FTP SERV-U FTP-Server Daemon for WinSock Version 1.00 Made by Rob Beckers Cat Soft 4 February 1995 DISCLAIMER ========== I know, it's not the nicest way to start off. So let's just get this part over with, OK?! The FTP server program Serv-U and its documentation are copyright of Rob Beckers. It is distributed as shareware, giving you the right to try it for a period of 30 days. If you intend to use Serv-U after the initial try-out period, you are obliged to pay the registration fee. The next paragraph is a beautiful piece of prose. In just two sentences it says it all. Alas, unfortunately it is necessary, so please bear with me. This software is provided by the regents and contributors 'as is' and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall the regents or contributors be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of such damage. CONTENTS ======== Introduction 1 1. Making It Work - Installation 3 1.1 Installation 3 1.2 De-installation 3 2. The Grand Tour - Menus 4 2.1 The File Menu 4 2.2 The Edit Menu 4 2.3 The Setup Menu 4 2.4 The Help Menu 9 2.5 The Logfile and Screen 9 3. The Inner Workings 11 3.1 Serv-U Internals 11 3.2. The SERV-U.INI File 11 4. Getting In Touch - Bugs & Registration 16 4.1 Reporting Bugs 16 4.2 Registering Serv-U 16 Registration Form Serv-U 18 INTRODUCTION ============ Thank you for giving this program a try! With FTP Serv-U your PC will be turned into a FTP server. This means that others on the computer network that you are connected to can access your PC to copy, move, make, and delete files and directories, using the FTP protocol (FTP = File Transfer Protocol). This protocol dictates standard ways of communicating between computers, so that many different types of computers, using different operating systems and file formats, can exchange information. FTP Serv-U is a 'server' program and/or daemon. The term daemon comes from the ancient Greek mythology. There, the Daemons were half-gods, acting as messengers between the people on earth and the gods. This FTP server acts, likewise, as a messenger for file transfer between FTP clients and your computer. Once started it sits in the background waiting for a client to contact it and after communications are established, acting out the client's commands. There are FTP servers (and clients) for many different systems. This particular program is meant for PC's running MS-Windows that have a WinSock version 1.1 compatible TCP/IP stack installed. Why use this program and not one of the many other FTP servers that are available? For this I have to take you back in time a little, to about a year ago. I needed a FTP server to make some files available to others and tried out a number of server programs. One simply didn't work. Another would work, but as soon as someone started transferring a file from my PC it would lock up the whole machine until the transfer was complete. And then there was one that worked fine, but lacked all but the most basic security. So, after endless frustration I decided to write my own, figuring it couldn't be that hard. As usual things got a bit out of hand, but a year and over 10000 lines of C++ later you're looking at the result! So what has this FTP server to offer? * Access for multiple clients at the same time. Access for 'Anonymous' users. With the possibility to limit the number of clients at any given time, so your PC remains workable. * Lots of security! On a directory and even file basis. Allowing different settings for each user, and by putting users into 'groups' permitting easy maintenance for large numbers of users. There's even an option to allow or prohibit clients on the basis of their IP-number. Ideal if you want to let certain people roam around your computer, but you don't want the whole world knocking at your door (that is to say: they can knock, but they won't get in). * A quite complete implementation, and very strict adherence to the FTP standard (found in document RFC 959). Supports the 'passive' command PASV. This is needed by WWW-browsers that use proxy agents for FTP transfer (something required when there is a 'firewall'). Another feature is that 'Anonymous' users always see the root directory ('\') as their login directory. This, again, is needed by some WWW- browsers to make FTP transfers work. * Easy to setup and maintain. Everything is accessible through menus, and for automated maintenance the settings are stored in an .INI file of simple format. * It is fast! The file transfer speed you'll get will be very close to the maximum your TCP/IP stack is capable of (well, assuming your FTP client is at least as fast of course). * A very cute icon! * Compared to the commercial implementations, Serv-U is dirt cheap! If you didn't register this program, then you're looking at the try-out version of Serv-U. This version is fully functional, there is absolutely no difference with the registered version. But (yes, there had to be a 'but') after a little over 30 days it will stop to work. Counting starts the first time you run the program. I warn you beforehand: re-installing it will not help you! Before I forget it: Thanks, Lars, for testing Serv-U, thanks, Kyle, the best bug buster of all, and thanks, Brad, for turning my attempt at English into the real thing. And, Alun, I hope I didn't shock you too much by bringing this program out. You can't say I didn't warn you though . . . OK, enough sales talk. Let's continue with the actual documentation. First thing will be how to install Serv-U to get you in business. 