





















                                         FTPD

                    An FTP Daemon NLM for Novell Netware 386 3.11



                                 Administrators Guide




                             Copyright (C) 1992 MurkWorks
                                 All Rights Reserved
                                    August 9, 1992








               MurkWorks
               P.O. Box 631
               Potsdam, NY 13676 USA

               info@murkworks.com







          FTPD V1.31 Administrators Guide
            Copyright 1992 MurkWorks
          All Rights Reserved

          This software is not shareware, freeware nor public domain. It has
          been provided to you in a limited timed demo format. You may use this
          software without obligation until the demonstration period expires.
          When the demonstration period has expired, the software will no longer
          function. If you wish to continue to use the software you must
          register it with MurkWorks and pay a per server license fee. See the
          accompanying order form for pricing and ordering information. Dis-
          assembly or patching of the software to provide execution beyond the
          end of the demonstration period is expressly forbidden.

          Demo Version -- No Warranty

          MurkWorks makes no warranty of fitness or suitability for a particular
          purpose. Although we have made every effort to ensure the reliable and
          satisfactory operation of this software, we do not warrant it in any
          way. You the user assume all responsibility in its use and operation.
          MurkWorks shall not be held liable for any loss of any kind.

          Licensed Version -- Limited Warranty

          If you have registered your copy of the software and paid a license
          fee to MurkWorks, this software is covered by a limited warranty for
          the first sixty (60) days from the date of receipt of the license fee.
          Should the software fail or prove unsatisfactory during that time
          period MurkWorks sole remedy to you will be the reimbursement of your
          license fee. In no event will MurkWorks be held liable to you for any
          damages, including lost profits, lost savings or other incidental or
          consequential damages arising out of the use of this software or the
          inability to use this software.

          Trademarks

          Novell and Netware are registered trademarks, and Netware NLM, and
          Netware Loadable Module are trademarks of Novell, Inc. Other computer
          and software names are registered trademarks of their respective
          manufacturers.

          This product was developed using Network C for NLMs , Novell 's
          toolkit for developing server-based applications for the Netware  3.x
          operating system.

          Additional Information

          For additional information, write to us via postal mail:

               MurkWorks
               P.O. Box 631
               Potsdam, NY 13676  USA

          Or send electronic mail to

               info@MurkWorks.com







                                  Table of Contents


          Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   1
               Features . . . . . . . . . . . . . . . . . . . . . . . .   1
               System Requirements  . . . . . . . . . . . . . . . . . .   2

          Installation  . . . . . . . . . . . . . . . . . . . . . . . .   2
               Quick Start  . . . . . . . . . . . . . . . . . . . . . .   2
               Standard Installation  . . . . . . . . . . . . . . . . .   3

          Configuration File  . . . . . . . . . . . . . . . . . . . . .   3
               Class Definitions  . . . . . . . . . . . . . . . . . . .   3
               Addresses  . . . . . . . . . . . . . . . . . . . . . . .   4
               Access Settings  . . . . . . . . . . . . . . . . . . . .   4
                    log . . . . . . . . . . . . . . . . . . . . . . . .   5
                    logfile . . . . . . . . . . . . . . . . . . . . . .   5
                    connect . . . . . . . . . . . . . . . . . . . . . .   5
                    idle  . . . . . . . . . . . . . . . . . . . . . . .   5
                    timerange . . . . . . . . . . . . . . . . . . . . .   6
               Deny . . . . . . . . . . . . . . . . . . . . . . . . . .   6
               Allow  . . . . . . . . . . . . . . . . . . . . . . . . .   7
               Deny/Allow Ordering  . . . . . . . . . . . . . . . . . .   7
               MaxConnections . . . . . . . . . . . . . . . . . . . . .   8
               ScreenDelay  . . . . . . . . . . . . . . . . . . . . . .   8
               LogFile  . . . . . . . . . . . . . . . . . . . . . . . .   8

          Operation . . . . . . . . . . . . . . . . . . . . . . . . . .  10
               Command Line Options . . . . . . . . . . . . . . . . . .  10
               Console Commands . . . . . . . . . . . . . . . . . . . .  10
               Monitor Display  . . . . . . . . . . . . . . . . . . . .  11
               Home Directories . . . . . . . . . . . . . . . . . . . .  13
               User Commands  . . . . . . . . . . . . . . . . . . . . .  13
               Anonymous Accounts . . . . . . . . . . . . . . . . . . .  14
               Proxy Connections  . . . . . . . . . . . . . . . . . . .  15
               Security Considerations  . . . . . . . . . . . . . . . .  15

          Performance . . . . . . . . . . . . . . . . . . . . . . . . .  18
               How We Test  . . . . . . . . . . . . . . . . . . . . . .  18
               Memory Requirements  . . . . . . . . . . . . . . . . . .  18
               Processor Utilization  . . . . . . . . . . . . . . . . .  19

          How to Get Support  . . . . . . . . . . . . . . . . . . . . .  21

          Appendix A
                              Sample Configuration File . . . . . . . .  22

          Appendix B
                                Supported FTP Commands  . . . . . . . .  24







                                                                          1

          Introduction

                    Welcome to MurkWorks FTP Daemon NLM for Netware 386.
                    This product provides an efficient and useful FTP
                    daemon NLM for your Netware 386 server. 

                    FTP (File Transfer Protocol) is described in RFC959. It
                    provides a mechanism for internet hosts to transfer
                    files in text or binary mode between cooperating
                    systems. FTPD V1.31 supports the most common commands
                    listed in RFC959. For a complete list of supported
                    commands see appendix B.

                    This manual assumes that you have a basic understanding
                    of the TCP/IP protocol and a thorough understanding of
                    the NW386 environment. If you do not currently have the
                    TCPIP.NLM module loaded on your Netware server, now
                    would be a good time to review the TCP/IP Transport
                    Supervisor's Guide provided with the NW386 3.11 manual
                    set.

          Features

                    FTPD.NLM supports the following features:

                              Multiple simultaneous service connections

                              Real-time monitor display

                              Transaction logging

                              Access control by remote IP address, target
                              server and user

                              Supports NW2.15 servers through `proxy' ftp
                              service

                              Anonymous connections

                              Idle and connect timeouts, restricted access
                              times, etc







                                                                          2

          System Requirements

                    NLMS

                    The FTPD NLM uses both CLIB.NLM and the TCPIP.NLM. When
                    loading the TCPIP.NLM, CLIB will be automatically
                    loaded. Follow the procedures outlined in the TCP/IP
                    Transport Supervisor's Guide when installing and
                    configuring the TCPIP nlm. You will need to provide at
                    least one IP address for your Netware server. 

                    MEMORY

                    A typical Netware 386 server with 4 megabytes of RAM is
                    quite sufficient to operate the FTPD NLM. A detailed
                    analysis of the memory required per connection is
                    described in the Performance section of this manual.

          Installation

          Quick Start

                    If you're impatient and don't want to read through this
                    manual, follow the instructions in this section to get
                    the NLM up and running as quickly as possible. Without
                    a configuration file, the FTPD NLM will not provide any
                    access control beyond standard Novell password
                    checking. This may be sufficient for your needs. You
                    can always follow the full installation instructions
                    later if you so desire.

                    This program is distributed with the file:

                         ftpd.nlm  -    The FTPD NLM

                    If you have licensed your copy of the FTPD NLM, you
                    will have also received the file:

                         ftpd.key  -    Security key file

                    To install the FTPD NLM on your Netware 386 server, log
                    into the server as supervisor and copy the ftpd.nlm
                    file to sys:system. If you have licensed your copy, you
                    should also copy the file ftpd.key to sys:system.

                    If you're in a hurry, load the FTPD NLM by issuing the
                    follow command on the NW386 console:

                         load ftpd

                    otherwise, create a configuration file as described in
                    the Configuration File section before loading the NLM







                                                                          3

                    with the load command.

          Standard Installation

                    If you wish to make use of the additional security
                    features of the FTPD NLM, you will have to create a
                    configuration file. The next section of this manual
                    describes how to create a configuration file.

                    After creating the configuration file, follow the
                    instructions described in the Quick Start section shown
                    above.


          Configuration File

                    The file ftpd.cfg is provided in the distribution as an
                    example only. Do not copy this file into the sys:system
                    directory.  Instead, you should print this file on a
                    printer and use it as a reference when creating your
                    own ftpd.cfg file. This sample file is also listed in
                    the appendix of this manual.

                    The configuration file uses a simple ASCII format with
                    one command per line. Lines which begin with the pound
                    symbol (#) are comment lines and are ignored.

                    Use a suitable text editor to create a file called
                    ftpd.cfg in the sys:system directory. This file will
                    control how the FTPD NLM operates. Read this section
                    carefully to get the most out of your software.

                    If you create a new ftpd.cfg file or alter an existing
                    one, you will have to either reload the FTPD NLM or
                    issue the ftpd reconfig command before the changes will
                    take effect.

          Class Definitions

                    When a remote client connects to the FTPD NLM for
                    service, its internet address (IP Address) or internet
                    name can be used to place it in an access class. This
                    allows connections to be grouped based on whether they
                    are `local' or `remote'.  For example, a university may
                    wish to have one access class defined for on campus
                    clients, and a second one defined for off campus users.


                    Classes can have a list of valid servers and users, as
                    well as default settings for transaction logging, time
                    limits and so forth.







                                                                          4

                    A new class is defined with the class command, as
                    follows

                         class     classname

                    where classname is the name of the class. This name may
                    be anything meaningful to the supervisor. There is one
                    special class whose name is default. This class is used
                    whenever an incoming connection does not match any
                    other listed class.

          Addresses

                    Following the class command is a list of access control
                    commands and the class definition command: address. The
                    address command controls which remote connections are
                    grouped into the specified class. The address command
                    takes one argument, an IP Address or IP Name:

                         address   129.134.*.*
                         address   *.murkworks.com

                    The address command must follow a class command, and
                    may appear more than once in a given class. The asterix
                    (*) indicates a wild-card pattern, which means any
                    value may occupy its space. The address command is not
                    allowed in the default class.

                    When a client connects to the FTPD NLM, the class list
                    is searched for a match. The first class found which
                    has an address pattern that matches the client's IP
                    address or name is used for access control. 

                    Novell Netware 386 keeps its IP Name to IP Address
                    mapping information in the file sys:etc/hosts  This
                    file may not contain all internet names and addresses.
                    Therefore it is important to specify an IP address in
                    addition to the IP name. If the client's IP name is not
                    listed in the hosts file, the FTPD NLM will use the
                    client's IP address to match against.

          Access Settings

                    Each class may have default access control settings.
                    The settings command determines how clients may access
                    the Netware server. The settings command has its own
                    sub-commands, which generally appear as follows:

                         settings  [sub-commands]







                                                                          5

                    Where [sub-commands] may be one or more of the
                    following:
                              Command        Argument

                              log            count
                              logfile             log_file_name
                              connect        connect_time_in_minutes
                              idle           idle_timeout_in_minutes
                              timerange      allowed_access_timerange
                              readonly

                    All sub-commands and their arguments should appear on
                    the same line as the settings command, however settings
                    can be continued on the next line by inserting a plus
                    symbol (+) at the end of each continued line. The plus
                    symbol may not appear between sub-commands and their
                    arguments. See the sample configuration file for an
                    example of setting continuations.

                    The log  count  setting indicates that client
                    transactions for this class should be logged to the
                    logfile. The number of transactions to be logged is not
                    to exceed count entries. When this setting is in
                    effect, transactions such as login, logout, read,
                    write, delete, rmdir and mkdir are recorded in the log
                    file sys:system\ftpd.log.  If you only want a record of
                    login and logout times, use a log count of zero (0).

                         Example:  log  0

                    The logfile setting specifies the name of the file in
                    which log entries should be stored for this class. This
                    setting over-rides the system-wide setting logfile (see
                    below) if specified. The file name must be a fully
                    specified name which includes the volume name.

                         Example:  logfile        vol1:usr/anon/logfile.log

                    The connect  connect_time_limit command specifies the
                    maximum connect time for any client in this class. 
                    After the time limit expires, the client will receive
                    an error message and be automatically disconnected by
                    the server at the completion of any pending command. 
                    The time limit is specified in minutes. The limited
                    demo version of the NLM enforces a maximum connect time
                    of five minutes.


                    The idle  idle_timeout_limit specifies the maximum idle
                    time allowed for any client in this class. If the
                    client does not issue a command within the idle time
                    limit, the client will receive an error message and be







                                                                          6

                    automatically disconnected. This command is useful in
                    eliminating `dead' connections due to failed internet
                    connectivity. However, too short of an idle timeout may
                    cause unintended service disruption to the client. The
                    time limit is specified in minutes.

                    The timerange  allowed_access_timerange controls when
                    clients within this class may access the Novell Netware
                    server. The format of allowed_access_timerange is:

                         timerange startday-endday/starthour-endhour

                    For example:

                         timerange mon-fri/8-17

                    In the above example, clients are allowed access monday
                    through friday from 8am to 5pm.

                    The timerange command may be specified multiple times
                    if desired.

                    The readonly command specifies that all clients within
                    this class have readonly access to the Novell Netware
                    server. Even if a particular user has trustee rights
                    which grant him write access, this setting disables all
                    commands which may alter data on the server. 

          Deny
                    The deny command lists those servers and/or users who
                    should be denied access within this class.  The format
                    of the command is:

                         deny      [server/]user

                    Where server/ is an optional server name. If the server
                    is not specified, it applies to the server on which the
                    FTPD NLM is operating. Both server and user may be the
                    wildcard (*), meaning all servers or all users
                    respectively.

                    For example, suppose you had defined a class for all
                    local clients. That class would have no restrictions of
                    any kind. You may then wish to add access restrictions
                    for the default class which would apply to any non-
                    local client. If you don't want to allow any non-local
                    clients to have access to any of your Novell Servers,
                    you could issue the following two commands in the
                    configuration file:

                         class     default
                              deny      */*







                                                                          7

          Allow
                    The allow command lists those servers and/or users
                    which should be allowed access within this class. This
                    command over-rides any previous deny command. The
                    format of the command is:

                         allow          [server/]user       optional
                                                            settings

                    Where server/ is an optional server name. If the server
                    is not specified, it applies to the server on which the
                    FTPD NLM is operating. Both server and user may be the
                    wildcard (*), meaning all servers or all users
                    respectively.

                    The optional settings argument is a list of
                    settings sub-commands which should be applied to this
                    server/user. If any optional settings sub-commands are
                    listed, then all settings for the class are ignored for
                    this user. Therefore any settings which apply to the
                    class, which should also apply to the server/user must
                    be repeated on this line. 

                    For example, suppose a particular class had a setting
                    timerange of mon-fri/8-17 If you wanted to grant
                    readonly access for a particular user but maintain the
                    timerange, the class definition would look something
                    like the following:

                         class          example
                              settings  timerange mon-fri/8-17
                              allow          FS1/guest readonly, timerange
                                                       mon-fri/8-17

                    If the timerange command were not repeated on the allow
                    line, then the user FS1/guest would not have any
                    timerange limit because any setting sub-command on the
                    allow command line overrides all setting sub-commands
                    for the class.

          Deny/Allow Ordering

                    The order of the deny and allow commands within the
                    class is important. All class definitions begin with an
                    implied allow */*.  Access checking follows the list of
                    deny/allow commands in the order in which they are
                    encountered within the configuration file. Deny
                    commands mask out access, where allow commands add in
                    access.  The first deny command which explicitely
                    matches the target userid terminates the search.
                    Wildcard deny's do not terminate the search, instead







                                                                          8

                    subsequent wildcard allows or explicit allows may over-
                    ride the previously encountered deny command.

                    When the last deny/allow command is encountered in the
                    class, the logical result determines whether or not
                    access is allowed and which settings are applied.

                    For example, if you wanted to grant all users access to
                    a particular server with readonly access,  but you
                    wanted the supervisor to have full access, the
                    following would be a possible configuration file entry.

                         allow          */*       readonly
                         allow          */supervisor

                    If the order of the above commands were reversed, the
                    supervisor would have readonly access because the */*
                    mask also applies to the supervisor.



          MaxConnections

                    This command specifies the maximum number of
                    simultaneous client connections. For the limited timed
                    demo version of this program, the maximum number of
                    connections is silently forced to two (2) or less. In
                    the licensed version, the maximum number of connections
                    is thirty-two (32).

                    If this command is not specified, the default number of
                    connections is (2) in the limited timed demo version,
                    and (5) in the licensed version.

                    Example:
                         maxconnections 3

          ScreenDelay

                    This command specifies the number of seconds between
                    monitor screen updates. If this command is not
                    specified, the default is (2) seconds between screen
                    refreshes. The minimum allowable value is (1). Too low
                    a value may increase server utilization if there are
                    many active connections. A value between (2) and (5) is
                    recommended.

                    Example:
                         screendelay         5

          LogFile







                                                                          9

                    This command specifies the name of the system-wide log
                    file. The system-wide logfile is where transactions
                    will be logged for those users or classes for which no
                    logfile command has been specified. The logfile name
                    must be the full-path name of the log file. If this
                    command is not specified, the default is
                    sys:system\ftpd.log

                    Example:
                         logfile             sys:system\access.log







                                                                         10

          Operation

          Command Line Options

                    The FTPD NLM recognizes several command line arguments
                    which can be provided during the load phase.


                         /config   config_file    Specifies the path to an
                                                  alternate configuration
                                                  file, instead of the
                                                  default
                                                  sys:system\ftpd.cfg

                         /keyfile  key_file  Specifies the path to an
                                             alternate key file instead of
                                             the default
                                             sys:system\ftpd.key

                         /delay         delay_time     Specifies the
                                                       monitor screen
                                                       update delay in
                                                       seconds. Overrides
                                                       any value specified
                                                       in the configuration
                                                       file.

                         /max      count          Specifies the maximum
                                                  number of connections.
                                                  Overrides any value
                                                  specified in the
                                                  configuration file.

                         /display            Enables the monitor display.
                                             By default the monitor display
                                             is not shown. Using this
                                             switch causes the display to
                                             appear when the NLM is loaded.

                    Example:
                              load ftpd /display  /delay 5  /max 3

                    This command line loads the FTPD NLM, enables the
                    monitor display with an update frequency of 5 seconds
                    and a maximum of 3 connections.

