iksd.txt

C-Kermit源码。是使用串口/Modem和网络通讯的程序

    initializaton file, according to its internal keyword flags.  If it
    begins with "-+", it is executed before the init file, regardless of the
    keyword flags.  There is no way to force an argument to be executed after
    the init file if it has the CM_PRE bit set (see table below).

 b. No spaces are allowed in the keyword.

 c. If an operand contains spaces, it (or the entire option) must be quoted
    according to the rules of the shell from which Kermit is invoked.

 d. Case doesn't matter in the option keyword (unlike with regular
    single-letter options).

 e. If an operand is required, it must be included.  If no operand is
    required, no operand must be included.

 f. The operand follows the keyword, separated by a colon (:) or equal
    sign (=).  There are no spaces between the separator and the keyword
    or operand.

 g. Long-form option names may be abbreviated according to the same rules as
    interactive keywords.

 h. On/Off operands can be On, Off, Yes, No, True, False, 0, 1, or OK (case
    of letters does not matter).

 i. Long-form options are available only when the interactive command parser
    is built-in (i.e. not NOICP).

The new long-form options are:

  Option        Values    Default      CM_PRE   Effect

  --anonymous   on/off    on             yes    anonymous login allowed
  --bannerfile  filename  (none)         no     greeting message
  -+cdfile      filelist  (see below)    no     CD message filename
  -+cdmessage   on/off    on             no     CD messages on/off
  -+cdmsg       on/off    on             no     synonym for cdmessage
  --help        (none)    (n/a/)         no     list available --options
  --helpfile    filename  (none)         no     custom text for HELP command
  --initfile    filename  /.kermrc       yes    Init file for anonymous users
  --nointerrupt (none)    (see below)    yes    Disables SIGINT and SIGTSTP
  --permissions octalnum  0040           yes    anonymous upload permissions
  --perms       octalnum  0040           yes    synonym for permissions
  --root        directory /pub/ftp       yes    root for anonymous users
  --syslog      number    3              yes    level of syslogging    
  --timeout     number    300            yes    time limit for login
  --userfile    filename  /etc/ftpusers  yes    forbidden local users list
  --wtmplog     on/off    on             yes    wtmp logging on/off
  --wtmpfile    filename  (see below)    yes    pathname of wtmp logfile
  --xferlog     on/off    off            yes    use an ftpd-logfile
  --xferfile    filename  (see below)    yes    pathname of ftpd-like logfile

Note: in all options that take a <filename>, EXCEPT --cdfile, relative
filenames or filenames that start with ~ are expanded to full pathnames.

In more detail:

--nointerrupts
  Disables keyboard interrupts that are normally ensabled.  In IKSD, when it
  is in interactive prompting state, commands can normally be interrupted
  with Ctrl-C.  Suspending (normally via Ctrl-Z) is always disabled in IKSD.

--help
  Lists the extended command-line options that are available in your version
  of C-Kermit.  If any options seem to be missing, that is because your
  copy of C-Kermit was built with compile-time options to deselect them.

--helpfile:<filename>
  Specifies the name of a file to be displayed if the user types HELP
  (not followed by a specific command or topic), in place of the built-in
  top-level help text.  The file need not fit on one screen; more-prompting
  is used if the file is more than one screen long if COMMAND MORE-PROMPTING
  is ON, as it is by default.

--anonymous:{on,off}
  Whether anonymous logins are allowed.  By default they are allowed, so
  this option need be included only to disallow them (or for clarity, to
  emphasize that they are allowed).  Anonymous login occurs when the username
  "anonymous" or "ftp" is given, with any password (as with ftpd).

--timeout:<number>
  This sets a limit (in seconds) on the amount of time the client has to log
  in once the connection is made.  If successful login does not occur within
  the given number of seconds, the connection is closed.  The default timeout
  is 300 seconds (5 minutes).  A value of 0 or less indicates there is to be
  no limit.

--bannerfile:<filename>
  The name of a file containing a message to be printed after the user logs
  in, in place of the normal message (Copyright notice, "Type HELP or ? for
  help", "Default transfer mode is...", etc).

--permissions:<octalnum>
  The permissions given to any file that is uploaded by an anonymous user.
  0040 is the default and recommended value.  The default permits only
  group-read access, and therefore prevents anonymous users from uploading
  files (e.g. pirated sofware) to be downloaded by other anonymous users.
  Synonym: --perms.

--initfile:<filename>
  The initialization file to be executed for anonymous logins.  By default
  it is /.kermrc, where "/" is the root of the chroot'd file system.  Any
  <filename> that you specify here must be specified in the notation of the
  the chroot'd file system.  This option is independent of the '-y' option
  (alternative init file), which applies only to real users.

--cdmessage:{on,off,0,1,2}
  For use in the Server-Side Server configuration; whenever the client 
  tells the server to change directory, the server sends the contents of a
  "read me" file to the client's screen.  This feature is On by default,
  and operates only in client/server mode when ON or 1.  If set to 2 or
  higher, it also operates when the CD command is given at the IKSD> prompt.
  Synonym: --cdmsg.