1. MAKING IT WORK - INSTALLATION ================================ You're eager to get things going, but a little afraid of what lies ahead. Never fear, it couldn't be simpler. So let's get started! 1.1 INSTALLATION Nothing more simple than to install Serv-U: just unzip it in the directory of your choice and run it. There is no need to change your 'PATH' or put anything in other directories. Serv-U comes with the following files: SERV-U.EXE - The FTP-server executable itself SERV-U.DOC - The documentation in MS-Word format SERV-U.TXT - The documentation in ASCII format README.TXT - Something you have to read BWCC.DLL - The Borland Custom Control library that creates the 3D-look REGISTER.TXT - A registration form in ASCII format When Serv-U is started for the first time, it creates the file: SERV-U.INI - File containing all settings and user information The only finer point you might want to pay attention to is whether or not you already have the file BWCC.DLL in your Windows directory. If so, you can delete the one in the Serv- U directory, but make sure it is the same version (compare the sizes)! When you run Serv-U for the first time there will be no users and access will be restricted. To change this go through the 'Setup' menu items and put in your heart's desires. I advise you to take a look at the next chapter, explaining the various menus, since the security setup is simple but not totally intuitive (sorry for that, but. . .). For network use with a single executable shared between many users that need their own settings, the program looks for the existence of an environment variable with the name SERV- U. If this variable exists, it should be set to the path for SERV-U.INI. The program will then use this instead of the default program directory. 1.2 DE-INSTALLATION It is hard to imagine why, but if for some reason some day you want to get rid of Serv-U then that is just as easy as was installing it. Just delete the whole directory where you put it, and that's it! Serv-U does not change any system files and does not place any files in other directories. 2. THE GRAND TOUR - MENUS ========================= The menus and associated dialog boxes have been designed to be as simple as I could make them while still providing the needed features and flexibility. The next paragraphs take you on a grand tour through all of them. I highly recommend you to take a closer look at the part about setting up users and security under 'Setup - Users/Groups'. 2.1 THE FILE MENU The 'Logging' option can be checked to enable logging of FTP events to a file. If unchecked, logging will be to screen only. This option is only available if a logfile has been specified under the 'Setup - FTP-Server' menu choice. Changing logging through the 'File - Logging' menu will only affect the current session. The changes are not saved and the next time you start Serv-U logging will again be as specified in 'Setup - FTP-Server'. The other option is 'Exit', guess what that does . . . 2.2 THE EDIT MENU You'll find only one option here: 'Copy'. This copies selected text from the Serv-U logscreen to the clipboard. 2.3 THE SETUP MENU This is where the fun starts. Almost everything concerning the functioning of Serv-U can be set through the 'Setup' menu. There are two exceptions: First, if you insist on allowing access for a user without a password, and, second, if you want to make the Serv-U program invisible; meaning it will not show up in the list of the task manager. In both cases you'll have to edit the SERV-U.INI file directly. For more information on how to do this, take a look at the 'Internals' chapter. The dialog boxes where you can fill in your settings have not been made totally bullet proof. It is entirely possible to enter nonsense in certain items and the program will accept it (like path names that don't exist, etc.). Of course, things might not work exactly as you're expecting them to, but it should not cause the program to crash. The bottom line is that it is your responsibility to provide settings that make sense. Now, let's continue with the 'Setup' menu choices and associated dialog boxes. The 'Setup - FTP-Server' option ------------------------------- This menu choice will lead you to a dialog box containing matters directly related to the workings of the FTP server itself. The first item is 'FTP port number'. This is the (You guessed it!) port number that the server will listen on for incoming FTP clients. The default is number 21, but you're free to fill in anything you want, provided it does not conflict with other network programs. Of course, the rest of the world expects a FTP server to listen on port 21, but changing to another number is one great way of insuring that only you and some selected friends will know about your server. One fun choice is to set this to port number 23 and then use a telnet program to 'telnet' to your own PC. The next item is the 'Maximum number of users'. With this you set the maximum number of simultaneous users at any given moment. Setting it to 0 will not allow anyone to enter, leaving it blank will allow an unlimited number, or, more precisely, until the PC runs out of network sockets. If you need your PC for regular work as well as being a FTP server, it is probably wise to set a maximum so normal operations will not be slowed down too much by clients. Likewise, 'Maximum number of anonymous' limits the number of 'Anonymous' users at any given moment. If 'Maximum number of users' is specified, then this will limit the total number of users, both regular and anonymous, even if 'Maximum number of anonymous' is set to a