config.h.noac

wu-ftpd类unix下的ftp服务器,可用于嵌入式系统

/****************************************************************************  
 
  Copyright (c) 1999,2000,2001 WU-FTPD Development Group.  
  All rights reserved.
  
  Portions Copyright (c) 1980, 1985, 1988, 1989, 1990, 1991, 1993, 1994
    The Regents of the University of California.
  Portions Copyright (c) 1993, 1994 Washington University in Saint Louis.
  Portions Copyright (c) 1996, 1998 Berkeley Software Design, Inc.
  Portions Copyright (c) 1989 Massachusetts Institute of Technology.
  Portions Copyright (c) 1998 Sendmail, Inc.
  Portions Copyright (c) 1983, 1995, 1996, 1997 Eric P.  Allman.
  Portions Copyright (c) 1997 by Stan Barber.
  Portions Copyright (c) 1997 by Kent Landfield.
  Portions Copyright (c) 1991, 1992, 1993, 1994, 1995, 1996, 1997
    Free Software Foundation, Inc.  
 
  Use and distribution of this software and its source code are governed 
  by the terms and conditions of the WU-FTPD Software License ("LICENSE").
 
  If you did not receive a copy of the license, it may be obtained online
  at http://www.wu-ftpd.org/license.html.
 
  $Id: config.h.noac,v 1.13.2.1 2001/11/29 17:10:58 wuftpd Exp $
 
****************************************************************************/

/* 
 * Top level config file... you'll probably not need to modify any of this.
 * $Id: config.h.noac,v 1.13.2.1 2001/11/29 17:10:58 wuftpd Exp $
 * In the future, a lot more definable features will be here (and this
 * will all make sense...)
 */

/*
 * allow "upload" keyword in ftpaccess
 */

#define UPLOAD

/*
 * allow "overwrite" keyword in ftpaccess.
 */

#define OVERWRITE

/*
 * allow "allow/deny" for individual users.
 */

#define HOST_ACCESS

/*
 * log failed login attempts
 */

#define LOG_FAILED

/*
 * log login attempts that fail because of class connection
 * limits.  Busy servers may want to prevent this logging
 * since it can fill up the log file and put a high load on
 * syslog.
 */
#define LOG_TOOMANY

/*
 * allow use of private file.  (for site group and site gpass)
 * NO_PRIVATE
 * Define this if you don't want to use the private authentication databases.
 */

#undef NO_PRIVATE

/*
 * Try once more on failed DNS lookups (to allow far away connections 
 * which might resolve slowly)
 */

#define	DNS_TRYAGAIN

/*
 * ANON_ONLY 
 * Permit only anonymous logins... disables all other type
 * See FIXES-2.4-HOBBIT for more information on this option.
 */

#undef ANON_ONLY

/*
 * PARANOID
 * Disable "questionable" functions
 * See FIXES-2.4-HOBBIT for more information on this option.
 */

#undef PARANOID

/*
 * SKEY
 * Add SKEY support -- REQUIRES SKEY libraries
 * See FIXES-2.4-HOBBIT for more information on this option.
 */

#undef SKEY

/*
 * OPIE
 * One-time Passwords In Everything (OPIE)
 * Add OPIE support -- REQUIRES OPIE libraries
 */

#if !defined (LINUX)		/* Linux autodetects OPIE */
#undef OPIE
#endif

/*
 * ALTERNATE_CD
 * Causes "cd ~" to return the chroot-relative directory instead of the
 * real directory.
 */
#define ALTERNATE_CD

/*
 * UNRESTRICTED_CHMOD
 * If defined, any valid value for the mode will be accepted.
 * Otherwise, only values between 0 and 777 are accepted.
 */
#undef UNRESTRICTED_CHMOD

/*
 * USE_RFC931
 * Define this if you want to use RFC 931 'authentication' - this improves
 * the logging at the cost of a possible slight delay in connection.
 */
#undef USE_RFC931

