Janus FTP Server command reference: Difference between revisions
(One intermediate revision by the same user not shown) | |||
Line 87: | Line 87: | ||
<tr><th nowrap><var>SSL [</var>procfile procname | * <var>]</var></th> | <tr><th nowrap><var>SSL [</var>procfile procname | * <var>]</var></th> | ||
<td>Invoke encrypted SSL/TLS transmissions ([http://en.wikipedia.org/wiki/FTPS#Methods_of_invoking_security explicit FTPS]) and present to clients the certificate in the named file and procedure (<var class="term">procfile procname</var>), or, if <code>SSL *</code>, present a "self-signed certificate" provided by Sirius. | <td>Invoke encrypted SSL/TLS transmissions ([http://en.wikipedia.org/wiki/FTPS#Methods_of_invoking_security explicit FTPS]) and present to clients the certificate in the named file and procedure (<var class="term">procfile procname</var>), or, if <code>SSL *</code>, present a "self-signed certificate" provided by Sirius. | ||
<p> | |||
FTP client applications connecting to the port must provide the FTP <code>AUTH</code> command before login is allowed, or connection is refused. <var>SSLOPT</var>, below, loosens this requirement.</td></tr> | FTP client applications connecting to the port must provide the FTP <code>AUTH</code> command before login is allowed, or connection is refused. <var>SSLOPT</var>, below, loosens this requirement. </p></td></tr> | ||
<tr><th><var>SSLOPT</var> </th> | <tr><th><var>SSLOPT</var> </th> | ||
Line 114: | Line 114: | ||
<li>This command defines a server that supports passive transfers (only) and also offers SSL/TLS encryption | <li>This command defines a server that supports passive transfers (only) and also offers SSL/TLS encryption | ||
(<var>SSL</var> parameter identifies the file and procedure that contains the security certificate and private key; | (<var>SSL</var> parameter identifies the file and procedure that contains the security certificate and private key; | ||
<var>SSLOPT</var> parameter indicates that | <var>SSLOPT</var> parameter indicates that encrypted and non-encrypted connections are allowed). | ||
<p class="code">JANUS DEFINE FTP02 1667 FTPSERVER 2 - | <p class="code">JANUS DEFINE FTP02 1667 FTPSERVER 2 - | ||
AUDTERM PASVPORT 2000 | AUDTERM PASVPORT 2000 |
Latest revision as of 00:49, 9 March 2012
This section provides a reference for the Janus commands used to create and manipulate FTP servers.
To create a Janus FTP Server, you must specify:
- A JANUS DEFINE command to define Model 204 as a server on the TCP/IP network, set a port number to which FTP clients connect, and indicate which remote hosts can establish connections with the port. The JANUS DEFINE also can set FTP-specific options to specify additional listening-port numbers (for the additional server sockets used to handle file transfers), allow unverified users (Anonymous FTP), and name a client socket port (if needed).
- One of each of the following JANUS FTP commands to define FTP server rules:
- FTP ASSIGN to identify the Model 204 procedure files you will expose and the folder names by which those files are identified by FTP clients
- FTP ALLOW to specify users and grant access privileges to the FTP folders (may be bypassed for simple systems by specifying a default on FTP ASSIGN)
- FTP HOME to associate client users with a default folder
JANUS DEFINE for FTP
To define an FTP Server to the online, you use JANUS DEFINE with the type option FTPSERVER. This command must be issued before any other JANUS FTP commands. As with other Janus servers, the server will not be available for use until a JANUS START has been issued for it.
