- Table of Contents
- Copyright
- About the Lead Authors
- About the Contributing Authors
- Acknowledgments
- Tell Us What You Think!
- Introduction
- I. Red Hat Linux Installation and User Services
- Chapter 1. Introduction to Red Hat Linux
- Chapter 2. Installation of Your Red Hat System
- Chapter 3. LILO and Other Boot Managers
- Chapter 4. Configuring the X Window System, Version 11
- Chapter 5. Window Managers
- Chapter 6. Connecting to the Internet
- Chapter 7. IRC, ICQ, and Chat Clients
- Chapter 8. Using Multimedia and Graphics Clients
- II. Configuring Services
- Chapter 9. System Startup and Shutdown
- Chapter 10. SMTP and Protocols
- Chapter 11. FTP
- Chapter 12. Apache Server
- Chapter 13. Internet News
- Chapter 14. Domain Name Service and Dynamic Host Configuration Protocol
- Chapter 15. NIS: Network Information Service
- Chapter 16. NFS: Network Filesystem
- Chapter 17. Samba
- III. System Administration and Management
- Chapter 18. Linux Filesystems, Disks, and Other Devices
- Chapter 19. Printing with Linux
- Chapter 20. TCP/IP Network Management
- Chapter 21. Linux System Administration
- Chapter 22. Backup and Restore
- Chapter 23. System Security
- IV. Red Hat Development and Productivity
- Chapter 24. Linux C/C++ Programming Tools
- Chapter 25. Shell Scripting
- Chapter 26. Automating Tasks
- Chapter 27. Configuring and Building Kernels
- Chapter 28. Emulators, Tools, and Window Clients
- V. Appendixes
- A. The Linux Documentation Project
- B. Top Linux Commands and Utilities
- C. The GNU General Public License
- D. Red Hat Linux RPM Package Listings
Configuring Your FTP Server
Although the default configuration of the FTP server is reasonably secure, you can fine-tune access rights by editing the following files:
- /etc/ftpaccess
- /etc/ftpconversions
- /etc/ftphosts
- /var/log/xferlog
With all these files, you can control who connects to your server, when they can connect, and where they can connect from. For security, you can create an audit trail of what they do after connecting. The ftpaccess file is the most significant of these because it contains the most configuration options; however, misconfiguring any of the others can lead to denied service.
Controlling Access—The /etc/ftpaccess File
The /etc/ftpaccess file is the primary means of controlling who can access your server. Each line in the file either defines an attribute or sets its value.
The following commands control access:
- class
- autogroup
- deny
- guestgroup
- limit
- loginfails
- private
The following commands control the information the server shares with clients:
- banner
- message
- readme
These commands control logging capabilities:
- log commands
- log security
- log syslog
- log transfers
The following are miscellaneous commands:
- alias
- cdpath
- compress
- tar
- shutdown
Permissions controls are set by the following commands:
- chmod
- delete
- overwrite
- rename
- umask
- passwd-check
- path-filter
- upload
Controlling User Access
The ability to control user access to your site is a critical component in fine-tuning your anonymous FTP server. The commands described in the following sections define the criteria used to determine in which group each user should be placed.
class
The class command defines a class of users who can access your FTP server. You can define as many classes as you want. Each class line comes in this form:
class classname typelist addrglob [addrglob ...]
classname is the name of the class you are defining, typelist is the type of user you are allowing into the class, and addrglob is the range of IP addresses allowed access to that class.
The typelist is a comma-delimited list in which each entry has one of three values: anonymous, guest, or real. Anonymous users are, of course, any who connect to the server as user anonymous or ftp and want to access only publicly available files. Guest users are special because they do not have accounts on the system per se, but they do have special access to key parts of the guest group. (See the description of the guestgroup command later in this chapter for additional details.) Real users must have accounts on the FTP server and are authenticated accordingly.
addrglob takes the form of a regular expression where * implies all sites. Several addrglob s can be associated with a particular class.
