RE: Custom welcome message
Hi, I just tried that out and it worked form me on FtpServer-1.1.0. This is
what I did:
0. Downloaded the latest FtpServer zip file and extracted it.
1. Created a new folder called \res\messages
2. Added a new file called FtpStatus.gen
3. Added my custom message for login like so:
220=JESTER ready for connection. WARNING! All activity on this site is
monitored and tracked. Authorised personnel only.
4. Edited the res\conf\ftpd-typical.xml file to add the following element under
the tag:
5. Started ftpserver under a cmd shell, passing in the config file to use:
Bin\ftpd.bat \res\conf\ftpd-typical.xml
6. Connected to it using ftp client built into Windows 7 via the command prompt
on port 2121
Observed that the 220 greeting showed my new message.
In production, I actually set the custome messages using a message factory when
I am setting up the ftp server instance.
-- cut
FtpServerFactory factory = new FtpServerFactory();
//Customised server messages (optional)
String customMessageFile =
config.getPropertyAsString("server.customMessages");
if ( customMessageFile != null) {
LOG.debug("Custom message resource specified: " +
customMessageFile);
File f = new File(customMessageFile);
if (f.exists()) {
LOG.debug("Message file exists, configuring.");
MessageResourceFactory messageFactory = new
MessageResourceFactory();
messageFactory.setCustomMessageDirectory(f);
factory.setMessageResource(messageFactory.createMessageResource());
} else {
LOG.error("Custom message bundle
\""+customMessageFile + "\" specified, but does not exist. Not loaded.");
}
}
cut ---
Best Regards,
Gary.
RE: Custom welcome message
Hi Faseela, it looks like Filezilla is hiding the response string returned from ftpserver unless an error occurs (in which case it shows the full log in the log window). On filezilla 3.14.1, I got it to show the custom response message all the time by setting the debug level in the preferences to "2 - Info". Not sure if this is an option for you?
RE: Restricting hidden files to upload
I would look at overriding the NativeFtpFile.listFiles() method to achieve this. The filesystem is pluggable and comes with a native filesystem implementation by default; but you can implement your own and therefore obtain whatever functionality you need.
RE: Restricting hidden files to upload
Sorry, didn't read the OP properly. I would agree with John. I do something similar in my code.
RE: how to disable plain ftp when server is configured with explicit ftp
This is how I do it - I have the server listening on both an internal and
external interface and check that download attempts on the external one are
secure before allowing it. The internal interface is plain FTP:
public FtpletResult onDownloadStart(FtpSession session, FtpRequest request)
throws FtpException, IOException {
if (isExternalInterface(session) && !
isSecureConnection(session)) {
//security issue, either the control or data port is
unsecure
LOG.error("About to start a download, but either the
control or data connection is unsecure. Download aborted.");
writeMessage(session,
FtpReply.REPLY_550_REQUESTED_ACTION_NOT_TAKEN, "Session is not secure. Issue
PROT P command first.");
return FtpletResult.SKIP;
}
private boolean isSecureConnection(FtpSession session) {
return (session.isSecure() &&
session.getDataConnection().isSecure());
}
Best Regards,
Gary Bell
Re: Using FTPS
I have my ftp server set to use SSL server-side only and I can connect to it no problem with filezilla. My certificate was a trial one from thawte and they have specific instructions for java jks keystores. Have a look at : https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=S:SO5230&actp=search&searchid=1232617028046 https://www.thawte.com/ssl-digital-certificates/technical-support/keygen/tomcat_keygen.html Although that last one is for tomcat, it seemed to work for me. Some other good reference material I used: http://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html - Does it work OK if you create a self-signed cert using keytool? Best Regards, Gary Bell
Re: IOException on ftp client disconnect