larger number. If you would like to leave your PC wide open for the rest of the world you can uncheck the 'Enable security' checkbox. But beware: DISABLING SECURITY WILL ALLOW ANYBODY ON THE NETWORK TO DELETE/CHANGE/COPY EVERYTHING ON YOUR PC!!! The only reason I put this option in is to make it easy for people that have their own local network and don't want to mess with users and passwords. By default this option is, of course, checked. The next two items deal with logging. The first one, 'Enable logging to file' switches writing to a logfile on or off. The second item, 'Logfile' is meant for entering the path and file name of a file to write all the log messages to. Of course, logging will only work when a valid logfile name is entered. Log messages will always be shown on screen, regardless of these settings. The last item in this dialog box is 'Registration code'. If you decide to register this program, I will provide you with a registration code. This is a combination of 14 characters and it should be entered exactly as provided. Uppercase and lowercase should be preserved and beware of points and commas, as they can be part of the code. Once a registration code is entered Serv-U will continue to work after the initial 30 day trial period. The 'Setup - IP-Access' option ------------------------------ This dialog box provides the means to restrict access to your FTP server to certain IP-numbers. If for example, you work at a university and only want your faculty members to be able to access the server, then this is a great way to do it. In the upper left corner of the dialog box you can choose which type of rules you want to specify: 'Deny' or 'Allow' rules. The deny rules decide who should be kept out, the allow rules indicate who should be welcomed. THE ORDER OF THE RULES IS IMPORTANT! When a client contacts the server, the deny rules are looked at FROM TOP TO BOTTOM. If no matching rule is found, the allow rules are evaluated, again from top to bottom. The first matching rule applies, and evaluation is stopped. If there are no IP-access rules everybody can enter the FTP server. As soon as there is one rule, only those clients that pass the rule check are allowed to enter. You can type in a new rule in the 'Rule' edit and then use the 'Add' button to add the rule to the list. The 'Remove' button will remove the currently selected rule from the list. To change the order of the rules you have to select one by clicking the mouse on it, and then use the 'Up' and 'Down' buttons to move it around. Rules are nothing more than IP-numbers or ranges of IP- numbers. There are two special characters: the star '*' and the hyphen '-'. A star functions as a wildcard for checking the number. Any number will match that section of the rule if it is a star. The hyphen is used to denote a range of numbers. Simply separate the starting and ending values by a hyphen. For example, say all IP-numbers in your company look like 134.56.34.xxx with 'xxx' being any number. Now, you want to restrict access to your FTP server to other members of your company only. The way to do it is to create an 'Allow' rule that looks like this: 134.56.34.* That's simple, isn't it! Likewise, if you know that the competition has IP-numbers in the range 168.76.xxx.xxx, you can keep them out of your server with the 'Deny' rule: 168.76.*.* Now, you need to share some of your files with a few collegues, and management in your company is too cheap to install a local network. You find out that their PC's have IP-numbers 134.56.34.128, 134.56.34.129 and 134.56.34.130. You could of course make three 'Allow' rules, each with one of these numbers. A faster way to do this is to make a single rule like this: 134.56.34.128-130 The special characters '*' and '-' don't need to be at the end of the IP-numbers, any place will do. The rule 221.*.76- 154.89 is perfectly OK. I wouldn't know when you'd need this, but, hey, the world is a strange place! Remember, order is important and deny rules are always evaluated before the allow rules. Experiment a bit, and you'll get the hang of it. The 'Setup - Signon/Signoff' option ----------------------------------- Your FTP-server can display a welcome message every time a user connects to it. This can be very useful to provide users with information about your FTP server, like where to find games, or 'Serious Software'. Likewise, you might want to say good-bye to them when they leave, or remind them to send that check . . . The way to do this is by entering a text in the 'Signon/Signoff' dialog box. There are a few special characters that you can enter in your signon/signoff text which get expanded while being sent to a client. These are: %t - gets expanded to the current time on your PC %d - gets expanded to the current date on your PC %u - turns into the current number of Serv-U users logged in So, you could use the following signon text: Welcome, it is %t on %d, and you are user number %u I'm sure you'll figure out by yourself what this will look like to the user . . . If you have ideas for other useful special characters, let me know about it! The 'Setup - Users' option -------------------------- Unless you switched off all security, you are going to have to set up users. And, you guessed it, this is the place to do so! Upon choosing this option a dialog box is presented to you. It contains a list of all known users. To change the settings for a certain user, just click on the name and click 'Edit' (or just double-click on the name). Now, if you just started this server for the first time there will be no