful and powerful. In either case you will want to examine the VFS section of the .ini file to grant/deny the ability to upload, download, etc. I do NOT recommend using a lot of rules in the VFS section, but it makes sense to deny some users the right to delete files they don't own. Traditionally the 3 user flag is used for users who can upload and any user account without that can only download. So just define the global rules there and control access to directories by filesystem permissions. The "group owner" of a directory grants access if the user is a member of that group. Since users can be members of lots of groups this should handle most cases if you just remove the +r flag via 'site chmod' for "other" like UNIX filesystems would do. [As a side note: the +x bit currently does nothing. +r controls both look/enter] If you really need to hide things (and not just deny access) from some groups don't use custom etc/group.vfs files. That will work fine but if you ever need to edit the .vfs file you'll have to apply the change to all the .vfs files and that sucks and is error prone. Instead, I suggest you use the 'site chattr +h' feature to enable private directories which means if the user doesn't match the user/group/flag glob then they can't even see the directory at all. For SSL use 'Require_Encrypted_Auth' and 'Require_Encrypted_Data' options in the .ini file to control that per-service.