Syntax for JANUS DEFINE with FTPSERVER
JANUS DEFINE portname portnum FTPSERVER maxcon - [ ANONYMOUS maxanon | * ] - [ ANONUSER anonuserid ] - [ CLIENTSOCKET socketname ] - [ PASVPORT startportnum ] - [ SSL procfile procname | * ] - [ SSLOPT ] [ other_parms ]
Syntax terms
portname | The name of the FTP port being created. This name can then be referenced by Janus FTP commands, as well as other Janus commands. |
---|---|
portnum | The port number to listen on for FTP connections. In FTP terminology, this is what is referred to as the control port. |
maxcon | The maximum number of simultaneous FTP sessions supported by this server. |
ANONYMOUS [maxanon | *] | Indicates that anonymous access is permitted. It must be followed by a number (maxanon) or an asterisk (*):
If the ANONYMOUS parameter is not specified, no anonymous access is permitted.
If anonymous access is permitted, the default name of the anonymous
user is The FTP Server does not attempt to verify an anonymous user password, but you must specify FTP HOME and FTP ALLOW rules for ANONYMOUS. |
ANONUSER user | Lets you change the name of the anonymous user. It may be specified only if ANONYMOUS is also specified. user must be ten characters or less. |
CLIENTSOCKET socketname | Names the client socket port to use to open connections back to the FTP client, if the client requests active file transfers.
On active transfers, the FTP server is required by the protocol to open a client connection back to a server port opened by the FTP client. If this parameter is not specified, active file transfers are not permitted on this FTP server port. The name is not validated when the DEFINE command is issued, but when an active transfer is attempted. |
PASVPORT startportnum | The first port number to use for passive sockets. For passive file transfers, an FTP server opens an additional server socket, to which the client is requested to connect for data transfers. Each such socket needs a port to listen on. For any given FTP server, a block of maxcon port numbers starting at startportnum is used for passive file transfers.
If PASVPORT is not specified, its default is 5000. If it is specified, the value must be at least 1000 and no greater than 32K. |
SSL [procfile procname | * ] | Invoke encrypted SSL/TLS transmissions (explicit FTPS) and present to clients the certificate in the named file and procedure (procfile procname), or, if SSL * , present a "self-signed certificate" provided by Sirius.
FTP client applications connecting to the port must provide the FTP |
SSLOPT | Meaningful only if the SSL parameter is also specified, SSLOPT makes SSL/TLS encryption optional for clients using the port. If SSLOPT is specified, the port's connections, by default, are not encrypted. If no AUTH command is appropriately provided by the client, the client can still connect but without encryption. But if an appropriate AUTH command is provided, SSL/TLS encryption is applied. |
other-parms | One or more of the other options that are valid for a JANUS DEFINE that creates a Janus server socket port, with the exception of OPEN, CMD, NEWSESOPEN, and NEWSESCMD.
Note: If you specify XTAB (a translate table, described in XTAB) the table you indicate is used on all file transfers initiated on this server, including active transfers done with a client socket port. |
Examples
- The following JANUS DEFINE commands specify FTP Servers.
- This command defines a server with control port 1666 that is supportive of
active and passive transfers:
JANUS DEFINE FTP01 1666 FTPSERVER 8 - AUDTERM - XTAB FTP.X - ANONYMOUS 1 ANONUSER MOE - CLIENTSOCKET FTPDTP - BINDADDR 198.242.244.47 - TRACE 8
- This command defines a server that supports passive transfers (only) and also offers SSL/TLS encryption
(SSL parameter identifies the file and procedure that contains the security certificate and private key;
SSLOPT parameter indicates that encrypted and non-encrypted connections are allowed).
JANUS DEFINE FTP02 1667 FTPSERVER 2 - AUDTERM PASVPORT 2000 SSL JANSSL MYCERT SSLOPT
- This command defines a server with control port 1666 that is supportive of
active and passive transfers:
- The following JANUS DEFINE specifies the client socket for active transfers
for the first FTP server defined above, and it shows that socket's definition:
JANUS DEFINE FTPDTP * CLSOCK 5 REMOTE * * - SOCKPMAX 5 - TRACE 8 JANUS CLSOCK FTPDTP ALLOW
JANUS DISPLAYSOCK for FTP
If JANUS DISPLAYSOCK is issued for an FTP port, in addition to its usual output, it displays the FTP entities defined for the port. These include folders created with FTP ASSIGN and rules set up with FTP ALLOW, FTP HOME, FTP ON, and FTP SUFFIX.