          Console Commands

                    The FTPD NLM provides an additional set of console
                    commands which can be entered at the NW386 console
                    prompt. All of the following commands are prefixed with







                                                                         11

                    the keyword  ftpd, which indicates that the command is
                    for the FTPD NLM.


                         ftpd disable             This console command
                                                  disables new incoming
                                                  connections. Current
                                                  connections are not
                                                  effected.

                         ftpd enable              This console command
                                                  enables the FTPD,
                                                  allowing additional
                                                  incoming connections.

                         ftpd serialnum      This console command displays
                                             serial number and application
                                             information required to
                                             register your copy of the FTPD
                                             NLM.

                         ftpd displayon      This console command enables
                                             the monitor display.

                         ftpd displayoff          This console command
                                                  disables the monitor
                                                  display.

                         ftpd delay     delay_time     This console command
                                                       sets the monitor
                                                       display delay time
                                                       to delay_time
                                                       seconds. 

                         ftpd reconfig  config_file    This console command
                                                       causes the NLM to
                                                       reload the
                                                       configuration file.
                                                       If an optional
                                                       configuration file
                                                       name is provided
                                                       after the command,
                                                       then that file is
                                                       used instead of the
                                                       default
                                                       sys:system\ftpd.cfg

                                             This command is only allowed
                                             when there are no active
                                             connections.

          Monitor Display







                                                                         12

                    The FTPD NLM provides a near real-time display of
                    current connections. To make use of the display you
                    must enable it either by using the /display command
                    line option or the ftpd displayon console command.

                    The monitor display shows the first eleven (11)
                    connections. Each connection occupies two lines of the
                    display. The format of the display is as follows:

           client_host_name                        | last_command | username
           files     | bytes   | Kb/sec  | connect | idle_time    | last arg


                         client_host_name         Displays the client host
                                                  name, if known, otherwise
                                                  it displays the client IP
                                                  address.

                         last_command        Displays the last FTP command
                                             issued by the client.

                         username            Displays the SERVER/USERNAME
                                             under which the client has
                                             logged in. If the username
                                             corresponds to a no-password
                                             anonymous account, the symbol
                                             *A* also appears in this
                                             field.

                         files                    Displays the count of
                                                  files transferred by the
                                                  client during this
                                                  session.

                         bytes                    Displays the total byte
                                                  count transferred by the
                                                  client during this
                                                  session.

                         KB/sec              Displays the average KB/Sec
                                             for all files transferred by
                                             the client.

                         connect             Displays the total client
                                             connect time in HH:MM:SS
                                             format.

                         idle_time           Displays the current client
                                             idle time in HH:MM:SS format.







                                                                         13

                         last_arg            Displays the argument for the
                                             last FTP protocol command
                                             issued by the client.


          Home Directories

                    When a client logs in to a Netware server, the FTPD NLM
                    examines the bindery information for that userid.  The
                    NLM looks for a bindery property of the name HOME_DIR.
                    If this bindery property is found, it executes an
                    automatic chdir to value of that property. This
                    provides a means to specify a `home directory' for each
                    user. There are several freeware utilities which
                    provide the tools required to set this value, including
                    David Harris' SETHOME package available from most
                    Novell oriented FTP sites and BBSs.

                    If the HOME_DIR property is not found, the FTPD NLM
                    scans the Trustee Paths for that userid. If any Trustee
                    Path has a trailing directory component which matches
                    the userid (or nearly matches) then that Trustee Path
                    is chosen as a home directory.

                    For example, given the account anonymous with the
                    following Trustee Paths:

                         sys:mail/0023023
                         sys:usr/anony

                    The FTPD NLM would select the Trustee Path
                    sys:usr/anony as the home directory for the anonymous
                    userid.


          User Commands

                    The FTPD NLM provides the usual FTP command services.
                    This version offers one additional site specific
                    command:

                         site tp

                    This site specific command causes the NLM to list the
                    trustee paths available to the user. A typical unix
                    client can issue this command by using the FTP client
                    quote command:

                         quote site tp

                    Additionally, the user can return to their
                    HOME_DIRECTORY by issuing the command:







                                                                         14

                         cwd ~

                    The FTPD NLM recognizes the token (~) as meaning the
                    home directory chosen for this user during the login
                    sequence. An error message is returned if no suitable
                    home directory could be found.

          Anonymous Accounts

                    The FTPD NLM fully supports so-called `anonymous'
                    client connections. A typical anonymous client accesses
                    the server with the username of `anonymous', at which
                    point the server prompts the user for an email address
                    or other identifier instead of requesting a password.
                    This allows users to access the server without having
                    to know a special password. The FTPD NLM will record
                    the user supplied address/password to the log file if
                    logging is enabled for the anonymous account.

                    The FTPD NLM considers any account which has no
                    password to be an anonymous account.  Therefore the
                    actual account name `anonymous' has no special
                    signifigance to the FTPD NLM.

                    The following steps are recommended when setting up an
                    anonymous account:

                         A.   Use syscon to create a user account named
                              `anonymous'
                         B.   Remove the user from all groups (including
                              EVERYONE)
                         C.   Create a station restriction for the account
                              which will inhibit any workstation from
                              logging into the account.
                         D.   Make the password for the account be empty,
                              and do not require a password for the
                              account.
                         E.   Make the account a trustee for a secure
                              directory with [R F] rights only.
                         F.   Remote the account's access rights to it's
                              sys:mail directory.
                         G.   Use the SETHOME freeware utility to set the
                              home directory for this account to match the
                              secure directory.

                    When a remote user logs into the server by specifying a
                    userid of `anonymous', they will be prompted for an
                    email address because the FTPD NLM will realize that
                    the account has no password.  After the user provides
                    an email address the default current directory will be
                    set to the secure directory.







                                                                         15

          Proxy Connections

                    The FTPD NLM provides `proxy' FTP service to older,
                    non-Netware 386 servers.

          Security Considerations

                    The FTPD NLM does not inherently make your Novell
                    server less secure. It does, however, add another
                    avenue of attack into your server. Prudent use of the
                    FTPD.CFG file will ensure that remote users do not
                    violate the integrity of your system. 

                    The FTPD NLM attempts to resist password cracking
                    schemes by disconnecting any connection which enters an
                    incorrect password three times in a row. ie:, after the
                    third incorrectly entered password the user is
                    disconnected and a warning message is written to the
                    server console. Also, on the second and third login
                    attempts (after the first incorrect password) the FTPD
                    NLM delays the login process by three and six seconds
                    respectively in an effort to slow down any password
                    cracking program.

                    If fifteen incorrect passwords are entered without an
                    intervening correct login (on any server, for any
                    account), then the FTPD NLM also broadcasts a warning
                    message to all users attached to the file server. This
                    serves to alert the supervisor or another responsible
                    party that the file server is under attack from a
                    password cracking program.

                    Finally, accounts whose password has expired are denied
                    access to the server (whereas the Netware shell would
                    normally allow access and prompt for a new password).

                    Following are some suggestions to improve security on
                    your server.

                         A.   The NLM environment does not recognize
                              station restrictions on the local server. If
                              you have accounts that have station
                              restrictions, and you do not wish those
                              accounts to be able to access the server via
                              FTP, you must explicitely deny those accounts
                              access because the NLM can not recognize
                              station restrictions on the local server.

                              Station restrictions are recognized on remote
                              servers. If a remote server specifies a
                              station restriction for an account which
                              should have FTP access, you must add the







                                                                         16

                              network address of the local server to the
                              station restriction list of the remote
                              server. You can obtain the station address of
                              the local server by executing the slist
                              command from the DOS prompt and noting the
                              address for the local server.

                         B.   Intruder detection lockout may disable an
                              account if excessive invalid passwords are
                              entered. The FTPD NLM attempts to access an
                              account twice for each login, the first time
                              with no password (to see if the account is an
                              `anonymous' account) and the second time to
                              actually log in the user (if a password was
                              required). On remote servers there is no
                              other way to determine if a password is
                              required for an account.

                              Therefore, for each attempted login where an
                              invalid password is specified the NLM
                              actually attempts two logins to the specified
                              account. If the intruder lockout detection
                              count value is set too low, accounts may get
                              locked prematurely.

                              Additionally, malicous users may
                              intentionally issue invalid passwords in an
                              attempt to lock an account. This problem is
                              not specific to the FTPD NLM, as any user on
                              a workstation may do the same thing.

                              To avoid locking the supervisor's account or
                              other important accounts, you should
                              explicitely deny access to those accounts in
                              the ftpd.cfg file. Accounts which are
                              `denied' are immediately rejected without a
                              login attempt.

                         C.   Be sure that users granted access via FTP
                              have the appropriate rights to directories on
                              the server. This is especially important with
                              `anonymous' accounts which might accidentally
                              be left in the EVERYONE group.  Judicious use
                              of the readonly attribute will ensure that
                              data is not lost if password secrecy is
                              compromised.

                         D.   Be careful if your server is reachable from
                              the Internet or other wide-area networks. If
                              you have, until recently, counted on the non-
                              routed aspect of IPX for security, be aware
                              that once connected to the Internet your







                                                                         17

                              server becomes reachable from places you've
                              probably never heard of. The best course of
                              action when first enabling FTP is to deny all
                              users, then expressly allow only those
                              accounts which require FTP access. Of those
                              accounts requiring access, grant
                              readonly access to those accounts which do
                              not need to write to the file server.

                         E.   You should maintain a logfile of all
                              transactions, or at the very least log all
                              login/logout activity. Examine this logfile
                              on a periodic basis and note accesses from
                              address which seem inappropriate.


                         F.   If you want to totally inhibit all `non-
                              local' ftp connections, create a class for
                              `local' addresses. In the `local' class,
                              configure the deny/allow settings as
                              described previously. Then create a default
                              class which deny's all users on all servers.

                              Example:
                                   class default
                                        deny */*

                                   class local
                                        addresses *.mydomain.com
                                        addresses 129.136.*.*
                                        deny      */*
                                        allow     bill
                                        allow     tom
                                        settings  log 10







                                                                         18

          Performance

                    This section of the manual describes the memory
                    requirements and expected performance of the FTPD NLM.
                    It describes how we tested and developed the NLM. You
                    do not have to read this section to make use of the
                    FTPD NLM.


          How We Test

                    The FTPD NLM was tested `in-house' on two NW386 file
                    servers, one a 386/33 with 4 megabytes of ram, the
                    other a 486/33 with 8 megabytes of ram. In all cases
                    the client was a 486/33 running Dell Computer
                    Corporation's OEM version of USL SYSVR4 Unix . 

                    A series of test `scripts' were used (the
                    expect package for Unix implemented the scripts) which
                    exercised all functions within the NLM, the expected
                    return codes and the file transfer operations.

                    These scripts were executed multiple times, simulating
                    simultaneous clients. The scripts also repeatedly used
                    the mget and mput operation in an effort to place the
                    maximum load on the Netware server.

                    All scripts were executed with the FTPD NLM running
                    with and without protect.nlm1 Additionally, a select
                    group of beta testers have tested this NLM in several
                    different environments.

          Memory Requirements

                    This version has the following memory requirements
                    (values are approximate). This information was gleaned
                    from monitor.nlm under the Resource Utilization
                    section.

               Base Memory    NLM size       13 K bytes
                              Base Socket    9.5 K bytes
               Each Client                   13 K bytes additional
               Monitor Screen                8 K bytes additional
               Each Transaction              32 bytes plus filename size

                    Using the above information, the maximum amount of
                    memory used by the NLM can be determined. 
                              

               1Protect.nlm is provided with the Netware C for NLMS kit.
          This NLM detects memory accesses outside the area set aside for
          the NLM.







                                                                         19

                    For example, suppose a maximum of two connections was
                    allowed. If every client connection was to be logged
                    with a maximum of 100 transactions each, and if the
                    average filename size was 40 bytes, then the memory
                    usage would be as follows:

                         22.5 K         Base Memory
                         26 K           Two client connections
                         (32 + 40) * 200     Maximum log entries stored in
                                             memory
                         -------------
                         64 K bytes          Total memory used

                    The transaction entries are stored in memory until the
                    client logs out, at which time the client thread gains
                    back its supervisor privileges, allowing it to write to
                    the log file in sys:system.


          Processor Utilization

                    Processor utilization information was obtained by
                    loading monitor.nlm with the -p command line option

                              load monitor -p

                    The test process used a 5 megabyte PostScript file for
                    transfer. The file was read multiple times, noting the
                    maximum utilization figure ever shown on the monitor
                    display, along with the maximum percentage utilization
                    per process. The Netware server was a 486/33 with 8
                    megabytes of Ram and an ESDI disk running through an
                    Ultrastor 12F controller.

                    The test file was transferred in both directions using
                    binary and ascii mode. As expected, ascii transfer had
                    a higher utilization due to the extra processing
                    involved.

                    The test was executed on a private ethernet connection,
                    the server used a Racal-Interlan NI6510 lan card, the
                    client (SYSVR4 Unix on 486/33) used a Western Digital
                    (SMC) WD8003EBT lan card.

                    Utilization is proportional to throughput. The FTPD NLM
                    contains no throttling component, therefore it will use
                    maximum server resources during transfers in an effort
                    to supply the client as quickly as possible.

                    Idle connections cause zero server utilization.
                    However, if the monitor display is enabled and the
                    screen update delay is low (less than 3 seconds) and







                                                                         20

                    there are several connections, then the utilization
                    from that component will be approximately 2 - 5
                    depending on screen update delay.


                                           %                     %          %
                                               Utilizat       %
                          Client     Server                          Utilizat   Utilizat
               Operatio                           ion     Utilizat
                         Throughp   Utilizat                         ion from   ion from
                  n                              from     ion from
                            ut         ion                           LAN Card     DISK
                                                 FTPD      TCP NLM     Ints       Ints

                Binary      330
                                       82         13%        4%         9%         51%
                 Put      KB/sec

                Ascii       220
                                       90         48%        3%         6%         30%
                 Put      KB/sec

                Binary      400        50         30%        4%         12%        --2
                 Get      KB/sec
                Ascii       190
                                       63         58%        2%         5%         --
                 Get      KB/sec



























                              

               2Get operations had negligible disk interrupts because the
          file had been cached in memory.







                                                                         21

          How to Get Support

                    At this point in time MurkWorks is unable to provide
                    telephone support. We are keeping our product costs
                    down by reducing the manpower that would be required to
                    man a telephone. Hopefully this will change in the
                    future.

                    In the meantime, the best method for obtaining support
                    is by sending us electronic mail to our Internet
                    address: 

                              support@murkworks.com

                    If you are on compuserve, you can send us mail using
                    the address:

                              internet:support@murkworks.com

                    If you are not a licensed user, we may not be able to
                    answer questions pertaining to installation problems or
                    configuration issues. If you have found what you
                    consider to be a problem with the FTPD NLM, please feel
                    free to write to us with detailed information about the
                    problem, your environment, and the commands issued
                    which caused the problem. Be sure to include the
                    current version number of the NLM when you write.

                    You can always write to us:

                         MurkWorks
                         P.O. Box 631
                         Potsdam, NY 13676-0631  USA







                                                                         22

                                      Appendix A
                              Sample Configuration File

           # Sample FTPD.CFG file for FTPD.NLM   
           #
           # lines beginning with # are comments.

           maxconnections 5    # specify max # connections 
                          # forced to 2 or less in DEMO mode

           screendelay    2    # set delay in seconds between status
                          # screen updates

           logfile        sys:system\logfile.ftp
                          # specify alternate logfile

           # The following lines are examples. Modify to 
           # suite your needs and delete any remaining lines 
           # that do not apply

           #####################################################
           #                DEFAULT CLASS                 
           #                               
           #   The following class conditions will be used if
           #   the incoming IP address (or name) doesn't match
           #   any other class                   
           #####################################################
           # The following class allows access to all users on 
           # all servers accept for bkc (on any server). Once 
           # connected, users may be idle up to 2 minutes, and
           # connected for at most 10 minutes. They can only login
           # mon-fri and they are only allowed readonly access

           class     default
                deny */bkc
                settings  connect 10, idle 2 +
                          timerange mon-fri/0-23 +
                          readonly







                                                                              23

           #########################################################
           #    CLASS DOM.MURK.COM
           #                
           # The following class is used if the client IP address 
           # is in subnet 20
           # or any name ending in dom.murk.com
           #########################################################
           # Access to all servers is denied, accept for access to 
           # server GIMP,  which allows all users. However users can 
           # only login mon-fri between 10PM and 5AM, or
           # any time saturday and sunday

           class     dom_murk_com
                address   *.dom.murk.com
                address   113.121.20.*
                deny */*
                allow     gimp/*
                settings  timerange mon-fri/22-5 +
                          timerange sat-sun/0-23

           ##########################################################
           #    CLASS MURKWORKS                           
           #                                    
           # This class is used if the client IP address is in class 
           # B network 113.121 or its IP name ends in murk.com      
           # NOTE: Class dom.murk.com has precidence over this class as
           # appropriate since it is more specific              
           ##########################################################
           # This class allows access to any user on THIS SERVER ONLY
           # All users except for bkc have readonly access and can only login 
           # on weekends between 10am and 9pm
           # User bkc has access only on the weekends
           # In either case, all read/write operations will be logged to 
           # the file vol1:usr\fred\logfile.ftp

           class     murkworks
                address   113.121.*.*
                address   *.murk.com
                deny */*
                allow     *    readonly timerange sun-sat/10-21
                allow     bkc  timerange sat-sun/0-23
                settings       log 25 +
                           logfile vol1:usr\fred\logfile.ftp







                                                                              24

                                             Appendix B
                                       Supported FTP Commands


                    The following FTP commands are supported. Be aware that
                    these are protocol level commands and are not necessarily
                    the commands that a user would type at the command line of
                    their client.


                    USER  PORT  RETR  ALLO  PASS  STOR  CWD   XCWD  XPWD  
                    LIST  NLST  HELP  QUIT  MODE  TYPE  STRU  ACCT  NOOP  
                    RMD   MKD   DELE  SITE


                    The site specific command supported in this version is:

                         SITE TP

                    This command returns a list of trustee paths.