names, short of Divine Intervention. Never mind, just go ahead and click 'Edit'. You'll be presented with an empty dialog box containing entries for everything you always wanted to set for a user. The next thing is important, so pay attention: You can fill in or change any name in the 'User name' field. If this name does not exist it will be added to the list of users. If this name exists, the settings for this user will be changed to the ones in the dialog box. So, if you double-clicked on user 'James' and then go on to set his password to Qlightbulb' and you change the user name to another of your users, 'Tanya', then Tanya is going to be mighty upset when she tries to enter your FTP server! James will of course have to remember his old password, since nothing changed for him. This way of dealing with users might strike you as somewhat strange. The advantage of it is that you can take an existing user and, by making only the few needed changes turn it into a new user. Now let's take a closer look at the various fields in the 'Edit User' dialog box. I've dealt with the 'User name' field, so this brings us to 'Group name'. Every user can be part of a group. The convenience in making users part of a group is that you can leave common settings for all users of a particular group blank and just fill them out in the 'Edit Group' dialog box. This goes for all settings, including password, home directory and path access rules. To overrule a certain group setting, simply provide one for the user. For example, you're the Pentagon system administrator and want to create FTP access for everybody in case they are on field trips. So, you hook up this old PC to the net, install Serv-U and register it (hypothetical situation). Then you proceed to create a group 'StarWars'. Now you go on to set the password for this group, 'RonaldR', and their home directory (all their files are shared anyway), 'y:\super\secret\starwars'. You fill in some access path rules as well, and you're all set: The only thing left is entering the user names, you don't have to provide any other information per user. A 10 minute job. Now there's an occasional guest user, 'BillyC'. You don't want him to get into certain directories, so you make him a member of the group but specify those directories in his access path rules with 'no access', and you're all done. We did get ahead of ourselves in the discussion of the various fields, so let me back up a bit. The 'Password' field shows stars ('*****') when entering a password. Don't worry, this is only to protect you from prying eyes. Also if you're editing an existing user who has a password, nothing will be shown here, but the password is still there. To keep the existing password for a user: don't edit this field! The passwords are stored encrypted using UNIX 'crypt'. This algorithm works like a sausage machine: you put in a pig on one side and turn the crank, out comes the sausage. But, pushing in the sausage while turning the crank backwards will not get you a pig! It is quite secure, I wouldn't know of a way to get the plain text password back (the NSA might though). The 'Home directory' field is for the user's home directory (to kick in an open door). This is the place where he or she is put immediately after logging in. Each user needs a home directory, without one the server will not permit logging in. Of course, if a user is part of a group, and this group has a home directory you don't have to specify one here. You might want to, if this user needs a different one from the rest of the group. This brings us to the last part of this dialog box, the 'File/Directory access' rule list. This list contains a number of paths with access information coupled to each path. Access to the PC is only allowed according to these paths and their access information. No access paths, no access! So, there is one path you might always want to be in the list: the user's home directory. When a user executes a FTP command concerning files or directories, the user's path list is checked to see if the command should be allowed to proceed. The list is evaluated FROM TOP TO BOTTOM! SO THE ORDER OF THE PATH ACCESS RULES IS IMPORTANT!!! There are five different types of access information that can be set for each path. The first is 'Read' access, this allows files to be copied from the PC using the FTP 'get' command. Next is 'Write' access, allowing files to be copied to the PC using 'put', but not changed, deleted, or renamed. Third is 'Delete' access, allowing the user to change files, rename, or delete them. Having 'Delete' access automatically includes write access. The last two items deal with directories. 'Create' access lets the user create new directories at this path. 'Delete' lets the user delete directories. To make a directory listing any one of these rights is sufficient for a path. If none of the rights have been granted for a certain path, then the user has no access what-so-ever to this path. The rights of a certain path are valid not only for the path itself, but also for all subdirectories of it. If you don't want this to happen for a certain subdirectory you have to specify this directory with the desired rights before its parent in the list of paths. Since one example can say more than a thousand words, or something along these lines, let's work through a typical situation. Assume you want to setup an 'Anonymous' FTP site. This needs a directory tree with all the goodies the users might want, for which they need read access. You also need an upload directory where users can upload new