1Net::FTPServer(3)     User Contributed Perl Documentation    Net::FTPServer(3)
2
3
4

NAME

6       Net::FTPServer - A secure, extensible and configurable Perl FTP server
7

SYNOPSIS

9         ftpd [--help] [-d] [-v] [-p port] [-s] [-S] [-V] [-C conf_file]
10              [-P pidfile] [-o option=value]
11

DESCRIPTION

13       "Net::FTPServer" is a secure, extensible and configurable FTP server
14       written in Perl.
15
16       Current features include:
17
18        * Authenticated FTP access.
19        * Anonymous FTP access.
20        * Complete implementation of current RFCs.
21        * ASCII or binary type file transfers.
22        * Active or passive mode file transfers.
23        * Run standalone or from inetd(8).
24        * Security features: chroot, resource limits, tainting,
25          protection against buffer overflows.
26        * IP-based and/or IP-less virtual hosts.
27        * Complete access control system.
28        * Anonymous read-only FTP personality.
29        * Virtual filesystem allows files to be served
30          from a database.
31        * Directory aliases and CDPATH support.
32        * Extensible command set.
33        * Generate archives on the fly.
34

INSTALLING AND RUNNING THE SERVER

36       A standard "ftpd.conf" file is supplied with the distribution.  Full
37       documentation for all the possible options which you may use in this
38       file is contained in this manual page. See the section CONFIGURATION
39       below.
40
41       After doing "make install", the standard "ftpd.conf" file should have
42       been installed in "/etc/ftpd.conf". You will probably need to edit this
43       file to suit your local configuration.
44
45       Also after doing "make install", several start-up scripts will have
46       been installed in "/usr/sbin/*ftpd.pl". (On Debian in "/usr/bin" or
47       "/usr/local/bin"). Each start-up script starts the server in a
48       different configuration: either as a full FTP server, or as an
49       anonymous-only read-only FTP server, etc.
50
51       The commonly used scripts are:
52
53        * /usr/sbin/ftpd.pl
54        * /usr/sbin/ro-ftpd.pl
55
56       The first script is for the full FTP server.
57
58       These scripts assume that the "perl" interpreter can be found on the
59       current $PATH. In the rare situation when this is not the case, you may
60       need to edit these scripts.
61
62   STANDALONE SERVER
63       If you have a high load site, you will want to run "Net::FTPServer" as
64       a standalone server. To start "Net::FTPServer" as a standalone server,
65       do:
66
67         /usr/sbin/ftpd.pl -S
68
69       You may want to add this to your local start-up files so that the
70       server starts automatically when you boot the machine.
71
72       To stop the server, do:
73
74         killall ftpd.pl
75
76       (Note: "Azazel" points out that the above is a Linux-ism. Solaris
77       administrators may get a nasty shock if they type "killall" as "root"!
78       Just kill the parent "ftpd.pl" process by hand instead).
79
80   RUNNING FROM INETD
81       Add the following line to "/etc/inetd.conf":
82
83         ftp stream tcp nowait root /usr/sbin/tcpd ftpd.pl
84
85       (This assumes that you have the "tcp-wrappers" package installed to
86       provide basic access control through "/etc/hosts.allow" and
87       "/etc/hosts.deny". This access control is in addition to any access
88       control which you may configure through "/etc/ftpd.conf".)
89
90       After editing this file you will need to inform "inetd":
91
92         killall -HUP inetd
93
94   RUNNING FROM XINETD
95       "xinetd" is a modern alternative to "inetd" which is supposedly simpler
96       to configure. In practice, however, it has proven to be quite difficult
97       to configure services under "xinetd" (mainly because "xinetd" gives no
98       diagnostic information when things go wrong). The following
99       configuration has worked for me:
100
101       Create the file "/etc/xinetd.d/net-ftpserver" containing:
102
103        # default: on
104        # description: Net::FTPServer, a secure, \
105        #              extensible, configurable FTP server.
106        #
107        service ftp
108        {
109               socket_type             = stream
110               wait                    = no
111               user                    = root
112               server                  = /usr/sbin/ftpd.pl
113               log_on_success          += DURATION USERID
114               log_on_failure          += USERID
115               disable                 = no
116        }
117
118       Check any other possible FTP server configurations to ensure they are
119       all disabled (ie. "disable = yes" in all other files).
120
121       Restart "xinetd" using:
122
123        /etc/init.d/xinetd restart
124

COMMAND LINE FLAGS

126         --help           Display help and exit
127         -d, -v           Enable debugging
128         -p PORT          Listen on port PORT instead of the default port
129         -s               Run in daemon mode (default: run from inetd)
130         -S               Run in background and in daemon mode
131         -V               Show version information and exit
132         -C CONF          Use CONF as configuration file (default:
133                          /etc/ftpd.conf)
134         -P PIDFILE       Save pid into PIDFILE (daemon mode only)
135         -o option=value  Override config file option with value
136         --test           Test mode (used only in automatic testing scripts)
137