/*
 * BUFFER_SIZE
 * You can specify the buffer size for binary transfers; the defaults
 * are often far too small for efficiency.
 */
#undef BUFFER_SIZE

/*
 * If you want to specify the syslog facility, you should modify CFLAGS in
 * the appropriate src/makefile/Makefile.*.
 */

/* If you want to set the paths where the configuration files, pids and logs
 * are stored, you should inspect src/pathnames.h and modify the appropriate
 * src/config/config.*.
 */

/*
 * DAEMON
 * If ftpd called with -D then run as a standalone daemon listing on the
 * ftp port.   This can speed up ftpd response as all ftpd then needs to
 * do is fork off a copy to handle an incoming request.  Under inetd 
 * a new copy has to be opened and exec'd.
 */
#define DAEMON

/*
 * MAX_BACKLOG
 * Only used in DAEMON mode.
 * This is second parameter to listen.  It defines the number of incoming
 * processes to allow to backlog, prior to being accept() processing them,
 * before rejecting.
 */
#define MAX_BACKLOG 100

/*
 * MAPPING_CHDIR
 * Keep track of the path the user has chdir'd into and respond with
 * that to pwd commands.  This is to avoid having the absolue disk
 * path returned.  This helps avoid returning dirs like '.1/fred'
 * when lots of disks make up the ftp area.
 */

#define MAPPING_CHDIR

/*
 * THROUGHPUT
 * Keep track of total throughput for the user and limit if required.
 */

#define THROUGHPUT

/*
 * TRANSFER_COUNT
 * Keep track of total bytes for statistics.
 */

#define TRANSFER_COUNT

/*
 * TRANSFER_LIMIT
 * Limit file and bytes transferred in a session.
 */

#ifdef TRANSFER_COUNT
#define TRANSFER_LIMIT
#else
#undef TRANSFER_LIMIT
#endif

/*
 * NO_SUCKING_NEWLINES
 * Don't suppress some extra blank lines on messages and banners.
 */

#undef NO_SUCKING_NEWLINES

/*
 * HELP_CRACKERS
 * Define this to help crackers break into your system by letting them
 * figure out which user names exist to guess passwords on.
 */

#undef HELP_CRACKERS

/*
 * VERBOSE_ERROR_LOGING
 * Log all problems with USER and PASS as well as all rejected commands
 * and denied uploads/downloads.
 */

#define VERBOSE_ERROR_LOGING

/*
 * IGNORE_NOOP
 * Undefine this to let NOOP reset the idle timeout.
 */

#define IGNORE_NOOP

/*
 * XFERLOG_REALPATH
 * Define this to log the real path rather than the chroot-relative path for
 * files named in the xferlog.
 */

#define XFERLOG_REALPATH

/*
 * CLOSED_VIRTUAL_SERVER
 * Undefine this to allow real and non-owner guests to log in on a virutal server's address.
 */
#define CLOSED_VIRTUAL_SERVER

/*
 * NO_DNS
 * Define this to skip DNS lookups.  If the remote host name is needed, the
 * daemon uses the IP numbers instead.  'deny !nameserved' will always be
 * true (denying access) if this patch is enabled.
 *
 * This option is intended soley for very busy FTP sites where the added
 * security of DNS lookups is overshadowed by the speed and resource penalties.
 *
 * Disabling DNS lookups removes all protections against spoofing, making
 * remote user authentication virtually useless.  This option should only be
 * used on anonymous FTP servers.
 *
 * If you're not *absolutely sure* you need this, don't enable it.
 */
#undef NO_DNS

/*
 * Some people don't like PASV and want to disable it.  Whatever.
 * PORT can be abused to attack other hosts.  Let's give the option to
 * disable one or the other.  We'll ignore DISABLE_PASV if you defined
 * DISABLE_PORT (hey, you gotta have at least one!).
 */
#undef DISABLE_PORT
#undef DISABLE_PASV

/*
 * Define this to suppress messages about PID locks causing the daemon to
 * sleep.  This should only be needed at busy sites.
 */
#undef NO_PID_SLEEP_MSGS

