The FTP Server is a basic implementation intended to facilitate one-button document publishing tools and to provide a means for copying files between Windows 95/98/NT/2000/XP machines when no other FTP daemons are available. The FTP Server does not support virtual hosts, so the FTP configuration applies to all virtual hosts defined for a web site.

FTP User Management
All Sambar Server users are configured using the Users forms within the System Administration Security area. When creating a new user (or updating an existing user), you can set their FTP priviledges including read/write access and the directory to which they are restricted. Each user can be granted access to a single directory and will then have access to all files and directories under that directory.

Important: Unless you want all users to have anonymous access to your FTP Server, it is recommended that the "anonymous" user be deleted. At the very least, you will likely want to change the directory to which the "anonymous" user is restricted. When users connect to your FTP Server via browser using ftp://your-server, the browser sends "anonymous" as the username. The default user configuration allows this user read-only access to all files in the Documents Directory.

Virtual Hosts
When FTPing for a virtual-host user, the domain name must be appended to the username, i.e. [email protected]. The IE browser will not allow an at (@) symbol to be used in the username as part of the URL. To get around this limitation in IE, the star (*) symbol can be used and it will be modified internally by the FTP server to the at (@) symbol.

FTP Upload Limits
There are two ways to limit a user's FTP upload rights. The first is the config/config.ini parameter Maximum FTP Upload which limits the maximum size of any single FTP file. If set to zero (0), there is no file size limit. The second is the per-user upload limit configured in the config/passwd file. If this is set to zero (0), or if Radius, LDAP or NT authentication is enabled, there are no per-user space limits.

FTP Server Limitations
The only limitation to the FTP server that should be noted is that users are restricted to a single directory.

Limiting users to a single directory was implemented for security reasons. Often though, it is useful to allow a user to view several directories (while still restricting their access). It is unlikely that the Sambar Server will extend the user security restriction beyond a single directory, with the exception of the "all access" feature. The directory security restriction can be bypassed for a user by defining their "FTP Directory" as star (*). Users with this designation are able to change to any hard drive on the disk and may access any file on the system. It is recommended that this feature be used with extreme caution.

FTP Login/Logout Messages
The FTP login/logout messages are read from the config/macros.ini file at the startup of the server. Specifically, the macros FTP_WELCOME and FTP_GOODBYE are read in and returned to users logging in/out of the FTP Server. The welcome message is only delivered after a successful login. The message delivered upon connecting to the Sambar FTP server indicates the version of the FTP server running and the machine name; this message cannot be modified.
Note: You must restart the Sambar Server after modifying any entries in the config/macros.ini file.

Connecting via username
With most browsers, you can access your server via the URL:

ftp://<username>:<password>@<your-server>/

Valid Filenames
The Sambar Server restricts filenames to a list of Valid Characters specified in the config/config.ini file.

FTP Security
FTP has a number of significant problems that limit its usefulness. For example, FTP does not have strong security (passwords are sent in clear text) and the protocol is not firewall friendly. Fortunately, there is a replacement for FTP that is beginning to get client support called WebDAV. The WebDAV protcol is a series of extensions to HTTP to support distributed authoring. The Sambar Server Pro supports WebDAV.

One option for providing secure FTP is to enable the FTPS server, an "implict" SSL-based FTP server that requires SSL/TLS for all operations running on port 990. The second option is to use the "AUTH AUTH SSL or AUTH TLS" feature which performs the equivalent of "START TLS" on the FTP connection and requires SSL/TLS for all future operations on the user connection. Note: When FTPS is enabled, the connection process is always encrypted. The data channel is always assumed to be encrypted in the Sambar Server unless the config/config.ini FTPS Clear Data Channel is set to true.

Both FileZilla and CuteFTP Pro 3.0 have been reported to work with the FTPS server. CuteFTP 6.0 appears to have an SSL data channel issue, requiring the Clear Data Channel option.