0145-0147.html

来自「linux-unix130.linux.and.unix.ebooks130 l」· HTML 代码 · 共 482 行

<HTML>
<HEAD>
<TITLE>Developer.com - Online Reference Library - 0672311739:RED HAT LINUX 2ND EDITION:FTP</TITLE>
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<SCRIPT>
<!--
function displayWindow(url, width, height) {
        var Win = window.open(url,"displayWindow",'width=' + width +
',height=' + height + ',resizable=1,scrollbars=yes');
}
//-->
</SCRIPT>
</HEAD>

 -->


<!-- ISBN=0672311739 //-->
<!-- TITLE=RED HAT LINUX 2ND EDITION //-->
<!-- AUTHOR=DAVID PITTS ET AL //-->
<!-- PUBLISHER=MACMILLAN //-->
<!-- IMPRINT=SAMS PUBLISHING //-->
<!-- PUBLICATION DATE=1998 //-->
<!-- CHAPTER=08 //-->
<!-- PAGES=0131-0152 //-->
<!-- UNASSIGNED1 //-->
<!-- UNASSIGNED2 //-->




<P><CENTER>
<a href="0142-0144.html">Previous</A> | <a href="../ewtoc.html">Table of Contents</A> | <a href="0148-0150.html">Next</A>
</CENTER></P>

<A NAME="PAGENUM-145"><P>Page 145</P></A>


<HR>
<TABLE WIDTH="360">

<TR><TD>
Option
</TD><TD>
Description
</TD><TD>


<TR><TD>
%s
</TD><TD>
The time the system will shut down
</TD></TR>

<TR><TD>
%r
</TD><TD>
The time when new connections will be denied
</TD></TR>

<TR><TD>
%d
</TD><TD>
The time current connections will be dropped
</TD></TR>
</TABLE>




<H4><A NAME="ch08_ 28">


Controlling Permissions
</A></H4>




<P>Along with controlling logins and maintaining logs, you will need to keep the permissions
of the files placed in the archive under tight control. The following commands will allow you
to specify what permissions should be set under certain conditions.
</P>




<H5><A NAME="ch08_ 29">
chmod
</A></H5>




<P>The chmod command determines whether a client has the permission to change permissions
on the server's files using the client's chmod command. The format of this command is
</P>


<!-- CODE SNIP //-->
<PRE>
chmod &lt;switch&gt; &lt;typelist&gt;
</PRE>
<!-- END CODE SNIP //-->





<P>where &lt;switch&gt; is either YES to turn on the feature or
NO to turn off the feature. &lt;typelist&gt; is the comma-separated list of user types affected by this command. The user types available
are anonymous, guest, and real.
</P>




<H5><A NAME="ch08_ 30">
delete
</A></H5>




<P>The delete command tells the server whether client connections can delete files that are
residing on the server via FTP. The format of the command is
</P>


<!-- CODE SNIP //-->
<PRE>
delete &lt;switch&gt; &lt;typelist&gt;
</PRE>
<!-- END CODE SNIP //-->





<P>where &lt;switch&gt; is either YES to turn on the feature or
NO to turn off the feature. &lt;typelist&gt; is the comma-separated list of user types affected by this command. The user types available
are anonymous, guest, and real.
</P>




<H5><A NAME="ch08_ 31">
overwrite
</A></H5>




<P>To control whether FTP clients can upload files and replace existing files on the server, you
use the overwrite command. The format of this command is
</P>


<!-- CODE SNIP //-->
<PRE>
overwrite &lt;switch&gt; &lt;typelist&gt;
</PRE>
<!-- END CODE SNIP //-->





<P>where &lt;switch&gt; is either YES to turn on the feature or
NO to turn off the feature. &lt;typelist&gt; is the comma-separated list of user types affected by this command. The user types available
are anonymous, guest, and real.
</P>




<H5><A NAME="ch08_ 32">
rename
</A></H5>




<P>Client FTP software has the option of sending a
rename request to the server to rename files. The
rename command determines whether this request is acceptable. The format of this
command is
</P>


<!-- CODE SNIP //-->
<PRE>
rename &lt;switch&gt; &lt;typelist&gt;
</PRE>
<!-- END CODE SNIP //-->


<A NAME="PAGENUM-146"><P>Page 146</P></A>






<P>where &lt;switch&gt; is either YES to turn on the feature or
NO to turn off the feature. &lt;typelist&gt; is the comma-separated list of user types affected by this command. The user types available
are anonymous, guest, and real.
</P>




<H5><A NAME="ch08_ 33">
umask
</A></H5>




<P>The umask command determines whether clients can change their default permissions in a
similar fashion as the umask shell command. The format of the
umask command is
</P>


<!-- CODE SNIP //-->
<PRE>
umask &lt;switch&gt; &lt;typelist&gt;
</PRE>
<!-- END CODE SNIP //-->





<P>where &lt;switch&gt; is either YES to turn on the feature or
NO to turn off the feature. &lt;typelist&gt; is the comma-separated list of user types affected by this command. The user types available
are anonymous, guest, and real.
</P>




<H5><A NAME="ch08_ 34">
passwd-check
</A></H5>




<P>Providing a valid e-mail address as your password is considered good manners when
you're connecting to an anonymous FTP site. The
passwd-check command lets you determine how strict you want to be with what string is submitted as an anonymous user's e-mail address.
The format of the command is
</P>


<!-- CODE SNIP //-->
<PRE>passwd-check &lt;strictness&gt; &lt;enforcement&gt;
</PRE>
<!-- END CODE SNIP //-->