The following line defines the class anonclass, which contains only anonymous users:
class anonclass anonymous *
These users can originate their connections from anywhere on the network. On the other hand, this line allows only real users who have accounts on the FTP server to access their accounts via FTP if they are coming from the Local Area Network (LAN):
class localclass real 192.168.42.*
By default, Red Hat Linux calls ftpd with the –a option, which enables use of /etc/ftpaccess. This means you'll need, at a minimum, the all class definition (for real, guest, and anonymous) found in /etc/ftpaccess.
autogroup
The autogroup command provides tighter controls of anonymous users by automatically assigning them a certain group permission when they log in. The format of the autogroup line follows:
autogroup groupname class [class ...]
groupname is the name of the group to which you want the anonymous users set and class is the name of a class that is defined by using the class command. You can have multiple class entries for an autogroup. Only the anonymous users referenced in class will be affected by autogroup.
Remember, the group to which you are providing user permission must be in the /etc/group file.
deny
The deny command enables you to explicitly deny service to certain hosts based on their names, their IP addresses, or whether their hostnames can be reverse-resolved via DNS. The format of the deny command is as follows:
deny addrglob message_file
addrglob is a regular expression containing the addresses that are to be denied and message_file is the filename containing a message that should be displayed to the hosts when they connect.
The following is a sample deny line:
deny evilhacker.domain.com /home/ftp/.message.no.evil.hackers
This line displays the contents of the file /home/ftp/.message.no.evil.hackers to anyone trying to connect via FTP from evilhacker.domain.com. To deny users access based on whether their IP addresses can be reverse-resolved to their hostnames, use the string !nameserved for the addrglob entry.
guestgroup
The guestgroup command is useful when you want to provide your real users with restrictive FTP privileges. The format of the command is as follows:
guestgroup groupname [groupname ...]
groupname is the name of the restricted group (as taken from /etc/group).
When a user's group is restricted, the user is treated much like an anonymous visitor; thus, the user's account requires the same setups used for anonymous visitors. Also, the user's password entry is a little different in the directory field.
The field for the user's home directory is broken up by the /./ characters. The effective root directory is listed before the split characters, and the user's relative home directory is listed after the split characters. For example, consider the following password entry:
user1:encrypted password:500:128:User 1:/home/ftp/./user1:/bin/false
Here, /home/ftp is the user's new relative root directory (the bin, etc, pub, and lib directories are under the /home/ftp directory by default with Red Hat Linux), and /home/ftp/user1 is the user's home directory. Note that the false command is used when user1 logs in; although the ftpaccess man page documents the use of /etc/ftponly, this command will not be found with Red Hat Linux—use of the false command is considered an acceptable substitute (don't forget to put /bin/false in your system's /etc/shells file).
limit
The limit command enables you to control the number of users according to class and time of day. This is especially useful if you have a popular archive but the system needs to be available to your users during business hours. The format of the limit command is as follows:
limit class n times message_file
class is the class to limit, n is the maximum number of people allowed in that class, times is the time during which the limit is in effect, and message_file is the file that will be displayed to the client when the maximum limit is reached.
The format of the times parameter is somewhat complex. The parameter is in the form of a comma-delimited string, where each option is for a separate day. The days Sunday through Saturday take the form Su, Mo, Tu, We, Th, Fr, and Sa, respectively, and all the weekdays can be referenced as Wk. Time should be kept in military format without a colon separating the hours and minutes. A range is specified by the dash character.
