Directory List Options
Hide files and directories with a hidden attribute - After enabling this option, the FTP server will prevent files or directories with the hidden attribute from showing in the directory list.
File List in Lower Case - After enabling this option, the FTP server will automatically convert any uppercase characters in the file list to lowercase characters.
NLST will return both file and directory entries -
This option is only used with some FTP clients that won't comply with FTP RFC-959 standard in the implementation of NLST command, and such clients require NLST to return both directories and files(According to the FTP RFC-959, NLST should only return files, it should not return any directories).
NLST will return "226 Transfer complete" on an empty folder -
Normally when a folder is empty, NLST will return a "550 File not found" reply to comply with FTP RFC-959 standard. However, some FTP clients in the automation programs expect a "226 Transfer complete" reply in this case. This option is for working with this type of client.
LIST command directory list format
FTP server standard format - This option is used to output a directory list for the LIST command in standard FTP server format.
Netware FTP server format - This option is used to output a directory list for the LIST command in Netware FTP server format.
IIS FTP server format - This option is used to output a directory list for the LIST command in IIS FTP server format.
MS-DOS DIR command format - This option is used to output a directory list for the LIST command in MS-DOS DIR command format.
File Transfer Options
Automatically delete partially uploaded files - After enabling this option, the FTP server will automatically delete partially uploaded files.
Upload SFV check - To use SFV check function, you must first create and upload a file with the extension ".sfv" to the FTP server. This file will have the CRC32 information about files to be uploaded later. The FTP server will read this ".sfv" extension file to find the CRC32 information of the files to be uploaded. If the CRC32 value of an uploaded file is wrong, this file will be automatically renamed with the extension ".bad". If the file with the correct CRC is uploaded later to the FTP server, this ".bad" extension file will be automatically deleted. Each directory can contain up to 5 ".sfv" files, FTP server will search each of them to find the CRC32 value of uploading file.
Allow downloading file which is used for writing by another process - After enabling this option, the FTP server will allow users to download the file that is used by another process for writing (such a file may be an incomplete one). This option can be used in some special cases, such as downloading the log of a web server, which is used by another process for writing.
ASCII mode Options
Disable ASCII mode for transferring text files - After enabling this option, the FTP server will not make the ASCII mode conversion for the uploading or downloading of ASCII files.
Convert UNIX newline to Windows newline format - By default, after FTP sends the "TYPE A" command to set ASCII mode for text file transfer, the newline in the text file will be converted to UNIX style newline. However, if this option is selected, it will be converted to Windows style newline.
Retain transfer type set by FTP TYPE command - Xlight FTP Server uses the Binary mode as the default file transfer mode. To use a different transfer mode than Binary mode, the FTP client needs to send a TYPE command to set the transfer mode before each file transfer. When this option is selected, the FTP server will keep the last transfer mode set by the client and use it for subsequent transfers.
Other Options
Execute a program based on the action in a file - Execute an external program after a file is uploaded, downloaded or deleted. You can pass variables to external programs to be executed as command-line arguments like the picture below.
The following variables are supported, they will be replaced with actual values when the external program is called:
$username - The username who just performed an action on a file.
$user_ip - The IP address of the user who just performed an action on a file.
$ftp_path - The FTP virtual path for the file being performed an action.
$real_path - The real Windows path for the file being performed an action. $real_path includes the Windows path ending "\" character, so you will not need the additional "\" to combine the path with the filename.
$filename - The name of the file being performed an action.
$filesize - The size of the file being performed an action, the value will be in a unit of BYTE.
$status - The result of the action being performed on a file, the value will be "success" or "fail".
Execute the program when a file has been uploaded - Execute an external program after a file is uploaded.
Execute the program when a file has been downloaded - Execute an external program after a file is downloaded.
Execute the program when a file has been deleted - Execute an external program after a file is deleted.
To check the actual value of variables passed to the script by the FTP Server. In Windows DOS batch script, you can write a line like "echo %1 %2 > c:\test.log", this will write the value of the first three variables passed to the script to "c:\test.log" file. You can check the content of "c:\test.log" file to see what is passed into the script by the FTP Server
Overwrite the existing file when renaming file - When renaming, by default if a file with the same name already exists, the renaming will fail. When this option is selected, the renaming to an existing file will not fail. The existing file will be replaced.
Delete file and directory to Windows recycle bin - After this option is selected, when FTP Server deletes a file or directory, it will be sent to Winodws Recycle Bin rather than delete perminately.
Convert Windows-style backslash in FTP path to Unix-style forward slash - This option is used for compatible with some FTP scripts or clients that send FTP path in Windows-style backslash.
Access Control List
Xlight FTP server can use the access control list to control files and directories access. There are two types of access control lists - one is used with a directory list to hide/show certain files in the directory list; another one is used to deny/allow certain FTP actions to users.
The access control list provides a flexible method to control access to files and directories. It can be used to do something that is not possible by the folder permission control. For example, it can be used to show different directory contents to users with different source IP addresses.
"hide/show" access control list
Use the "hide/show" access control list, FTP server can hide or show files as you want to. If there is no "hide/show" access control list, the default behavior of the FTP server is to show all files.
We will start with a very simple example. For example, if you want to hide all files and directories in the public virtual path "/mydoc"(including sub-directories of /mydoc), how should you define the "hide/show" access control list?
Table 1: Hide all files and directories in the public virtual path "/mydoc"| Type | Virtual Path | Path Type | Sub-dir | Filename | File Type | Username | Groupname | Time Range | Client IP |
|---|---|---|---|---|---|---|---|---|---|
| hide | /mydoc | Public Path | yes | any | any | any | any | any | any |
The access control list is shown in the above table 1. Type=hide, Virtual Path=/mydoc, Sub-dir=yes. Other columns are "any".
We will extend the last example. If you want to hide all files with the name starting with the letter "a" in the public virtual path "/mydoc", how should you define the access control list?
Table 2: Hide all files with name started with the letter "a" inside public virtual path "/mydoc"| Type | Virtual Path | Path Type | Sub-dir | Filename | File Type | Username | Groupname | Time Range | Client IP |
|---|---|---|---|---|---|---|---|---|---|
| hide | /mydoc | Public Path | yes | a* | Only include file | any | any | any | any |
Table 2 has used two additional columns than the table 1. Filename=a*, File Type=Only include file
Note: filename is the only field in the access control list that you can use the UNIX shell-style wildcard. Supported UNIX shell-style wildcards formats are shown below:
| Pattern | Meaning |
|---|---|
| * | matches everything |
| ? | matches any single character |
| [seq] | matches any character in seq |
| [!seq] | matches any character not in seq |
We will continue with the last example. If you want to hide files with names starting with the letter "a" only to those "anonymous" users, how should you define an access control list?
Table 3: Hide files with names starting with the letter "a" only to those "anonymous" users in the public virtual path "/mydoc"| Type | Virtual Path | Path Type | Sub-dir | Filename | File Type | Username | Groupname | Time Range | Client IP |
|---|---|---|---|---|---|---|---|---|---|
| hide | /mydoc | Public Path | yes | a* | Only include file | anonymous | any | any | any |
Table 3 has one additional column than the table 2. Username=anonymous. The result of the access control list in table 3 is that only "anonymous" users will not be able to see files of names starting with the letter "a" in the public virtual path "/mydoc". Other users will not be affected by this access control list.
You can also use IP or access time to control which user can see file lists. Table 4 is another example to hide files according to the IP and access time of a user.
Table 4: Hide files with extension ".exe" in the public path "/mydoc" and its sub-directories from being seen only by those "anonymous" users from the IP address range "202.96.33.1-202.96.33.25".
| Type | Virtual Path | Path Type | Sub-dir | Filename | File Type | Username | Groupname | Time Range | Client IP |
|---|---|---|---|---|---|---|---|---|---|
| hide | any | Public Path | yes | *.exe | Only include file | anonymous | any | any | 202.96.33.1-202.96.33.25 |
Note: For the access control list, username, groupname, filename and server path are not case-sensitive.
Advanced usage of the "hide/show" access control list
Understanding the checking order of the FTP server to access control lists can be used to create advanced usages. The checking order of the FTP server to the access control list is that the FTP server will check all "hide" access control lists before checking any "show" access control lists. So the order of access control lists will not affect the final result. According to the server checking order, if you want to show only certain files, the first step is to hide all files and then show only those files you want to.
Table 5: The following example will only show files with the extension ".exe" under the public path "/mydoc".
| Type | Virtual Path | Path Type | Sub-dir | Filename | File Type | Username | Groupname | Time Range | Client IP |
|---|---|---|---|---|---|---|---|---|---|
| hide | /mydoc | Public Path | yes | any | Only include file | any | any | any | any |
| show | /mydoc | Public Path | yes | *.exe | Only include file | any | any | any | any |
"deny/allow" access control list
The "deny/allow" access control list can be used to control user's actions to the FTP server's files and directories. Its usage is similar to the "hide/show" access control list. The only difference is that it has another "User Action" column. With the user's action defined, the FTP server can know the target file type of an action, so there is no "File Type" column in the "deny/allow" access control list.
Table 6: Prevent users from uploading files with the extension ".exe" in the public path "/mydoc"| Type | Virtual Path | Path Type | Sub-dir | Filename | User Actions | Username | Groupname | Time Range | Client IP |
|---|---|---|---|---|---|---|---|---|---|
| deny | /mydoc | Public Path | yes | *.exe | Upload | any | any | any | any |
Table 7: Prevent users from "deleting, downloading and renaming" files with the extension ".exe" in the public path "/mydoc"
| Type | Virtual Path | Path Type | Sub-dir | Filename | User Actions | Username | Groupname | Time Range | Client IP |
|---|---|---|---|---|---|---|---|---|---|
| deny | /mydoc | Public Path | yes | *.exe | Download|Delete|Rename |
any | any | any | any |
Table 8: Prevent users from changing current directory to the public path "/mydoc" and its sub-directories.
| Type | Virtual Path | Path Type | Sub-dir | Filename | User Actions | Username | Groupname | Time Range | Client IP |
|---|---|---|---|---|---|---|---|---|---|
| deny | /mydoc | Public Path | yes | any | ChangeDir | any | any | any | any |