Perms.conf

From DrFTPD

Function	Path			Groups/Users
----------------------------------------------------
# who can delete any files where
delete		/site/GRP_PRE/*		=GRP 

# who can delete their own files where
deleteown	/site*			*
	
# who can upload resume where
resume		/site*			*

# who can rename any files where
rename		/site/GRP_PRE/*		=GRP =siteop

# who can rename their own files where
renameown	/site/*			=TRUSTED

# who can create directories where
makedir		/site*			*
	
# who can upload files to which directories
upload		/site/request/*		* 

# who can download files from which directories
download	/site/*			!-viewer *

# which users will be hidden from 'site who' while they are in which paths
hideinwho	/private/pre/directory*	!=siteop *
----------------------------------------------------

ex. The following denys users the ability to make a directory in the root directory.

1 upload
2 makedir
3 creditcheck
4 creditloss
5 SSL/TLS Configuration

[edit]

upload

upload /* !*

This line enables them to make directories in any other directories.

upload /*/* *

This can be repeated for other commands..

[edit]

makedir

makedir directive tells MKD which dirs users can create directories in.

So to disallow creating of directories in root directory, just add makedir / !*.

Or don't add a permission that includes /, the default permission is to not allow creation of directories. /*/* would allow creating directories anywhere, but it needs at least two / in the name, so creating in / is not allowed but creating in /incoming/ is allowed.

[edit]

creditcheck

At what ratio a user gains credits, this setting overrides the users ratio setting.

[edit]

creditloss

At what ratio a user looses credits, usually 1.0, or 0 (not at all) in the case of user having ratio 0 (leech).

[edit]

SSL/TLS Configuration

To configure SSL/TLS support, you need to generate the file drftpd.key. This is done by running genkey.sh on *nix or genkey.bat on windows on the master.

If you wish to support SSL/TLS data transfers, you need to distribute this key to all slaves.

You can enforce SSL/TLS in perms.conf using the directives userrejectsecure, userrejectinsecure, denydiruncrypted and denydatauncrypted that behave the same was as in glftpd.

Here are some examples borrowed from README.TLS in glftpd:

EXAMPLE :

not allow lamer to use TLS mode

userrejectsecure -lamer !*

allow only hoe to use insecure access

userrejectinsecure !-hoe *

you can deny unecrypted access to dirlist using denydiruncrypted and to other transfers using denydatauncrypted so :

denydiruncrypted !-idiot =IDIOTS *

denydatauncrypted !-idiot =IDIOTS *

only user idiot and group IDIOTS can get unencrypted dirlist or file transfer

basically to create 100% secure site you will want to use this setting :

userrejectsecure !*

userrejectinsecure *

denydiruncrypted *

denydatauncrypted *

to create site where people can using both noTLS and TLS connections use: userrejectsecure !*

userrejectinsecure !*

denydiruncrypted !*

denydatauncrypted !*

Retrieved from "http://drftpd.org/index.php/Perms.conf"

Perms.conf

From DrFTPD

Contents

upload

makedir

creditcheck

creditloss

SSL/TLS Configuration

Views

Personal tools

Navigation

Search

Toolbox