<P>where &lt;strictness&gt; is one of three possible strings:
none, trivial, or rfc822. &lt;enforcement&gt; is one of two possible strings:
warn or enforce.
</P>




<P>Selecting none for &lt;strictness&gt; will perform no check at all for the password.
trivial is slightly more demanding by requiring that at least an
@ (at) symbol appear in the password. rfc822 is the most strict, requiring that the e-mail address comply with the RFC 822 &quot;Message
Header Standard&quot; (for example,
sshah@domain.com).
</P>




<P>Using warn as the &lt;enforcement&gt; warns the users if they fail to comply with the strictness
requirement but allows them to connect with your server anyway.
enforce, on the other hand, denies the users connections until they use acceptable passwords.
</P>




<H5><A NAME="ch08_ 35">
path-filter
</A></H5>




<P>If you allow users to upload files to your server via FTP, you might want to dictate what 
are acceptable filenames. (For example, control characters in filenames are not acceptable.) 
You can enforce this restriction by using the
path-filter command. The format of this
command is
</P>


<!-- CODE SNIP //-->
<PRE>
path-filter &lt;typelist&gt; &lt;mesg&gt;
&lt;allowed-regexp&gt; &lt;denied-regexp&gt;
</PRE>
<!-- END CODE SNIP //-->





<P>where &lt;typelist&gt; is a comma-separated list of users this command affects; the user types
available are anonymous, guest, and real.
&lt;mesg&gt; is the filename of the message that should be
displayed if the file does not meet this criteria.
&lt;allowed-regexp&gt; is the regular expression that
the filename must meet to be allowed in.
&lt;denied-regexp&gt; is the regular expression that, if
met, causes the file to be explicitly denied;
&lt;denied-regexp&gt; is an optional parameter.
</P>

<A NAME="PAGENUM-147"><P>Page 147</P></A>






<P>For example, the line
</P>


<!-- CODE SNIP //-->
<PRE>
path-filter anonymous,guest /ftp/.badfilename UL* gif$
</PRE>
<!-- END CODE SNIP //-->





<P>displays the file /ftp/.badfilename to anonymous or guest users if they upload a file that
doesn't begin with the string UL or that ends with the string
gif.
</P>




<H5><A NAME="ch08_ 36">
upload
</A></H5>




<P>You can use the upload command, along with
path-filter, to control files placed onto your server. The
upload command specifies what permissions the client has to place files in
certain directories as well as what permissions the files will take on after they are placed there.
The format of this command is
</P>


<!-- CODE SNIP //-->
<PRE>
upload &lt;directory&gt; &lt;dirglob&gt;
&lt;switch&gt; &lt;owner&gt; &lt;group&gt;
&lt;mode&gt; &lt;mkdir&gt;
</PRE>
<!-- END CODE SNIP //-->





<P>where &lt;directory&gt; is the directory that is affected by this command,
&lt;dirglob&gt; is the regular expression used to determine whether a subdirectory under
&lt;directory&gt; is a valid place to make an upload, and
&lt;switch&gt; is either YES or NO, thereby establishing either an upload can or
cannot occur there. The &lt;owner&gt;,
&lt;group&gt;, and &lt;mode&gt; parameters establish the file's owner,
group, and permissions after the file is placed on the server. Finally, you can specify the
&lt;mkdir&gt; option as either dirs or nodirs, which allows the client to able to create or not create
subdirectories under the specified directory.
</P>




<P>Here is a sample entry:
</P>


<!-- CODE SNIP //-->
<PRE>
upload /home/ftp * no
upload /home/ftp /incoming yes ftp ftp 0400 nodirs
</PRE>
<!-- END CODE SNIP //-->





<P>This example specifies that the only location a file can be placed is in the
/home/ftp/incoming directory (/incoming to the anonymous client). After the file is placed in this directory, its
owner becomes ftp, group ftp, and the permission is
0400. The nodirs option at the end of the second line doesn't allow the anonymous client to create subdirectories under
/incoming.
</P>




<CENTER>
<TABLE BGCOLOR="#FFFF99">
<TR><TD><B>
TIP
</B></TD></TR>
<TR><TD>
<BLOCKQUOTE>
Setting uploads to read-only is a good idea so that the
/incoming directory doesn't become a trading ground for questionable material&#151;for example, illegal software.
</BLOCKQUOTE></TD></TR>
</TABLE></CENTER>
<H4>
Converting Files On-the-Fly&#151;The
/etc/ftpconversions File
</H4>




<P>The format of the /etc/ftpconversions file is
</P>


<!-- CODE SNIP //-->
<PRE>
&lt;1&gt;:&lt;2&gt;:&lt;3&gt;:&lt;4&gt;:&lt;5&gt;:&lt;6&gt;:&lt;7&gt;:&lt;8&gt;
</PRE>
<!-- END CODE SNIP //-->





<P>where &lt;1&gt; is the strip prefix, &lt;2&gt; is strip postfix,
&lt;3&gt; is an add-on prefix, &lt;4&gt; is an add-on
postfix, &lt;5&gt; is the external command to invoke to perform the conversion,
&lt;6&gt; is the type of file, &lt;7&gt; is the option information used for logging, and
&lt;8&gt; is a description of the action.
</P>

<P><CENTER>
<a href="0142-0144.html">Previous</A> | <a href="../ewtoc.html">Table of Contents</A> | <a href="0148-0150.html">Next</A>
</CENTER></P>




</td>
</tr>
</table>
<!-- begin footer information -->



</body></html>