goodies, but you don't want others to be able to immediately get their fingers on it, since you want to check for viruses first. So, this directory needs write but no read access. We decide to put everything on the big network drive, 'Y:', under the 'ANONFTP' directory. We also create the 'UPLOAD' directory here for uploads. In Serv-U we would create the user 'Anonymous' with the following access path rules (and in this order): Y:\ANONFTP\UPLOAD - write rights Y:\ANONFTP - read rights Reversing the rules will not work: If a user would write to the upload directory the security mechanism will check against Y:\ANONFTP and conclude that UPLOAD is a subdir, so the rule applies, and the rule grants only read access. If the drive letter is left out of a path, it applies for all drives. So, a fast way to get full access to all files on all drives is: \ - read, write, delete, create dir and delete dir rights Now, the same mechanism that determines access to directories also applies to files. It is possible to grant access to specific files on a per-file basis. Lets take the previous example about the anonymous FTP server. We want to put a file 'SECRET' in the ANONFTP directory, but nobody is allowed to read it of course. So, our access paths list would look like this: Y:\ANONFTP\SECRET - no rights Y:\ANONFTP\UPLOAD - write rights Y:\ANONFTP - read rights Again, the order of the paths is important! The directory access rights do not have any meaning for files. The buttons speak for themselves, so I'll not waste any bytes on them. There are two special user names, although in setting them up they are dealt with exactly the same as any other user. These are the user names 'Anonymous' and 'ALL'. We already came across 'Anonymous', it allows users to log in without a password. The FTP server asks for their E-mail address instead and logs this. The 'Password' section in the 'Setup Users' dialog box is ignored for this user name. If an anonymous user logs in, he will not see the whole file structure. To him everything will appear to be relative to the home directory. So, to abuse our previous example yet another time: After logging in he will be put in Y:\ANONFTP, but if he asks for the current path the server will answer '\'. All actions concerning files will, also, be relative to his home directory. The reason for making it this way is that certain World Wide Web browsers that log into an anonymous FTP server will execute a 'change directory' to '\' immediately thereafter. They get mighty confused if this is refused, so by making their home directory '\' this is avoided. The other special user name is 'ALL'. Now where does this tie in? Well, every action requiring security clearance (checking a password during login, reading, writing, etc.) is first checked against the settings for the particular user. If no appropriate setting is found there, and the user belongs to some group, the group settings are checked. If still no corresponding setting is found, the user 'ALL' is consulted (if it exists). So 'ALL' works as a blanket for all users, providing the most common settings. Of course, this also provides a potentially big security hole, so be careful! The 'Setup - Groups' option ---------------------------- Choosing this presents you with exactly the same dialog box as the 'Setup - Users' section. The only difference is that you cannot fill in a user name. Everything works the same way too, so I'll let you figure it out. Of course, you're not dealing with users here but with group names. 2.4 THE HELP MENU This menu choice is still a bit underdeveloped, it has only the 'About' item. This does however present you with a very beautiful 'about' box, thus more than making up for the lack in other areas. 2.5 THE LOGFILE AND SCREEN Although they are strictly speaking not part of the menus, this is a convenient place to discuss the format of the logfile and screen messages. Messages are always logged to the Serv-U window, regardless of the logfile settings. There is no difference between the messages on screen and the ones in the logfile, although some things are only shown on screen. The latter are server and program related matters, like version number, server going on/off-line etc. Log messages always have the same layout. The reason for using such a strict format is to make it easier to search for specific messages or certain types of messages. The format is as shown below, in stylized form: [n] DATE TIME - (xxxx) MESSAGE The first number, 'n', indicates the type of message that is being logged. Currently there are five different categories: 1 - system messages (problems etc.) 2 - FTP commands (not used yet) 3 - GET file transfers 4 - PUT file transfers 5 - security related events (users logging in etc.) The second number, 'xxxx', is a unique ID assigned to a client the moment the connection is made. All further messages concerning that client will use the same number. Again, this was done to make it easy to find back events using the 'search' facilities of every editor. 