For example, to limit the class anonfolks to 10 users from Monday through Thursday, all day, and Friday from midnight to 5 p.m., you would use the following limit line:
limit anonfolks 10 MoTuWeTh,Fr0000-1700 /home/ftp/.message.too_many
If the limit is reached in this case, the file /home/ftp/.message.too_many is displayed to the connecting user.
loginfails
The loginfails command enables you to disconnect clients after they've reached your predetermined number of failed login attempts. By default, this number is five; however, you can set it by using this command:
loginfails n
n is the number of attempts. For example, the following line disconnects a user from the FTP server after three failed attempts:
loginfails 3
private
You might find it convenient to share files with other users via FTP without placing the file in a 100% public place or giving these users a real account on the server. The clients use the SITE GROUP and SITE GPASS commands so they can change to privileged groups that require passwords.
To provide your FTP server with this capability, set the private flag by using this command:
private switch
switch is either YES (to turn it on) or NO (to turn it off).
Because passwords are required for these special groups, you must use the /etc/ ftpgroups file. The format of an access group in /etc/ftpgroups follows:
access_group_name:encrypted_password:real_group
access_group_name is the name the client uses to reference the special group, encrypted_password is the password users need to supply (via SITE GPASS) access the group, and real_group is the actual group referenced in the /etc/group file.
Controlling Banner Messages
The commands in this section enable you to provide messages to FTP users when they connect to your site or when they specify a special action. These commands are a great way to make your site self-documenting.
banner
The banner command displays a sign onscreen before the client provides a login and password combination. This is an important opportunity to display your server's security policies, where to upload software, and instructions for anonymous users regarding login procedures and software location. The format of this command follows:
banner path
path is the full pathname of the file you want to display. Consider this example:
banner /home/ftp/.banner
The email command specifies the site maintainer's email address. Some error messages or information requests provide this email address on demand. The default value in the /etc/ftpaccess file is root@localhost.
The format of the email command is:
email address
address is the full email address of the site maintainer.
It is recommended that you create an email alias FTP that forwards to the system administrators. Also, it's a good idea to provide this kind of information in the sign-on banner, so users know whom to contact if they cannot log in to the system.
message
The message command sets up special messages that are sent to the clients when they log in or when they change to a certain directory. You can specify multiple messages. Here's the format of this command:
message path when {class ...}
path is the full pathname to the file that will be displayed, when is the condition under which to display the message, and class is a list of classes to which this message command applies.
The when parameter should take one of two forms: either LOGIN or CWD= dir. If it is LOGIN, the message is displayed upon a successful login. If the parameter is set to CWD= dir, the message is displayed when clients enter the dir directory.
The class parameter is optional. You can list multiple classes for a specific message. This capability is useful, for example, if you want specific messages sent only to anonymous users.
The message file itself (specified by path ) can contain special flags that the FTP server substitutes with the appropriate information at runtime. These case-sensitive options are as follows:
| Option | Description |
| %T | Local time |
| %F | Free space in the partition where dir is located |
| %C | Current working directory |
| %E | Site maintainer's email address (specified by the email command) |
| %R | Client hostname |
| %L | Server hostname |
| %U | Username provided at login time |
| %M | Maximum number of users allowed in the specified class |
| %N | Current number of users in specified class |
Remember, when messages are triggered by an anonymous user, the message path needs to be relative to the anonymous FTP directory.
The default message command defined in /etc/ftpaccess is as follows:
message /welcome.msg login
No message file is defined. Use your favorite text editor to create your own welcome message and type in the following:
Welcome to %L, %U, you are %N out of %M users. It is %T.
This message will print the hostname, login name, and tell the user the user's number, along with the local time. Save the file under the /home/ftp directory. When an anonymous user logs in, the user will see this:
001 230-Welcome to thinkpad.home.org, anonymous 002 230-you are 1 out of unlimited users. 003 230-It is Thu June 29 14:27:02 2000. 004 230- 005 230- 006
readme
The readme command specifies the conditions under which clients are notified that a certain file in their current directory was last modified. This command looks like this:
readme path when class
path is the name of the file about which you want to alert the clients (for example, README), when is similar to the when in the message command, and class is the classes for which this command applies. The when and class parameters are optional.
Remember, when you're specifying a path for anonymous users, the file must be relative to the anonymous FTP directory.