For example, here is sample output from issuing JANUS DISPLAYSOCK output for the FTP Server defined in "A simple anonymous FTP Server":
JANUS DISPLAYSOCK FTPANON Folders: /PUB maps to file: FTPTEST prefixed, separator=/ Permissions: The Anonymous user can READ /PUB User MOE can WRITE /PUB Home folders: The Anonymous user has home: /PUB User MOE has home: /PUB Suffixes: ... None Overrides: ... None
JANUS FTP
The JANUS FTP command defines the rules for a Janus FTP Server running on a Janus Sockets FTP (FTPSERVER) port. These rules primarily control access to the files exposed by the FTP server.
JANUS FTP command syntax
JANUS FTP portname rule_type other_parameters
The first two parameters are positional and are required:
portname | The name (thirty characters or fewer) of the FTP port, or a pattern specifying a set of ports, for which the rule is being defined. Wildcards are allowed. The Janus definition of the port or ports must include the FTPSERVER parameter. | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
rule_type | The rule_type specifies the sort of rule being specified for the port(s).
Valid rule_types are:
| ||||||||||||||
other_ parameters | The additional parameters allowed for the JANUS FTP command depend on the rule_type that is specified. The various rule types and their parameters are described in the following alphabetically ordered sections. |
You must specify at least three JANUS FTP commands — one each of FTP ASSIGN, FTP ALLOW, and FTP HOME — and it typically takes a set of JANUS FTP commands to fully specify the rules for an FTP server port. For instance, it may take a number of commands to specify the folders that are available for access, the users that may connect, and the privileges and home folders of the users.
In practice, the first of the JANUS FTP commands to issue is FTP ASSIGN.
JANUS FTP ALLOW
This command is used to grant user access to a folder in addition to any access granted via a DEFAULTPRIVS parameter on the FTP ASSIGN for the server port.
JANUS FTP ALLOW command syntax
JANUS FTP portname ALLOW foldername READ | WRITE - TO [USER user] | [USGROUP usgroup] | ANONYMOUS | ALL
Syntax terms
portname | Must be a previously defined Janus FTP Server port. | ||||||||
---|---|---|---|---|---|---|---|---|---|
foldername | A folder previously created with JANUS FTP ASSIGN. | ||||||||
READ or WRITE | The folder access privileges being granted.
One of these must be specified:
| ||||||||
TO | To whom access is being granted to foldername.
One of these options must be specified, and only one of these per folder may be issued. To modify an earlier ALLOW rule, first use FTP DISALLOW.
|
Examples of valid FTP ALLOW commands follow:
JANUS FTP FTP01 ALLOW /ANON READ TO ANONYMOUS JANUS FTP FTP01 ALLOW /GLWHOME WRITE TO USER GLW JANUS FTP FTP01 ALLOW /ALL READ TO ALL JANUS FTP FTP01 ALLOW /GLWHOME READ TO USGROUP FTP
For more information about folder access, see "Folder security".
JANUS FTP ASSIGN
This command creates an FTP folder for a previously defined FTP port. For more information about folder creation, see "Folder mapping".
JANUS FTP ASSIGN command syntax
JANUS FTP portname ASSIGN foldername - [ TO FILE filename ] - [ DEFAULTPRIVS READ | WRITE ] - [ PREFIX [. | /] ]
Syntax terms
portname | Must be a previously defined Janus FTP Server port. |
---|---|
foldername | The name of the FTP folder being created. For more information about naming rules, see "Folder names". |
TO FILE filename | The Model 204 procedure file being associated with foldername. |
DEFAULTPRIVS | The privileges a user gets unless a JANUS FTP ALLOW rule gives them greater access. If DEFAULTPRIVS is not specified, no access is permitted except that granted by FTP ALLOW rules. Default privileges do not apply to ANONYMOUS access. Any ANONYMOUS access must be granted with an FTP ALLOW rule. The privileges allowed are READ and WRITE, one of which must be specified, as discussed in JANUS FTP ALLOW. |
PREFIX | Invokes prefixing for this folder, as described in "Prefixing". Files uploaded to this folder by FTP clients are stored with the name of the folder prefixed to the filename. File MYFILE uploaded to folder ANNUAL becomes procedure /ANNUAL/MYFILE .