3. THE INNER WORKINGS ===================== Before I go on to describe the settings of the SERV-U.INI file I want to spend a few words describing how Serv-U was made and how it goes about its job. 3.1 SERV-U INTERNALS The program was made using Borland C++ version 3.1. To check for shaky pointers and catch all those resource leaks the program Bounds Checker version 2.1 from Nu-Mega was used. I think no serious Windows programmer should be without the latter, much recommended! This whole project started about a year ago after much disappointment with the existing FTP servers for WinSock. In its current version it consists of just a little over 10000 lines of C++ code, divided into 16 C++ classes. The whole program was constructed from scratch, not using any existing FTP server code, and is tailored to MS-Windows and WinSock's. Internally, everything is very much compartmentalized, using a different class for different partial tasks. There is a WinSock class library, providing hi-level access to WinSockets and hiding all the nasty parts of dealing with them. It uses 100% asynchronous WinSock functions (also called 'non-blocking' functions) thus avoiding problems with multiple active sockets for a single task and re-entry (let me know if you're interested in this class library, I'm thinking of selling it in souce code format). There is a FTP- manager class, taking care of listening for clients, and setting up instances of the FTP-command interpreter class when this happens. The latter does the actual interpretation of the FTP commands, talking to the security class for clearance and the WinSock class for communications. Then there are some utility-like classes, like those dealing with setup and logging. By having all these compartments that handle very well defined tasks I hope to be able to easily extend this FTP server and fix those (hopefully few) remaining bugs quickly! 3.2 THE SERV-U.INI FILE All the settings, for the server, users, and groups are stored in a single file in text format. This file is normally named SERV-U.INI. Unless this is otherwise indicated, something I'll get to in a moment, the Serv-U program looks for this file in the program directory. To indicated that SERV-U.INI should be found in another directory, an environment variable SERV-U should be set to the desired path. This can be useful for network installations that use a single copy of the program but need separate .INI files. To go over all the items that can appear in SERV-U.INI I will show you an invented setup file: [GLOBAL] Security=TRUE PortNr=23 MaxNrUsers=5 MaxNrAnonymous=3 Invisible=TRUE Logfile=c:\serv-u\logfile.txt Logging=YES Authorization=JK2S%FgdfsdEvG Window=100,100,400,300 [SIGNONOFF] SignOn1="Welcome to Robby's FTP-Server!" SignOn2="It is %t local time on %d and you are user nr. %u" SignOff1="Thanks for logging in!" SignOff2="Hope to see you again soon . . ." [IP-ACCESS] Bounce1=132.68.175.201 Bounce2=223.*.*.* Allow1=132.68.176.53 Allow2=132.68.175.* Allow3=101.43.23.30-40 [USER=Rob] HomeDir=c:\ Password=RdfgSff$#Ffr@#d Group=System Access1=\,RWDCM [USER=Anonymous] HomeDir=d:\anonftp Access1=d:\anonftp\upload,W Access2=d:\anonftp,R [USER=ALL] HomeDir=y:\ Access1=y:\,R [GROUP=SYSTEM] Access1=c:\system,RWDCM Access2=d:\,RWDCM Access3=y:\novell,RWD All but three of these settings can be changed and set interactively through the 'Setup' menus. The exceptions are the entries for 'Invisible' and 'Window', and if you desire a user to really have no password the entry 'Password=' has to be set manually for that user. The following paragraphs will describe each section and entry in more detail. [GLOBAL] All the settings related to the Serv-U program itself, i.e. the functioning of the FTP server and system functions, are found in the '[Global]' section. If security should not be enforced, the 'Security' entry can be set to FALSE or 0. Doing so will leave the FTP server wide open to everybody!!! Default value for 'Security' is TRUE. The 'PortNr' entry determines the IP port that the server will listen on. Default value is 21. To limit the maximum number of simultaneous users the 'MaxNrUsers' entry should be set to the desired number. No entry or a negative number results in no maximum, only the number of available sockets will limit the number of users in that case. Similarly, the 'MaxNrAnonymous' entry limits the maximum number of 'Anonymous' users. The value put here is only meaningful if it is smaller than that of the 'MaxNrUsers' entry. For system managers that don't want their users to mess around with the server settings, it is possible to make Serv- U invisible by setting the 'Invisible' entry to TRUE, 1 or YES and put the Serv-U program in the 'startup' group. When this is done the server will not show up in the task manager list. One consequence is that there is no way to stop the program short of exiting Windows. Default is NO for this entry. The 'LogFile' entry should specify a full path and name for a logfile if logging is desired. There is no default logfile. To actually switch logging on and off the 'Logging' entry can be set to ON or TRUE, or OFF or FALSE. Switching logging ON will only work if a logfile is specified. By default 'Logging' is set to ON. The 'Authorization' entry is used for entering the registration code. You get this code after registration. Default it has no value and for evaluation of the program it should be left blank. The last entry is 'Window' and this is set by Serv-U every time the program is stopped. It contains the last position and size of the program window, in the format 'top,left,width,height' [SIGNONOFF] This section contains the messages that are displayed after a user contacts the FTP server and just before he disconnects. Every line has a separate entry with a number at the end, denoting the order. The signon message is put in 'SignOnxx' entries (with xx the line number), and the signoff message is put in 'SignOffxx'. There are three special character combinations recognized by Serv-U and they are expanded to their actual values when a user logs on or off. These are: %t = current time %d = current date %u = current number of users that are logged in A tip: Keep the number of lines and the their length limited. Most FTP clients will mess up lines over 80 characters, and since a FTP reply code is tagged to the beginning of these lines before they are sent, it is wise to keep them to less then 75 characters. [IP-ACCESS] This section determines which client IP-numbers will be allowed access to Serv-U. There are two kinds of rules: Those that refuse access in the form of 'Bounce' entries, and those that grant access using 'Allow' entries. If this section doesn't exist, or no entries are found then all clients are allowed to contact the server. The reverse is also true, if there is even a single entry ('Bounce' or 'Allow') then only those clients will be allowed to contact the server that pass the rule. All entries are numbered ('Allow1', 'Allow2' etc.) and they are evaluated according to their number from first to last. Numbers should be consecutive. The 'Bounce' rules are evaluated before the 'Allow' rules. The IP-number of the client is matched section by section to each rule until a match is found. If the matching rule is one of the 'Bounce' ones, the client is disconnected. Is it an 'Allow' rule then he can proceed. The rules can be exact IP-numbers, or contain special characters. There are two of those: * = wildcard, match any number - = denotes a range A quick example: The rule '132.*.76.48-89' will allow entry to clients with an IP-address starting with 132, the second section can be anything (0..255), the third must be 76 and the last section should be between 48 and 89 (limits included). [USER='Name'] The information about a user is stored in this section, 'Name' stands for the user's name. Each user has a separate section. It contains items like information needed to authenticate a user during login, and rules determining what this user is allowed to access. The Serv-U program will first check this section for a regular user. If no applicable information is found and the user is a member of a group, the group is addressed for the same information. If the result of this is still undetermined, the special user name 'ALL' is searched. Now to the entries that can be found in this section. The identity of a user is verified by comparing his password, after encryption, with the one in the 'Password' entry. The UNIX 'crypt()' command is used to code the passwords. This makes it possible to extract users with their password from the PASSWD file of a UNIX system, the same passwords should work on both systems. Unfortunately, there is not a single standard for password encryption on UNIX systems these days. Serv-U uses the most common scheme, but this might not work for your system. If the password matches the home directory of the user is taken from the 'HomeDir' entry. This should always be a full path name, including drive letter! To make a user a member of a certain group, the 'Group' entry can be used. All information needed and not found in the user's section; password, home dir and file/directory access, are then looked for in the group's section. Information about file and directory access for a user is stored in the 'Access' entries. Each of these is numbered, and access information is checked in order: first comparing it to the first rule, then the second, etc. The numbering must be consecutive. Access rules start with a path or file name. These paths are usually full names, including drive letter. If the drive letter is missing, they apply to all drives. Also, access rules apply not only to the exact path, but to all subdirectories as well. If different settings are needed for a subdirectory, than a rule with that directory should appear before its parent, i.e. with a lesser number. The path in an access rule is followed by a comma and the access information itself. This can be a combination of up to five different characters: R = read access to files W = write access to files M = modify access to files (implies write access) C = right to create subdirectories D = right to delete subdirectories It is entirely possible to have no access information at all (only a path). This means that the user will not have any access to that path. For a user to be able to list the files in a directory he needs at least one of these five rights, any will do. Another thing to realize is that write access to a file does not imply read access! Then finally, the path in an access rule does not have to point to a directory. It is also possible to specify a filename. Of course, the 'C' and 'D' rights will not have any meaning then. There are two special user names: 'Anonymous' and 'ALL'. If there is an user 'Anonymous', it will be possible to log into the server without a password. Instead, Serv-U will ask for the users E-mail address and log this. Most of the regular entries apply for 'Anonymous' as well, except 'Password' and 'Group', these are ignored. In fact, for anonymous users the sections for groups and 'ALL' are never searched. The user 'ALL' is searched if no appropriate rule is found in a user's or his group's entry. It can contain any of the regular entries. [GROUP='Name'] These sections contain the group info. The entries here are exactly the same as those for a user, except that the 'Group' entry has no meaning of course. 