CONFIGURING AND EXTENDING THE SERVER

139       "Net::FTPServer" can be configured and extended in a number of
140       different ways.
141
142       Firstly, almost all common server configuration can be carried out by
143       editing the configuration file "/etc/ftpd.conf".
144
145       Secondly, commands can be loaded into the server at run-time to provide
146       custom extensions to the common FTP command set.  These custom commands
147       are written in Perl.
148
149       Thirdly, one of several different supplied personalities can be chosen.
150       Personalities can be used to make deep changes to the FTP server: for
151       example, there is a supplied personality which allows the FTP server to
152       serve files from a relational database. By subclassing
153       "Net::FTPServer", "Net::FTPServer::DirHandle" and
154       "Net::FTPServer::FileHandle" you may also write your own personalities.
155
156       The next sections talk about each of these possibilities in turn.
157
158   CONFIGURATION
159       A standard "/etc/ftpd.conf" file is supplied with "Net::FTPServer" in
160       the distribution. The possible configuration options are listed in full
161       below.
162
163       Simple configuration options can also be given on the command line
164       using the "-o" option. Command line configuration options override
165       those from the configuration file.
166
167       <Include filename>
168           Use the <Include filename> directive to include the contents of
169           "filename" directly at the current point within the configuration
170           file.
171
172           You cannot use <Include> within a <Host> section, or at least you
173           can but it won't work the way you expect.
174
175       <IncludeWildcard wildcard>
176           Include all files matching "wildcard" at this point in the file.
177           The files are included in alphabetical order.
178
179           You cannot use <IncludeWildcard> within a <Host> section, or at
180           least you can but it won't work the way you expect.
181
182       debug
183           Run with debugging. Equivalent to the command line "-d" option.
184
185           Default: 0
186
187           Example: "debug: 1"
188
189       port
190           The TCP port number on which the FTP server listens when running in
191           daemon mode (see "daemon mode" option below).
192
193           Default: The standard ftp/tcp service port from "/etc/services"
194
195           Example: "port: 8021"
196
197       daemon mode
198           Run as a daemon. If set, the FTP server will open a listening
199           socket on its default port number, accept new connections and fork
200           off a new process to handle each connection. If not set (the
201           default), the FTP server will handle a single connection on
202           stdin/stdout, which is suitable for use from inetd.
203
204           The equivalent command line options are "-s" and "-S".
205
206           Default: 0
207
208           Example: "daemon mode: 1"
209
210       run in background
211           Run in the background. If set, the FTP server will fork into the
212           background before running.
213
214           The equivalent command line option is "-S".
215
216           Default: 0
217
218           Example: "run in background: 1"
219
220       error log
221           If set, then all warning and error messages are appended to this
222           file. If not set, warning and error messages get sent to STDERR and
223           to syslog.
224
225           Having an error log is highly recommended.
226
227           Default: (not set, warnings and errors go to syslog)
228
229           Example: "error log: /var/log/ftpd.errors"
230
231       rotate log files
232           If set, and if the log file names contain a '%' directive, then the
233           server will check if a new log file is needed whenever the system
234           accepts a new connection.  This implements a log rotation feature
235           for long-running servers.
236
237           If not set, then any '%' directive will be evaluated only when the
238           log files gets created.
239
240           Default: (not set, log file name evaluated only once)
241
242           Example: "rotate log files: 1"
243
244       maintainer email
245           Maintainer's email address.
246
247           Default: root@hostname
248
249           Example: "maintainer email: bob@example.com"
250
251       class
252           Assign users into classes. One or more "class" directives can be
253           added to the configuration file to aggregate individual users into
254           larger groups of users called classes.
255
256           By default all anonymous users are in class "anonymous" and every
257           other user is in class "users".
258
259           The configuration file can contain zero or more "class" directives.
260           The format of the class directive is either:
261
262            class: CLASSNAME USERNAME[,USERNAME[,...]]
263
264           or:
265
266            class: CLASSNAME { perl code ... }
267
268           Examples of the first form are:
269
270            class: staff rich
271            class: students ann,mary,pete
272
273           User "rich" will be placed into class "staff", and users "ann",
274           "mary" and "pete" will be placed into class "students".
275
276           Examples of the second form are:
277
278            class: family { /jones$/ }
279            class: friends { $_ ne "jeff" }
280
281           Any username ending in "jones" (eg. "rjones", "timjones") will be
282           in class "family". Any other user except "jeff" will be placed in
283           class "friends". Note that the Perl code must be surrounded by
284           "{...}" and must return a boolean true or false value. The username
285           is available as $_. The Perl code is arbitrary: it might, for
286           example, use an external file or database lookup in order to work
287           out if a user belongs to a class.
288
289           "class" directives are evaluated in the order in which they appear
290           in the configuration file until one matches the username.
291
292           Default: Anonymous users are assigned to class "anonymous" and
293           everyone else is assigned to class "users".
294
295       timeout
296           Timeout on control connection. If a command has not been received
297           after this many seconds, the server drops the connection. You may
298           set this to zero to disable timeouts completely (although this is
299           not recommended).
300
301           Default: 900 (seconds)
302
303           Example: "timeout: 600"
304
305       limit memory
306       limit nr processes
307       limit nr files
308           Resource limits. These limits are applied to each child process and
309           are important in avoiding denial of service (DoS) attacks against
310           the FTP server.
311
312            Resource         Default   Unit
313            limit memory       16384   KBytes  Amount of memory per child
314            limit nr processes    10   (none)  Number of processes
315            limit nr files        20   (none)  Number of open files
316
317           To instruct the server not to limit a particular resource, set the
318           limit to "-1".
319
320           Example:
321
322            limit memory:       32768
323            limit nr processes:    20
324            limit nr files:        40
325
326            limit nr processes:    -1
327
328       max clients
329           Limit on the number of clients who can simultaneously connect.  If
330           this limit is ever reached, new clients will immediately be closed.
331           It will not even ask the client to login.  This feature works in
332           daemon mode only.
333
334           Default: 255
335
336           Example: "max clients: 600"
337
338       max clients message
339           Message to display when ``max clients'' has been reached.
340
341           You may use the following % escape sequences within the message for
342           internal variables:
343
344            %x  ``max clients'' setting that has been reached
345            %E  maintainer email address (from ``maintainer email''
346                setting above)
347            %G  time in GMT
348            %R  remote hostname or IP address if ``resolve addresses''
349                is not set
350            %L  local hostname
351            %T  local time
352            %%  just an ordinary ``%''
353
354           Default: Maximum connections reached
355
356           Example: "max clients message: Only %x simultaneous connections
357           allowed.  Please try again later."
358
359       resolve addresses
360           Resolve addresses. If set, attempt to do a reverse lookup on client
361           addresses for logging purposes. If you set this then some clients
362           may experience long delays when they try to connect. Not
363           recommended on high load servers.
364
365           Default: 0
366
367           Example: "resolve addresses: 1"
368
369       require resolved addresses
370           Require resolved addresses. If set, client addresses must validly
371           resolve otherwise clients will not be able to connect. If you set
372           this then some clients will not be able to connect, even though it
373           is probably the fault of their ISP.
374
375           Default: 0
376
377           Example: "require resolved addresses: 1"
378
379       change process name
380           Change process name. If set (the default) then the FTP server will
381           change its process name to reflect the IP address or hostname of
382           the client. If not set then the FTP server will not try to change
383           its process name.
384
385           Default: 1
386
387           Example: "change process name: 0"
388
389       greeting type
390           Greeting type. The greeting is printed before the user has logged
391           in.  Possible greeting types are:
392
393               full     Full greeting, including hostname and version number.
394               brief    Hostname only.
395               terse    Nothing
396               text     Display greeting from ``greeting text'' option.
397
398           The SITE VERSION command can also reveal the version number. You
399           may need to turn this off by setting "allow site version command:
400           0" below.
401
402           Default: full
403
404           Example: "greeting type: text"
405
406       greeting text
407           Greeting text. If the "greeting type" is set to "text" then this
408           contains the text to display.
409
410           Default: none
411
412           Example: "greeting text: Hello. I'll be your server today."
413
414       welcome type
415           Welcome type. The welcome is printed after a user has logged in.
416           Possible welcome types are:
417
418               normal   Normal welcome message: ``Welcome <<username>>.''
419               text     Take the welcome message from ``welcome text'' option.
420               file     Take the welcome message from ``welcome file'' file.
421
422           Default: normal
423
424           Example: "welcome type: text"
425
426       welcome text
427           If "welcome type" is set to "text", then this contains the text to
428           be printed after a user has logged in.
429
430           You may use the following % escape sequences within the welcome
431           text to substitute for internal variables:
432
433            %E  maintainer's email address (from ``maintainer email''
434                setting above)
435            %G  time in GMT
436            %R  remote hostname or IP address if ``resolve addresses''
437                is not set
438            %L  local hostname
439            %m  user's home directory (see ``home directory'' below)
440            %T  local time
441            %U  username given when logging in
442            %u  currently a synonym for %U, but in future will be
443                determined from RFC931 authentication, like wu-ftpd
444            %%  just an ordinary ``%''
445
446           Default: none
447
448           Example: "welcome text: Welcome to this FTP server."
449
450       welcome file
451           If "welcome type" is set to "file", then this contains the file to
452           be printed after a user has logged in.
453
454           You may use any of the % escape sequences defined in "welcome text"
455           above.
456
457           Default: none
458
459           Example: "welcome file: /etc/motd"
460
461       home directory
462           Home directory. This is the home directory where we put the user
463           once they have logged in. This only applies to non-anonymous
464           logins. Anonymous logins are always placed in "/", which is at the
465           root of their chrooted environment.
