FTPd v1.1.0 & FTPd Setup v1.1.0 ⌐ 1992 Peter Lewis.
These programs are $5 Shareware.
FTPd is dedicated to werner@rascal for his many years of devotion to the Macintosh Internet community. You have our thanks!
Ñ Contents
What FTPd Does
Features
Using FTPd Setup
Using FTPd
Security Considerations
Remote Site Access Restrictions
How to Avoid Being Killed by your Network Administrator
How It Works
Limitations
Small Print
Warranty
Fine Print
Acknowledgements
The Author
Ñ What FTPd Does
FTPd is a Macintosh implementation of the Un*x FTP server protocol. It should be compatible with most FTP clients. Basically it allows your mac to act as an FTP server so you (or others) can access your files from anywhere around the world. Obviously there are some serious security considerations you should look in to before using this software (see the Security Considerations section). FTPd requires System 7, MacTCP 1.1, and File Sharing enabled. It honours the Users&Groups privileges and passwords, and supports multiple logins, anonymous FTP (user name anonymous or ftp), as well as MacBinary and BinHex transfers, and the ╥MACB╙ FTP command. It runs as a background only application.
Ñ╩Features
Multiple simultaneous users.
Honours System 7 Users & Groups (in fact depends on them!).
Suports BinHex and MacBinary transfers, including the MACB command.
Allows login to other AppleShare servers on the local network.
Allows different formats of a file to be fetched.
Pattern matching in change directory command.
Individual initial directory for any user.
FTP site descriptions sent after login.
Directory descriptions sent after CD command.
Supports the CatSearch feature to allow very fast volume wide searches.
Remote site access restrictions
ISO international character translation
Negative Features:
Quite slow (yes, I know its a negative feature, but its a feature unfortunately).
No support for Aliases - this is difficult or impossible over AppleShare.
Ñ╩Using FTPd Setup
Before you can run FTPd, you must be running System 7, with File Sharing turned on, and you must set up File Sharing to give appropriate privileges to users and guests (including enabling guest logins if you want to allow anonymous logins).
Then you need to run FTPd Setup. This is pretty cryptic, but you don╒t have to use it very often (which probably makes it worse:-). The main thing to set up is the privileges you want for each user on each type of volume.
There are three types of users:
Owner - The macintosh owner (as defined by the Users & Groups owner name).
User - Anybody with a user name and password set up in the U&G settings.
Guest - Anonymous logins (username of ╥ftp╙ or ╥anonymous╙, any password)
and Four types of volumes:
Shared Folders - The local shared folders. This includes any volumes or folders that you explicitly marked as shared using 'Sharing╔' in the Finder, or if you are the owner and ╥See entire volume╙ is set then it refers to the local volumes.
Mounted - Currently mounted volumes from other servers.
Servers - Any shared volumes from other servers in your zone or from mounted servers.
Far Servers - Any shared volumes for servers in other zones.
NOTE: If you enable any privileges to any Far Servers it may take a VERY long time to log in (on my network (mostly LocalTalk, 7 zones) it takes 2 minutes, I've had another report that on a network with around 80 zones it took 9 minutes). During this time FTPd will not do anything else. Basically unless you have a small fast network and you REALLY need this facility I suggest you leave all Far Server privileges set to None.
and finally there are four privileges:
None - No access.
Read Only - Access to read existing files, but no write access.
Upload - Access to read existing files, and add things to the file system, but not change what is already there (including not overwriting existing files).
Full - Full access to the file system, read/write files, delete files and (empty) directories, rename files.
As well as the privileges you can set when the various users can connect (depending on the idle time of the mac, as well as refusing connections for a period of the day).
Special Note. All privileges are contingent on having the appropriate privileges through AppleShare. Thus if a particular user can't access a particular volume using AppleShare they won't be able to through FTPd either (even if you give them Full access).
Then you can choose User Directories from the file menu and set the startup directory for any users (Important note: this is simply an initial directory, it in no way restricts the access of the user to that directory. The user can immediately change in to any other directory). The default directory will be used for all unspecified users. The user ╥anonymous╙ represents Guest logins using either the name ╥ftp╙ or ╥anonymous╙.
Finally, if you can set some other preferences via the Preferences menu command, including whether to honour the copy inhibit state (which disallows fetching of copy inhibited files), whether to honour invisible files (which stops them from being displayed in the directory listing, though you can still get them if you know their name) whether to start in MacBinary mode, and what creator application to use for created ASCII files. Most of the rest are pretty technical, if you don╒t understand them, don╒t fiddle with them! The speed setting determines how much memory is used for each connection, if you have a slow link then there is no sense wasting lots of memory on buffers. This parameter affects the amount of memory allocated and thus maximum speed for transfers into your Mac (transfers from your Mac are unaffected) - the higher you say your network speed is the more memory allocated and thus the higher the maximum speed is. The Retry Count and Retry Timeout are used for looking for other servers when a user logs in. If you have a small/fast network then use small numbers; if you have a large/slow network then use big numbers. The time taken is roughly proportional to the product of the two numbers.
