jFTPd Documentation

Introduction

jFTPd is an FTP server written in 100% Pure Java, designed to be as simple as possible to set up and use. It is multithreaded and supports resumable file transfers. It supports directory-based access control for multiple users and has basic logging capabilities. A separate administration tool can be used to monitor and modify the server settings while it is running.

This software is developed primarily on a Power Macintosh, and has been tested under 68k Macs, Windows 95 and NT, Linux, and Mac OS X Server. Performance is more than adequate for most purposes; a fast Power Mac or Pentium can nearly saturate a 10 megabit Ethernet line, and my ancient Mac IIsi can sustain around 150KB/sec.

System Requirements

The only requirement for the server is a system with a Java Virtual Macine (JVM) installed. A Java 1.1 - compatible JVM is required. For Macs, the latest version of Mac OS Runtime for Java (MRJ) is available at http://www.apple.com/java. MRJ 2.1 and later runs only on PowerPCs; 68K Macs will need to use the earlier MRJ 2.0.

The remote administration application requires Swing 1.1. Swing can be downloaded from Sun's Java site.

Installation

Unstuff, unzip, or unzip/untar the archive. A directory called "jFTPd" should result. This directory will contain two other directories. "server" contains the FTP server application, and "admin" contains the remote administration application. The "admin" folder can be copied to any machine on which you want to run the admin tool.

Creating Users

Users are added by creating entries in the "users.dat" text file. Valid lines have the following format:

[username],[password],[home directory]

Lines beginning with a '#' character are ignored. The "anonymous" username is special; if an entry has "anonymous" for the username, the password field is ignored and any valid email address can be used as the password. A sample "users.dat" file is included with this distribution.

Note that users have full read, write, and delete permissions in their home directory. Future versions may allow permissions to be defined more precisely.

When the server is running, the "users.dat" file is re-scanned and the internal user list updated every 5 minutes. However, if a user is connected and their entry is removed from the file, they will not be disconnected when the file is re-scanned. (Once they log out, they will not be able to log back in.)

There is also an option to allow only anonymous users (see configuration below). If this option is enabled, information in "users.dat" is ignored, and only anonymous access is permitted.

Running the Server

To start the server, run the "jftpd" script (Unix or Windows) or open the "jFTPd" application (Mac). A message will appear indicating that the server is started and accepting connections. This is the only message that will appear in standard output (except for unusual errors) so under Unix you can easily run the server process in the background.

By default, the server logs user activity to the file "ftpd.log" in the same directory as the server application. The log file can be changed or disabled by configuring server settings (see below).

Server Configuration

The server is configured by assigning values to attributes. These properties can be assigned in three ways:

Editing the "jftpd.properties" file. This is a file listing attributes and values. The sample "jftpd.properties" file included with this distribution shows the proper format.
Specifying parameters on the command line when you start the server, in the format "[attribute]=[value]". For example, starting the server with the command of "jftpd maxconn=20" would assign the value of "20" to the "maxconn" attribute. Properties assigned on the command line override settings in the properties file.
Using the remote administration tool, described below.

This table shows the attributes that can be set, and their meanings and default values. Attributes are not case sensitive, but their values are. Note that the attributes have changed significantly from previous versions of jFTPd, primarily to support multiple users.

Name Description Default

port port on which the server should listen for clients 21 (standard FTP port)

maxconn the maximum number of clients that can be connected to the server at one time, or 0 if no limit 0

log 1 if file transfers should be logged, 0 if not. 1

logfile name of the log file ftpd.log

timeout number of seconds of no activity after which a client will be disconnected, or 0 if clients should never be automatically disconnected 300

welcomeMessage Initial message displayed to clients when they connect to the server. "Enter your username and password"

computedates 1 if the server should calculate last modified dates in directory listings. This calculation depends on undocumented features in the Java class libraries and is not guaranteed to work correctly on all platforms, although it has worked on every platform tested thus far. 1

directorycount 1 if the server should calculate the number of files in directories when listing files. Enabling this calculation can potentially slow the server because it increases the number of file operations it must perform. 0

tempDirectory Directory in which the server stores files being uploaded before moving them to their proper directory. If not specified, uploaded files are written directly to the destination directory. In either case, the file is assigned a unique filename and renamed after the upload is completed, so name collisions should not occur. no default value

anonymousOnly 1 if the server should accept only anonymous connections. In this case, user information in "users.dat" is ignored, and directory and security information is set according to the "anonymousDirectory", "anonymousUpload", "anonymousDownload", and "anonymousDelete" attributes described below. 0

anonymousDirectory If the "anonymousOnly" setting is enabled, this attribute is the home directory for anonymous users. Otherwise, this attribute is ignored. no default value. A value must be specified if the "anonymousOnly" setting is enabled, or the server will refuse to start.

anonymousDownload 1 if anonymous clients can download files. This setting is only used if the "anonymousOnly" setting is enabled. 1

anonymousUpload 1 if anonymous clients can upload files. This setting is only used if the "anonymousOnly" setting is enabled. 0

anonymousDelete 1 if anonymous clients can delete and rename files. This setting is only used if the "anonymousOnly" setting is enabled. 0

passiveLowPort Lowest port number the FTP server should use for passive connections. The default value should not need to be changed unless your server has an unusual configuration. 15000

passiveHighPort Highest port number the FTP server should use for passive connections. The default value should not need to be changed unless your server has an unusual configuration. 15999

adminPassword The password required to monitor and administer the server using the remote administration tool (see below). If this property is not set, no remote administration is allowed. no default value

rmiName The name by which the server is known to the remote administration tool. It is usually not necessary to change this. "FTPController"

rmiPort The port on which the server listens for the remote administration client. It is not necessary to change this unless the default port of 1101 conflicts with another service on the server. 1101

Remote Monitoring and Administration

jFTPd includes a preliminary release of a remote administration application that can be used to monitor server activity and modify parameters while the server is running. The remote administration application is contained in the "admin" directory in the jFTPd distribution. It requires at least a Java 1.1-compliant The admin application can be run on the same machine as the FTP server, or copied to a different machine. Do the following to run the administration application:

Start the FTP server as described above, making sure that the "adminpassword" property is given a value. If it is not, the administration utility will not be able to connect.
Run the administration utility by executing the "jftpd_admin" script under Unix or Windows, or by double clicking the "jFTPd Admin" application under Mac OS.(As mentioned in the requirements section, Swing 1.1 or later must be installed for the application to run).
A connection window should appear. Enter the IP address or name of the machine running the jFTPd server in the "Host" text field. The "Port" and "Remote Name" fields can be left with their default values, unless they were changed on the server. Enter the admin password set on the server in the "Password" field, and click the "Login" button. If all the parameters are correct, the login window should be replaced with a window titled "jFTPd Controller".

Note: The admin password is sent to the server in clear text. If you are running the admin tool on a separate machine, be aware that it may be possible for an attacker to intercept the password in transit.

Once you have successfully connected to the server, you can monitor activity and change server parameters. The main controller shows whether the server is on or off, the number of FTP users connected, and contains the following four buttons:

Start Server: Allows the server to accept connections from FTP clients.
Stop Server: Stops the server from accepting connections from FTP clients. Note that this does not prevent the admin program from communicating with the server; administration clients can always connect as long as the server process is running.
Users...: Opens a window showing details about the FTP users currently connected.
Properties...: Opens a window showing the server properties.

The users window appears when you click the "Users..." button. It contains a table showing information for all connected FTP users, including the username, IP address, time of logon, and upload and download history. Uploads and downloads are shown in the format "[files]/[bytes]", so a value of "2/2340" for "Downloads" means that the user has downloaded 2 files which total 2340 bytes. If you select a user by clicking on a table row, you can open a user detail window by pressing the "Details..." button. The detail window shows all actions that the selected user has taken since they logged in. Clicking he "Disconnect" button will terminate the selected user's FTP connection immediately.

The properties window appears when you click the "Properties..." button. It contains a table showing all property names and values that were set on the server, either by command line arguments or by the "jftpd.properties" file. You can change a property value by clicking on a row in the table, editing the text field at the bottom of the window, and clicking the "Set" button. Note that there is currently no way to write your changes back to the properties file, so any changes you make will only remain in effect as long as the server process is running.

All windows in the administration client update themselves every 10 seconds, so you can see users logging on, performing actions, and logging off in real time. Multiple administration clients can connect to the same server.

Known bugs

Under some circumstances, the server may fail to delete temporary files.
The remote administration feature is a work in progress, and does not include all functionality that will be in the final release. The ultimate goal is to be able to do all configuration through the admin program, without having to edit files by hand.

