Adding Users
When you are installing the servedat server in a production environment, you will probably want to configure, or at least verify, the user authentication settings.
If you simply run the Install Servedat script without any other setup, the server will default to System Authentication. This will permit users who have logon accounts to the server operating system to access the ExpeDat server. Use the same username and password that you would use to logon to the server console.
It is best to not rely on the default authentication settings, because future updates to your configuration could result in unexpected changes.
User credentials may be also be obtained from a private Authentication File. A private authentication file is required if you want to enable anonymous access.
The following step-by-step instructions walk you through the process of setting up SysAuth, AuthFile, or both. Read all the way through to the end to make sure you do not miss any important steps, such as installing the updated files.
Extract the Distribution Package
For zip or tgz packages, extract the contents to a local hard drive.
For a dmg disk image, copy the "Server Files" folder to a local hard drive (such as your Desktop).
Editing the Configuration File
Look in the "Server Files" folder of the ExpeDat distribution package. There you will find a file called "servedat.cf". Open this file in any text editor, such as NotePad or TextEdit.
# Sample servedat configuration file, updated 2010/08/05 # See the documentation for location and precedence. # Enable Debug level 1 and look for "Configuration Settings" to see what # settings are being used and where they came from. # ...
This file contains all of the setup options for the server. Unix users may be familiar with configuration files and their syntax. The Configuration File and Options chapters have complete details, but the steps below will get you through the basics.
Setting System Authentication
Open the configuration file as described above. Scroll down near the bottom to the line containing "SysAuth":
#SysAuth 0 # 0 or 1 # Set to 1 to use the system user database. This is the default when running # as a service. Anonymous access will be prohibited unless an ANONYMOUS # entry is given in AuthFile.
If you wish users who already have the ability to logon to the server machine to use the same credentials for accessing ExpeDat, then uncomment the SysAuth line (remove the hash) and change the 0 to 1.
SysAuth 1 # 0 or 1 # Set to 1 to use the system user database. This is the default when running # as a service. Anonymous access will be prohibited unless an ANONYMOUS # entry is given in AuthFile.
If you prefer to manage users exclusively using the private authentication file, then set the value to 0 instead.
Don't forget to save your changes!
Setting Private Authentication
Scroll to near the top of the file, where you will find the line containing "AuthFile":
#AuthFile %SystemRoot%\svpasswd.txt # Pathname # Specify an authentication file. See svpasswd example. Anonymous access # will be disabled unless an ANONYMOUS user entry is present. # Default: None
If you wish to store some or all user records in a private file, then uncomment the AuthFile line (remove the hash). The server will then expect to find a password file at the given path location.
If you enable AuthFile without also enabling SysAuth, then system authentication will be disabled by default! The server always chooses the most restrictive default that still allows some access.
Don't forget to save your changes!
Editing svpasswd
Look in the "Server Files" folder of the ExpeDat distribution package. There you will find a file called svpasswd or svpasswd.txt. Open this file in any text editor, such as NotePad or TextEdit.
# Sample servedat authentication file # If SysAuth is also in use, this file will be checked first. # Lines beginning with a hash-mark, space, or tab are ignored. # # Username : Password : UserId : GroupId : HomeDir : Options # ...
The format of this file is similar to that of a unix passwd file. Full documentation can be found in the AuthFile chapter. The following steps will walk you through the basics.
If you wish to allow clients to access your server using no username or password ("anonymous" or "public" access), then uncomment the ANONYMOUS line (remove the hash) and change the home path to the location of your public files:
# ANONYMOUS will match requests which offer no username ANONYMOUS::::C:\Documents and Settings\All Users:ReadOnly,RestrictHome
The line above will allow any ExpeDat client to download files from the given path. The ReadOnly option prevents uploading. The RestrictHome option prevents this account from accessing any files outside of this folder.
To setup an account with a username and password, uncomment one of the other example lines (remove the hash) and edit the fields:
paul:F12516761dAbFc913a0d270aF9D2F4Cf:::C:\Documents and Settings\paul:RestrictHome
The first field is the username. This is case sensitive.
The second field (after the colon) is the password. You could use a plain-text password, but it is much safer to use an encrypted hash. A hash utility called "mkpasswd" is included in the "Server Files" folder of the ExpeDat package.
Enter a password to be hashed: Windows md5 hash: 7662Ef6cA2D1451906A49f4901081c10
The Windows version of mkpasswd will create an MD5 hash. All other versions will create a unix crypt hash. Copy that value to the second field of the svpasswd line you are editing:
paul:7662Ef6cA2D1451906A49f4901081c10:::C:\Documents and Settings\paul:RestrictHome
On unix systems, the next two fields can be used to set a user and group id for this user. (Those fields are ignored in Windows.) You may wish to set these to match a system user who owns or will be managing these files. To find the user id and primary group id of a user, login as that user and type "id" on the command line. For example:
darwin-1: id uid=501(macuser) gid=20(staff) groups=20(staff),80(admin)
Make sure that the destination folder exists and that it is readable.
Add a new line for each user account you wish to create.
Don't forget to save your changes!
Installing Files
After you have edited servedat.cf and svpasswd, make copies and store them outside of the ExpeDat install folder. When you update your software in the future, you may want to copy those edited files back into the new installation folder.
On Windows systems, run the "Install servedat.cf" and then the "Install svpasswd" scripts. This will copy each file into its default system location.
Do not confuse the "Install servedat.cf" script with the "Install Servedat" script.
On all other systems, copy servedat.cf and svpasswd into /etc/.
On Mac OS X, this can be accomplished by opening any Finder window and typing Command-Shift-G. Then enter "/etc/" to view that folder. Drag the servedat.cf and svpasswd files into /etc/ while holding down the option key. You will be prompted to enter your administrative password.
Advanced users may choose to edit those files directly at their destinations.
(Re)Starting the Server
If you have not yet installed the server, do so now by running the "Install Servedat" script.
If the server is already running, you may run the installer script again to restart it and load the new configuration files. This will also re-install the version of servedat in the current "Server Files" folder. That may not be desirable if the versions do not match.
On Windows systems, you may also reload the configuration by using the "Services" administrative tool to restart the "ServeDat" service.
On Unix systems, you may reload the configuration by sending the HUP signal to the servedat process. On most systems, this can be accomplished by typing "sudo killall -HUP servedat".
Restarting the server will terminate any transactions currently in progress. See the Monitoring chapter for ways to determine whether or not there are any transactions in progress.
More Information
For much more detailed information about managing the ExpeDat server, please read the servedat Server chapters.
For advanced technical information, refer to the online Tech Notes.