466
467           You may use an absolute path here, or else one of the following
468           special forms:
469
470            %m   Use home directory from password file or from NSS.
471            %U   Username.
472            %%   A single % character.
473
474           For example, to force a user to start in "~/anon-ftp" when they log
475           in, set this to "%m/anon-ftp".
476
477           Note that setting the home directory does not perform a chroot.
478           Use the "root directory" setting below to jail users into a
479           particular directory.
480
481           Home directories are relative to the current root directory.
482
483           In the anonymous read-only (ro-ftpd) personality, set home
484           directory to "/" or else you will get a warning whenever a user
485           logs in.
486
487           Default: %m
488
489           Examples:
490
491            home directory: %m/anon-ftp
492            home directory: /
493
494       root directory
495           Root directory. Immediately after logging in, perform a chroot into
496           the named directory. This only applies to non-anonymous logins, and
497           furthermore it only applies if you have a non-database VFS
498           installed. Database VFSes typically cannot perform chroot (or, to
499           be more accurate, they have a different concept of chroot -
500           typically assigning each user their own completely separate
501           namespace).
502
503           You may use %m and %U as above.
504
505           For example, to jail a user under "~/anon-ftp" after login, do:
506
507             home directory: /
508             root directory: %m/anon-ftp
509
510           Notice that the home directory is relative to the current root
511           directory.
512
513           Default: (none)
514
515           Example: "root directory: %m/anon-ftp"
516
517       time zone
518           Time zone to be used for MDTM and LIST stat information.
519
520           Default: GMT
521
522           Examples:
523
524            time zone: Etc/GMT+3
525            time zone: Europe/London
526            time zone: US/Mountain
527
528       local address
529           Local addresses. If you wish the FTP server (in daemon mode) to
530           only bind to a particular local interface, then give its address
531           here.
532
533           Default: none
534
535           Example: "local address: 127.0.0.1"
536
537       allow anonymous
538           Allow anonymous access. If set, then allow anonymous access through
539           the "ftp" and "anonymous" accounts.
540
541           Default: 0
542
543           Example: "allow anonymous: 1"
544
545       anonymous password check
546       anonymous password enforce
547           Validate email addresses. Normally when logging in anonymously, you
548           are asked to enter your email address as a password. These options
549           can be used to check and enforce email addresses in this field (to
550           some extent, at least -- you obviously can't force someone to enter
551           a true email address).
552
553           The "anonymous password check" option may be set to "rfc822", "no
554           browser", "trivial" or "none". If set to "rfc822" then the user
555           must enter a valid RFC 822 email address as password. If set to "no
556           browser" then a valid RFC 822 email address must be entered, and
557           various common browser email addresses like "mozilla@" and
558           "IEverUser@" are refused. If set to "trivial" then we just check
559           that the address contains an @ char. If set to "none", then we do
560           no checking. The default is "none".
561
562           If the "anonymous password enforce" option is set and the password
563           fails the check above, then the user will not be allowed to log in.
564           The default is 0 (unset).
565
566           These options only have effect when "allow anonymous" is set.
567
568           Example:
569
570            anonymous password check: rfc822
571            anonymous password enforce: 1
572
573       allow proxy ftp
574           Allow proxy FTP. If this is set, then the FTP server can be told to
575           actively connect to addresses and ports on any machine in the
576           world.  This is not such a great idea, but required if you follow
577           the RFC very closely. If not set (the default), the FTP server will
578           only connect back to the client machine.
579
580           Default: 0
581
582           Example: "allow proxy ftp: 1"
583
584       allow connect low port
585           Allow the FTP server to connect back to ports < 1024. This is
586           rarely useful and could pose a serious security hole in some
587           circumstances.
588
589           Default: 0
590
591           Example: "allow connect low port: 1"
592
593       passive port range
594           What range of local ports will the FTP server listen on in passive
595           mode? Choose a range here like "1024-5999,49152-65535". The special
596           value 0 means that the FTP server will use a kernel-assigned
597           ephemeral port.
598
599           Default: 49152-65535
600
601           Example: "passive port range: 0"
602
603       ftp data port
604           Which source port to use for active (non-passive) mode when
605           connecting to the client for PORT mode transfers.  The special
606           value 0 means that the FTP server will use a kernel-assigned
607           ephemeral port.  To strictly follow RFC, this should be set to
608           "ftp-data(20)".  This may be required for certain brain-damaged
609           firewall configurations.  However, for security reasons, the
610           default setting is intentionally set to 0 to utilize a kernel-
611           assigned ephemeral port.  Use this directive at your own risk!
612
613           SECURITY PRECAUTIONS:
614
615           1) Unfortunately, to use a port < 1024 requires super-user
616           privileges.  Thus, low ports will not work unless the FTP server is
617           invoked as super-user.  This also implies that all processes
618           handling the client connections must also remain super-user
619           throughout the entire session.  It is highly discouraged to use a
620           low port.
621
622            http://cr.yp.to/ftp/security.html
623            (See "Connection laundering" section)
624
625           2) There sometimes exists a danger of needing to connect to the
626           same remote host:port.  Using the same IP/port on both sides will
627           cause connect() to fail if the old socket is still being broken
628           down.  This condition will not occur if using an ephemeral port.
629
630            http://groups.google.com/groups?selm=fa.epucqgv.1l2kl0e@ifi.uio.no
631            (See "unable to create socket" comment)
632
633           3) Many hackers use source port 20 to blindly circumvent certain
634           naive firewalls.  Using an ephemeral port (the default) may help
635           discourage such dangerous naivety.
636
637            man nmap
638            (See the -g option)
639
640           Default: 0
641
642           Example: "ftp data port: ftp-data"
643
644       max login attempts
645           Maximum number of login attempts before we drop the connection and
646           issue a warning in the logs. Wu-ftpd defaults this to 5.
647
648           Default: 3
649
650           Example: "max login attempts: 5"
651
652       pam authentication
653           Use PAM for authentication. Required on systems such as Red Hat
654           Linux and Solaris which use PAM for authentication rather than the
655           normal "/etc/passwd" mechanisms. You will need to have the
656           "Authen::PAM" Perl module installed for this to work.
657
658           Default: 0
659
660           Example: "pam authentication: 1"
661
662       pam application name
663           If PAM authentication is enabled, then this is the PAM application
664           name. I have used "ftp" as the default which is the same name that
665           wu-ftpd chooses. FreeBSD users will want to use "ftpd" here.
666
667           Default: ftp
668
669           Example: "pam application name: ftpd"
670
671       password file
672           Only in the "Full" personality, this allows you to specify a
673           password file which is used for authentication. If you enable this
674           option, then normal PAM or "/etc/passwd" is bypassed and this
675           password file is used instead.
676
677           Each line in the password file has the following format:
678
679            username:crypted_password:unix_user[:root_directory]
680
681           Comments and blank lines are ignored.
682
683           For example, a line with:
684
685            guest:ab01FAX.bQRSU:rich:/home/rich/guest-uploads
686
687           would allow someone to log in as "guest" with password 123456.
688           After logging in, the FTP server will assume the identity of the
689           real Unix user "rich", and will chroot itself into the
690           "/home/rich/guest-uploads" directory.
691
692           (Note that because ordinary PAM/"passwd" is bypassed, it would no
693           longer be possible for a user to log in directly with the username
694           "rich").
695
696           Crypted passwords can be generated using the following command:
697
698            perl -e 'print crypt ("123456", "ab"), "\n"'
699
700           Replace 123456 with the actual password, and replace "ab" with two
701           random letters from the set "[a-zA-Z0-9./]". (The two random
702           letters are the so-called salt and are used to make dictionary
703           attacks against the password file more difficult - see crypt(3)).
704
705           The user's home directory comes from the real Unix password file
706           (or nsswitch-configured source) for the real Unix user.  You cannot
707           use password files to override this, and so if you are using the
708           optional "root_directory" parameter, it would make sense to add
709           "home directory: /" into your configuration file.
710
711           Anonymous logins are not affected by the "password file" option.
712           Use the "allow anonymous" flag to control whether anonymous logins
713           are permitted in the "Full" back-end.
714
715           Password files are not the height of security, but they are
716           included because they can sometimes be useful. In particular if the
717           password file can be read by untrusted users then it is likely that
718           those same users can run the crack program and eventually find out
719           your passwords. Some small additional security is offered by having
720           the password file readable only by root (mode 0600). In future we
721           may offer MD5 or salted SHA-1 hashed passwords to make this harder.
722
723           A curious artifact of the implementation allows you to list the
724           same user with multiple different passwords. Any of the passwords
725           is then valid for logins (and you could even have the user map to
726           different real Unix users in different chrooted directories!)
727
728           Default: (none)
729
730           Example: "password file: /etc/ftpd.passwd"
731
732       pidfile
733           Location of the file to store the process ID (PID).  Applies only
734           to the deamonized process, not the child processes.
735
736           Default: (no pidfile created)
737
738           Example: "pidfile: /var/run/ftpd.pid"
739
740       client logging
741           Location to store all client commands sent to the server.  The
742           format is the date, the pid, and the command.  Following the pid is
743           a "-" if not authenticated the username if the connection is
744           authenticated.  Example of before and after authentication:
745
746            [Wed Feb 21 18:41:32 2001][23818:-]USER rob
747            [Wed Feb 21 18:41:33 2001][23818:-]PASS 123456
748            [Wed Feb 21 18:41:33 2001][23818:*]SYST
749
750           Default: (no logging)
751
752           Examples:
753
754            client logging: /var/log/ftpd.log
755            client logging: /tmp/ftpd_log.$hostname
756
757       xfer logging
758           Location of transfer log.  The format was taken from wu-ftpd and
759           ProFTPD xferlog. (See also "man xferlog")
760
761           Default: (no logging)
762
763           Examples:
764
765            xfer logging: /var/log/xferlog
766            xfer logging: /tmp/xferlog.$hostname
767
768       hide passwords in client log
769           If set to 1, then password ("PASS") commands will not be logged in
770           the client log. This option has no effect unless client logging is
771           enabled.
772
773           Default: 0 (PASS lines will be shown)
774
775           Example: "hide passwords in client log: 1"
776
777       enable syslog
778           Enable syslogging. If set, then Net::FTPServer will send much
779           information to syslog. On many systems, this information will be
780           available in /var/log/messages or /var/adm/messages. If clear,
781           syslogging is disabled.
782
783           Default: 1
784
785           Example: "enable syslog: 0"
786
787       ident timeout
788           Timeout for ident authentication lookups.  A timeout (in seconds)
789           must be specified in order to enable ident lookups.  There is no
790           way to specify an infinite timeout.  Use 0 to disable this feature.
791
792           Default: 0
793
794           Example: "ident timeout: 10"
795
796       access control rule
797       user access control rule
798       retrieve rule
799       store rule
800       delete rule
801       list rule
802       mkdir rule
803       rename rule
804       chdir rule
805           Access control rules.
806
807           Access control rules are all specified as short snippets of Perl
808           script. This allows the maximum configurability -- you can express
809           just about any rules you want -- but at the price of learning a
810           little Perl.
811
812           You can use the following variables from the Perl:
813
814            $hostname      Resolved hostname of the client [1]
815            $ip            IP address of the client
816            $user          User name [2]
817            $class         Class of user [2]
818            $user_is_anonymous  True if the user is an anonymous user [2]
819            $pathname      Full pathname of the file being affected [2]
820            $filename      Filename of the file being affected [2,3]
821            $dirname       Directory name containing file being affected [2]
822            $type          'A' for ASCII, 'B' for binary, 'L8' for local 8-bit
823            $form          Always 'N'
824            $mode          Always 'S'
825            $stru          Always 'F'
826
827           Notes:
828
829           [1] May be undefined, particularly if "resolve addresses" is not
830           set.
831
832           [2] Not available in "access control rule" since the user has not
833           logged in at this point.
834
835           [3] Not available for "list directory rule".
836
837           Access control rule. The FTP server will not accept any connections
838           from a site unless this rule succeeds. Note that only $hostname and
839           $ip are available to this rule, and unless "resolve addresses" and
840           "require resolved addresses" are both set $hostname may be
841           undefined.
842
843           Default: 1
844
845           Examples:
846
847            (a) Deny connections from *.badguys.com:
848
849                access control rule: defined ($hostname) && \
850                                     $hostname !~ /\.badguys\.com$/
851
852            (b) Only allow connections from local network 10.0.0.0/24:
853
854                access control rule: $ip =~ /^10\./
855
856           User access control rule. After the user logs in successfully, this
857           rule is then called to determine if the user may be permitted
858           access.
859
860           Default: 1
861
862           Examples:
863
864            (a) Only allow ``rich'' to log in from 10.x.x.x network:
865
866                user access control rule: $user ne "rich" || \
867                                          $ip =~ /^10\./
868
869            (b) Only allow anonymous users to log in if they come from
870                hosts with resolving hostnames (``resolve addresses'' must
871                also be set):
872
873                user access control rule: !$user_is_anonymous || \
874                                          defined ($hostname)
875
876            (c) Do not allow user ``jeff'' to log in at all:
877
878                user access control rule: $user ne "jeff"
879
880           Retrieve rule. This rule controls who may retrieve (download)
881           files.
882
883           Default: 1
884
885           Examples:
886
887            (a) Do not allow anyone to retrieve ``/etc/*'' or any file anywhere
888                called ``.htaccess'':
889
890                retrieve rule: $dirname !~ m(^/etc/) && $filename ne ".htaccess"
891
892            (b) Only allow anonymous users to retrieve files from under the
893                ``/pub'' directory.
894
895                retrieve rule: !$user_is_anonymous || $dirname =~ m(^/pub/)
896
897           Store rule. This rule controls who may store (upload) files.
898
899           In the anonymous read-only (ro-ftpd) personality, it is not
900           possible to upload files anyway, so setting this rule has no
901           effect.
902
903           Default: 1
904
905           Examples:
906
907            (a) Only allow users to upload files to the ``/incoming''
908                directory.
909
910                store rule: $dirname =~ m(^/incoming/)
911
912            (b) Anonymous users can only upload files to ``/incoming''
913                directory.
914
915                store rule: !$user_is_anonymous || $dirname =~ m(^/incoming/)
916
917            (c) Disable file upload.
918
919                store rule: 0
920
921           Delete rule. This rule controls who may delete files or rmdir
922           directories.
923
924           In the anonymous read-only (ro-ftpd) personality, it is not
925           possible to delete files anyway, so setting this rule has no
926           effect.
927
928           Default: 1
929
930           Example: "delete rule: 0"
931
932           List rule. This rule controls who may list out the contents of a
933           directory.
934
935           Default: 1
936
937           Example: "list rule: $dirname =~ m(^/pub/)"
938
939           Mkdir rule. This rule controls who may create a subdirectory.
940
941           In the anonymous read-only (ro-ftpd) personality, it is not
942           possible to create directories anyway, so setting this rule has no
943           effect.
944
945           Default: 1
946
947           Example: "mkdir rule: 0"
948
949           Rename rule. This rule controls which files or directories can be
950           renamed.
951
952           Default: 1
953
954           Example: "rename rule: $pathname !~ m(/.htaccess$)"
955
956           Chdir rule. This rule controls which directories are acceptable to
957           a CWD or CDUP.
958
959           Example: "chdir rule: $pathname !~ m/private/"
960
961       chdir message file
962           Change directory message file. If set, then the first time (per
963           session) that a user goes into a directory which contains a file
964           matching this name, that file will be displayed.
965
966           The file may contain any of the following % escape sequences:
967
968            %C  current working directory
969            %E  maintainer's email address (from ``maintainer email''
970                setting above)
971            %G  time in GMT
972            %R  remote hostname or IP address if ``resolve addresses''
973                is not set
974            %L  local hostname
975            %m  user's home directory (see ``home directory'' below)
976            %T  local time
977            %U  username given when logging in
978            %u  currently a synonym for %U, but in future will be
979                determined from RFC931 authentication, like wu-ftpd
980            %%  just an ordinary ``%''
981
982           Default: (none)
983
984           Example: "chdir message file: .message"
985
986       allow rename to overwrite
987           Allow the rename (RNFR/RNTO) command to overwrite files. If unset,
988           then we try to test whether the rename command would overwrite a
989           file and disallow it. However there are some race conditions with
990           this test.
991
992           Default: 1
993
994           Example: "allow rename to overwrite: 0"
995
996       allow store to overwrite
997           Allow the store commands (STOR/STOU/APPE) to overwrite files. If
998           unset, then we try to test whether the store command would
999           overwrite a file and disallow it. However there are some race
1000           conditions with this test.
1001
1002           Default: 1
1003
1004           Example: "allow store to overwrite: 0"
1005
1006       alias
1007           Define an alias "name" for directory "dir". For example, the
1008           command "alias: mirror /pub/mirror" would allow the user to access
1009           the "/pub/mirror" directory directly just by typing "cd mirror".
1010
1011           Aliases only apply to the cd (CWD) command. The "cd foo" command
1012           checks for directories in the following order:
1013
1014            foo in the current directory
1015            an alias called foo
1016            foo in each directory in the cdpath (see ``cdpath'' command below)
1017
1018           You may list an many aliases as you want.
1019
1020           Alias names cannot contain slashes (/).
1021
1022           Although alias dirs may start without a slash (/), this is unwise
1023           and it's better that they always start with a slash (/) char.
1024
1025           General format: "alias: name dir"
1026
1027       cdpath
1028           Define a search path which is used when changing directories. For
1029           example, the command "cdpath: /pub/mirror /pub/sites" would allow
1030           the user to access the "/pub/mirror/ftp.cpan.org" directory
1031           directly by just typing "cd ftp.cpan.org".
1032
1033           The "cd foo" command checks for directories in the following order:
1034
1035            foo in the current directory
1036            an alias called foo (see ``alias'' command above)
1037            foo in each directory in the cdpath
1038
1039           General format: "cdpath: dir1 [dir2 [dir3 ...]]"
1040
1041       allow site version command
1042           SITE VERSION command. If set, then the SITE VERSION command reveals
1043           the current Net::FTPServer version string. If unset, then the
1044           command is disabled.
1045
1046           Default: 1
1047
1048           Example: "allow site version command: 0"
1049
1050       allow site exec command
1051           SITE EXEC command. If set, then the SITE EXEC command allows
1052           arbitrary commands to be executed on the server as the current
1053           user. If unset, then this command is disabled. The default is
1054           disabled for obvious security reasons.
1055
1056           If you do allow SITE EXEC, you may need to increase the per process
1057           memory, processes and files limits above.
1058
1059           Default: 0
1060
1061           Example: "allow site exec command: 1"
1062
1063       enable archive mode
1064           Archive mode. If set (the default), then archive mode is enabled,
1065           allowing users to request, say, "file.gz" and get a version of
1066           "file" which is gzip-compressed on the fly. If zero, then this
1067           feature is disabled. See the section ARCHIVE MODE elsewhere in this
1068           manual for details.
1069
1070           Since archive mode is implemented using external commands, you need
1071           to ensure that programs such as "gzip", "compress", "bzip2",
1072           "uuencode", etc. are available on the $PATH (even in the chrooted
1073           environment), and you also need to substantially increase the
1074           normal per-process memory, processes and files limits.
1075
1076           Default: 1
1077
1078           Example: "enable archive mode: 0"
1079
1080       archive zip temporaries
1081           Temporary directory for generating ZIP files in archive mode.  In
1082           archive mode, when generating ZIP files, the FTP server is capable
1083           of either creating a temporary file on local disk containing the
1084           ZIP contents, or can generate the file completely in memory. The
1085           former method saves memory. The latter method (only practical on
1086           small ZIP files) allows the server to work more securely and in
1087           certain read-only chrooted environments.
1088
1089           (Unfortunately the ZIP file format itself prevents ZIP files from
1090           being easily created on the fly).
1091
1092           If not specified in the configuration file, this option defaults to
1093           using "/tmp". If there are local users on the FTP server box, then
1094           this can lead to various "tmp" races, so for maximum security you
1095           will probably want to change this.
1096
1097           If specified, and set to a string, then the string is the name of a
1098           directory which is used for storing temporary zip files. This
1099           directory must be writable, and must exist inside the chrooted
1100           environment (if chroot is being used).
1101
1102           If specified, but set to "0" or an empty string, then the server
1103           will always generate the ZIP file in memory.
1104
1105           In any case, if the directory is found at runtime to be unwritable,
1106           then the server falls back to creating ZIP files in memory.
1107
1108           Default: "/tmp"
1109
1110           Example: "archive zip temporaries: "
1111
1112           Example: "archive zip temporaries: /var/ziptmp"
1113
1114       site command
1115           Custom SITE commands. Use this command to define custom SITE
1116           commands. Please read the section LOADING CUSTOMIZED SITE COMMANDS
1117           in this manual page for more detailed information.
1118
1119           The "site command" command has the form:
1120
1121           "site command: cmdname file"
1122
1123           cmdname is the name of the command (eg. for SITE README you would
1124           set cmdname == "readme"). file is a file containing the code of the
1125           site command in the form of an anonymous Perl subroutine. The file
1126           should have the form:
1127
1128            sub {
1129              my $self = shift;            # The FTPServer object.
1130              my $cmd = shift;             # Contains the command itself.
1131              my $rest = shift;            # Contains any parameters passed by the user.
1132
1133                 :     :
1134                 :     :
1135
1136              $self->reply (RESPONSE_CODE, RESPONSE_TEXT);
1137            }
1138
1139           You may define as many site commands as you want. You may also
1140           override site commands from the current personality here.
1141
1142           Example:
1143
1144            site command: quota /usr/local/lib/ftp/quota.pl
1145
1146           and the file "/usr/local/lib/ftp/quota.pl" contains:
1147
1148            sub {
1149              my $self = shift;            # The FTPServer object.
1150              my $cmd = shift;             # Contains "QUOTA".
1151              my $rest = shift;            # Contains parameters passed by user.
1152
1153              # ... Some code to compute the user's quota ...
1154
1155              $self->reply (200, "Your quota is $quota MB.");
1156            }
1157
1158           The client types "SITE QUOTA" and the server responds with:
1159
1160            "200 Your quota is 12.5 MB.".
1161
1162       <Host hostname> ... </Host>
1163           <Host hostname> ... </Host> encloses commands which are applicable
1164           only to a particular host. "hostname" may be either a fully-
1165           qualified domain name (for IP-less virtual hosts) or an IP address
1166           (for IP-based virtual hosts). You should read the section VIRTUAL
1167           HOSTS in this manual page for more information on the different
1168           types of virtual hosts and how to set it up in more detail.
1169
1170           Note also that unless you have set "enable virtual hosts: 1", all
1171           <Host> sections will be ignored.
1172
1173       enable virtual hosts
1174           Unless this option is uncommented, virtual hosting is disabled and
1175           the <Host> sections in the configuration file have no effect.
1176
1177           Default: 0
1178
1179           Example: "enable virtual hosts: 1"
1180
1181       virtual host multiplex
1182           IP-less virtual hosts. If you want to enable IP-less virtual hosts,
1183           then you must set up your DNS so that all hosts map to a single IP
1184           address, and place that IP address here. This is roughly equivalent
1185           to the Apache "NameVirtualHost" option.
1186
1187           IP-less virtual hosting is an experimental feature which requires
1188           changes to clients.
1189
1190           Default: (none)
1191
1192           Example: "virtual host multiplex: 1.2.3.4"
1193
1194           Example <Host> section. Allow the dangerous SITE EXEC command on
1195           local connections. (Note that this is still dangerous).
1196
1197            <Host localhost.localdomain>
1198              ip: 127.0.0.1
1199              allow site exec command: 1
1200            </Host>
1201
1202           Example <Host> section. This shows you how to do IP-based virtual
1203           hosts. I assume that you have set up your DNS so that
1204           "ftp.bob.example.com" maps to IP 1.2.3.4 and "ftp.jane.example.com"
1205           maps to IP 1.2.3.5, and you have set up suitable IP aliasing in the
1206           kernel.
1207
1208           You do not need the "ip:" command if you have configured reverse
1209           DNS correctly AND you trust your local DNS servers.
1210
1211            <Host ftp.bob.example.com>
1212              ip: 1.2.3.4
1213              root directory: /home/bob
1214              home directory: /
1215              user access control rule: $user eq "bob"
1216              maintainer email: bob@bob.example.com
1217            </Host>
1218
1219            <Host ftp.jane.example.com>
1220              ip: 1.2.3.5
1221              root directory: /home/jane
1222              home directory: /
1223              allow anonymous: 1
1224              user access control rule: $user_is_anonymous
1225              maintainer email: jane@jane.example.com
1226            </Host>
1227
1228           These rules set up two virtual hosts called "ftp.bob.example.com"
1229           and "ftp.jane.example.com". The former is located under bob's home
1230           directory and only he is allowed to log in. The latter is located
1231           under jane's home directory and only allows anonymous access.
1232
1233           Example <Host> section. This shows you how to do IP-less virtual
1234           hosts. Note that IP-less virtual hosts are a highly experimental
1235           feature, and require the client to support the HOST command.
1236
1237           You need to set up your DNS so that both "ftp.bob.example.com" and
1238           "ftp.jane.example.com" point to your own IP address.
1239
1240            virtual host multiplex: 1.2.3.4
1241
1242            <Host ftp.bob.example.com>
1243              root directory: /home/bob
1244              home directory: /
1245              user access control rule: $user eq "bob"
1246            </Host>
1247
1248            <Host ftp.jane.example.com>
1249              root directory: /home/jane
1250              home directory: /
1251              allow anonymous: 1
1252              user access control rule: $user_is_anonymous
1253            </Host>
1254
1255       log socket type
1256           Socket type for contacting syslog. This is the argument to the
1257           "Sys::Syslog::setlogsock" function.
1258
1259           Default: unix
1260
1261           Example: "log socket type: inet"
1262
1263       listen queue
1264           Length of the listen queue when running in daemon mode.
1265
1266           Default: 10
1267
1268           Example: "listen queue: 20"
1269
1270       tcp window
1271           Set TCP window. See RFC 2415 Simulation Studies of Increased
1272           Initial TCP Window Size.  This setting only affects the data
1273           socket. It's not likely that you will need to or should change this
1274           setting from the system-specific default.
1275
1276           Default: (system-specific TCP window size)
1277
1278           Example: "tcp window: 4380"
1279
1280       tcp keepalive
1281           Set TCP keepalive.
1282
1283           Default: (system-specific keepalive setting)
1284
1285           Example: "tcp keepalive: 1"
1286
1287       command filter
1288           Command filter. If set, then all commands are checked against this
1289           regular expression before being executed. If a command doesn't
1290           match the filter, then the command connection is immediately
1291           dropped. This is equivalent to the "AllowFilter" command in
1292           ProFTPD. Remember to include "^...$" around the filter.
1293
1294           Default: (no filter)
1295
1296           Example: "command filter: ^[A-Za-z0-9 /]+$"
1297
1298       restrict command
1299           Advanced command filtering. The "restrict command" directive takes
1300           the form:
1301
1302            restrict command: "COMMAND" perl code ...
1303
1304           If the user tries to execute "COMMAND", then the "perl code" is
1305           evaluated first. If it evaluates to true, then the command is
1306           allowed to proceed. Otherwise the server reports an error back to
1307           the user and does not execute the command.
1308
1309           Note that the "COMMAND" is the FTP protocol command, which is not
1310           necessarily the same as the command which users will type in on
1311           their FTP clients. Please read RFC 959 to see some of the more
1312           common FTP protocol commands.
1313
1314           The Perl code has the same variables available to it as for access
1315           control rules (eg. $user, $class, $ip, etc.). The code must not
1316           alter the global $_ variable (which contains the complete command).
1317
1318           Default: all commands are allowed by default
1319
1320           Examples:
1321
1322           Only allow users in the class "nukers" to delete files and
1323           directories:
1324
1325            restrict command: "DELE" $class eq "nukers"
1326            restrict command: "RMD" $class eq "nukers"
1327
1328           Only allow staff to use the "SITE WHO" command:
1329
1330            restrict command: "SITE WHO" $class eq "staff"
1331
1332           Only allow "rich" to run the "SITE EXEC" command:
1333
1334            allow site exec command: 1
1335            restrict command: "SITE EXEC" $user eq "rich"
1336
1337       command wait
1338           Go slow. If set, then the server will sleep for this many seconds
1339           before beginning to process each command. This command would be a
1340           lot more useful if you could apply it only to particular classes of
1341           connection.
1342
1343           Default: (no wait)
1344
1345           Example: "command wait: 5"
1346
1347       no authentication commands
1348           The list of commands which a client may issue before they have
1349           authenticated themselves is very limited. Obviously "USER" and
1350           "PASS" are allowed (otherwise a user would never be able to log
1351           in!), also "QUIT", "LANG", "HOST" and "FEAT". "HELP" is also
1352           permitted (although dubious). Any other commands not on this list
1353           will result in a 530 Not logged in. error.
1354
1355           This list ought to contain at least "USER", "PASS" and "QUIT"
1356           otherwise the server won't be very functional.
1357
1358           Some commands cannot be added here -- eg. adding "CWD" or "RETR" to
1359           this list is likely to make the FTP server crash, or else enable
1360           users to read files only available to root. Hence use this with
1361           great care.
1362
1363           Default: USER PASS QUIT LANG HOST FEAT HELP
1364
1365           Example: "no authentication commands: USER PASS QUIT"
1366
1367       <Perl> ... </Perl>
1368           Use the <Perl> directive to write Perl code directly into your
1369           configuration file. Here is a simple example:
1370
1371            <Perl>
1372            use Sys::Hostname;
1373            $config{'maintainer email'} = "root\@" . hostname ();
1374            $config{port} = 8000 + 21;
1375            $config{debug} = $ENV{FTP_DEBUG} ? 1 : 0;
1376            </Perl>
1377
1378           As shown in the example, to set a configuration option called
1379           "foo", you simply assign to the variable $config{foo}.
1380
1381           All normal Perl functionality is available to you, including use of
1382           "require" if you need to run an external Perl script.
1383
1384           The <Perl> and </Perl> directives must each appear on a single line
1385           on their own.
1386
1387           To assign multiple configuration options with the same name, use an
1388           array ref:
1389
1390            <Perl>
1391            my @aliases = ( "foo /pub/foo",
1392                            "bar /pub/bar",
1393                            "baz /pub/baz" );
1394            $config{alias} = \@aliases;
1395            </Perl>
1396
1397           You cannot use a <Perl> section within a <Host> section. Instead,
1398           you must simulate it by assigning to the %host_config variable like
1399           this:
1400
1401            <Perl>
1402            $host_config{'localhost.localdomain'}{ip} = "127.0.0.1";
1403            $host_config{'localhost.localdomain'}{'allow site exec command'}= 1;
1404            </Perl>
1405
1406           The above is equivalent to the following ordinary <Host> section:
1407
1408            <Host localhost.localdomain>
1409              ip: 127.0.0.1