PREFIX may be be followed by a "prefix character" — forward slash ( / ) or period (.) — which is used as the separator in folder names. The default is a forward slash. Note: The characters in the prefix string are added to and do increase the length of the procedure name, whose Model 204 limit is 255. |
You can dynamically assign folders once a port is started, but you may not issue multiple ASSIGN commands for the same folder. To reassign a folder, you must first remove the assignment using JANUS FTP DEASSIGN). You may not deassign a folder once a port is started, however; in this case, you must first drain the folder using the JANUS DRAIN command.
If you use a single JANUS FTP ASSIGN to create a folder such
as /A/B/C
, the following FTP change directory command works as expected:
cd /A/B/C
However, you cannot use cd
to move to the
intermediate folder levels /A
and /A/B
, unless each of these levels is also
defined with an individual JANUS FTP ASSIGN command.
In addition to defining /A
, /A/B
, and /A/B/C
as three separate folders with three ASSIGN commands, allowing navigation to all three levels also requires granting at least READ access at each level.
The following statements create this three-level folder structure:
JANUS FTP FTPJ1 ASSIGN /A TO FILE JPROC DEFAULTPRIVS READ JANUS FTP FTPJ1 ASSIGN /A/B TO FILE JPROC DEFAULTPRIVS READ JANUS FTP FTPJ1 ASSIGN /A/B/C TO FILE JPROC DEFAULTPRIVS READ
The statements above create three folders that point to the same underlying procedure file. FTP clients will display and be able to navigate up and down this directory tree. In this case, however, clients will see the same procedures at any folder level they view. You can adjust this outcome by adding prefixing to the assignments:
JANUS FTP FTPJ1 ASSIGN /A TO FILE JPROC - DEFAULTPRIVS READ PREFIX JANUS FTP FTPJ1 ASSIGN /A/B TO FILE JPROC - DEFAULTPRIVS READ PREFIX JANUS FTP FTPJ1 ASSIGN /A/B/C TO FILE JPROC - DEFAULTPRIVS READ PREFIX
As a result:
- The names of all files uploaded to these FTP server folders are prefixed
with the name of the folder to which they are uploaded.
The
INFO
file uploaded to folder/A/B/C
is stored as/A/B/C/INFO
. - To clients, a display of the list of the files in any folder contains
only the files that are prefixed with that folder name.
Note: Such a display may also include files that belong to a subfolder: for example, the
/A/B/C/INFO
file will be displayed in a list of the files in folder /A as/A/B/C/INFO
, in a list of the files in folder B/ as/B/C/INFO
, and in a list of the files in folder C/ as/C/INFO
.
An alternative to prefixing in this case is to assign each folder to its own procedure file, as shown below. Then a display to a client of the list of the files in any folder contains all the files that are stored in that procedure file, without regard for prefixes, if any, or for how the files got there:
JANUS FTP FTPJ1 ASSIGN /A TO FILE JPROC1 DEFAULTPRIVS READ JANUS FTP FTPJ1 ASSIGN /A/B TO FILE JPROC2 DEFAULTPRIVS READ JANUS FTP FTPJ1 ASSIGN /A/B/C TO FILE JPROC3 DEFAULTPRIVS READ
Of course, in all the examples above, you can use FTP ALLOW commands (along with or in place of the DEFAULTPRIVS parameter of FTP ASSIGN) to diversify user access. For example:
JANUS FTP FTPJ1 ASSIGN /A TO FILE JPROC1 DEFAULTPRIVS WRITE JANUS FTP FTPJ1 ASSIGN /A/B TO FILE JPROC2 DEFAULTPRIVS READ JANUS FTP FTPJ1 ASSIGN /A/B/C TO FILE JPROC3 DEFAULTPRIVS READ JANUS FTP FTPJ1 ALLOW /A/B WRITE TO USGROUP DEV JANUS FTP FTPJ1 ALLOW /A/B/C WRITE TO USER SUPER
A benefit of predefining a folder tree like /A
, /A/B
, and /A/B/C
is that, by making the folder names match the names of the directories on your workstation,
you can then upload entire directories and subdirectories in one request, if your FTP client permits.
