At present, ProFTPD has seven different configuration sections or contexts:
- "server config"
<Anonymous>
<Directory>
<Global>
<Limit>
<VirtualHost>
.ftpaccess
These contexts are determined, in configuration handlers, using the
CHECK_CONF
macro.
The "server config" context encompasses everything outside of the other
contexts (i.e. every configuration directive that is not explicitly
contained within another configuration context), and indicated by the value
CONF_ROOT
in a configuration directive handler.
The <Anonymous>
section is used to set up the very common configuration of
an anonymous FTP server. It does a chroot(2)
to the anonymous FTP directory
by default, and turns off the requirement for a valid password, requesting only
a valid email address as the password. Other system binaries or files need
not be contained within the <Anonymous>
directory.
The CONF_ANON
value is used to indicate the <Anonymous>
context. Since
an <Anonymous>
section is not considered a separate server, but rather a
subset of its containing server, any configuration directives set for that
server will be in effect for the <Anonymous>
section as well, unless
overridden by a directive of the same name within the <Anonymous>
context
itself.
Context checks via CHECK_CONF
in configuration handlers should check for
this CONF_ANON
value if the configuration directive should be allowed in the
<Anonymous>
context.
The <Directory>
context is for configurations specific to directories
(and files), of course. This includes views of the files in those directories,
based on the logged-in user's name, or group membership, or on the name of the
files (e.g. Unix-style "hidden" files), and on whether the user has
permission to see the files. .ftpaccess
files occur within this context by
definition; <Limit>
sections often appear in a <Directory>
section as well.
Configuration handlers would check for the CONF_DIR
value in order to make
sure that the configuration directive in question is occurring in an allowed
context.
The description in the
documentation for
the <Global>
context is good. Another point to know is that if a directive
is set in this context, and then the same directive is used in the
"server config" or <VirtualHost>
contexts with different parameters, those
parameters take precedence over the <Global>
parameters. This allows you to
configure things for everyone equally, then tweak specific ervers individually,
on a per-server basis.
In configuration directive handlers and context checks, this context uses the
CONF_GLOBAL
value.
The <Limit>
context is used to place limits on who and how individual FTP
commands, or groups of FTP commands, may be used. The configuration context
value for this section is CONF_LIMIT
.
The <VirtualHost>
section
is used for configuring per-server settings; its value is CONF_VIRTUAL
.
These files are akin to Apache's .htaccess
files, which are parsed-on-the-fly
configuration files -- with restricted scopes -- that users can place in their
own directories. Note that .ftpaccess
are similar to Apache's
.htaccess
files, they are not the same. For example, ProFTPD's
.ftpaccess
files do not support a "require" directive, nor Apache's
AuthRealm
directive. That particular area of Apache configuration is
targetted for restricting access to anonymous connections; by its nature,
ProFTPD handles anonymous connections as special cases of the normal
authenticated connections.
Configuration directive handlers that wish to allow their configuration
directive to be placed in this context do so via the CONF_DYNDIR
value.
The config_rec
structure defines a flags
member that is used for indicating
different configuration types. At present, these configuration types include:
CF_DEFER
CF_DYNAMIC
CF_MERGEDOWN
CF_MERGEDOWN_MULTI
The CF_MERGEDOWN
flag is the most interesting of the flags, and the one the
developer is most likely to encounter. It is used within a configuration
directive handler like so:
config_rec *c = NULL;
c = add_config_param(...);
c->flags |= CF_MERGEDOWN;
This flag tells the context-processing functions that configuration
sub-contexts are to inherit this config_rec
setting, unless the
sub-context already has a config_rec
of the same directive name.
The other two flags, CF_DEFER
and CF_DYNAMIC
, are set automatically for
<Anonymous>
and .ftpacces
contexts, respectively.