1410              allow site exec command: 1
1411            </Host>
1412
1413           You may also assign to the $self variable in order to set variables
1414           directly in the "Net::FTPServer" object itself. This is pretty
1415           hairy, and hence not recommended, but you dig your own hole if you
1416           want. Here is a contrived example:
1417
1418            <Perl>
1419            $self->{version_string} = "my FTP server/1.0";
1420            </Perl>
1421
1422           A cleaner, but more complex way to do this would be to use a
1423           personality.
1424
1425           The <Perl> directive is potentially quite powerful.  Here is a good
1426           idea that Rob Brown had:
1427
1428            <Perl>
1429            my %H;
1430            dbmopen (%H, "/etc/ftpd.db", 0644);
1431            %config = %H;
1432            dbmclose (%H);
1433            </Perl>
1434
1435           Notice how this allows you to crunch a possibly very large
1436           configuration file into a hash, for very rapid loading at run time.
1437
1438           Another useful way to use <Perl> is to set environment variables
1439           (particularly $PATH).
1440
1441            <Perl>
1442            $ENV{PATH} = "/usr/local/bin:$ENV{PATH}"
1443            </Perl>
1444
1445           Here's yet another wonderful way to use <Perl>.  Look in
1446           "/usr/local/lib/ftp/" for a list of site commands and load each
1447           one:
1448
1449            <Perl>
1450
1451            my @files = glob "/usr/local/lib/ftp/*.pl";
1452            my @site_commands;
1453
1454            foreach (@files)
1455             {
1456               push @site_commands, "$1 $_" if /([a-z]+)\.pl/;
1457             }
1458
1459            $config{'site command'} = \@site_commands;
1460
1461            </Perl>
1462
1463           To force a particular version of Net::FTPServer to be used, include
1464           the following code in your configuration file:
1465
1466             <Perl>
1467             die "requires Net::FTPServer version >= 1.025"
1468               unless $Net::FTPServer::VERSION !~ /\..*\./ &&
1469                      $Net::FTPServer::VERSION >= 1.025;
1470             </Perl>
1471
1472   LOADING CUSTOMIZED SITE COMMANDS
1473       It is very simple to write custom SITE commands. These commands are
1474       available to users when they type "SITE XYZ" in a command line FTP
1475       client or when they define a custom SITE command in their graphical FTP
1476       client.
1477
1478       SITE commands are unregulated by RFCs. You may define any commands and
1479       give them any names and any function you wish. However, over time
1480       various standard SITE commands have been recognized and implemented in
1481       many FTP servers. "Net::FTPServer" also implements these. They are:
1482
1483         SITE VERSION      Display the server software version.
1484         SITE EXEC         Execute a shell command on the server (in
1485                           C<Net::FTPServer> this is disabled by default!)
1486         SITE ALIAS        Display chdir aliases.
1487         SITE CDPATH       Display chdir paths.
1488         SITE CHECKMETHOD  Implement checksums.
1489         SITE CHECKSUM
1490         SITE IDLE         Get or set the idle timeout.
1491         SITE SYNC         Synchronize hard disks.
1492
1493       The following commands are found in "wu-ftpd", but not currently
1494       implemented by "Net::FTPServer": SITE CHMOD, SITE GPASS, SITE GROUP,
1495       SITE GROUPS, SITE INDEX, SITE MINFO, SITE NEWER, SITE UMASK.
1496
1497       So when you are choosing a name for a SITE command, it is probably best
1498       not to choose one of the above names, unless you are specifically
1499       implementing or overriding that command.
1500
1501       Custom SITE commands have to be written in Perl. However, there is very
1502       little you need to understand in order to write these commands -- you
1503       will only need a basic knowledge of Perl scripting.
1504
1505       As our first example, we will implement a "SITE README" command.  This
1506       command just prints out some standard information.
1507
1508       Firstly create a file called "/usr/local/lib/site_readme.pl" (you may
1509       choose a different path if you want). The file should contain:
1510
1511         sub {
1512           my $self = shift;
1513           my $cmd = shift;
1514           my $rest = shift;
1515
1516           $self->reply (200,
1517                         "This is the README file for mysite.example.com.",
1518                         "Mirrors are contained in /pub/mirrors directory.",
1519                         "       :       :       :       :       :",
1520                         "End of the README file.");
1521         }
1522
1523       Edit "/etc/ftpd.conf" and add the following command:
1524
1525       site command: readme /usr/local/lib/site_readme.pl
1526
1527       and restart the FTP server (check your system log [/var/log/messages]
1528       for any syntax errors or other problems). Here is an example of a user
1529       running the SITE README command:
1530
1531         ftp> quote help site
1532         214-The following commands are recognized:
1533         214-    ALIAS   CHECKMETHOD     EXEC    README
1534         214-    CDPATH  CHECKSUM        IDLE    VERSION
1535         214 You can also use HELP to list general commands.
1536         ftp> site readme
1537         200-This is the README file for mysite.example.com.
1538         200-Mirrors are contained in /pub/mirrors directory.
1539         200-       :       :       :       :       :
1540         200 End of the README file.
1541
1542       Our second example demonstrates how to use parameters (the $rest
1543       argument). This is the "SITE ECHO" command.
1544
1545         sub {
1546           my $self = shift;
1547           my $cmd = shift;
1548           my $rest = shift;
1549
1550           # Split the parameters up.
1551           my @params = split /\s+/, $rest;
1552
1553           # Quote each parameter.
1554           my $reply = join ", ", map { "'$_'" } @params;
1555
1556           $self->reply (200, "You said: $reply");
1557         }
1558
1559       Here is the "SITE ECHO" command in use:
1560
1561         ftp> quote help site
1562         214-The following commands are recognized:
1563         214-    ALIAS   CHECKMETHOD     ECHO    IDLE
1564         214-    CDPATH  CHECKSUM        EXEC    VERSION
1565         214 You can also use HELP to list general commands.
1566         ftp> site echo hello how are you?
1567         200 You said: 'hello', 'how', 'are', 'you?'
1568
1569       Our third example is more complex and shows how to interact with the
1570       virtual filesystem (VFS). The "SITE SHOW" command will be used to list
1571       text files directly (the user normally has to download the file and
1572       view it locally). Hence "SITE SHOW readme.txt" should print the
1573       contents of the "readme.txt" file in the local directory (if it
1574       exists).
1575
1576       All file accesses must be done through the VFS, not by directly
1577       accessing the disk. If you follow this convention then your commands
1578       will be secure and will work correctly with different back-end
1579       personalities (in particular when ``files'' are really blobs in a
1580       relational database).
1581
1582         sub {
1583           my $self = shift;
1584           my $cmd = shift;
1585           my $rest = shift;
1586
1587           # Get the file handle.
1588           my ($dirh, $fileh, $filename) = $self->_get ($rest);
1589
1590           # File doesn't exist or not accessible. Return an error.
1591           unless ($fileh)
1592             {
1593               $self->reply (550, "File or directory not found.");
1594               return;
1595             }
1596
1597           # Check it's a simple file.
1598           my ($mode) = $fileh->status;
1599
1600           unless ($mode eq "f")
1601             {
1602               $self->reply (550,
1603                             "SITE SHOW command is only supported on plain files.");
1604               return;
1605             }
1606
1607           # Try to open the file.
1608           my $file = $fileh->open ("r");
1609
1610           unless ($file)
1611             {
1612               $self->reply (550, "File or directory not found.");
1613               return;
1614             }
1615
1616           # Copy data into memory.
1617           my @lines = ();
1618
1619           while (defined ($_ = $file->getline))
1620             {
1621               # Remove any native line endings.
1622               s/[\n\r]+$//;
1623
1624               push @lines, $_;
1625             }
1626
1627           # Close the file handle.
1628           unless ($file->close)
1629             {
1630               $self->reply (550, "Close failed: ".$self->system_error_hook());
1631               return;
1632             }
1633
1634           # Send the file back to the user.
1635           $self->reply (200, "File $filename:", @lines, "End of file.");
1636         }
1637
1638       This code is not quite complete. A better implementation would also
1639       check the "retrieve rule" (so that people couldn't use "SITE SHOW" in
1640       order to get around access control limitations which the server
1641       administrator has put in place). It would also check the file more
1642       closely to make sure it was a text file and would refuse to list very
1643       large files.
1644
1645       Here is an example (abbreviated) of a user using the "SITE SHOW"
1646       command:
1647
1648         ftp> site show README
1649         200-File README:
1650         200-$Id: FTPServer.pm,v 1.11 2005/07/15 10:10:22 rwmj Exp $
1651         200-
1652         200-Net::FTPServer - A secure, extensible and configurable Perl FTP server.
1653         [...]
1654         200-To contact the author, please email: Richard Jones <rich@annexia.org>
1655         200 End of file.
1656
1657   STANDARD PERSONALITIES
1658       Currently "Net::FTPServer" is supplied with three standard
1659       personalities. These are:
1660
1661         Full    The complete read/write anonymous/authenticated FTP
1662                 server which serves files from a standard Unix filesystem.
1663
1664         RO      A small read-only anonymous-only FTP server similar
1665                 in functionality to Dan Bernstein's publicfile
1666                 program.
1667
1668         DBeg1   An example FTP server which serves files to a PostgreSQL
1669                 database. This supports files and hierarchical
1670                 directories, multiple users (but not file permissions)
1671                 and file upload.
1672
1673       The standard Full personality will not be explained here.
1674
1675       The RO personality is the Full personality with all code related to
1676       writing files, creating directories, deleting, etc.  removed. The RO
1677       personality also only permits anonymous logins and does not contain any
1678       code to do ordinary authentication. It is therefore safe to use the RO
1679       personality where you are only interested in serving files to anonymous
1680       users and do not want to worry about crackers discovering a way to
1681       trick the FTP server into writing over a file.
1682
1683       The DBeg1 personality is a complete read/write FTP server which stores
1684       files as BLOBs (Binary Large OBjects) in a PostgreSQL relational
1685       database. The personality supports file download and upload and
1686       contains code to authenticate users against a "users" table in the
1687       database (database ``users'' are thus completely unrelated to real Unix
1688       users). The DBeg1 is intended only as an example. It does not support
1689       advanced features such as file permissions and quotas. As part of the
1690       schoolmaster.net project Bibliotech Ltd. have developed an even more
1691       advanced database personality which supports users, groups, access
1692       control lists, quotas, recursive moves and copies and many other
1693       features. However this database personality is not available as source.
1694
1695       To use the DBeg1 personality you must first run a PostgreSQL server
1696       (version 6.4 or above) and ensure that you have access to it from your
1697       local user account.  Use the "initdb", "createdb" and "createuser"
1698       commands to create the appropriate user account and database (please
1699       consult the PostgreSQL administrators manual for further information
1700       about this -- I do not answer questions about basic PostgreSQL
1701       knowledge).
1702
1703       Here is my correctly set up PostgreSQL server, accessed from my local
1704       user account ``rich'':
1705
1706         cruiser:~$ psql
1707         Welcome to the POSTGRESQL interactive sql monitor:
1708           Please read the file COPYRIGHT for copyright terms of POSTGRESQL
1709
1710            type \? for help on slash commands
1711            type \q to quit
1712            type \g or terminate with semicolon to execute query
1713          You are currently connected to the database: rich
1714
1715         rich=> \d
1716         Couldn't find any tables, sequences or indices!
1717
1718       You will also need the following Perl modules installed: DBI, DBD::Pg.
1719
1720       Now you will need to create a database called ``ftp'' and populate it
1721       with data. This is how to do this:
1722
1723         createdb ftp
1724         psql ftp < doc/eg1.sql
1725
1726       Check that no ERRORs are reported by PostgreSQL.
1727
1728       You should now be able to start the FTP server by running the following
1729       command (not as root):
1730
1731         ./dbeg1-ftpd -S -p 2000 -C ftpd.conf
1732
1733       If the FTP server doesn't start correctly, you should check the system
1734       log file [/var/log/messages].
1735
1736       Connect to the FTP server as follows:
1737
1738         ftp localhost 2000
1739
1740       Log in as either rich/123456 or dan/123456 and then try to move around,
1741       upload and download files, create and delete directories, etc.
1742
1743   SUBCLASSING THE Net::FTPServer CLASSES
1744       By subclassing "Net::FTPServer", "Net::FTPServer::DirHandle" and/or
1745       "Net::FTPServer::FileHandle" you can create custom personalities for
1746       the FTP server.
1747
1748       Typically by overriding the hooks in the "Net::FTPServer" class you can
1749       change the basic behaviour of the FTP server - turning it into an
1750       anonymous read-only server, for example.
1751
1752       By overriding the hooks in "Net::FTPServer::DirHandle" and
1753       "Net::FTPServer::FileHandle" you can create virtual filesystems:
1754       serving files into and out of a database, for example.
1755
1756       The current manual page contains information about the hooks in
1757       "Net::FTPServer" which may be overridden.
1758
1759       See Net::FTPServer::DirHandle(3) for information about the methods in
1760       "Net::FTPServer::DirHandle" which may be overridden.
1761
1762       See Net::FTPServer::FileHandle(3) for information about the methods in
1763       "Net::FTPServer::FileHandle" which may be overridden.
1764
1765       The most reasonable way to create your own personality is to extend one
1766       of the existing personalities. Choose the one which most closely
1767       matches the personality that you want to create. For example, suppose
1768       that you want to create another database personality. A good place to
1769       start would be by copying "lib/Net/FTPServer/DBeg1/*.pm" to a new
1770       directory "lib/Net/FTPServer/MyDB/" (for example). Now edit these files
1771       and substitute "MyDB" for "DBeg1". Then examine each subroutine in
1772       these files and modify them, consulting the appropriate manual page if
1773       you need to.
1774
1775   VIRTUAL HOSTS
1776       "Net:FTPServer" is capable of hosting multiple FTP sites on a single
1777       machine. Because of the nature of the FTP protocol, virtual hosting is
1778       almost always done by allocating a single separate IP address per FTP
1779       site. However, "Net::FTPServer" also supports an experimental IP-less
1780       virtual hosting system, although this requires modifications to the
1781       client.
1782
1783       Normal (IP-based) virtual hosting is carried out as follows:
1784
1785        * For each FTP site, allocate a separate IP address.
1786        * Configure IP aliasing on your normal interface so that
1787          the single physical interface responds to multiple
1788          virtual IP addresses.
1789        * Add entries (A records) in DNS mapping each site's
1790          name to a separate IP address.
1791        * Add reverse entries (PTR records) in DNS mapping each
1792          IP address back to the site hostname. It is important
1793          that both forward and reverse DNS is set up correctly,
1794          else virtual hosting may not work.
1795        * In /etc/ftpd.conf you will need to add a virtual host
1796          section for each site like this:
1797
1798            <Host sitename>
1799
1800              ip: 1.2.3.4
1801              ... any specific configuration options for this site ...
1802
1803            </Host>
1804
1805          You don't in fact need the "ip:" part assuming that
1806          your forward and reverse DNS are set up correctly.
1807        * If you want to specify a lot of external sites, or
1808          generate the configuration file automatically from a
1809          database or a script, you may find the <Include filename>
1810          syntax useful.
1811
1812       There are examples in "/etc/ftpd.conf". Here is how IP-based virtual
1813       hosting works:
1814
1815        * The server starts by listening on all interfaces.
1816        * A connection arrives at one of the IP addresses and a
1817          process is forked off.
1818        * The child process finds out which interface the
1819          client connected to and reverses the name.
1820        * If:
1821            the IP address matches one of the "ip:" declarations
1822            in any of the "Host" sections,
1823          or:
1824            there is a reversal for the name, and the name
1825            matches one of the "Host" sections in the configuration
1826            file,
1827          then:
1828            configuration options are read from that
1829            section of the file and override any global configuration
1830            options specified elsewhere in the file.
1831        * Otherwise, the global configuration options only
1832          are used.
1833
1834       IP-less virtual hosting is an experimental feature. It requires the
1835       client to send a "HOST" command very early on in the command stream --
1836       before "USER" and "PASS". The "HOST" command explicitly gives the
1837       hostname that the FTP client is attempting to connect to, and so allows
1838       many FTP sites to be multiplexed onto a single IP address. At the
1839       present time, I am not aware of any FTP clients which implement the
1840       "HOST" command, although they will undoubtedly become more common in
1841       future.
1842
1843       This is how to set up IP-less virtual hosting:
1844
1845        * Add entries (A or CNAME records) in DNS mapping the
1846          name of each site to a single IP address.
1847        * In /etc/ftpd.conf you will need to list the same single
1848          IP address to which all your sites map:
1849
1850            virtual host multiplex: 1.2.3.4
1851
1852        * In /etc/ftpd.conf you will need to add a virtual host
1853          section for each site like this:
1854
1855            <Host sitename>
1856
1857              ... any specific configuration options for this site ...
1858
1859            </Host>
1860
1861       Here is how IP-less virtual hosting works:
1862
1863        * The server starts by listening on one interface.
1864        * A connection arrives at the IP address and a
1865          process is forked off.
1866        * The IP address matches "virtual host multiplex"
1867          and so no IP-based virtual host processing is done.
1868        * One of the first commands that the client sends is
1869          "HOST" followed by the hostname of the site.
1870        * If there is a matching "Host" section in the
1871          configuration file, then configuration options are
1872          read from that section of the file and override any
1873          global configuration options specified elsewhere in
1874          the file.
1875        * If there is no matching "Host" section then the
1876          global configuration options alone are used.
1877
1878       The client is not permitted to issue the "HOST" command more than once,
1879       and is not permitted to issue it after login.
1880
1881   VIRTUAL HOSTING AND SECURITY
1882       Only certain configuration options are available inside the <Host>
1883       sections of the configuration file.  Generally speaking, the only
1884       configuration options you can put here are ones which take effect after
1885       the site name has been determined -- hence "allow anonymous" is OK
1886       (since it's an option which is parsed after determining the site name
1887       and during log in), but "port" is not (since it is parsed long before
1888       any clients ever connect).
1889
1890       Make sure your default global configuration is secure. If you are using
1891       IP-less virtual hosting, this is particularly important, since if the
1892       client never sends a "HOST" command, the client gets the global
1893       configuration. Even with IP-based virtual hosting it may be possible
1894       for clients to sometimes get the global configuration, for example if
1895       your local name server fails.
1896
1897       IP-based virtual hosting always takes precedence above IP-less virtual
1898       hosting.
1899
1900       With IP-less virtual hosting, access control cannot be performed on a
1901       per-site basis. This is because the client has to issue commands (ie.
1902       the "HOST" command at least) before the site name is known to the
1903       server.  However you may still have a global "access control rule".
1904
1905   ARCHIVE MODE
1906       Beginning with version 1.100, "Net::FTPServer" is able to generate
1907       certain types of compressed and archived files on the fly. In practice
1908       what this means is that if a user requests, say, "file.gz" and this
1909       file does not actually exist (but "file" does exist), then the server
1910       will dynamically generate a gzip-compressed version of "file" for the
1911       user. This also works on directories, so that a user might request
1912       "dir.tar.gz" which does not exist (but directory "dir" does exist), and
1913       the server tars up and compresses the entire contents of "dir" and
1914       presents that back to the user.
1915
1916       Archive mode is enabled by default. However, it will not work unless
1917       you substantially increase the per-process memory, processes and files
1918       limits. The reason for this is that archive mode works by forking
1919       external programs such as "gzip" to perform the compression. For the
1920       same reason you may also need to ensure that at least "gzip",
1921       "compress", "bzip2" and "uuencode" programs are available on the
1922       current $PATH, particularly if you are using a chrooted environment.
1923
1924       To disable archive mode put "enable archive mode: 0" into the
1925       configuration file.
1926
1927       The following file extensions are supported:
1928
1929        .gz      GZip compressed.      Requires gzip program on PATH.
1930        .Z       Unix compressed.      Requires compress program on PATH.
1931        .bz2     BZip2 compressed.     Requires bzip2 program on PATH.
1932        .uue     UU-encoded.           Requires uuencode program on PATH.
1933        .tar     Tar archive.          Requires Perl Archive::Tar module.
1934        .zip     DOS ZIP archive.      Requires Perl Archive::Zip module.
1935        .list    Return a list of all the files in this directory.
1936
1937       File extensions may be combined. Hence ".tar.gz", ".tar.bz2" and even
1938       ".tar.gz.uue" will all work as you expect.
1939
1940       Archive mode is, of course, extensible. It is particularly simple to
1941       add another compression / filter format. In your personality (or in a
1942       <Perl> section in the configuration file) you need to add another key
1943       to the "archive_filters" hash.
1944
1945         $ftps->{archive_filters}{".foo"} = &_foo_filter;
1946
1947       The value of this key should be a function as defined below:
1948
1949         \%filter = _foo_filter ($ftps, $sock);
1950
1951       The filter should return a hash reference (undef if it fails).  The
1952       hash should contain the following keys:
1953
1954         sock      Newly opened socket.
1955         pid       PID of filter program.
1956
1957       The "_foo_filter" function takes the existing socket and filters it,
1958       providing a new socket which the FTP server will write to (for the data
1959       connection back to the client). If your filter is a Unix program, then
1960       the simplest thing is just to define "_foo_filter" as:
1961
1962         sub _foo_filter
1963         {
1964           return $_[0]->archive_filter_external ($_[1], "foo" [, args ...]);
1965         }
1966
1967       The "archive_filter_external" function takes care of the tricky bits
1968       for you.
1969
1970       Adding new generators (akin to the existing tar and ZIP) is more
1971       tricky. I suggest you look closely at the code and consult the author
1972       for more information.
1973