--cdfile:<filename> (or list)
  When cdmessage is on, this is the name of the "read me" file to be sent.
  Normally you would specify a relative (not absolute) name, since the file
  is opened using the literal name you specified, after changing to the new
  directory.  Example:
  
    --cdfile:READ.ME

  You can also give a list of up to 8 filenames by (a) enclosing each
  filename in braces, and (b) enclosing the entire list in braces.  Example:
  --cdfile:{{./.readme}{READ.ME}{aaareadme.txt}{README}{read-this-first}}
  When a list is given, it is searched from left to right and the first
  file found is displayed.  The default list for UNIX is:

    {{./.readme}{README.TXT}{READ.ME}}

--database:{on,off}
  Whether an active-sessions database should be kept.  On by default.
  If "on", but --dbfile is not specified, /var/log/iksd.db is used.
  *** NOTE: During the test phase, the directory is /tmp/ ***

--dbfile:<filename>
  Use this option to specify an iksd database file name.  If you include 
  this option, it implies --database:on.

--syslog:<number> or {on,off}
  Whether and what level of syslog entries should be made.  A level of 0
  (or "off" or "false" or "no") means no syslogging.  A level of "on" (or
  "yes" or "true") invokes the default syslogging level.  To choose a
  non-default level of syslogging, specify a number (see Section 4.2).

--wtmplog:{on,off}
  Whether wtmp log entries should be made.  On by default.  An entry is made
  when the user logs in and when the session is closed.  The "tty name" field
  is given as "iks_xxxx", where xxxx is the process ID (pid) of the IKSD.
  Thus IKSD session history can be monitored via "last | grep iks_".
  Anonymous logins are shown with a user ID of "ftp".

--wtmpfile:<filename>
  The default wtmp log file is /var/log/wtmp in Linux, and /usr/adm/wtmp
  elsewhere.  In case your system's wtmp log file does not match the default,
  use this option to specify the appropriate filename.

--userfile:<filename>
  This file contains a list of local usernames that are to be denied access
  to Internet Kermit Service.  The default is /etc/ftpusers.  This can be the
  same file that is used by wuftpd, and the syntax is the same: one username
  per line; lines starting with "#" are ignored.  Use this option to specify
  the name of a different forbidden-user file, or use --userfile:/dev/null
  to disable this feature in case there is a /etc/ftpusers file but you
  don't want to use it.

--xferlog:{on,off}
  Whether a wu-ftpd-like log should be kept.  Off by default.  If "on", but
  --xferfile is not specified, /var/log/iksd.log is used.  This log is
  explained in Section 4.3.

--xferfile:<filename>
  Use this option to specify an iksd log file name.  If you include this
  option, it implies --xferlog:on.

--database:{on,off}
  Whether an active-sessions database should be kept.  On by default.
  If "on", but --dbfile is not specified, /var/log/iksd.db is used.

--dbfile:<filename>
  Use this option to specify an iksd database file name.  If you include 
  this option, it implies --database:on.

Some of the traditional options have special significance in the IKS, e.g.:

-x (server mode).
  If this option is included on the IKSD command line, the Client Side Server
  configuration is disabled, and the user will not get a Username: or
  Password: prompt, and will not be able to access the IKSD command prompt.
  A FINISH command sent to the IKSD will log it out and close the
  connection, rather than returning it to its prompt.

-y filename
  Execute "filename" rather than the normal initialization file for real
  users; this option does not apply to anonymous users.

-Y (no init file)
  Do not execute an initialization file, even if a real user is logging in.

Examples:  

iksd -A
  Starts the Internet Kermit Server with all defaults in effect.  

iksd -A --syslog:5
  As above, but with the highest level of syslogging (section 4.2).

iksd -A --anonymous:off --cdfile:READ.ME
  Starts the IKSD with anonymous access forbidden and changes the name of
  CD message file from the default list to READ.ME.

iksd -A -x --anonym:no --cdf:READ.ME
  As above, but forces the IKSD to operate only in Kermit server mode,
  thus preventing user access to the IKSD command prompt.  Also illustrates
  abbreviation of long-form option keywords and use of "no" as a synonym
  for "off".

Bad syntax in an extended command-line option causes immediate termination
with the message "Extended option error", and an exit status code of 1.

Brief help about command line options may be obtained at the C-Kermit prompt
with "help options", and for extended options with "help extended-options".

You can prototype the IKSD command line by including any desired extended
options, but omitting the -A option, and then when you get the C-Kermit>
prompt, use "show extended-options" to check the parsing of the options you
have included.  Example:

$ kermit --anonymous:ok --root:/tmp --userfile:/etc/badusers
(/usr/olga/) C-Kermit>show extended-options
 --bannerfile=(null)
 --cdfile:./.readme
 --cdmessage:0
 --syslog:3
 --wtmplog:1
 --wtmpfile=(null)
 --anonymous:1
 --permission:0040
 --initfile:(null)
 --userfile:/etc/badusers
 --root:/tmp
 --xferlog=0
 --xferfile=(null)
 --timeout:300
(/usr/olga) C-Kermit>

Note that this only shows the values that were given as arguments to the
extended options, or their default values, if they have any, but it does
not show values that will be computed dynamically at runtime in the absence
of a command-line value.  For example, --wtmplog:1 and --wtmpfile:(null)
mean that an appropriate default will be supplied for the wtmp logfile name
at runtime.

Also note that SHOW EXTENDED-OPTIONS does not show the IKSD-specific options
when this command given at the IKSD prompt by the user.  Thus this command
is useful only as a prototyping tool.  (And as noted elsewhere, the IKSD
command-line argument vector is also inaccessible to the IKSD user via other
methods such as the \&@[] array.)

4.2. System Logging

System logging in UNIX is via the standard syslog() facility ("man syslog"
and/or "man syslogd" for further info).

All IKSD entries (except debugging, see below) appear in the daemon log, as
defined in the syslog.conf file with a tag of "iksd" and the process ID (pid)
of the IKSD process, and therefore can be extracted by grepping for "iksd".

The system logging levels are:

  0 = no logging
  1 = Login/out, failed login attempts, failed Kerberos (etc) authentication
  2 = Dialing out (does not apply to IKSD)
  3 = Making any kinds of connections (does not apply to IKSD)
  4 = Creating / receiving / deleting / renaming / copying files
  5 = Sending / typing / reading / transmitting files
  6 = All top-level commands and all server commands sent to iksd
  7 = Commands executed from macros and command files
  8 = Debug

Each level includes all the levels beneath it (except 0 is not included if
the logging level is greater than 0).

The default logging level is 5, and is used if the --syslog: option is not
included on the command line, or if is given with an affirmative keyword
(yes, true, on, ok) rather than a number.  If you specify a number higher than
the the maximum, it is the same as specifying the maximum.

Syslog entries are at LOG_INFO priority, except for refused logins, which 
are at LOG_NOTICE priority, and failed Telnet-level authentication (such as
Kerberos), which are at LOG_ERR priority.

Note that if C-Kermit is built with -DSYSLOGLEVEL=n (where n is a number) on
the cc command line, this turns on syslogging and hardwires it to the given
level for all users.  See ckuins.txt for further info.

WARNING: Debug level produces VOLUMINOUS amounts of information -- it is
equivalent to (in fact, it *is*) C-Kermit's debug log.  Furthermore, there is
a good possibility it will contain sensitive information such as clear-text
passwords.  Debug records are written to the syslog DEBUG facility, as defined
(or not defined) in syslog.conf.  If you use this level of logging, make sure
that the logfile defined for "daemon.debug" is secured from the public, and
that there is plenty of space for it.

ANOTHER WARNING: In some UNIX systems, syslogging does not work once a
chroot() has occurred, which is done by iksd just as it is by ftpd for
anonymous users, to restrict them to the /pub/ftp (or other desired) directory
tree.  At present, SunOS and Linux are known to have this deficiency and there
probably are many others.  THERE IS NO SYSLOGGING FOR ANONYMOUS USERS on these
systems.  The only way to log the activities of anonymous users on such
systems is to specify a transfer iksd log on the command line (Sections 4.1
and 4.3).

4.3. The Transfer Log File

The transfer log is disabled by default; it must be enabled on the command
line (Section 4.1).

The transfer log has the same format as the wu-ftpd log, and so all the same
scripts can be used to process it, collect statistics, etc.  In fact, you
can even have ftpd and iksd share the same log, in which case records will
be intermixed.

The Transfer log can also be used in regular user-mode C-Kermit sessions.

The first field is fixed-length and contains spaces; subsequent fields are
variable length, contain no spaces, and are separated by one or more spaces.
The fields are:

Timestamp
  This is an asctime-style timestamp, example: "Wed Sep 16 20:19:05 1998"
  It is always exactly 24 characters long, and the subfields are always in
  fixed positions.

Elapsed time
  The whole number of seconds required to transfer the file, as a string
  of decimal digits, e.g. "24".

Connection
  In IKSD, the IP hostname or address of the client.  For user-mode C-Kermit
  transfers, The name of the network host to which C-Kermit is connected, or
  the name of the serial device through which it has dialed (or has a direct
  connection), or "/dev/tty" for transfers in remote mode.

Bytes transferred
  The number of bytes transferred, decimal digits, e.g. "1537904".

Filename
  The full pathname of the file that was transferred, e.g.
  "/pub/ftp/kermit/a/README.TXT".  If the filename contains any spaces or
  control characters, each such character is replaced by an underscore ('_')
  character.

Mode
  The letter 'b' if the file was transferred in binary mode, or 'a'
  if it was transferred in text (ASCII) mode.

Options
  For compatibility with the wuftpd log.  This field always contains an
  underscore ('_') character.