Mac OS Hints

Particularly when dealing with files, Java sometimes tends to take a rather Unix-centric view of the world. This sometimes causes problems under Mac OS, most of which can be worked around. Here are some things to be aware of when running the server under Mac OS (not Mac OS X Server, which is essentially Unix):

Java specifies Mac file names as '/' separated lists beginning with the volume name, and continuing with folder names. For example, your "Finder" file would be specified as "/Macintosh HD/System Folder/Finder". This is the format you should use when specifying a root directory. Note that using "/" as the root directory allows clients to access all mounted drives.
The server will probably get confused if you have two mounted volumes with the same name. This is because Java assumes that files can be identified uniquely with a pathname, which is not necessarily the case with Mac OS.
Java can only read and write to the data fork of Mac files; it cannot operate on the resource fork. This means that you cannot transfer applications using this server, since their resource forks contain most or all of the data. In order to transfer applications you will need to first compress them with a program such as Stuffit or Compact Pro. The compressed files can be transferred and decompressed by the client. Important exception: If a client deletes a file on the server, both the data and resource fork are erased. So clients (with delete permission) can delete applications even though they can't read them.
Macs don't have a command line, so the best way to specify options is by editing the "jftpd.properties" file. You can also change the programs command line options using JBindery. JBindery is part of the MRJ Software Development Kit, available from Apple's Java site. To edit the command-line options, drag and drop the "jFTPd" application onto the JBindery icon. A window will appear allowing you to edit various settings. Enter the desired command line options into the "Optional Parameters" text area and click on the "Save Settings" button. Note that if a command line option (such as the root directory) contains spaces you need to surround it with quotes; for example, "root=/Macintosh HD/Cool files".

Version History

2.0b1

Added support for multiple users with assigned directories.
Significantly improved logging.
Made several bug fixes and architecture improvements.
Released remote administration client in preview form.

1.3

Incorporated Ryan Schutt's code for improved directory listings.
Added support for "jftpd.properties" as an alternative to the command line for specifying options.
Minor bug fixes.

1.2

Added passive mode support.
Fixed several minor bugs.

1.1

Fixed bug causing a NullPointerException if the server was started and stopped before any clients connected.
Added control over disconnecting idle clients (1.0 was hard-coded to disconnect clients after 300 seconds of inactivity).

1.0

First public release

Copyright

This program is copyrighted by Brian Nenninger and made available under the terms of the MIT License. There is no warranty whatsoever for this product, not even an implied warranty of merchantability or fitness for a particular purpose. You may copy, modify, and distribute this program with certain restrictions, see the included "License" file for details.

Feedback

Please contact me at bwn@kreative.net with any comments, bug reports, or suggestions.

Name	Description	Default
port	port on which the server should listen for clients	21 (standard FTP port)
maxconn	the maximum number of clients that can be connected to the server at one time, or 0 if no limit	0
log	1 if file transfers should be logged, 0 if not.	1
logfile	name of the log file	ftpd.log
timeout	number of seconds of no activity after which a client will be disconnected, or 0 if clients should never be automatically disconnected	300
welcomeMessage	Initial message displayed to clients when they connect to the server.	"Enter your username and password"
computedates	1 if the server should calculate last modified dates in directory listings. This calculation depends on undocumented features in the Java class libraries and is not guaranteed to work correctly on all platforms, although it has worked on every platform tested thus far.	1
directorycount	1 if the server should calculate the number of files in directories when listing files. Enabling this calculation can potentially slow the server because it increases the number of file operations it must perform.	0
tempDirectory	Directory in which the server stores files being uploaded before moving them to their proper directory. If not specified, uploaded files are written directly to the destination directory. In either case, the file is assigned a unique filename and renamed after the upload is completed, so name collisions should not occur.	no default value
anonymousOnly	1 if the server should accept only anonymous connections. In this case, user information in "users.dat" is ignored, and directory and security information is set according to the "anonymousDirectory", "anonymousUpload", "anonymousDownload", and "anonymousDelete" attributes described below.	0
anonymousDirectory	If the "anonymousOnly" setting is enabled, this attribute is the home directory for anonymous users. Otherwise, this attribute is ignored.	no default value. A value must be specified if the "anonymousOnly" setting is enabled, or the server will refuse to start.
anonymousDownload	1 if anonymous clients can download files. This setting is only used if the "anonymousOnly" setting is enabled.	1
anonymousUpload	1 if anonymous clients can upload files. This setting is only used if the "anonymousOnly" setting is enabled.	0
anonymousDelete	1 if anonymous clients can delete and rename files. This setting is only used if the "anonymousOnly" setting is enabled.	0
passiveLowPort	Lowest port number the FTP server should use for passive connections. The default value should not need to be changed unless your server has an unusual configuration.	15000
passiveHighPort	Highest port number the FTP server should use for passive connections. The default value should not need to be changed unless your server has an unusual configuration.	15999
adminPassword	The password required to monitor and administer the server using the remote administration tool (see below). If this property is not set, no remote administration is allowed.	no default value
rmiName	The name by which the server is known to the remote administration tool. It is usually not necessary to change this.	"FTPController"
rmiPort	The port on which the server listens for the remote administration client. It is not necessary to change this unless the default port of 1101 conflicts with another service on the server.	1101