RE: how to disable plain ftp when server is configured with explicit ftp
This is how I do it - I have the server listening on both an internal and
external interface and check that download attempts on the external one are
secure before allowing it. The internal interface is plain FTP:
public FtpletResult onDownloadStart(FtpSession session, FtpRequest request)
throws FtpException, IOException {
if (isExternalInterface(session) && !
isSecureConnection(session)) {
//security issue, either the control or data port is
unsecure
LOG.error("About to start a download, but either the
control or data connection is unsecure. Download aborted.");
writeMessage(session,
FtpReply.REPLY_550_REQUESTED_ACTION_NOT_TAKEN, "Session is not secure. Issue
PROT P command first.");
return FtpletResult.SKIP;
}
private boolean isSecureConnection(FtpSession session) {
return (session.isSecure() &&
session.getDataConnection().isSecure());
}
Best Regards,
Gary Bell
RE: Restricting hidden files to upload
Sorry, didn't read the OP properly. I would agree with John. I do something similar in my code.
RE: Custom welcome message
Hi Faseela, it looks like Filezilla is hiding the response string returned from ftpserver unless an error occurs (in which case it shows the full log in the log window). On filezilla 3.14.1, I got it to show the custom response message all the time by setting the debug level in the preferences to "2 - Info". Not sure if this is an option for you?
RE: Custom welcome message
Hi, I just tried that out and it worked form me on FtpServer-1.1.0. This is
what I did:
0. Downloaded the latest FtpServer zip file and extracted it.
1. Created a new folder called \res\messages
2. Added a new file called FtpStatus.gen
3. Added my custom message for login like so:
220=JESTER ready for connection. WARNING! All activity on this site is
monitored and tracked. Authorised personnel only.
4. Edited the res\conf\ftpd-typical.xml file to add the following element under
the tag:
5. Started ftpserver under a cmd shell, passing in the config file to use:
Bin\ftpd.bat \res\conf\ftpd-typical.xml
6. Connected to it using ftp client built into Windows 7 via the command prompt
on port 2121
Observed that the 220 greeting showed my new message.
In production, I actually set the custome messages using a message factory when
I am setting up the ftp server instance.
-- cut
FtpServerFactory factory = new FtpServerFactory();
//Customised server messages (optional)
String customMessageFile =
config.getPropertyAsString("server.customMessages");
if ( customMessageFile != null) {
LOG.debug("Custom message resource specified: " +
customMessageFile);
File f = new File(customMessageFile);
if (f.exists()) {
LOG.debug("Message file exists, configuring.");
MessageResourceFactory messageFactory = new
MessageResourceFactory();
messageFactory.setCustomMessageDirectory(f);
factory.setMessageResource(messageFactory.createMessageResource());
} else {
LOG.error("Custom message bundle
\""+customMessageFile + "\" specified, but does not exist. Not loaded.");
}
}
cut ---
Best Regards,
Gary.
Gary Bell is on holiday
I will be out of the office starting 06/07/2012 and will not return until 23/07/2012. I will be on holiday for two weeks starting from next Monday the 9th of July. Please find below the Belfast RPST support arrangements during my absence and the shutdown next week. Please continue to Cc me on any emails though. Week starting Monday 9th July - Friday 13th July === - Reduced support available during normal Belfast office hours. - Release issues on Thursday Friday such as XFR failures may have to wait until the following Monday. - Please send any support requests to Charles Landreville (charles-edouard.landrevi...@aero.bombardier.com) Week starting Monday 16th July - Friday 20th July - Normal support available during normal Belfast office hours. - Please send any support requests to John Mitchell (john.mitch...@aero.bombardier.com) Best Regards, Gary Bell Belfast RPST lead
Gary Bell is out of the office on Company business
I will be out of the office starting 16/01/2012 and will not return until 20/01/2012. For CSeries release support, please contact John Mitchell on Belfast ext. 62457 // john.mitch...@aero.bombardier.com (please Cc me on any emails).
Gary Bell is out of the office on Company business
I will be out of the office starting 10/01/2012 and will not return until 16/01/2012. For CSeries release support, please contact John Mitchell on Belfast ext. 62457 // john.mitch...@aero.bombardier.com (please Cc me on any emails).
Re: Accessing Files from other users home folder?
We use symbolic links to link the same file to more than one user. So the file actually sits in /files/common/documents/test.txt and is symbolically linked into /home/userA and /home/userB. For the next version of our code we intend to implement a custom filesystem that will remove the need for unix symlinks to achieve the same result. Best Regards, Gary Bell Nilesh Apte nilesh.apte13@gm ail.com To ftpserver-users@mina.apache.org 15/12/2011 06:54 ftpserver-users@mina.apache.org cc Please respond to Subject ftpserver-users@m Accessing Files from other users ina.apache.org home folder? Hi: Can a ftp user access a file from other ftp users' home directory (or sub directory)? For example, 1. UserA has his home directory as /home/UserA 2. UserB has his home directory as /home/UserB 3. UserA has a file at following folder location, */home/UserA/documents/test.txt* 4. When UserB connect to apache ftp server, he will see / (which maps to /home/UserB) as his root directory. 5. Can UserB issue *GET /home/UserA/documents/test.txt* to retrieve the file? I tried running ftp server stand alone in 5 minutes link, and this seems to be not supported out of the box. I get 550 ... : No such file or directory error. What is the recommended/best way to share files between various ftp users? Thanks, Nilesh.
RE: How to limit file upload and download to a set of directories.
I have something sort of similar in my code. I only allow uploads to a
specific directory which for me is a well-defined name. Hope this helps:
- cut ---
public FtpletResult beforeCommand(FtpSession session, FtpRequest request)
throws FtpException, IOException {
String cmd = request.getCommand().toUpperCase();
User user = session.getUser();
if (cmd.equals(STOR) || cmd.equals(STOU) || cmd.equals(
APPE)) {
if (! isUploadDirectory(user,request.getArgument()) {
LOG.debug(Attempt to upload files to non-shared
upload area. Command will be aborted.);
writeMessage(session,FtpReply.
REPLY_550_REQUESTED_ACTION_NOT_TAKEN,Read-only; + cmd + not permitted
by administrator.);
return FtpletResult.SKIP;
}
}
}
cut -
Best Regards,
Gary
Re: FtpServer hitting its limit?
There is a good article on the time_wait state of sockets at http://www.developerweb.net/forum/showthread.php?t=2941 which mentions the SO_LINGER settings: ...Because of these potential problems with TIME_WAIT assassinations, one should not avoid the TIME_WAIT state by setting the SO_LINGER option to send an RST instead of the normal TCP connection termination (FIN/ACK/FIN/ACK). The TIME_WAIT state is there for a reason; it's your friend and it's there to help you :-) Might be of some help. Best Regards, Gary
Re: Stability and reliability issues
I have seen similar ocurrences to the cannot connect to server incident mentioned. For us, this was caused by the ftpserver _sometimes_ picking a (passive) port that our firewall was not allowing through from the client. I changed the passive port range setting in ftpserver to match the firewall port range and it has worked ok since. I guess it therefore follows you could also get this if you have set up a port range and you run out of ports momentarily under heavy demand. This can also happen with clients such as filezilla that can open many ports at once to transfer files. I have also seen the max logins reached error as well for a user account that was just set up and therefore could not have reached any limit. Since this was the first occurrence in many months of continuous operation, I just restarted the server and everything was OK. I might peer more closely into the source code now. Best Regards, Gary Bell