You also get something similar using filezilla in SSL mode when it disconnects: [DEBUG] 2009-01-19 12:04:40,288 [] [] Unexpected exception from SSLEngine.closeInbound(). javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:166) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1356) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1324) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:1263) at org.apache.mina.filter.ssl.SslHandler.destroy(SslHandler.java:155) at org.apache.mina.filter.ssl.SslFilter.sessionClosed(SslFilter.java:386) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(DefaultIoFilterChain.java:378) at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$900(DefaultIoFilterChain.java:49) at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.sessionClosed(DefaultIoFilterChain.java:817) at org.apache.mina.core.filterchain.DefaultIoFilterChain$HeadFilter.sessionClosed(DefaultIoFilterChain.java:598) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(DefaultIoFilterChain.java:378) at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireSessionClosed(DefaultIoFilterChain.java:373) at org.apache.mina.core.service.IoServiceListenerSupport.fireSessionDestroyed(IoServiceListenerSupport.java:229) at org.apache.mina.core.polling.AbstractPollingIoProcessor.removeNow(AbstractPollingIoProcessor.java:485) at org.apache.mina.core.polling.AbstractPollingIoProcessor.remove(AbstractPollingIoProcessor.java:455) at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:58) at org.apache.mina.core.polling.AbstractPollingIoProcessor$Worker.run(AbstractPollingIoProcessor.java:862) at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:51) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:650) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:675) at java.lang.Thread.run(Thread.java:595) [ INFO] 2009-01-19 12:04:40,289 [gary] [172.25.72.185] CLOSED Best Regards, Gary
Re: Stability and reliability issues
I have seen similar ocurrences to the "cannot connect to server" incident mentioned. For us, this was caused by the ftpserver _sometimes_ picking a (passive) port that our firewall was not allowing through from the client. I changed the passive port range setting in ftpserver to match the firewall port range and it has worked ok since. I guess it therefore follows you could also get this if you have set up a port range and you run out of ports momentarily under heavy demand. This can also happen with clients such as filezilla that can open many ports at once to transfer files. I have also seen the max logins reached error as well for a user account that was just set up and therefore could not have reached any limit. Since this was the first occurrence in many months of continuous operation, I just restarted the server and everything was OK. I might peer more closely into the source code now. Best Regards, Gary Bell
Re: FtpServer hitting its limit?
There is a good article on the time_wait state of sockets at http://www.developerweb.net/forum/showthread.php?t=2941 which mentions the SO_LINGER settings: ...Because of these potential problems with TIME_WAIT assassinations, one should not avoid the TIME_WAIT state by setting the SO_LINGER option to send an RST instead of the normal TCP connection termination (FIN/ACK/FIN/ACK). The TIME_WAIT state is there for a reason; it's your friend and it's there to help you :-) Might be of some help. Best Regards, Gary
RE: How to limit file upload and download to a set of directories.
I have something sort of similar in my code. I only allow uploads to a
specific directory which for me is a well-defined name. Hope this helps:
- cut ---
public FtpletResult beforeCommand(FtpSession session, FtpRequest request)
throws FtpException, IOException {
String cmd = request.getCommand().toUpperCase();
User user = session.getUser();
if (cmd.equals("STOR") || cmd.equals("STOU") || cmd.equals(
"APPE")) {
if (! isUploadDirectory(user,request.getArgument()) {
LOG.debug("Attempt to upload files to non-shared
upload area. Command will be aborted.");
writeMessage(session,FtpReply.
REPLY_550_REQUESTED_ACTION_NOT_TAKEN,"Read-only; " + cmd + " not permitted
by administrator.");
return FtpletResult.SKIP;
}
}
}
cut -
Best Regards,
Gary
Re: Enrich error messages
Here is a snippet from my code that does something similar.
--
public FtpletResult onUploadStart(FtpSession session, FtpRequest request)
throws FtpException, IOException {
if (isExternalInterface(session) && !
isSecureConnection(session)) {
//security issue, either the control or data port is
unsecure
LOG.error("About to start an upload, but either the
control or data connection is unsecure. Upload aborted.");
FtpReply reply = new DefaultFtpReply(FtpReply.
REPLY_550_REQUESTED_ACTION_NOT_TAKEN, "Session is not secure. Issue PROT P
command first.);
session.write(reply);
return FtpletResult.SKIP;
}
return super.onUploadStart(session, request);
}
Best Regards,
Gary Bell.
