Thecus N5200 Module: PUREFTPD
From NAS Website
Facts
Name: PUREFTPD (pure-ftpd FTP server enhancements)
Maintainer(s): Peter Futterknecht (peterfu)
Target: N5200
Latest version: 2.00.09
Depends on Module(s): none
Description
General Overview and Installation
This module comes as a ZIP compressed file with the name N5200_<modname>_<version>.zip, where <modname> is the module name and <version> is the version number of the module. While unpacking the ZIP file, a new directory N5200_<modname>_<version> containing the module and its source code is created.
The module file is called <modname>.mod and the source code is located in the directory <modname>. The source code is included for interested people and is not needed for module installation. The file Makefile can be used to rebuild the module on Linux systems.
The module is installed using the "System"->"Module Mgmt" menu in the Thecus Web Server Administration. Specify the file <modname>.mod as the module file and press "Install".
The whole installation process is logged and sent as an E-Mail if you're configured in the E-Mail notification configuration. After successful installation enable the module in order to run the module.
After uninstallation of the module, a log of the uninstall process will be send to the user(s) configured in the E-mail notification configuration. Prior uninstallation of the module, the actual configuration data is backed up to the place "/data/raid/module/backup/<modname>". When the module is installed again, the module configuration is restored from that place if available.
Module version 2.00.00
The pure-ftpd Server is part of the N5200 FW. However it lacks some functionality in the original shipped version. Please check before installing that the FTP service is enabled on Your N5200 - if not the module will not work after a reboot, caused due to the way the N5200 handles this situation during startup. The module defaults after enabling to disable anonymous ftp access, so if You want to enable it again, You may do this via the module property page.
On the module property page, you can do this:
- See a short module description.
- View actually active ftp sessions
- View, Download and Clear the ftp log file
- Disable/Enable Anonymous ftp access
There are a view issues in this version:
- the first time view of the active connection works sometimes only if at least one ftp connection was made before (seems this is a bug in the pure-ftpwho executable which is used)
- enabling the module works, even if the ftp-service is disabled
- if you disable the module and you want to use the standard ftp service, then you have to disable/enable it (or reboot after disabling the module)
Module version 2.00.01
This version contains some fixes and a lot of new settings for the FTP Server.
Fixes:
- enabling the module fails, if the ftp-service is disabled
- disabling the module starts standard ftp-service, if enabled
- for mail sending the domain name ist used instead of the hostname
New Functions:
- Log file is backed up at uninstallation and restored at installation
- Filters can be set for log file viewing
- additional settings on module property page
- Allow only Anonymous access but no directory creation
- Allow only anonymous access and may create directories
- Anonymous allowed, but no directory creation
- Set maximum number of connections (default is 50)
- Set maximum Clients per IP (default is unlimited)
- Disallow File renaming, however file overwrite is still possible
- Disallow Upload of anonymous users
- Set maximum Idle Time in Minutes (default is 15)
- force active mode (use only if passive mode is not working behind a router or firewall)
- force IP or Hostname send
- limit bandwith for anonymous users in KB/s
- limit bandwith for users in KB/s <upload> <download>
- ignore parts of RFC
Please read the pureftpd_README.txt (original README of the purftpd package) which is included in the zip file for a more detailed description of the different parameters.
Open Issues:
- the first time view of the active connection works sometimes only if at least one ftp connection was made before (seems this is a bug in the pure-ftpwho executable which is used)
- the following issues are due to N5200 Firware and can't be fixed
- if module is enabled and the standard FTP service is disabled also the module stops, but can't be seen as disabled
- if module is enabled and standard FTP service is disabled and enabled again, the module is not running (disableing/enabling the module or a reboot fixes this)
Module version 2.00.02
Changed module e-mail notification to use new introduced from field in FW Version 1.00.10 and read out the from adress from the configuration database.
Module version 2.00.03
Fixes:
- wrong parameter settings for user badnwidth in module.rc
- don't display log file lines leaded with a #
New Functions:
- Possibility to define portrange for passive mode
Module version 2.00.04
Changes:
- recompiled for usage with TLS and dynamic linking
(Note : Webinterface for TLS handling not implemented now, if option is manually added then the key file has to be added manually and has to be :/raid/data/module/PUREFTPD/system/etc/pure-ftpd.pem )
- some minor bug fixes in php code
Added:
- set/unset chroot everyone but root (default is switched on in module and N5200 FW)
- FXP settings (not allowed, for users allowed, for everyone allowed)
Module version 2.00.05
Fixes:
- correct typo error in module.rc for FXP settings
Module version 2.00.06
Fixes:
- correct start up procedure, cause boot scripts from the standard ftp server stopped the module ftp server and started the standard one
Due to this fix the Staus-> System Page now shows the FTP Server as stopped, even if the module ftp server is running.