METHODS

1975           Net::FTPServer->run ([\@ARGV]);
1976
1977           This is the main entry point into the FTP server. It starts the FTP
1978           server running. This function never normally returns.
1979
1980           If no arguments are given, then command line arguments are taken
1981           from the global @ARGV array.
1982
1983           $regex = $ftps->wildcard_to_regex ($wildcard)
1984
1985           This is a general library function shared between many of the back-
1986           end database personalities. It converts a general wildcard (eg.
1987           *.c) into a regular expression (eg. ^.*\.c$ ).
1988
1989           Thanks to: Terrence Monroe Brannon <terrence.brannon@oracle.com>.
1990
1991           $regex = $ftps->wildcard_to_sql_like ($wildcard)
1992
1993           This is a general library function shared between many of the back-
1994           end database personalities. It converts a general wildcard (eg.
1995           *.c) into the strange wildcardish format used by SQL LIKE operator
1996           (eg. %.c).
1997
1998           $ftps->reply ($code, $line, [$line, ...])
1999
2000           This function sends a standard single line or multi-line FTP server
2001           reply to the client. The $code should be one of the standard reply
2002           codes listed in RFC 959. The one or more $line arguments are the
2003           (free text) of the reply. Do not include carriage returns at the
2004           end of each $line.  This function adds the correct line ending
2005           format as specified in the RFC.
2006
2007           $ftps->log ($level, $message, ...);
2008
2009           This function is identical to the normal "syslog" function to be
2010           found in "Sys::Syslog". However, it only uses syslog if the "enable
2011           syslog" configuration option is set to true.
2012
2013           Use this function instead of calling "syslog" directly.
2014
2015           $ftps->config ($name);
2016
2017           Read configuration option $name from the configuration file.
2018
2019           $ftps->ip_host_config ($ip_addr);
2020
2021           Look for a <Host> section which contains "ip: $ip_addr".  If one is
2022           found, return the site name of the Host section. Otherwise return
2023           undef.
2024
2025           $filter = $ftps->archive_filter_external ($sock, $cmd [, $args]);
2026
2027           Apply $cmd as a filter to socket $sock. Returns a hash reference
2028           which contains the following keys:
2029
2030             sock      Newly opened socket.
2031             pid       PID of filter program.
2032
2033           If it fails, returns "undef".
2034
2035           See section ARCHIVE MODE elsewhere in this manual for more
2036           information.
2037
2038           $ftps->visit ($dirh, \%functions);
2039
2040           The "visit" function recursively "visits" every file and directory
2041           contained in $dirh (which must be a directory handle).
2042
2043           "\%functions" is a reference to a hash of file types to functions.
2044           For example:
2045
2046             'f' => \&visit_file,
2047             'd' => \&visit_directory,
2048             'l' => \&visit_symlink,
2049             &c.
2050
2051           When a file of the known type is encountered, the appropriate
2052           function is called with $_ set to the file handle. (All functions
2053           are optional: if "visit" encounters a file with a type not listed
2054           in the %functions hash, then that file is just ignored).
2055
2056           The return value from functions is ignored, except for the return
2057           value from the directory ('d') function. The directory function
2058           should return 1 to indicate that "visit" should recurse into that
2059           directory. If the directory function returns 0, then "visit" will
2060           skip that directory.
2061
2062           "visit" will call the directory function once for $dirh.
2063
2064           $sock = $self->open_data_connection;
2065
2066           Open a data connection. Returns the socket (an instance of
2067           "IO::Socket") or undef if it fails for some reason.
2068
2069           $self->pre_configuration_hook ();
2070
2071           Hook: Called before command line arguments and configuration file
2072           are read.
2073
2074           Status: optional.
2075
2076           Notes: You may append your own information to
2077           "$self->{version_string}" from this hook.
2078
2079           $self->options_hook (\@args);
2080
2081           Hook: Called before command line arguments are parsed.
2082
2083           Status: optional.
2084
2085           Notes: You can use this hook to supply your own command line
2086           arguments.  If you parse any arguments, you should remove them from
2087           the @args array.
2088
2089           $self->post_configuration_hook ();
2090
2091           Hook: Called after all command line arguments and configuration
2092           file have been read and parsed.
2093
2094           Status: optional.
2095
2096           $self->post_bind_hook ();
2097
2098           Hook: Called only in daemon mode after the control port is bound
2099           but before starting the accept infinite loop block.
2100
2101           Status: optional.
2102
2103           $self->pre_accept_hook ();
2104
2105           Hook: Called in daemon mode only just before accept(2) is called in
2106           the parent FTP server process.
2107
2108           Status: optional.
2109
2110           $self->post_accept_hook ();
2111
2112           Hook: Called both in daemon mode and in inetd mode just after the
2113           connection has been accepted. This is called in the child process.
2114
2115           Status: optional.
2116
2117           $rv = $self->access_control_hook;
2118
2119           Hook: Called after accept(2)-ing the connection to perform access
2120           control. Detailed request information is contained in the $self
2121           object.  If the function returns -1 then the socket is immediately
2122           closed and no FTP processing happens on it. If the function returns
2123           0, then normal access control is performed on the socket before FTP
2124           processing starts. If the function returns 1, then normal access
2125           control is not performed on the socket and FTP processing begins
2126           immediately.
2127
2128           Status: optional.
2129
2130           $rv = $self->process_limits_hook;
2131
2132           Hook: Called after accept(2)-ing the connection to perform per-
2133           process limits (eg. by using the setrlimit(2) system call). Access
2134           control has already been performed and detailed request information
2135           is contained in the $self object.
2136
2137           If the function returns -1 then the socket is immediately closed
2138           and no FTP processing happens on it. If the function returns 0,
2139           then normal per-process limits are applied before any FTP
2140           processing starts. If the function returns 1, then normal per-
2141           process limits are not performed and FTP processing begins
2142           immediately.
2143
2144           Status: optional.
2145
2146           $rv = $self->authentication_hook ($user, $pass, $user_is_anon)
2147
2148           Hook: Called to perform authentication. If the authentication
2149           succeeds, this should return 0 (or any positive integer >= 0).  If
2150           the authentication fails, this should return -1.
2151
2152           Status: required.
2153
2154           $self->user_login_hook ($user, $user_is_anon)
2155
2156           Hook: Called just after user $user has successfully logged in. A
2157           good place to change uid and chroot if necessary.
2158
2159           Status: optional.
2160
2161           $dirh = $self->root_directory_hook;
2162
2163           Hook: Return an instance of a subclass of Net::FTPServer::DirHandle
2164           corresponding to the root directory.
2165
2166           Status: required.
2167
2168           $self->pre_command_hook;
2169
2170           Hook: This hook is called just before the server begins to wait for
2171           the client to issue the next command over the control connection.
2172
2173           Status: optional.
2174
2175           $rv = $self->command_filter_hook ($cmdline);
2176
2177           Hook: This hook is called immediately after the client issues
2178           command $cmdline, but before any checking or processing is
2179           performed on the command. If this function returns -1, then the
2180           server immediately goes back to waiting for the next command. If
2181           this function returns 0, then normal command filtering is carried
2182           out and the command is processed. If this function returns 1 then
2183           normal command filtering is not performed and the command
2184           processing begins immediately.
2185
2186           Important Note: This hook must be careful not to overwrite the
2187           global $_ variable.
2188
2189           Do not use this function to add your own commands. Instead use the
2190           "$self->{command_table}" and "$self->{site_command_table}" hashes.
2191
2192           Status: optional.
2193
2194           $error = $self->transfer_hook ($mode, $file, $sock, \$buffer);
2195
2196             $mode     -  Open mode on the File object (Either reading or writing)
2197             $file     -  File object as returned from DirHandle::open
2198             $sock     -  Data IO::Socket object used for transfering
2199             \$buffer  -  Reference to current buffer about to be written
2200
2201           The \$buffer is passed by reference to minimize the stack overhead
2202           for efficiency purposes only.  It is not meant to be modified by
2203           the transfer_hook subroutine.  (It can cause corruption if the
2204           length of $buffer is modified.)
2205
2206           Hook: This hook is called after reading $buffer and before writing
2207           $buffer to its destination.  If arg1 is "r", $buffer was read from
2208           the File object and written to the Data socket.  If arg1 is "w",
2209           $buffer will be written to the File object because it was read from
2210           the Data Socket.  The return value is the error for not being able
2211           to perform the write.  Return undef to avoid aborting the transfer
2212           process.
2213
2214           Status: optional.
2215
2216           $self->post_command_hook ($cmd, $rest)
2217
2218           Hook: This hook is called after all command processing has been
2219           carried out on this command. $cmd is the command, and $rest is the
2220           remainder of the command line.
2221
2222           Status: optional.
2223
2224           $self->system_error_hook
2225
2226           Hook: This hook is used instead of $! when what looks like a system
2227           error occurs during a virtual filesystem handle method.  It can be
2228           used by the virtual filesystem to provide explanatory text for a
2229           virtual filesystem failure which did not actually set the real $!.
2230
2231           Status: optional.
2232
2233           $self->quit_hook
2234
2235           Hook: This hook is called after the user has "QUIT" or if the FTP
2236           client cleanly drops the connection. Please note, however, that
2237           this hook is not called whenever the FTP server exits, particularly
2238           in cases such as:
2239
2240            * The FTP server, the Perl interpreter or the personality
2241              crashes unexpectedly.
2242            * The user fails to log in.
2243            * The FTP server detects a fatal error, sends a "421" error code,
2244              and abruptly exits.
2245            * Idle timeouts.
2246            * Access control violations.
2247            * Manual server shutdowns.
2248
2249           Unfortunately it is not in general easily possible to catch these
2250           cases and cleanly call a hook. If your personality needs to do
2251           cleanup in all cases, then it is probably better to use an "END"
2252           block inside your Server object (see perlmod(3)). Even using an
2253           "END" block cannot catch cases where the Perl interpreter crashes.
2254
2255           Status: optional.
2256

BUGS

2258       The SIZE, REST and RETR commands probably do not work correctly in
2259       ASCII mode.
2260
2261       REST does not work before STOR/STOU/APPE (is it supposed to?)
2262
2263       User upload/download limits.
2264
2265       Limit number of clients by host or IP address.
2266
2267       The following commands are recognized by "wu-ftpd", but are not yet
2268       implemented by "Net::FTPServer":
2269
2270         SITE CHMOD   There is a problem supporting this with our VFS.
2271         SITE GPASS   Group functions are not really relevant for us.
2272         SITE GROUP   -"- ditto -"-
2273         SITE GROUPS  -"- ditto -"-
2274         SITE INDEX   This is a synonym for SITE EXEC.
2275         SITE MINFO   This command is no longer supported by wu-ftpd.
2276         SITE NEWER   This command is no longer supported by wu-ftpd.
2277         SITE UMASK   This command is difficult to support with VFS.
2278
2279       Symbolic links are not handled elegantly (or indeed at all) yet.
2280
2281       Equivalent of ProFTPD's ``DisplayReadme'' function.
2282
2283       The ability to hide dot files (probably best to build this into the VFS
2284       layer). This should apply across all commands.  See ProFTPD's
2285       ``IgnoreHidden'' function.
2286
2287       Access to LDAP authentication database (can currently be done using a
2288       PAM module). In general, we should support pluggable authentication.
2289
2290       Log formatting similar to ProFTPD command LogFormat.
2291
2292       More timeouts to avoid various denial of service attacks. For example,
2293       the server should always timeout when waiting too long for an active
2294       data connection.
2295
2296       Support for IPv6 (see RFC 2428), EPRT, EPSV commands.
2297
2298       See also "XXX" comments in the code for other problems, missing
2299       features and bugs.
2300

FILES

2302         /etc/ftpd.conf
2303         /usr/lib/perl5/site_perl/5.005/Net/FTPServer.pm
2304         /usr/lib/perl5/site_perl/5.005/Net/FTPServer/DirHandle.pm
2305         /usr/lib/perl5/site_perl/5.005/Net/FTPServer/FileHandle.pm
2306         /usr/lib/perl5/site_perl/5.005/Net/FTPServer/Handle.pm
2307

AUTHORS

2309       Richard Jones (rich@annexia.org), Rob Brown (bbb@cpan.org), Keith
2310       Turner (keitht at silvaco.com), Azazel (azazel at azazel.net), and many
2311       others.
2312
2314       Copyright (C) 2000 Biblio@Tech Ltd., Unit 2-3, 50 Carnwath Road,
2315       London, SW6 3EG, UK.
2316
2317       Copyright (C) 2000-2003 Richard Jones (rich@annexia.org) and other
2318       contributors.
2319
2320       This program is free software; you can redistribute it and/or modify it
2321       under the terms of the GNU General Public License as published by the
2322       Free Software Foundation; either version 2 of the License, or (at your
2323       option) any later version.
2324
2325       This program is distributed in the hope that it will be useful, but
2326       WITHOUT ANY WARRANTY; without even the implied warranty of
2327       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
2328       General Public License for more details.
2329
2330       You should have received a copy of the GNU General Public License along
2331       with this program; if not, write to the Free Software Foundation, Inc.,
2332       59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
2333

SEE ALSO

2335       Net::FTPServer::Handle(3), Net::FTPServer::FileHandle(3),
2336       Net::FTPServer::DirHandle(3), Net::FTP(3), perl(1), RFC 765, RFC 959,
2337       RFC 1579, RFC 2389, RFC 2428, RFC 2577, RFC 2640, Extensions to FTP
2338       Internet Draft draft-ietf-ftpext-mlst-NN.txt.
2339

POD ERRORS

2341       Hey! The above document had some coding errors, which are explained
2342       below:
2343
2344       Around line 1590:
2345           =back doesn't take any parameters, but you said =back 4
2346
2347       Around line 2129:
2348           You can't have =items (as at line 2241) unless the first thing
2349           after the =over is an =item
2350
2351       Around line 8193:
2352           =back doesn't take any parameters, but you said =back 4
2353
2354
2355
2356perl v5.12.0                      2010-05-04                 Net::FTPServer(3)
Impressum