Controlling Logging
As with any complex network service, security quickly becomes an issue. To contend with possible threats, you must track connections and their corresponding commands. Use the following commands to determine how much, if any, logging should be done by the server software.
log commands
For security purposes, you probably want to log the actions of your FTP users. The log commands option enables you to do this. Each command invoked by the clients is sent to your log file. The format looks like this:
log commands typelist
typelist is a comma-separated list specifying which kinds of users should be logged. The three kinds of users recognized are anonymous, guest, and real. (See the description of the class command earlier in this chapter for each user type's description.) For example, to log all the actions of anonymous and guest users, specify the following:
log commands anonymous,guest
log transfers
If you want to log only clients' file transfers (rather than logging their entire sessions with the log commands statement), use log transfers. This command's format looks like this:
log transfers typelist directions
typelist is a comma-separated list specifying which kinds of users should be logged (anonymous, guest, or real), and directions is a comma-separated list specifying which direction the transfer must take in order to be logged. The two directions you can choose to log are inbound and outbound.
For example, to log all anonymous transfers that are both inbound and outbound, use
log transfers anonymous inbound,outbound
The resulting logs are stored in /var/log/xferlog.
Miscellaneous Server Commands
The following set of commands provides some miscellaneous configuration items. Each command adds a good deal of flexibility to the server, making it that much more useful to you as its administrator.
alias
The alias command defines directory aliases for your FTP clients. These aliases are activated when the clients use the cd command and specify an alias. This capability is useful for providing shortcuts to often-requested files. This command's format looks like this:
alias string dir
string is the alias and dir is the actual directory to which the users should be transferred. The following is an example of this command:
alias orb_discography /pub/music/ambient/orb_discography
Hence, if clients connect and use the command cd orb_discography, they are automatically moved to the /pub/music/ambient/orb_discography directory, regardless of their current locations.
cdpath
Similar to the UNIX PATH environment variable, the cdpath command establishes a list of paths to check whenever clients invoke the cd command. The format of the cdpath command follows:
cdpath dir
dir is the server directory that will be checked whenever clients use the cd command. Remember, for security reasons, specify directories relative to the FTP home directory for your anonymous users. An example of the cdpath command is
cdpath /pub/music cdpath /pub/coffee
If clients type the command cd instant, the server examines the directories in the following order:
- ./instant
- Aliases called instant (for more information, see the description of alias earlier in this chapter)
- /pub/music/instant
- /pub/coffee/instant
compress
The wu-ftpd server offers a special compress feature that enables the server to compress or decompress a file before transmission. With this capability, a client who might not have the necessary software to decompress a file can still fetch it in a usable form. (For example, a file on your server is compressed using gzip, and a Windows client machine needs to get it but does not have the DOS version of gzip available.)
The compress command's format follows:
compress switch classglob
switch is either YES (to turn on this feature) or NO (to turn it off). classglob is a comma-separated list of classes to which this compress option applies.
There is, of course, a catch to using this command. You need to configure the /etc/ ftpconversions file so the server knows which programs to use for certain file extensions. The default configuration supports compression by either /bin/compress or /bin/gzip.
For more information, see "Converting Files On-the-Fly—The /etc/ftpconversions File" later in this chapter.
tar
Almost identical to the compress option, tar specifies whether the server will tar and untar files for a client on demand. The format of this command is
tar switch classglob
switch is either YES (to turn it on) or NO (to turn it off). The classglob option is a comma-separated list of classes that is specified by the tar command.
Like the compress command, this feature is controlled by the /etc/ftpconversions file. For more information, see the section on /etc/ftpconversions later in this chapter.
shutdown
The shutdown command tells the server to periodically check for a particular file to see whether the server will be shut down. By default, the RPMs you installed invoke the FTP server whenever there is a request for a connection; therefore, you don't really need shutdown. On the other hand, if you intend to change the system so the server software is constantly running in the background, you might want to use shutdown to perform clean shutdowns and to notify users accessing the site.