ATTENTION : please don't use prior versions of the module with FW 2.00.04 due to the above described issue (may be also an issue with FW 2.00.01)
Module Version 2.00.07
NOTE : from this version on the standard FTP Service on the N5200 has to be disabled !!!! otherwise the module can't be enabled
Changed:
- standard FTP Service on N5200 has now to be disabled befor enabling the module (this was necessary cause the authentification used is a different now)
Added:
- added Port option
- added Encode Option
- possibility to define for each user a home directory (if no home directory is defined, then the standard one - /raid/data/ftproot - is used)
- The syntax of the definition file must be
- user:homedir:any text
- The first 2 fields are mandatory, all field delimiters must be here, even if the 3rd filed ist empty
- If the syntax is not correct or the home dir is not existing no ftp login will be possible
- example:
- USER:/raid/data/USER:
- or
- USER:/raid/data/USER:private area of USER
- Some Hints to usage of Home dirs:
- Private and public home dirs:
- defining home dirs and acess to public areas at the same time requires
- to manually create links from the users home dir to the public area
- if a user has his home dir in /raid/data/USER and a public area is
- /raid/data/PUBLIC then following has to be done via commandline:
- Login via ssh (SSHD and SYSUSER module is required) and do following commands
- cd /raid/data/USER
- ln -s /raid/data/PUBLIC PUBLIC
- Now a symbolic link in the users home directory is created and the user is able to change into the PUBLIC area
- To remove the link ssh to the N5200 and do following commands
- cd /raid/data/USER
- rm PUBLIC
- The symbolic link is removed and the user is not able any more to change to the PUBLIC area
- Usage of a User Top Level Folder:
- If You want to have all Your users in oner top level folder, then following is possible
- create a top level folder USERS
- give all Your users which are inside this folder the approbiate rights
- ssh to Your N5200
- create for every user in the /raid/data/User folder one directory with the command mkdir (i.e mkdir USER1 , mkdir USER2, mkdir USER3,....)
- change now the attributes of the newly created directories to 770 (i.e chmod 770 USER1, chmod 770 USER2,......)
- set now the home dir of the users to their private directory (in the module property page) (i.e USER1:/raid/data/USERS/USER1:private directory of USER1)
- now USER1 has only access to his newly created directory
- If You want to have all Your users in oner top level folder, then following is possible
- Private and public home dirs:
- Be aware, that this is only working with FTP access, so if Your users are accessing the N5200 via http or https the root directory is still /raid/data/ftproot and they have access to all folders where they have the proper ACL's. This is also not working with NFS and SAMBA.
- The syntax of the definition file must be
Module Version 2.00.07.1
This is a bug fix release and fixes a bug in the startup procedure which prevents old ftp processes to be killed during restart. If You had installed version 2.00.07 please deinstall it, reboot Your N5200 to kill old processes and install this version.
Module Version 2.00.07.2
Security fix : prevent user nobody from loging in to the ftp server (quick fix for buggy thecus login procedure)
Module Version 2.00.08
- Added TLS option.
Certificate from Thecus is used and copied upon module installation if not existing. If You want to use Your own pem file, then copy it manual to /raid/data/module/PUREFTPD/system/etc/pure-ftpd.pem (filename must be the same!!!)(upload is planned for future release)
- works only on FW 2.01.09 and greater
Module Version 2.00.08.1
some modifications in php scripts to be compatible also with new ajax interface starting with FW 3.x
Module Version 2.00.09
Works on FW 2.01.09 or greater
Planned:
- up/download key file for TLS
Added:
- Options -K, -r, -R, -L
- '-K': Allow users to resume and upload files, but *NOT* to delete or rename them. Directories can be removed, but only if they are empty. However, overwriting existing files is still allowed (to support upload resume) . If you want to disable this too, add -r (--autorename) .
- '-L <max files>:<max depth>': To avoid stupid denial-of-service attacks
(or just CPU hogs), Pure-FTPd never displays more than 2000 files in response
to an 'ls' command. Also, a recursive 'ls' (-R) never goes further than 5
subdirectories. You can increase/decrease those limits with the '-L' option.