Re: Custom implementations for FTP commands
HI Bernd, You will need to roll your own FileSystemFactory and FileSystemView classes, and probably your own FtpFile class. You then register your FileSystemFactory class in the ftpd.xml file. Best Regards, Gary Bell
Re: Accessing Files from other users home folder?
We use symbolic links to link the same file to more than one user. So the file actually sits in /files/common/documents/test.txt and is symbolically linked into /home/userA and /home/userB. For the next version of our code we intend to implement a custom filesystem that will remove the need for unix symlinks to achieve the same result. Best Regards, Gary Bell Nilesh Apte To "ftpserver-users@mina.apache.org" 15/12/2011 06:54 cc Please respond to Subject ftpserver-users@m Accessing Files from other users ina.apache.org home folder? Hi: Can a ftp user access a file from other ftp users' home directory (or sub directory)? For example, 1. UserA has his home directory as /home/UserA 2. UserB has his home directory as /home/UserB 3. UserA has a file at following folder location, */home/UserA/documents/test.txt* 4. When UserB connect to apache ftp server, he will see "/" (which maps to /home/UserB) as his root directory. 5. Can UserB issue "*GET /home/UserA/documents/test.txt*" to retrieve the file? I tried "running ftp server stand alone in 5 minutes" link, and this seems to be not supported out of the box. I get "550 ... : No such file or directory" error. What is the recommended/best way to share files between various ftp users? Thanks, Nilesh.
Gary Bell is out of the office on Company business
I will be out of the office starting 10/01/2012 and will not return until 16/01/2012. For CSeries release support, please contact John Mitchell on Belfast ext. 62457 // john.mitch...@aero.bombardier.com (please Cc me on any emails).
Gary Bell is out of the office on Company business
I will be out of the office starting 16/01/2012 and will not return until 20/01/2012. For CSeries release support, please contact John Mitchell on Belfast ext. 62457 // john.mitch...@aero.bombardier.com (please Cc me on any emails).
Gary Bell is unavailable at present
I will be out of the office starting 09/02/2012 and will not return until 29/02/2012. For CSeries release support, please contact John Mitchell on Belfast ext. 62457 // john.mitch...@aero.bombardier.com (please Cc me on any emails).
Gary Bell is on Holiday
I will be out of the office starting 06/04/2012 and will not return until 16/04/2012. Limited CSeries release support is available during the Easter closure. If you need support on any of the following topics then please contact Justin Rotundo at the address shown: CITRIX errors / problems getting a Catia session via Citrix licence issues Doc desyncs in Enovia Enovia data transfer issues Q-checker/attribute checker issues BM query resolution All other queries should be reported to me via email as normal and we will address them upon our return. Thank you for your co-operation. Justin's contact details are: Justin Rotondo CAD/PLM Consultant Bombardier Aerospace - 105 ML - D19-18-02 BA Montreal: 514-855-5001 x 60731 justin.roto...@aero.bombardier.com Release Process Support team - 105 ML - C8-78
Gary Bell is on Holiday
I will be out of the office starting 04/05/2012 and will not return until 08/05/2012. For Cseries support please continue to send your issues to me and I will log them on Tuesday. For urgent support, contact your Integrator who will be able to contact me.
Gary Bell is on holiday
I will be out of the office starting 06/07/2012 and will not return until 23/07/2012. I will be on holiday for two weeks starting from next Monday the 9th of July. Please find below the Belfast RPST support arrangements during my absence and the shutdown next week. Please continue to Cc me on any emails though. Week starting Monday 9th July - Friday 13th July === - Reduced support available during normal Belfast office hours. - Release issues on Thursday & Friday such as XFR failures may have to wait until the following Monday. - Please send any support requests to Charles Landreville (charles-edouard.landrevi...@aero.bombardier.com) Week starting Monday 16th July - Friday 20th July - Normal support available during normal Belfast office hours. - Please send any support requests to John Mitchell (john.mitch...@aero.bombardier.com) Best Regards, Gary Bell Belfast RPST lead
Gary Bell is on holiday but will be back tomorrow
I will be out of the office starting 04/09/2012 and will not return until 05/09/2012. Please send any support requests to belfast_r...@aero.bombardier.com