The format of the shutdown command is
shutdown path
path is the full path of the file that contains shutdown information. When that file does become available, it is parsed out and the information gained from it dictates the behavior of the shutdown process, as well as the behavior of the ftpshut program (discussed later in this chapter). Although there isn't any standard place for storing this file, you might find it logical to keep it in /etc/ftpshutdown with the other FTP configuration files. Make sure the file is readable by root.
The format of the file is as follows:
year month day hour minute deny_offset disconnect_offset text
year is any year after 1970; month is from 0 to 11 to represent January to December, respectively; day is from 0 to 30; hour is from 0 to 23; and minute is from 0 to 59. The deny_offset parameter specifies the time at which the server should stop accepting new connections in the form HHMM, where HH is the hour in military format and MM is the minute. disconnect_offset is the time at which existing connections are dropped; it is also in the form HHMM.
The text parameter is a free-form text block displayed to users to alert them of the impending shutdown. The text can follow the format of the message command (see the description of this command earlier in the chapter) and can have the following special character sequences available:
| Option | Description |
| %s | The time the system will shut down |
| %r | The time new connections will be denied |
| %d | The time current connections will be dropped |
Controlling Permissions
Along with controlling logins and maintaining logs, you will need to tightly control the permissions of the files placed in the archive. The following commands specify what permissions should be set under certain conditions.
chmod
The chmod command determines whether a client has authorization to change permissions on the server's files by using the client's chmod command. This command's format is
chmod switch typelist
switch is either YES (to turn it on) or NO (to turn it off). typelist is the comma-separated list of user types affected by this command. The user types available are anonymous, guest, and real.
delete
The delete command tells the server whether FTP clients are authorized to delete files that reside on the server. This command looks like this:
delete switch typelist
switch is either YES (to turn it on) or NO (to turn it off). typelist is the comma-separated list of user types affected by this command. The user types available are anonymous, guest, and real.
overwrite
To control whether FTP clients can upload files and replace existing files on the server, use the overwrite command. This command's format is
overwrite switch typelist
switch is either YES (to turn it on) or NO (to turn it off). typelist is the comma-separated list of user types affected by this command. The user types available are anonymous, guest, and real.
rename
Client FTP software can send a rename request to the server to rename files. The rename command determines whether this request is acceptable. The format of this command follows:
rename switch typelist
switch is either YES (to turn it on) or NO (to turn it off). typelist is the comma-separated list of user types affected by this command. The user types available are anonymous, guest, and real.
umask
The umask command determines whether clients can change their default permissions in a fashion similar to the umask shell command. The format of the umask command looks like this:
umask switch typelist
switch is either YES (to turn it on) or NO (to turn it off). typelist is the comma-separated list of user types affected by this command. The user types available are anonymous, guest, and real.
passwd-check
Providing a valid email address as a password is considered good manners when connecting to an anonymous FTP site. The passwd-check command lets you determine how strictly you regulate the string submitted as an anonymous user's email address. The format of this command follows:
passwd-check strictness enforcement
strictness is one of three possible strings: none, trivial, or rfc822; and enforcement is one of two possible strings: warn or enforce.
If you select none for strictness, the password isn't checked. trivial is slightly more demanding, requiring that at least @ appears in the password. rfc822 is most strict, requiring the email address to comply with the RFC 822 "Message Header Standard" (for example, bball@tux.org).
By using warn as the enforcement, the users are warned if they fail to comply with the strictness requirement, but they can still connect. enforce, on the other hand, denies connection until users submit acceptable passwords.
path-filter
If you allow users to upload files to your server via FTP, you might want to set acceptable filenames (for example, control characters in filenames are not acceptable). You can enforce this restriction by using the path-filter command. This is the command's format:
path-filter typelist mesg allowed-regexp denied-regexp
typelist is a comma-separated list of users that are affected by this command; the user types available are anonymous, guest, and real. mesg is the filename of the message that will be displayed if the file does not meet this criteria. allowed-regexp is the regular expression the filename must meet in order to be approved for uploading. denied-regexp is the regular expression that, if met, causes the file to be explicitly denied; denied-regexp is an optional parameter.
path-filter anonymous,guest /ftp/.badfilename UL* gif$
This code displays the file /ftp/.badfilename to anonymous or guest users if they upload a file that doesn't begin with the string UL or that ends with the string gif.
upload
You can use the upload command, along with path-filter, to control the files that are placed on your server. The upload command determines the client's permissions for placing a file in a specific directory. This command also determines the file's permissions once it is placed in that directory. The format of upload is
upload directory dirglob switch owner group mode mkdir
directory is the directory that is affected by this command, dirglob is the regular expression used to determine whether a subdirectory under directory is a valid place to make an upload, and switch is either YES or NO, thereby establishing that an upload either can or cannot occur there. The owner, group, and mode parameters establish the file's owner, group, and permissions after the file is placed on the server. Finally, you can specify the mkdir option as either dirs (is able to create subdirectories under the specified directory) or nodirs (is not able to do this).
Here is a sample entry:
upload /home/ftp * no upload /home/ftp /incoming yes ftp ftp 0775 nodirs
This example specifies that the /home/ftp/incoming directory (/incoming to the anonymous client) is the only location in which a file can be placed. After the file is placed in this directory, its owner becomes ftp, group ftp, and the permission is 775. The nodirs option at the end of the second line prevents the anonymous client from creating subdirectories under /incoming.
Converting Files On-the-Fly—The /etc/ ftpconversions File
The format of the /etc/ftpconversions file is
001 1:2:3:4:5:6:7:8 002
where 1 is the strip prefix, 2 is the strip postfix, 3 is an add-on prefix, 4 is an add-on postfix, 5 is the external command to invoke to perform the conversion, 6 is the type of file, 7 is the option information used for logging, and 8 is a description of the action.
Confused? Don't be. Each option is actually quite simple. The following sections describe them one at a time.
The Strip Prefix
The strip prefix is the string at the beginning of a filename that should be removed when the file is fetched. For example, if you want a special action taken on files beginning with discography., where that prefix is removed after the action, you would specify discography. for this option. When clients specify filenames, they should not include the strip prefix. That is, if a file is called discography.orb and a client issues the command get orb, the server performs the optional command on the file and then transfers the results to the client. Although documented, this feature is not currently supported.
The Strip Postfix
The strip postfix is the string at the end of the filename that should be removed when the file is fetched. The strip postfix is typically used to remove the trailing .gz from a gzipped file that is being decompressed before being transferred back to the client.
The Add-On Prefix
An add-on prefix is the string inserted before the filename when a file is transferred either to or from the server. For example, you might want to insert the string uppercase. to all files being pulled from the server that are being converted to uppercase. Although documented, this feature, like the strip prefix, is not currently supported.
The Add-On Postfix
An add-on postfix is the string appended to a filename after an operation on the file is complete. This type of postfix is commonly used when the client issues the command get largefile .gz, where the actual filename is only largefile; in this case, the server compresses the file using gzip and then performs the transfer.
The external Command
The key component of each line is the external command. This entry specifies the program to be run when a file is transferred to or from the server. As the file is transferred, it is filtered through the program where downloads (files sent to the client) need to be sent to the standard out, and uploads (files sent to the server) will be coming from the standard in. For example, if you want to provide decompression with gzip for files being downloaded, the entry would look like the following:
gzip -cd %s
The %s in the line tells the server to substitute the filename that is being requested by the user.
The Type of File Field
The type of file field for /etc/ftpconversions is a list of possible filetypes that can be acted on, with type names separated by the pipe symbol (|). The three file types recognized are T_REG, T_ASCII, and T_DIR, which represent regular files, ASCII files, and directories, respectively. An example of this entry is T_REG | T_ASCII.