- '-R': Disallow users (even non-anonymous ones) usage of the CHMOD command. On hosting services, it may prevent newbies from making mistakes, like setting bad permissions on their home directory. Only root can use CHMOD when -R is enabled.
- '-r': Never overwrite existing files. Uploading a file whoose name already exists cause an automatic rename. Files are called xyz, xyz.1, xyz.2, xyz.3, etc.
News
- <2007-04-01>: first public release
- <2007-04-16>: Version 2.00.01
- <2007-05-31>: Version 2.00.02
- <2007-08-10>: Version 2.00.03
- <2007-09-26>: Version 2.00.04
- <2007-12-19>: Version 2.00.05
- <2007-12-22>: Version 2.00.06
- <2008-03-24>: Version 2.00.07
- <2008-10-30>: Version 2.00.07.1
- <2009-02-22>: Version 2.00.07.2
- <2009-06-13>: Version 2.00.08
- <2009-09-22>: Version 2.00.8.1
- <2010-01-30>: Version 2.00.09
Versions
- Version 2.00.00
- Release date: 2007-04-01
- Works on firmware: 1.00.08
- Does not work on firmware: <= 1.00.07
- Download: N5200_PUREFTPD_2.00.00.zip
- Major changes: First public release.
- Version 2.00.01
- Release date: 2007-04-16
- Works on firmware: 1.00.08
- Does not work on firmware: <= 1.00.07
- Download: N5200_PUREFTPD_2.00.01.zip
- Major changes: bug fixes,new FTP Server settings
- Version 2.00.02
- Release date: 2007-05-31
- Works on firmware: 1.00.10
- Does not work on firmware: <= 1.00.08
- Download: N5200_PUREFTPD_2.00.02.zip
- Major changes: read out from adress for mail notifications from configuration database
- Version 2.00.03
- Release date: 2007-08-10
- Works on firmware: 1.00.10
- Does not work on firmware: <= 1.00.08
- Download: N5200_PUREFTPD_2.00.03.zip
- Major changes: bug fixes,new FTP Server settings
- Version 2.00.04
- Release date: 2007-09-26
- Works on firmware: >= 1.00.10
- Does not work on firmware: <= 1.00.08
- Download: N5200_PUREFTPD_2.00.04.zip
- Major changes: bug fixes in PHP code, new settings added, recompiled with TLS option
- Version 2.00.05
- Release date: 2007-12-19
- Works on firmware: >= 1.00.10
- Does not work on firmware: <= 1.00.08
- Download: N5200_PUREFTPD_2.00.05.zip
- Major changes: bug fixes in module.rc for FXP settings
- Version 2.00.06
- Release date: 2007-12-22
- Works on firmware: >= 1.00.10
- Does not work on firmware: <= 1.00.08
- Download: N5200_PUREFTPD_2.00.06.zip
- Major changes: bug fixes in module.rc for boot up procedure
- Version 2.00.07
- Release date: 2008-03-24
- Works on firmware: >= 1.00.10
- Does not work on firmware: <= 1.00.08
- Download: N5200_PUREFTPD_2.00.07.zip
- Major changes: works now with standard FTP service disabled only, new parameters, users home dirs
- Version 2.00.07.1
- Release date: 2008-10-30
- Works on firmware: >= 1.00.10
- Does not work on firmware: <= 1.00.08
- Download: N5200_PUREFTPD_2.00.07.1.zip
- Major changes: bug fix release
- Version 2.00.07.2
- Release date: 2009-02-22
- Works on firmware: >= 1.00.10
- Does not work on firmware: <= 1.00.08
- Download: N5200_PUREFTPD_2.00.07.2.zip
- Major changes: security fix
- Version 2.00.08
- Release date: 2009-06-13
- Works on firmware: >= 2.01.09
- Does not work on firmware: <= 2.00.15
- Download: N5200_PUREFTPD_2.00.08.zip
- Major changes: add TLS option
- Version 2.00.08.1
- Release date: 2009-09-22
- Works on firmware: >= 2.01.09
- Does not work on firmware: <= 2.00.15
- Download: N5200_PUREFTPD_2.00.08.1.zip
- Major changes: make webinterface compatible also to new ajax web gui
- Version 2.00.09
- Release date: 2010-01-30
- Works on firmware: >= 2.01.09
- Does not work on firmware: <= 2.00.15
- Download: N5200_PUREFTPD_2.00.09.zip
- Major changes: added options -L, -R. -r, -K