4. GETTING IN TOUCH - BUGS & REGISTRATION ========================================= I'd love to hear from you! Not only for bugs, but also if you have ideas, questions, or remarks. Please drop me a line! The fastest and easiest way to do so is by E-mail. My address is: RJB@eel-mail.mc.Duke.edu Regular mail should work as well, but might take a bit longer. My address for this is: Rob Beckers 1911 Erwin Road, Apt. I Durham, NC 27705 U.S.A. 4.1 REPORTING BUGS Nothing in this world is perfect, least of all me! Alas, chances are that despite careful testing you'll still find a bug. Please don't think others will report it, let me know! There are a few things I need to know in order to improve chances of fixing the beasty, so take note of the following: * Most important: Can you get the same bug to appear by repeating certain actions! Please try hard, without a recipe for repeating a bug it's going to be very hard to track it down. * What TCP/IP and WinSock stack are you using? Brand/type and version number please. Also, what operating system (DOS version and Windows or Windows-For-Workgroups version x.xx)? Any memory manager (QEMM etc.), what version? * Please indicate also if this bug is merely cosmetic or of vital importance for using Serv-U. Somewhere in between is possible as well of course. By the way, I consider security related bugs very important! * Finally, please give me a chance to fix a bug, before you start to shout all over the Internet how bad this program is . . . 4.2 REGISTERING SERV-U If you're happy with the performance of Serv-U, then please make me happy and register this program! Just a few words for those who are in doubt: Making this program took me (very literally) several months of work, spread out over the last year. Your registration fee is going to motivate me to continue improving Serv-U. In general, registration is important for shareware programs: It makes it possible for you to use professional quality software for peanuts. Lastly, being a biomedical engineering graduate student I'm not exactly making lots of $$'s (to put it mildly). So, those 20 bucks for registration mean a lot to me! To register, please fill out the registration form below (There is a separate one in ASCII format in the file REGISTER.TXT.) and send it to me. Payment should be included with the registration form, except for Dutch customers, to which I'll get in a moment. The registration fee is $20 for each copy. Please contact me for site licenses, I promise I'll not shock you too much! The following forms of payment are accepted, in order of preference: * By check, drawn at an American bank. The check should be made out to Rob Beckers (Alas, Cat Soft only exists in the mind for now). * By Postal Money Order. As I understand it, you can buy these international money orders in most countries. Payment is in your own currency, but the money order should be made out for USD $20 and to Rob Beckers. * Cash, but only in US dollars and I give no guaranties about safe arrival! Please DO NOT send me other currencies, it would probably cost me much more to convert them to $$'s than it costs you. A trick I found useful for sending cash in envelopes: put the money in a folded sheet of paper so it doesn't shine through the envelope. This improves chances of arrival considerably. Now for the Dutch: Daar ik nog steeds een Nederlandse girorekening heb is het mogelijk op die wijze te betalen. De prijs bedraagt f. 35,-- per kopie. Dit dient overgemaakt te worden op girorekening 53.95.461 ten name van Rob Beckers, te Bunde. Vermeld s.v.p. 'Registratie Serv-U' zodat duidelijk is waarvoor betaald wordt. A.u.b. geen geld vanuit het buitenland overmaken! Van die 35 blijft zou dan heel weinig overblijven. Het registratieformulier gewoon naar de VS sturen (post of E- mail). Next, what do you get if you register? As soon as I get your registration I'll send you a registration code. This will enable you to use the program, even after the 30 day try-out period. Please let me know your E-mail address, so I can notify you fast. In case I have your E-mail address you'll also get notified when there are updates. Once registered you'll get those updates for free, that is: you can use the same registration code on the updates, but you'll have to get them yourself. Apart from all this you'll also get the nice, warm feeling of having contributed to improving my financial status! The next page is the registration form. Since the registration code is tied to the IP-number of the PC where you want to use Serv-U, it is imperative that you provide this! ************************************************************ ROB BECKERS 1911 Erwin Road, Apt I Durham, NC 27705 U.S.A. REGISTRATION FORM SERV-U ======================== NAME: ........................................... COMPANY NAME: ........................................... ADDRESS: ........................................... ........................................... ........................................... PHONE NUMBER: ........................................... E-MAIL ADDRESS: ........................................... (Internet only please) IP-NUMBER PC: ................. SLIP/PPP? ............... (one for each copy of Serv-U) (yes/no) ........................................... ........................................... Registration fee is $20 per copy. Send this order form along with your payment to: Rob Beckers, Erwin Road Apt. I, Durham NC 27705, USA. If you have any questions, comments or suggestions please contact Rob Beckers at the above address or e-mail RJB@eel-mail.mc.duke.edu. Site license prices are given on request. As this software is shareware it comes 'as is', there is no warranty implied or otherwise, nor is support provided. However, if you discover any bugs or problems please contact the developer at the above e-mail address.