The Options Field
The options field of /etc/ftpconversions is similar to the type of file field in that it is composed of a list of names separated by the pipe symbol (|). The three types of options supported are O_COMPRESS, O_UNCOMPRESS, and O_TAR, which specify whether the command compresses files, decompresses files, or uses the tar command. An example entry is O_COMPRESS | O_TAR, which says the file is both compressed and tarred.
The Description of the Conversion
The last parameter of /etc/ftpconversions, the description of the conversion, is a free-form entry in which you can describe the type of conversion.
Example of an /etc/ftpconversions Entry
The following is a sample entry that compresses files using gzip on demand. This would allow someone who wants to get the file orb_discography.tar to instead request the file orb_discrography.tar.gz and have the server compress the file by using gzip before sending it him. The configuration line that does this is as follows:
: : :.gz:/bin/gzip -9 -c %s:T_REG:O_COMPRESS:GZIP
The first two parameters are not necessary because you don't want to remove anything from the filename before sending it to the requester. The third parameter is empty because you don't want to add any strings to the beginning of the filename before sending it. The fourth parameter, though, does have the string .gz, which adds the .gz suffix to the file before sending it. The fifth parameter is the actual command used to compress the file, where the –9 option tells gzip to compress the file as much as it can, -c sends the compressed file to the standard output, and %s is replaced by the server from which the filename is requested (for example, orb_discography.tar). T_REG in the sixth parameter tells the server to treat the file as a normal file rather than an ASCII file or directory. The second-to-last parameter, O_COMPRESS, tells the server that the action being taken is file compression. The last parameter is simply a comment for the administrator so she can quickly determine the action being taken.
Configuring Host Access—The /etc/ftphosts File
The /etc/ftphosts file establishes rules on a per-user basis, determining whether or not users are allowed to log in from specific hosts.
Each line in the file can be one of two commands:
allow username addrglob deny username addrglob
The allow command allows the user specified in username to connect via FTP from the explicitly listed addresses in addrglob. You can list multiple addresses.
The deny command explicitly denies the specified user username (or denies anonymous access where username is ftp ) access from the sites listed in addrglob. You can list multiple sites.
The FTP Log File—/var/log/xferlog
Although /var/log/xferlog isn't a configuration file, it plays an important role because all the logs generated by the FTP server are stored in this file. Each line of the log file is described in Table 11.1.
Table 11.1. /var/log/xferlog Fields
| Log Field | Definition |
| current-time | The current time in DDD MMM dd hh:mm:ss YYYY format, where DDD is the day of the week, MMM is the month, dd is the day of the month, hh:mm:ss is the time in military format, and YYYY is the year. |
| transfer-time | The total time in seconds spent transferring the file. |
| remote-host | The hostname of the client that initiated the transfer. |
| file-size | The size of the file that was transferred. |
| filename | The name of the file that was transferred. |
| transfer-type | The type of transfer done, where a is an ASCII transfer and b is a binary transfer. |
| special-action-flag | A list of actions taken on the file by the server, where C means the file was compressed, U means the file was uncompressed, T means the file was tarred, and - means no action was taken. |
| direction | A flag indicating whether the file was outgoing or incoming, represented by o or i, respectively. |
| access-mode | The type of user who performed the action, where a is anonymous, g is a guest, and r is a real user. |
| username | The local username if the user was of type real. |
| service-name | The name of the service being invoked (most often FTP). |
| authentication-method | The type of authentication used: 0 means no authentication was done (anonymous user) and 1 means the user was validated with RFC-931. Authentication Server Protocol. |
| authenticated-user-id | The username by which this transfer was authenticated. |
| completion-status | (c)omplete or (i)ncomplete file transfer status. |
FTP Administrative Tools | Next Section
Account Sign In
View your cart