The Janus FTP Server does not currently support client requests to
create (or delete or rename) a folder, so the required
directry/subdirectory structure must preexist on the server
before a client can upload files arranged in such a structure.
JANUS FTP DEASSIGN
This command removes an existing FTP folder from a Janus FTP port.
JANUS FTP ASSIGN command syntax
JANUS FTP portname DEASSIGN foldername
Syntax terms
portname | Must be a previously defined Janus FTP Server port. |
---|---|
foldername | A folder previously created with JANUS FTP ASSIGN. |
Usage notes
Once an FTP Server port is started, no FTP DEASSIGN commands may be issued for it; the port must first be drained (using JANUS DRAIN).
A folder may not be removed with DEASSIGN if it is referred to by FTP ALLOW, FTP HOME, or FTP ON rules.
Example FTP DEASSIGN commands follow:
JANUS FTP FTP04 DEASSIGN /TEMPAREA JANUS FTP FTPANON DEASSIGN /JUNK
JANUS FTP DISALLOW
This command revokes folder access rights that were previously granted using JANUS FTP ALLOW.
JANUS FTP DISALLOW command syntax
JANUS FTP portname DISALLOW foldername - TO [USER user] | [USGROUP usgroup] | ANONYMOUS | ALL
Syntax terms
portname | Must be a previously defined Janus FTP Server port. | ||||||||
---|---|---|---|---|---|---|---|---|---|
foldername | A folder previously created with JANUS FTP ASSIGN. | ||||||||
TO | Specifies whose access to foldername is to be taken away.
Users not previously specified by FTP ALLOW are ignored. One of these options must be specified:
|
An example DISALLOW command follows:
JANUS FTP FTP01 DISALLOW /PUB0 TO USER XXXX
JANUS FTP HOME
This command identifies the folder where an FTP user is placed when they log in. Home folders are described further in "Home folders".
JANUS FTP HOME command syntax
JANUS FTP portname HOME foldername - TO [USER user] | [USGROUP usgroup] | ANONYMOUS | ALL
Syntax terms
portname | Must be a previously defined Janus FTP Server port. | ||||||||
---|---|---|---|---|---|---|---|---|---|
foldername | A folder previously created with JANUS FTP ASSIGN. | ||||||||
TO | The TO clause identifies for whom a home folder is to be set up.
One of these options must be specified:
|
Note: All Janus FTP Server users must have a home folder assigned.
When a user logs in, the JANUS FTP HOME commands for the port are used as a rule set to select a home folder. The following steps are then applied to the home rule set to determine a home folder:
- If the user is ANONYMOUS and there is an ANONYMOUS entry, use it; but if there is no ANONYMOUS entry, reject the login.
- If the user is not ANONYMOUS, do the following:
- If an FTP HOME rule specifies the user on a USER clause, use that folder.
- If no USER clause matches, but the user is in a group specified in an FTP HOME rule USGROUP, use that folder.
- If no USGROUP group contains the user, but an ALL rule is present, use that folder.
- If no FTP HOME rule matches, the login is rejected.
