The access to FTP resources is based on:
Authentication of the user in the Users table;
Creation of a virtual path in the FTP Virtual Roots Path table;
Creation of an access rights for that virtual Path in the FTP Virtual Paths Access Rights table.
Users can access to FTP
server only if they're enabled to FTP service (parameter
FTP
set to YES
).
[17:13:00] ABILIS_CPX:d user
- Not Saved (SAVE CONF) -------------------------------------------------------
------------------------+-------------+----------------------------------------
USER PWD ACT|CTIP CLUS |CHAT LDAP PPP FTP HTTP MAIL IAX SIP VO
------------------------+-------------+----------------------------------------
admin *** YES # # YES YES YES YES YES NO NO NO NO
ftpuser *** YES # # NO NO NO YES NO NO NO NO NO
guest NO # # NO NO NO NO NO NO NO NO NO
Type the command d user:<user> to show the detailed user configuration parameters.
[17:13:05] ABILIS_CPX:d user:ftpuser
Parameter: | Value:
--------------------+----------------------------------------------------------
USER: ftpuser
REAL-NAME: ftpuser
ID: 7 <Read Only>
PWD: ***
ACT: YES
CP-LEVEL: NO
SSH-IP-PERMIT: *
TELNET-IP-PERMIT: *
CTI-ROLE: EXTENSION
GROUP:
CTIP: #
CTIP-CDI-PERMIT: *
CLUS: #
CLUS-CDI-PERMIT: *
ADDRBOOK-SYNC: SYS
ADDRBOOK-NUMBER: AUTO
ADDRBOOK-OUTDIAL: NONE
ADDRBOOK-PRIV-MAX: SYS
ADDRBOOK-PUB-EDITABLE:SYS
IO-MAP: #
OPC-ROLE: USER
OPC-VIEW: *
OPC-HIDE-NUMBERS: NO
OPC-MONITOR: SIP
OPC-PRIVACY: NO
CHAT: NO
CHAT-USER: SYS
CHAT-PWD: SYS
FTP: YES
FTP-HOMEDIR:
FTP-PROT: PLAIN,SSL
-------------------------------------------------------------------------------
Meaning of the parameters:
FTP
Enable/disable FTP for this user [NO, YES]. "!" means that the service is not activated due to Licence restrictions.
FTP-HOMEDIR
FTP home directory, initiating and terminated by the '/' (slash). Max 128 chars. Spaces require double quotes (E.g. "/str2 str3/")
FTP-PROT
FTP protocol [PLAIN
: not encrypted;
SSL
: encrypted]. Values can be joined using ','
character.
FTP Virtual Paths Table specifies the association between virtual paths and their respective physical paths.
Virtual paths can be added/set/displayed/cleared with the commands:
a/s/d/c ftp path:<virtual path> [phys-path:<physical path>]
The whole table can be shown with the following command. By default the table contains the following entries:
[17:16:13] ABILIS_CPX:d ftp path
Parameter: | Value:
------------+------------------------------------------------------------------
PATH: /pub/
PHYS-PATH: C:\USR\PUB\
-------------------------------------------------------------------------------
PATH: /pub2/
PHYS-PATH: D:\USR\PUB\
-------------------------------------------------------------------------------
PATH: /usr/
PHYS-PATH: C:\USR\
-------------------------------------------------------------------------------
PATH: /usr2/
PHYS-PATH: D:\USR\
-------------------------------------------------------------------------------
To show a specific path:
[17:25:52] ABILIS_CPX:d ftp path:/pub/
Parameter: | Value:
------------+------------------------------------------------------------------
PATH: /pub/
PHYS-PATH: C:\USR\PUB\
-------------------------------------------------------------------------------
Meaning of the parameters:
PATH
Specifies a virtual directory path with UNIX notation. Virtual path
/
needs not to be specified because
/
does never refer to physical path, it is only
the “container” of virtual paths. Max 32 chars.
Spaces require double quotes (E.g. "/My dir/")
PHYS-PATH
Physical path. Full path with drive letter ['C'..'Z'] terminated by '\'. Max 128 chars. Spaces require double quotes (E.g. "C:\My dir\").
This table specifies the associations between virtual paths, users and their respective access rights.
Access rights for a specific virtual path can be added/set/displayed/cleared with the following commands.
Adds the path only.
Adds user and path.
Sets rights and other parameters for an already existent user.
Deletes an existing user; if the user is the last one the path isn't deleted.
Displays rights summary.
Displays rights for a specific path.
Displays rights that a user has on all paths; the paths for which the user isn't defined are skipped.
An example of the output (by default the table contains the following entries):
[17:53:58] ABILIS_CPX:d ftp rights
-------------------------------------------------------------------------------
ID: PATH:
USER: FILE: DIR: RECUR: PROT:
-------------------------------------------------------------------------------
1 /pub/
admin rwdn lcdn YES PLAIN,SSL
anonymous r--- l--- YES PLAIN,SSL
-------------------------------------------------------------------------------
2 /pub2/
admin rwdn lcdn YES PLAIN,SSL
anonymous r--- l--- YES PLAIN,SSL
-------------------------------------------------------------------------------
3 /sysdrives/
admin rwdn lcdn YES PLAIN,SSL
-------------------------------------------------------------------------------
4 /usr/
admin rwdn lcdn YES PLAIN,SSL
-------------------------------------------------------------------------------
5 /usr2/
admin rwdn lcdn YES PLAIN,SSL
-------------------------------------------------------------------------------
The rights are split in “file rights” and
“directory rights” and are configured/viewed with two
different parameters: FILE
and
DIR
.
The syntax is:
FILE:[+|-R][+|-W][+|-D][+|-N] DIR:[+|-L][+|-C][+|-D][+|-N]
The +
sets granted right.
The -
sets denied right.
If +
or -
isn't
specified, the value +
is assumed, so it may be
omitted.
Not specified right is left unchanged.
FILE
and DIR
values do
not care about the characters' position.
FILE
and DIR
values are
case insensitive.
The following commands are equivalent:
S FTP RIGHTS PATH:/ USER:test FILE:+R+W+D+N
S FTP RIGHTS PATH:/ USER:test FILE:rwdn
S FTP RIGHTS PATH:/ USER:test FILE:NdwR
S FTP RIGHTS PATH:/ USER:test FILE:+D-N
S FTP RIGHTS PATH:/ USER:test FILE:D-N
S FTP RIGHTS PATH:/ USER:test FILE:-ND