When you have finished setting up the privileges, you can create or edit the files in the ╥Startup Messages╙ folder (which may reside either in FTPd╒s folder or in the ╥FTPd Preferences ─╙ folder in the Preferences folder). The files in the Startup Messages folder will be returned when the user with that name logs in. So for example the ╥Peter Startup╙ file will be returned to the user names ╥Peter╙ when he logs in, and the ╥Anonymous Startup╙ file will be returned when a user logs in as either ╥ftp╙ or ╥anonymous╙. If a file doesn╒t exist for the user, the file ╥Default Startup╙ will be used instead if it exists. Also, you can put a file ╥!Folder Info╙ in any folder and it will be displayed to the user when they change into that directory. The files should be text-only (and may be converted to ISO 8859-1 or 7-bit ASCII before being sent), and should be hard word wrapped to 70 columns. Note that some clients may not display this information. NOTE: At most 5k is returned at one time, so restrict your files to reasonable sizes. If you want to have the file listing of your site available (or any other large file), put the listing into a file, and then refer to that file in your Startup or Folder Info files.
Ñ Using FTPd
To use FTPd, simply put an alias to it in the Startup Folder and launch it. After that it will run in the background and allow users to connect to your Mac from anywhere in the world. You can Quit FTPd by launching FTPd Setup and holding the option key down while you quit it. You can then use any FTP client (eg Fetch or XferIt on Macs, or the standard Un*x ftp program) to access your Mac. For information on how to use them, see their respective documentation. Versions of Fetch after 2.1b2 recognize FTPd and display full file/directory information. If you are also running NCSA/Telnet, make sure to disable it╒s FTP server in the config.tel file or people will (randomly) get either it╒s server or FTPd.
As an extra feature, if a file ╥thefile╙ exists on the mac, then you can issue the following commands to get different formats of that file:
Note: All of these examples assume you're using the standard Un*x ftp client. If you're using some other system consult its documentation for the equivalent commands. BTW, when using the Un*x ftp client watch out for usernames with spaces in them. If you type ╥user fred bloggs╙ it thinks the username is fred and the password is bloggs, instead type ╥user "fred bloggs"╙.
get thefile - get the file in the current transfer mode.
get thefile.data - retrieves the data fork (in ASCII or binary).
get thefile.rsrc - get the resource fork of the file (binary mode only).
get thefile.info - get the info fork of the file (binary mode only)
(the info fork is the same format as the first 128 bytes of the MacBinary file).
get thefile.hqx - get the file after converting it to BinHex format.
get thefile.bin - get the file after converting it to MacBinary format
(you can also use .mb, .macbin, .macbinary) (binary mode only).
Also, you can put binhex or macbinary files and they will be converted automatically:
put thefile.hqx - put the file after converting it from BinHex format.
put thefile.bin - put the file after converting it from MacBinary format.
(you can also use .mb, .macbin, .macbinary) (binary mode only).
FTPd also supports the ╥MACB╙ command in the same way NCSA Telnet does.
quote macb e - turns macbinary transfer mode on
quote macb d - turns macbinary transfer mode off
Other special features are:
quote site u - display current usage stats (memory, connection, users, etc)
quote site s - use short (8.3) names. Looks like a PC (yuck)
quote site l - use long (31 character) names. Much better (default)
quote site h [e|d] - enable/disable adding ╥.hqx╙ to the end of all files in directory listings.
quote site q - quit the server (the user must be the owner).
quote site t [i|7|n] - set character translation to ISO 8859-1, 7-bit, or no translation.
quote site f <filename> - list the files that contain <filename> in their name.
Caveat: This doesn╒t work for AppleShare 2.0.* volumes. Also, it only uses long (31 character) names, irrespective of the short/long setting.
Also, you can use pattern matching in the cd command (only as the last directory specifier though). Eg:
cd "/HD/System Folder"
cd /HD/System?Folder
cd /HD/syst*
cd /HD/Sys*fol*
You can use remotehelp to find out some information on the other commands.
remotehelp
remotehelp pass
remotehelp site
remotehelp "site f"
The multiline response returned by the login command sequence, the cd command and the help command may confuse some old FTP clients. This feature can be disabled by inserting a dash ╥-╙ before either your username or password (which means you will have to put an extra dash before any username or passwords which start with a dash, but that╒s probably not a problem :-)
A log file named ╥FTPd Log╙ is kept in the Preferences folder that records who logged in or out and when, as well as what files the put or get.
Ñ Security Considerations
╥Be afraid. Be very afraid╙ - The Fly
Allowing FTPd to run on your Mac poses huge security questions. Some of the same security questions are also posed by System 7 File Sharing. However with FTPd they are much worse because you╒re making your Mac accessible to everyone on a world wide network. Things you definitely should do:
Disable guest logins unless you actually need them. Most people don╒t. (Disable them in the <Any User> user in the Users & Groups folder, as well as in the FTPd Setup).
If you want a few people to have access, perhaps a better idea than guest login is to give them a single account with a shared password. This is more secure than guest logins, since no matter how many people they tell the password to, it will always be less than the number of people who could log in as guests.
Disable FTP to any Mounted, Server or Far Server volumes. Again, most people don╘t need access to volumes other than those directly on your Macintosh (That is the Entire Volume and Shared Folder volumes). You Definitely Should Not allow access to other volumes on the network if you do not control them, and you Definitely Should inform the administrators of any other servers on the network that you will be allowing access to them so that they can secure their servers as well.
Only share a small portion of your file system. That way you don╒t have to worry about the rest of it. You, as the owner, can still get access to it by turning the See Entire Volume checkbox on for your user in the Users & Groups info.
Verify that the file sharing privileges are set correctly. A good start is to change everything to owned by you and only visible/modifiable by you. Then change the privileges on areas that you want to give users and guests access.
Keep your password secure! Anyone on the Internet with your username, machine address and password will likely be able to delete every file on your harddisk. This is a scary thought. You should be scared. Don╒t give your password out and don╒t use an obvious password. Obvious passwords include, but are not limited to, any of the following patterns (in decreasing obviousness)...
Ñ your user name.
Ñ your real name.
Ñ your initials.
Ñ any of the above backwards.
Ñ your husband╒s/wife╒s/girlfriend╒s/boyfriend╒s/dog╒s/frog╒s/machine╒s etc name.
Ñ your car licence plate, make, model, etc.
Ñ your birthday.
Ñ your student/MediCare/social security/tax file/etc number.
Ñ any of the above backwards.
Ñ any word from a dictionary (especially an electronic dictionary).
Good passwords can be found by making up nonsense words or using the first
letters from a common saying and by including non-alphanumeric ASCII
characters.
Invalid login attempts are logged to a log file in the Preferences folder (assuming logging is enabled). Turn logging on and check the log file regularly to improve your security.
If in doubt, don╒t run FTPd. I can╒t accept any liability for any problems. I have done my best to make sure it is secure. If that is not good enough, don╒t use it. It╒s as simple as that.
Ñ Remote Site Access Restrictions
You can limit the machines that can access your site by restricting access to certain ip ranges. Because this would be very messy to do in a sensible user interface, the only way to set these restrictions is by using ResEdit. From ResEdit, create a STR# resource (in either the FTPd Preferences file or FTPd (the former overrides the latter), give it an id in the range of 600-699, and a name ending of:
╥<username> Site Restriction╙ where <username> is the user you are restricting.
╥Owner Site Restriction╙ to restrict the owner.
╥User Site Restriction╙ to restrict any unspecified user.
╥Anonymous Site Restriction╙ to restrict anonymous logins.
╥Default Site Restriction╙ to restrict anyone not specified above.
FTPd checks them in that order. Each resource consits of a sequence of pairs, ip number, ip mask, both in dotted decimal format (eg 134.7.70.70). The remote ip is checked against the ip, with only the bits in the mask being relevent. If it matches then the user is allowed access. If it matches, but the ip string started with an exclamation mark then access is disallowed. The last match opverrides previous ones, and if there are no matches then access is denied.
By default, FTPd has a single ╥Default Site Restriction╙ STR# resource, which contains 0.0.0.0, 0.0.0.0 so access is allowed from anywhere.
Here are some examples, first if you just wanted to restrict anonymous logins to inside 134.7, and everyone else has no restriction, then you create two STR# resources, either in FTPd Preferences (which is checked first) or FTPd, like this:
╥Anonymous Site Restriction╙: 134.7.0.0,255.255.0.0
You don't need to create the ╥Default Site Restriction╙, because it already exists in FTPd, if you wish to override the default, either change it in FTPd or add a ╥Default Site Restriction╙ to FTPd Preferences.
Ok, and a more complicated one, say you wanted anonymous access to everywhere inside 134.7 except 134.7.70.70, user access to everywhere inside 134.7 and 130.95, user "Fred" and the owner access from everywhere, do this:
╥Anonymous Site Restriction╙: 134.7.0.0,255.255.0.0, !134.7.70.70,255.255.255.255
╥User Site Restriction╙: 134.7.0.0,255.255.0.0, 130.95.0.0,255.255.0.0
╥Owner Site Restriction╙: 0.0.0.0,0.0.0.0
╥Fred Site Restriction╙: 0.0.0.0,0.0.0.0
Note: These restrictions apply only to the control connection, not the data transfer connections, so it is still possible to use proxy-ftp to transfer files directly to a restricted machine, but the user must be connected from an allowed site.
Ñ How to Avoid Being Killed by your Network Administrator
FTP uses a lot of bandwidth and so you should check with the system administrators on your network before setting up an FTP site for anything more than personal use.
Also, since FTPd can make other servers on the entire AppleTalk internet available for FTP, you should ensure that the administrators of such machines (including anyone who has File Sharing enabled on their mac) are aware of this before you allow FTP access to Mounted, Server or Far Server volumes.
I can╒t accept any responsibility if you use this software in an irresponsible manner (in fact I won╒t accept any responsibility not matter how you use this software!). As long as you disable Mounted, Server and Far Server volume access and don╒t try to become the next Info-Mac archive, it shouldn╒t be much of a problem, but check with your network administrators anyway.
Ñ How It Works
FTPd listens for TCP connections on port 21. When a connection is achieved, it waits for commands to be sent to it. Commands all have a simple form, there is a 3 or 4 character command (eg, RETR for retrieve file), and some parameters (eg, filename). FTPd interprets these commands, carries out there actions, and replies with a one line message, the first three characters of which are a 3 digit reply that can be interpreted by the FTP client, then the rest is human readable information. The reply codes are 1yz for preliminary success (action started), 2yz for complete success (action finished successfully), 3yz for intermediate success (requires another command before any action is taken), 4yz for temporary failure (try again later), and 5yz for permanent failure (give up and go home). For more information on the formats of these commands see the various FTP related RFCs. Some commands may reply with a multiline response, in which the first line begins with a three digit response code followed by a dash ╥-╙ followed by several lines of text and terminated by a line with the same response code and a space followed by some text. This confuses some servers, you can disable this feature by starting your username or password with a dash ╥-╙.
FTPd talks to the file system on the local Mac (and other servers) exclusively by using the same protocols as if it were accessing an AppleShare server (the single exception is the startup messages which are read via normal file system calls). The user logs in by giving a user name and password. This in turn is passed to the System 7 server (or AppleShare server) and an attempt is made to log in to the server. If the log in fails, and attempt is made to log in as a guest user. If either attempt succeeds, the volume is made available to the user. If the user tries to log in as either the owner or a user, they must successfully (non-anonymously) log in to at least one local volume or the whole connection is disallowed. Since all file system access is done through the AppleShare protocols, it should be virtually impossible to circumvent their protections. You should set up your system in such a way that irrespective of the privleges in FTPd Setup (which are not guarantied in any way!) the user can not do too much damage. Thus users and guest should only have write privleges to areas of your file system that you wish them to be able to trash.
The ASCII character translation is done because the Macintosh uses ASCII (00-7F) plus other international characters (80-FF). Other computers use similar character extensions, but in a different ╥order╙. Computers can exchange text only if they ╥talk╙ with the same character code on communication lines (this has been recognized for a long time with the use of 7-bit ASCII). The interchange character code standard closest to the Macintosh code is ISO 8859-1 (it applies to the group of languages called Latin-1). Several computers use ISO 8859-1 as their native code (DEC, Unix...), a wise choice as these simply send/receive their data as 8-bit bytes unchanged. Others, like the Mac and PC, have to translate their own code to appear to other computers as if they were using ISO 8859-1. This is what ╥ISO 8859-1 translation option╙ does in FTPd: every character of text put to the line is translated from Mac to ISO, and conversely. Note that translation never occurs in ╥binary╙ mode and that translation in ╥text╙ mode introduces another reason (as well as end-of-line representation) to choose the correct mode carefully. Also note that, for text transfer to be effectively and correctly translated, the other party must either use ISO 8859-1 or use the same feature as FTPd. However, if the other party, direct or indirect, is known to be a Macintosh, then you should always use Macbinary or Binhex transfers to preserve icons etc...
In addition to computers using native ISO 8859-1, programs known to translate text the same revertible way as FTPd are Fetch (on the Mac) and IBM's TCP/IP with correct the translation table.
Should your Macintosh use a non-Latin1 code, the two tables in resource 'taBL' would have to be changed to translate to the appropriate ISO 8859-x standard. These tables are the inverse of each other so that each character translate to a unique one, always leaving ASCII unchanged, and return to a Mac unchanged from what was sent (round trip integrity).
Ñ Limitations
FTPd & FTPd Setup require System 7 with File Sharing turned on, MacTCP 1.1 (or later perhaps?), probably require the 128k ROM (or later). FTPd will can only deal with the first 200 files/folders in a directory, and only the first 200 matches in the SITE F command. There is no support for Aliases, and I doubt there will be, since I can't see any sensible way to do it over AppleShare.
Ñ Small Print
This program is Shareware, which means if you use it, and you'd like me to write more useful things, then you should send me $5 (US, Australian, whatever). Send cash - don't bother with cheques, if it doesn't make it, it doesn't make it, anyway its a real pain to try to cash a foreign check.
Site Licensing:
Foreign universities or companies: US$150 (or equivalent)
Australian universities or companies: AU$100
Western Australian universities or companies: AU$50
Curtin university: Free.
Individuals: AU or US $5 (or equivalent).
I╒ve just read through the Guide for Shareware Authors. According to them, I am doing everything wrong. I should put a large price tag on my software because the people who pay will pay whether or not I put a large price tag, and the people who won╒t pay, won╒t pay no matter what the price is. This seems to be to be totally negative reinforcement - I╒d hurt those who do the right thing by me, and have no effect on the rest. I╒m not going to do that, at least not yet. So I╒m not going to get rich, which is a shame because I╒d much rather go back to writing free software - DeHQX is still my favourite program I╒ve released to date.
Note that I'd prefer that you use the program and send me a note saying so, than not use the program at all! (it doesn╒t help either of us if you delete it and don╒t pay) So even if you are not willing to send me any money, still drop me a line and say hi and tell me what you like or don't like about this program.
You may distribute FTPd&FTPd Setup any way you wish as long as you don't charge for it (reasonable download costs such as Compu$erve are ok I guess (although who would call Compu$erve╒s download costs reasonable?)). It would probably be a good idea to keep this documentation file with the program, but I╒m hardly likely to check up on you now am I! I don╒t guarantee any support, but I always answer my Email. If I don╒t answer Email its because your message didn╒t get to me, or my reply bounced (so try again, and include a valid internet address if you can).
Ñ Warranty
There is absolutely NO warranty, guarantee, hint, suggestion or anything else that would lead anyone to think that FTPd or FTPd Setup do anything stated in this documentation. It usually does not destroy data (systems, hardware, etc), and has sometimes worked on my Mac with System 7.0. It will NOT work with older systems (pre 7.0) and probably not with the 64k ROM. It might work with the other models, but I don't have them all, so I don't know. It will NOT work with previous versions of MacTCP (previous to 1.1). If it works on your system (or especially if it doesn╒t!), send me a postcard or some Email and let me know!
Ñ Fine Print
Peter Lewis hereby disclaims all warranties relating to this software, whether express or implied, including without limitation any implied warranties of merchantability or fitness for a particular purpose. Peter Lewis will not be liable for any special, incidental, consequential, indirect or similar damages due to loss of data or any other reason, even if Peter Lewis or an agent of his has been advised of the possibility of such damages. In no event shall Peter Lewis be liable for any damages, regardless of the form of the claim. The person using the software bears all risk as to the quality and performance of the software.
Ñ Acknowledgements
Thanks to RobT for suggesting the idea, to Quinn for demanding the use of System 7 U&G, and to Jager for figuring out how! Thanks to Quinn (again :) for the amazing icons and to Greg for colouring them in. And special thanks again to Jager and Quinn for figuring out my asnyc problems! And, of course, thanks to Stuart for delaying the release of this program for ages by making LOTS of suggestions, finding LOTS of bugs, and by writing Bolo! Thanks also to the UCC, Curtin, Todd (have fun at RA!), Steve, c.s.m.p, ditmela.oz.au (& Harold), plaza, ftp.apple.com, Stephen, and anyone who uses FTPd! Special thanks go to those brave souls who risked life and Mac beta testing an unknown program.
Ñ The Author
Other programs written by me:
DeHQX 2.0.0 - BinHex decoder.
Finger 1.3.5 - Macintosh Finger client/daemon.
Talk 1.0.6 - Macintosh Talk client/daemon.
Chat 1.0.0 - Multiuser primitive irc-like daemon.
Send postcards, comments, bug reports, wishes and payments to:
