270 lines
11 KiB
Plaintext
270 lines
11 KiB
Plaintext
# This is an example fspd.conf file. Copy it and edit it to suit your tastes.
|
|
# Where you see a # in front of a configuration value it indicates that the
|
|
# value is commented out, (e.g. # conf .fspd.conf below). The text accompanying
|
|
# the entry will indicate what the value defaults to if it is commented out.
|
|
|
|
# The 'port' command specifies which port the fspd server is to listen too
|
|
# This is NOT needed if running under inetd, but otherwise is required.
|
|
# Standard port for FSP is 21, other popular ports are 2001 and 2000.
|
|
# Please run official FSP sites on port 21.
|
|
#
|
|
# If you want a random port from 1024 - 65535 range, set port to 65535
|
|
#
|
|
# ================================================================
|
|
# If you want to avoid detection by lamer security scanner nessus
|
|
# do not use ports: 21, 2000 and 2221.
|
|
# ================================================================
|
|
port 21
|
|
|
|
# Server can listen only on particular network interface
|
|
#listenaddress 192.168.1.2
|
|
|
|
# The 'packetsize' sets maximal data size which will send FSPD in one packet.
|
|
# FSP definition allows up to 1024 bytes of data (default value) and it is a
|
|
# recommended to use this value unless there is a reason to use a smaller one.
|
|
# If your FSP site eats too much bandwidth try smaller value.
|
|
#
|
|
# You could try larger values. All networks are required to transfer 500 bytes
|
|
# long UDP packets. Almost all networks today works with 1300 and most with
|
|
# 1400. On Ethernet you can go to 1460. Larger values are possible, but FSP
|
|
# packet will be split into 2 or more IP packets which lowers reliability of
|
|
# file transfers but you can get some speed gain.
|
|
#
|
|
# Packets > 1024 bytes are never send out unless client requests them.
|
|
# 12 byte long FSP header size is not included in packetsize.
|
|
#
|
|
# !!! If you change this value in 64-1024 range you must delete all prebuilded
|
|
# directory listings stored in .FSP_CONTENT files !!!
|
|
|
|
# packetsize 768
|
|
|
|
# The 'conf' command allows a global file to read local files so that
|
|
# multiple users at a site can use the same central fspd file.
|
|
#
|
|
# conf .fspd.conf
|
|
|
|
# The 'homedir' command tells the server where it's ROOT directory is.
|
|
# This directory must be given as an absolute path.
|
|
#
|
|
homedir /usr/fsp/data
|
|
|
|
# 'homedir_restricted' off can allow symlinks which goes out of home
|
|
# directory.
|
|
homedir_restricted yes
|
|
|
|
# 'use_access_files' if server should check for special .FSP files
|
|
# in directory and set access rights according to that.
|
|
# In most installation, yes is right. Use `no` if people can upload
|
|
# files starting with .FSP into fsp server homedir.
|
|
use_access_files yes
|
|
|
|
# 'permit_passwordless_owners' If server allow directory owners without
|
|
# any password only based on request IP. Because IP can be easily spoofed,
|
|
# it is recommended to require a password.
|
|
permit_passwordless_owners off
|
|
|
|
# The 'tmpdir' command controls where the server stores temporary files
|
|
# during upload or grab. You must have it or server will support
|
|
# read operations only. This can be absolute or relative path to home
|
|
# dir. Server will try to create it.
|
|
#
|
|
tmpdir /tmp/fsp
|
|
|
|
# The 'pidlogname command controls where we write the fspd pid.
|
|
pidlogname /var/run/fspd.pid
|
|
|
|
# The 'grabcommand' can turn grab command on or off.
|
|
grabcommand on
|
|
|
|
# The 'vercommand' can turn fver command on or off. All known FSP scanners
|
|
# are using this command for detection of FSP server presence.
|
|
# vercommand must be disabled for stealth operation. Yes, lamers sucks.
|
|
vercommand on
|
|
|
|
# The 'readme' commands specifies the name of the local readme file
|
|
# for each directory. If no readme command is given, the readme file
|
|
# defaults to .README
|
|
#
|
|
# readme .README
|
|
|
|
# The 'dircache' command controls how much directories listings gets cached.
|
|
dircache 100
|
|
|
|
# 'use_prebuild_dirlists' allows to load/save prebuilded directories
|
|
# listing from filesystem. It is a good idea to allow that, because it
|
|
# helps server performance. Disable it only if you dislike .FSP_CONTENT
|
|
# file in every directory.
|
|
# Do not use on Win32 system!
|
|
#use_prebuild_dirlists yes
|
|
|
|
# The 'statcache' command controls how many directories are placed into
|
|
# stat cache. Cache contains last modified time and access rights.
|
|
statcache 30
|
|
|
|
# The 'statcache_timeout' command controls how long statcache entries are
|
|
# valid before directory gets re-examined by stat()
|
|
statcache_timeout 20
|
|
|
|
# 'use_directory_mtime'. If your filesystem changes mtime when directory
|
|
# is updated, set it to YES. If set to NO, directory will be rechecked
|
|
# after statcache_timeout and dircache entry invalidated.
|
|
# Do not use on Win32 system.
|
|
#use_directory_mtime yes
|
|
|
|
# The 'filecache' command controls maximal number of open files by server.
|
|
# After this limit will be reached, server will close last recently used files.
|
|
# This do not prevent any number clients from downloading, but file for each
|
|
# request must be opened first. Setting this lowers open/close overhead.
|
|
filecache 30
|
|
|
|
# The 'dumpfile' command tells the server where to log stats on SIGUSR1
|
|
# signal.
|
|
# It can be a relative path from the fspd home directory or an absolute
|
|
# path. it must include the filename.
|
|
dumpfile /var/run/fspd.stats
|
|
|
|
# The 'logfile' command tells the server where to log things if
|
|
# logging is enabled.
|
|
# It can be a relative path from the fspd home directory or an absolute
|
|
# path.
|
|
# it must include the filename.
|
|
#
|
|
logfile ../logs/logfile
|
|
|
|
# The 'log' command specifies the type of logging that should be performed.
|
|
# The log command takes the following options
|
|
# 'none' or any of 'all', '(!)errors', '(!)version', '(!)getdir',
|
|
# '(!)getfile', '(!)upload', '(!)install', '(!)delfile', '(!)deldir',
|
|
# '(!)setpro', '(!)getpro', '(!)makedir', '(!)grabfile',(!)readonly,
|
|
# '(!)stat', '(!)rename'.
|
|
# logging of 'all' will include logging of errors.
|
|
# for example:
|
|
# log all !errors -- will log all commands sent, but no error messages.
|
|
# log all !getdir -- will log all commands except getdir and all errors
|
|
# EXCEPT those that occurred on a getdir command.
|
|
# log install getfile errors -- will log all install and getfile commands
|
|
# as well as any errors that occur on ONLY those commands.
|
|
# If no log command is given, logging will be turned of (same as 'log none')
|
|
#
|
|
log all !readonly
|
|
|
|
#The 'xferlog' command tells server where to use wuftpd compatible
|
|
#transfer log file. Loging subsystem currently do not support
|
|
#recording of partial transfers.
|
|
xferlog ../logs/xferlog
|
|
|
|
# The 'thruput' command is used to specify the maximum average
|
|
# number of bytes per second that the server will transmit. Use
|
|
# 'thruput off' to specify no through put control. A negative value or
|
|
# zero will also shut off thruput control. If this command is not given,
|
|
# it acts like 'thruput off'
|
|
#
|
|
# thruput off
|
|
|
|
# The 'setuid' command is used to specify a specific uid under which the
|
|
# FSP server will run. Use 'setuid off' or 'setuid 0' in order to not
|
|
# attempt to perform a setuid. If this command is not given, it acts like
|
|
# 'setuid off'. Using setuid enables you to run the server as a specific
|
|
# user rather than as root, you may want to do this for security reasons.
|
|
# If you do this then ensure that the user id you assign to fspd has the
|
|
# necessary permissions to read and write from the directories you have
|
|
# assigned elsewhere in this configuration file.
|
|
# YOU MUST USE NUMERIC USER UID! setuid 56
|
|
#
|
|
# setuid off
|
|
|
|
# The 'setgid' command is similar to setuid, but sets a group.
|
|
# setgid off
|
|
|
|
# The 'umask' for uploaded files. Standard octal value.
|
|
# umask 0033
|
|
|
|
# The 'serverumask' is used when creating special access files.
|
|
# serverumask 0077
|
|
|
|
# The 'daemonize' command specifies whether the fspd should fork itself into
|
|
# the background when started up. The only acceptable values are 'on' or
|
|
# 'off'. If this command isn't given, it acts like 'daemonize on'.
|
|
#
|
|
# daemonize on
|
|
|
|
# The 'debug' command specifies whether the server should write debugging
|
|
# output to stderr while it is running. The only acceptable values are 'on'
|
|
# or 'off'. If this command is never given, it acts like 'debug off'.
|
|
#
|
|
# debug off
|
|
|
|
# The 'restricted' command specifies whether the server is run in restricted
|
|
# mode. In this case, only hosts enabled via the 'host' command will be
|
|
# able to connect. The only acceptable values for this command are 'on' or
|
|
# 'off'. If the command isn't given, it acts as 'restricted off'.
|
|
#
|
|
# restricted off
|
|
|
|
# The 'reverse_name' command specifies whether the server should refuse
|
|
# connections to sites that it cannot reverse lookup, that is it cannot
|
|
# turn the dotted decimal address (1.2.3.4) into a name (a.b.com). The
|
|
# only acceptable values for this command are 'on' or 'off'. If the
|
|
# command is not given, it acts like 'reverse_name off' by default.
|
|
#
|
|
# reverse_name off
|
|
|
|
# The 'read_only' command specifies whether the server should ignore any
|
|
# commands that would cause a 'write' action on the server. The commands
|
|
# that are refused by this are upload, install, mkdir, deldir, delfile,
|
|
# and setpro. The only acceptable values for this command are 'on' or 'off'.
|
|
# If the command is not given, it acts like 'read_only off'.
|
|
#
|
|
# read_only off
|
|
|
|
# The "host" command can be used to grant or restrict access on a per host
|
|
# or per group of host basis. You can configure the server to either ignore
|
|
# particular clients, treat them as normal, or to always return a particular
|
|
# message to those hosts. Each host configuration line looks as follows:
|
|
#
|
|
# host host_mask [host_type message]
|
|
#
|
|
# host_mask is either the full numeric or text name of a machine OR
|
|
# a wildcarded host mask. Wildcarded hostmasks look as follows:
|
|
#
|
|
# 128.4.*.*-128.8.*.* -- (* acts as the range 0 - 255)
|
|
#
|
|
# The above line would affect all hosts of the form 128.4.*.*, 128.5.*.*,
|
|
# 128.6.*.*, 128.7.*.* and 128.8.*.*.
|
|
#
|
|
# Host masking is only available with numeric hosts, not with text names.
|
|
#
|
|
# host_type is one of D, I, or N :
|
|
# I hosts are ignored
|
|
# N hosts are treated as normal
|
|
# D hosts will receive the error string message given as the third parameter
|
|
#
|
|
# If host_type isn't specified, the host is treated as ignored or normal
|
|
# depending on the value of restricted.
|
|
#
|
|
# The following line allows all RDG machines (134.225.*.*) access to a site:
|
|
#
|
|
# host 134.225.*.* N
|
|
#
|
|
# ... while the following would ignore all hosts from RDG:
|
|
#
|
|
# host 134.225.*.* I
|
|
#
|
|
# ... and the following would return an error message to them all:
|
|
#
|
|
# host 134.225.*.* D Sorry You Cannot Access This Site
|
|
|
|
# The "retry" command specifies time in sec, how much time must
|
|
# pass after new packet with the old KEY from client will be accepted
|
|
# FSP protocol definition says that must be at least 3 secs, but you
|
|
# can set this to shorter time and allow faster error recovery. It is
|
|
# highly recommended to keep it at least 3 seconds.
|
|
# retry 3
|
|
|
|
# The "timeout" command specifies how much time must pass after new
|
|
# packet with wrong KEY number is accepted. FSP definition sets this
|
|
# to 60 seconds. You can set it to lower value for faster clients
|
|
# recovery (about 20 sec is fine).
|
|
|
|
# timeout 60
|