# $Id: ftpaccess,v 1.1 2004/03/30 03:26:50 tom Exp $
# $Source: /home/CVS/fireballTop/fireballFS/root/usr/local/fireball/defaults/ftpaccess,v $

########################################################################
# Configuration file for wu-ftpd, the Washington University FTP daemon
# This contains our fireball specific setup.  We want to control 
# anonymous FTP access and perhaps allow some controlled access to some
# "real" users.
#
# This file is commonly kept in /etc/ftpaccess.  But we may end up 
# moving it to /etc/sysconfig/ftpaccess since that's where we group all
# of our fireball-specific configuration files.  Hasn't been moved yet.
# That may require rebuilding the ftpd program (because the location
# is hard-coded and there doesn't appear to be a command line option to
# override it.  
#
# This file is probably going to be machine edited, probably by the the
# GUI interface.  Where that's likely, I've put comments below so it is
# obvious what should be left alone.  Look for "#GUI WILL EDIT"
#
# To get more details about wu-ftpd go to:
#       http://www.wu-ftpd.org.  
# The documentation on this file is at
#       http://www.wu-ftpd.org/man/ftpaccess.html.
#
# Only a very few of the possible options are included and documented
# below.  If you plan to do any work on this file I strongly urge you
# to print out the ftpaccess.html document mentioned above and read it
# over completely (a few times!) to get an idea of what you are doing.
# Even then, you'll probably have to experiment to get what you want.
#
# The model for how wu-ftp works is not well explained in the
# documentation.  Here's a quick rundown.  There are three classes of
# logins:
#   anonymous : User give name "anonymous" and provides a password which
#               is nothing but an email address.  Any garbage address
#               will do.  User is then dropped into a specific directory
#               tree and it appears that the entire file system exists
#               below that point.  In our case, that means they can see
#               everything under /var/gps, and nothing else, and
#               /var/gps appears as '/' to them.  When logged in, the
#               user has permissions of user "ftp" which must be listed
#               in /etc/passwd.
#
#       guest : A guest user must have an entry in /etc/passwd, and must
#               give their password from that file in order to gain
#               access.  Then they are dropped into a specified
#               directory, just as anonymous users are, and are limited
#               to operating only in that directory as if it were '/'.
#
#        real : A real user is similar to a guest user except that he
#               is dropped into  his actual home directory.  He can
#               be restricted to seeing only those files if desired.
#
# There are lots of subtle variations on these three groups, depending
# on the other configuration options.  For example, you can use
# restricted-uid to make a 'real' user appear to have a guest login
# where they see their home directory as '/' and can't go anywhere but
# inside their home.
#
# For fireball, we are going to use all three classes of logins, based
# on the name the user logs in with:
#
#   anonymous : Maps to class "Anon" below.  
#               Enabled by defining the AnonClass below.
#               Can only see /var/gps (as if it were /), and download
#               those files.
#               User has a choice of enabling the Delete capability
#               by enabling the line "delete [yes|no] anonymous"
#
#    netrsFTP : A 'guest' user. 
#               Enabled by defining the GuestClass below.
#               Can only see /var/gps (as if it were /), and download
#               those files.
#               User has a choice of enabling the Delete capability
#               by enabling the line "delete [yes|no] guest"
#
#    adminFTP : A 'real' user. 
#               Enabled by defining the RealClass below.
#               Can only see /var/gps (as if it were /), and download
#               those files.
#               Can also UPLOAD files to the /var/gps directory
#               (but NOT to subdirectories).
#



########################################################################
# Define the "classes" of potential users.  A Class consists of 
#   - A name
#   - One or more types of logins (real,guest,anonymous)
#   - Allowed hosts from which ftp access requests will be allowed.
#     These can be IP addresses, domain names, etc., using wildcards
#     as needed.
# If a user attempts access and no class is defined that matches, then
# the ftp login will be rejected.
#
# For our system, we will be mapping the three classes to three separate
# types of access, not based on the source of the client connection, but
# rather by the name of the user.  Anonymous goes into AnonClass.
# netrsFTP will be in the GuestClass.  AdminFTP will be in the
# RealClass.  This is not a NORMAL setup, but its the best I can come up
# with to meet our needs.  In particular, uploads, file-delete
# capability, and other features can only be enabled or disabled on
# a Class-by-Class basis, not User-by-User.  Since we want three
# distinct, configurable capabilities, we have to use three classes.
#
# It should be noted that some versions of wu-ftpd (like on Redhat
# Linux 7.x) allow User-by-User control over several features.  Not sure
# whether this is a Redhat only modification.  Would be nice to have it,
# but it isn't there in the straight Wu-FTP stuff.

class   RealClass   real  *

class   GuestClass   guest  *

# GUI WILL EDIT
# Commenting out this directive will turn off anonymous FTP.
class   AnonClass    anonymous  *


########################################################################
# When an anonymous user logs in, they will see only the files below
# /var/gps as their '/' directory.  Must have class Anon enabled above.
anonymous-root /var/gps 


########################################################################
# The anonymousFTP user will have userid=ftp, but we want it to ahve
# group permissions of "netrx" so it can delete in the /var/gps
# directories.
autogroup netrx AnonClass


########################################################################
# Deny an ftp login to all real users unless specifically enabled later
# in this file.
deny-uid %0-65535


########################################################################
# Unrestricted real users:
# Let these accounts come in as themselves and let them see the
# entire file system.  They'll start out in their home directory, as
# specified in /etc/passwd.
# Must have class "RealClass" enabled above.
# We probably won't have any use for these, and will have none enabled.
# allow-uid tom


########################################################################
# Restricted Real users:
# When one of the following users logs in (with a password, on a real
# account) they will be placed in their home directory, which will
# appear as '/' to them.  They'll only be able to see what's below that
# point.  This is a lot like anonymous ftp but with a required password.
# Must have class "Rel" enabled above.
#
# For fireball, we are setting this up for user "adminFTP", whose home
# directory is "/var/gps".  So adminFTP is just like the anonymous user
# except that he must use a real password, which can be set via the GUI.
# The GUI is going to manipulate these lines, so don't delete them.
# Just comment/uncomment them if you want to manually change them.

# GUI WILL EDIT
# Commenting out this directive will disable adminFTP access.
#allow-uid adminFTP

restricted-uid adminFTP


########################################################################
# Guest users:
# When one of the following users logs in (with a password, on a real
# account) they will be placed in their home directory, which will
# appear as '/' to them.  They'll only be able to see what's below that
# point.  This is a lot like anonymous ftp but with a required password.
# Must have class "Rel" enabled above.

# GUI WILL EDIT
# Commenting out this directive will disable netrsFTP access.
#allow-uid netrsFTP

guestuser netrsFTP
guestroot /var/gps netrsFTP


########################################################################
# Allow file deletions by specific groups
# These lines may be rewritten by the GUI.

# GUI WILL EDIT
# Switching between yes and no in this directive will enable or
# disable file/directory deletion for anonymous FTP.
delete yes anonymous

# GUI WILL EDIT
# Switching between yes and no in this directive will enable or
# disable file/directory deletion for netrsFTP.
delete no guest

# We always have delete on for the adminFTP user, if that account 
# is enabled.
delete yes real



########################################################################
# Set these capabilities for all groups

# I don't think we need these.
chmod no real,guest,anonymous
rename no real,guest,anonymous
umask no real,guest,anonymous

# Overwrite may be needed if we use ftp to upload firmware files.
# only applicable if upload is enabled.
overwrite yes real,guest,anonymous


########################################################################
# Limit the number of simultaneous connections associated with 
# each class.  
# limit <class> <count> <times> <message_file>
#   - class : a single class name
#   - count : how many simultaneous ftp sessions to all for class
#   - times : some sort of time specification, so the limits can vary
#             from moment to moment.  We use "Any" to indicate the
#             spec applies always
#   - message_file : A file containing the response we show the user
#             when the limit is exceeded.  Otherwise he just see 
#             "login denied" or something like that.
limit   AnonClass    3   Any              /etc/msgs/limit
limit   GuestClass   3   Any              /etc/msgs/limit
limit   RealClass    1   Any              /etc/msgs/limit



########################################################################
# Define what actions will be logged and where.

# log syslog : send the log entries to the default syslog, which in 
# our case is /var/log/messages.  Without this, the messages would
# go into a separate /var/log/xferlog.  That would be okay, but it would
# just be another log file to manage.
log syslog

# log command : would put every command the user gives into the log.
# This gets really verbose, and it's unclear if we need it.  The only
# advantage would be to see when ftp is used to delete a file, but we'd
# get a lot of trash to wade through to find that.
#log commands real,anonymous

# Log transfers : puts an entry in the log for every file transfer.
# This might be useful to a user if they want to verify what's been
# downloaded.  Or maybe not.
log transfers anonymous,real inbound,outbound



########################################################################
# Control file uploads [for firmware patches]
# Prevent other uploads or any creation of subdirectories.
#
# This one is really badly documented by wu-ftpd docs, and what there is
# is mainly done by examples that aren't applicable to our situation.
# So it's very  hard to know exactly what's needed.  Our goal is to
# allow only the adminFTP user to upload files, and only to a particular
# directory.  No subdirectory creation will be allowed.  And all other
# users will be prevented from uploading files or creating directories.
#
# The general syntax for upload is too complicated to describe here.
# You'll have to look at the ftpaccess manpage, and also at the
# Upload Configuration How-to document.
########################################################################

# Allow uploads from adminFTP (RealClass) to anyplace, making the
# owner:group = netrx:netrx, and permissions r--r--r--, but don't 
# allow creation of subdirectories.
upload  /var/gps/incoming * yes netrx netrx 444 nodirs


upload /var/gps * no nodirs
