.de title .ce \&\\fB\\$*\\fP .in 2 .. .de section .in 0 \&\\fB\\$*\\fP .in 2 .. .de subsection .in 2 \&\\fB\\$*\\fP .. .de item .br .in +2 \&* \\$* .in -2 .. .de litem .item \\$* .in +10 .. .de elitem .in -10 .. .de email .ie "\\*(.T"html" .ds em (\\$1 at \\$2) .el .ds em \&<\\$1@\\$2> \&\\*(em\\# .. .de shell .br \%> \\$* .br .. .pl -4 .ad b .title README This file contains general, compile time and programming information about moftpd. For runtime information refer to the manpages moftpd(8) and moftpadmin(8). For runtime configuration options refer to moftpd.conf.dist. .section COPYRIGHT NOTICE moftpd is copyrighted (c) 2002-2004 by Pelle Johansson .email morth morth.org \. All rights reserved. Usage and distribution of moftpd is subject to the GNU GPL. .section SUPPORTED PLATFORMS moftpd is currently developed on these platforms: .item Mac OS X 10.3 / Darwin 7 These are the only two platforms I currently have access to. It has also been compiled on these platforms: .item NetBSD 1.6 .item RedHat 7.3 .item SunOS 5.8 .item Debian "unstable" as of 2003-09-18 It is highly likely that it will compile on many Unix like platforms as there's nothing magic in the code. There might have to be some #defines added though. If you have compiled and run moftpd on any platform except those listed above or an older version, feel free to contact me at .email morth morth.org \. .section INSTALLATION .subsection Getting moftpd The latest release of moftpd can be found at ftp://ftp.morth.org/moftpd/. .subsection Required software moftpd requires the following software to build: .item A C compiler. .item make. Most versions should work. .item perl (5.something most likely) .item bison or yacc All of these should be included or easily added to most operating systems. If you plan to edit the code, you also want: .item mkdep .item GNU autoconf 2.5 or higher .subsection Optional software moftpd uses these optional software if found: .item OpenSSL .item PAM .item MySQL .subsection Configuration moftpd uses GNU autoconf to find out information about the build environment. Simply run the configuration script by typing .shell ./configure Normally you shouldn't have to give any extra arguments, moftpd will enable all features it can find. Just make sure your LIBRARY_PATH and CPATH or similar are properly setup to find everything (in particular, the mysql library might be in weird locations). At the end of the configure script you'll see the result. To see detailed syntax about how to use the configure script, type .shell ./configure --help If you wish to, you can build moftpd in a different directories from the sources. To do that just create and stand in that dir and type .shell path/to/moftpd-sources/configure instead. .subsection Building To build moftpd after configuration simply type .shell make moftpd will build with both BSD and GNU make, even from different directories. .subsection Installation To install moftpd type .shell make install as the superuser. If you plan to use moftpd as your primary ftp server you also need to edit your startup script or inetd.conf to run moftpd instead of your normal ftp server. moftpd will install into the location(s) given to the configure script (default /usr/local). .section PAM SUPPORT Starting with version 1.2, moftpd support PAM. However it still also uses its own permissions system. That means that in addition to a successful PAM authentication, AllowLogin (or AllowSecLogin) must be true. Also, there's several things that's not checked with PAM: .item Anonymous users. .item Users with passwords provided in the moftpd config file or by SQL. .item Logins by certificate. PAM credentials and sessions are still used for these as well though. For logins that are checked with PAM, MaxLoginAttempts is ignored. moftpd trusts PAM to indicate too many tries. See docs/moftpd.pam for an example PAM file. .section SQL SUPPORT moftpd now supports SQL (only MySQL so far). This is done by performing a select query for users and directory access upon login. See moftpd.conf.dist for more information. .section REMOTE ADMINISTRATION There is some support for remote administration. This is all done by the SITE ADMIN command. The syntax is identical to that of moftpadmin (except -f) so se moftpadmin(8) for more information. .section UTF-8 AND THE NATIVE CHARSET moftpd is a UTF-8 enabled ftp server. That means it will talk in UTF-8 with it clients and will use the UTF-8 encoding when creating new files and folders. However, not all clients will talk UTF-8 with the server, and not all filesystems are UTF-8 encoded. When moftpd receives a pathname from the client, it first checks that raw pathname vs the filesystem. If the path is not found, it then checks UTF-8 NFC, UTF-8 NFD and the native charset, in that order. If none is found (when creating a new file/dir for example) UTF-8 NFC is used. When a path is printed to the client it's always transformed into UTF-8 NFC, if possible. If you give the configure script the --without-native-charset option, moftpd will not be able to convert non-UTF-8 strings into UTF-8 or vice versa. These will then be used/printed without translation. It will still convert UTF-8 strings to and between NFC and NFD. .subsection Adding a charset Adding a new charset is pretty straight forward. Simply create a file in the utf8fs/charsets/ subdirectory. Take a look at iso8859-15 for syntax. The first field is the Unicode character. The following is the byte sequnce that generates it. There can only be a single sequence for each unicode character, but there's a workround for this: In the file nfcTable, create a unicode character above 10FFFF (the first field), and map it to the real character. You can also map native bytes to sequences of unicode characters this way (but use a single character if there is one). .section LOCALISATION moftpd supports the LANG command to set the language on the server replies. It does this by scanning a file for the english text and returning the localised version instead. System errors will be localised automatically if the OS supports it, otherwise they will (probably) be English. .subsection Adding a locale You add a new locale by creating a new file in the locale/ subdirectory named the encoding name in lower case (for exampel en-us) plus the ending .loc. The first 3 bytes should an UTF-8 bom to help file editors recognise it as UTF-8. The rest is simply the English reply message (a format for printf() actually), the string "\ =>\ " (without quotes), and the replacement string which is ended by a newline. Remember to make your replacement string UTF-8. The list of all current replies should be in the locale/messages file. If you skip to add a message, the English text will be used. Any line not containing "\ => \" will be considered a comment. If you're using emacs and it won't recognise your file as UTF-8 by default, type C-x c, select utf-8 and then type C-x C-f. .section SECURING FTP moftpd supports the TLS FTP extension as per defined in draft-murray-auth-ftp-ssl-15.txt. With a complient client, you can secure both the control and the data connection. You can also put restrictions on the protection level required on a directory/file level. See the sample configuration file for more information. .subsection Finding trusted certs This applies to OpenSSL only. For gnutls all valid certificates in the TrustedCertsDir are trusted. For OpenSSL, when a client certificate is received, the file name for the CA is looked up by its hash value. That means you need to create a symlink (or copy, or hardlink) to that value. The hash value can be found using the openssl command tool. For example my CA is in the file morth.org.ca.pem, so I type .shell openssl x509 -in morth.org.ca.pem -noout -hash to find out the hash value, ba3a2789. Then I symlink .shell ln -s morth.org.ca.pem ba3a2789.0 Now moftpd can find the CA. The .0 is for when several certificates have the same hash value. OpenSSL checks for .0, .1 and so on. .section MODIFYING MOFTPD If you are going to make more than minor changes to the moftpd source, you'll want to run .shell make depend to create the source/header dependencies. mkdep is required for this to work. I also recommend you run configure like this: .shell ./configure CFLAGS='-g -Werror -DDEBUG' .subsection Submitting patches If you want your patch to go into the official moftpd send them to .email moftpd-bugs lists.morth.org \. However, I can only accept patches if you are willing to give me complete copyright of their content. Please provide a written statement that this is the case. I have no intension to stop giving out moftpd under the GNU GPL, but I've seen several examples of code with too many copyright holders to be usable, and wish to avoid that.