/*
 * Define this to require the remove end of a PASV connection to have the
 * same IP as the control connection.  This limits, but does not eliminate,
 * the risk of PASV port race stealing the connection.  It also is non-RFC
 * compliant, so it may cause problems for some client sites.
 */
#define FIGHT_PASV_PORT_RACE

/*
 * Define this to completely disable anonymous FTP access.
 */
#undef NO_ANONYMOUS_ACCESS

/*
 * Define this to have an ls command compiled into the daemon. That way you
 * don't need to put statically linked ls's into every chroot directory.
 * Note this feature is still experimental.
 */
#undef INTERNAL_LS

/*
 * Define this if you want the internal ls to display UIDs/GIDs rather than
 * user/group names. This is faster, but doesn't look as nice.
 */
#undef LS_NUMERIC_UIDS

/*
 * Define this if you want to hide setuid bits in the internal ls
 * this might be a good idea for security.
 */
#define HIDE_SETUID

/*
 * Undefine this if you don't want the enhanced DNS (resolver) features;
 * or if you cannot find libresolv on your system.
 */
#define HAVE_LIBRESOLV

/*
 * Undefine this if you don't want to have the possibility to e-mail the
 * administrator on anonymous uploads
 */
#define MAIL_ADMIN

/*
 * Define this to support broken clients.
 *
 * At this time the following clients are known to be effected:
 *
 * mirror, patch available
 *
 * all clients using the W3C libwww; this includes Lynx, CERN, Squid and
 * Midnight Commander.  No patches available.  The WU-FTPD Development
 * Group recommends against using these clients for FTP transfer until
 * updates are made available.
 *
 * WARNING: You should make all attempts to have the clients updated.  This
 * option reverts the daemon back to the original (broken) method of
 * closing a STREAM-mode FILE-type transmission (server-to-client).  With
 * this option enabled DATA LOSS CAN OCCUR on ALL clients.  The server
 * cannot reliably determine if the transfer has completed and will proceed
 * as if it had.
 *
 *                          ***** DISCLAIMER *****
 *
 * IF YOU ENABLE THIS FEATURE, YOU SHOULD ENSURE YOUR USERS ARE AWARE ANY
 * FILE DOWNLOADED FROM YOUR SERVER MAY BE MISSING INFORMATION FROM THE END
 * OF THE FILE.
 *
 * This option may not appear in future versions of the daemon.
 */
#undef SUPPORT_BROKEN_CLIENTS

/*
 * Define this to re-enable SITE NEWER.
 *
 * The SITE NEWER feature is the only function using the ftw() and/or
 * treewalk() functions.  Since not all systems include one of these functions,
 * the daemon has (since version 1.0) included the BSD NET-2 version in the
 * support directory.
 *
 * Unfortunately, the BSD NET-2 ftw()/treewalk() functions are not acceptable
 * for use in a production environment.  They leak memory and can overrun
 * buffers.  Rather than try to fix the functions, which would require a
 * complete rewrite, the SITE NEWER feature has been disabled.
 *
 * The intention of SITE NEWER was to enable mirrors to quickly determine which
 * files have changed since the last run.  Since most mirror packages wish to
 * work with all daemons (not just wu-ftpd), and since SITE NEWER is a wu-ftpd
 * only feature, they don't use the feature.  Therefore there seems little
 * reason to continue to support it.
 *
 *                          ***** DISCLAIMER *****
 *
 * RE-ENABLING THIS FEATURE MAKES IT EASY TO CAUSE YOUR SERVER TO GROW UNTIL IT
 * CONSUMES ALL AVAILABLE MEMORY.
 */
#undef SITE_NEWER

/*
 * Define this to revert the NLST command to showing directories.
 *
 * This will cause mget to have errors when it attempts to RETR the
 * directory name (which is not a RETRievable object) but will revert
 * the NLST command enough to quell complains from Solaris command-
 * line FTP client users.
 */
#undef NLST_SHOWS_DIRS