Example FTP HOME commands follow:
JANUS FTP FTP01 HOME /GLW2HOME TO USER GLW2 JANUS FTP FTP01 HOME /ALL TO ALL JANUS FTP FTP01 HOME /GLWHOME TO USGROUP FTP
JANUS FTP ON
This command lets you override the default processing of an FTP operation (service command) with your own version. For additional information about writing JANUS FTP overrides, see "Overriding FTP protocol commands".
JANUS FTP ON command syntax
JANUS FTP portname ON foldername | * - STOR | RETR | LIST | RNTO | DELE - [OPEN fg [[AND fg] ...]] CMD cmd [[AND cmd] ...] | DEFAULT
Syntax terms
portname | Must be a previously defined FTP Server port. | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
foldername | A folder previously created with JANUS FTP ASSIGN. If an asterisk (*) is specified instead of a folder name, the override is used for all folders on the port. | ||||||||||||
STOR | RETR | LIST | RNTO | DELE | Names the operation being overriden (one of the following must be selected).
For a list of all the FTP commands supported by Janus FTP, including those not available for override, see "Supported FTP protocol commands".
| ||||||||||||
fg | Lists one or more files or groups to open before the commands specified on the CMD clause (see below) are run.
If you specify multiple files or groups, they must be separated by AND keywords.
Each fg term has the following format, where you can specify individual open privileges (which default to [FILE | GROUP] fgname [[WITH] privs] | ||||||||||||
CMD cmd | Lists one or more Model 204 commands to execute to perform the override.
If more than one is specified, they must be separated by AND keywords. Any command that contains blanks must be enclosed in quotes. The total length of commands plus one overhead byte per command may not exceed 255 bytes. | ||||||||||||
DEFAULT | Resets any previous FTP ON for the folder,
restoring the default handling of the operation specified in that ON rule. In short, to reverse an ON, use DEFAULT. Note: For a given operation and folder, any previous ON rule must be be turned off with DEFAULT before a new FTP ON is issued. |
Example FTP ON commands follow:
JANUS FTP FTP05 ON /SPLAT STOR - OPEN FTPTEST WITH X'BFFF' CMD 'I POV.STOR' JANUS FTP FTP05 ON /SPLAT LIST - OPEN FILE FTPTEST CMD 'I POV.LIST' JANUS FTP FTP05 ON * LIST CMD 'SUB1'
JANUS FTP SUFFIX
This command lets you specify any file types that a Janus FTP Server should treat as text data for storage and translation purposes (even if received under BINARY transfer mode). This permits Janus FTP to work with those FTP clients that incorrectly send all files in BINARY mode, even those that are text data.
JANUS FTP SUFFIX command syntax
JANUS FTP portname SUFFIX suffix [TEXT | DEFAULT]
Syntax terms
portname | Must be a previously defined Janus FTP Server port. |
---|---|
suffix | A file-type suffix that ends a procedure name (preceded by a period in the procedure name). Forexample, you use HTML to match procedures whose names are of form WHATEVER.HTML . |
TEXT | Procedures with names ending in suffix will be handled as text data (not binary), even if the FTP transfer mode is BINARY . |
DEFAULT | Restores the default behaviour (no special handling); can be used to turn off a previously issued FTP SUFFIX command. |
The FTP protocol is based on the assumption that the FTP client will toggle between ASCII and BINARY mode as needed based on the type of the file. It is the client's responsibility to select the proper file transfer mode. Some (poorly behaved) FTP clients, however, send all files in BINARY mode.
Janus FTP Server uses base64 encoded format to store
files that are uploaded (FTP put
or stor
)
in BINARY FTP mode (type I).
The FTP SUFFIX command is used to prevent text file types from being
stored in base64.
Janus file storage formats are described further in the Janus Web Server documentation.
Example FTP SUFFIX commands follow:
JANUS FTP FTP01 SUFFIX HTML TEXT JANUS FTP FTP01 SUFFIX XML TEXT JANUS FTP FTP01 SUFFIX FOO DEFAULT
See also
The following topics complete the description of Janus FTP Server support: