Authentication File
One of the ways the Server can control who has access, is through the use of a private authentication file, or AuthFile. The file consists of plain text lines, each specifying a username, password, and other options. An AuthFile is also the preferred method to enable Anonymous Access.
A sample AuthFile, named svpasswd, is included in the "Server Files" folder.
An AuthFile is activated by specifying its path with the AuthFile configuration variable or the "-A <password-file>" command line option. The recommended location in Windows is "%SYSTEMROOT%". An "Install svpasswd.bat" script is included which will copy the example svpasswd.txt file into that location after you are done editing it. For unix systems, "/etc" or "/usr/local/etc" are recommended locations.
Specifying an AuthFile will change the default setting of SysAuth to disabled. If you require system authentication, be sure to explicitly enable it before enabling an AuthFile.
The contents of the file must be plain text with each line containing no more than 255 characters and the following colon separated fields:
Username : Password : UserId : GroupId : HomeDir : Options
| Username | Up to 31 characters that will be matched against the username given by the client. It is best to avoid special characters and spaces. The first match will be used and a username found here will override any listing in the system database. |
| Password | The plain or hashed text that the client's password must match. Password hashes can be generated using mkpasswd and are recommended for security. Unix systems require that a hash be a unix crypt string, while Windows systems require that a hash be 128-bit MD5. If this field is 13 or 32 characters it will be interpreted as a crypt or MD5 hash. |
| UserId | If you specify a system user id number here, then all accesses matching Username will be performed with the privileges of this user id. Note that servedat must be started as root to set user ids. This field is ignored in Windows. |
| GroupId | If you specify a system group id number here, then all accesses matching Username will be performed with the privileges of this group id. Note that servedat must be started as root or as a user belonging to the given group id. This field is ignored in Windows. |
| HomeDir | You may specify a Home Directory for the Username. Leave this blank to use servedat’s default home directory. As a special case, the Windows version will allow volume labels like "D:\path", even though this use of a colon violates the field delimiting. |
| Options | This is a comma separated list of additional per-user options. |
| NoOverwrite | Prevents incoming files from overwriting existing files. An existing file must be deleted prior to uploading one with the same name. |
| ReadOnly | Prohibits any actions which would change the filesystem. |
| WriteOnly | Allows only file uploading. Prohibits downloading, directory listing, and all other actions. |
| RestrictHome | Prohibits direct access to files outside of the home directory. Symbolic links will be honored. RestrictHome is always enabled for the ANONYMOUS user, even if it is not specified here. |
See the enclosed svpasswd sample file for an example of formatting. Note that servedat will not start if it is unable to parse the private authentication file. For the best security, be sure to locate this file outside of the default home directory, set its permissions so that access is restricted to trusted users, and use mkpasswd to generate password hashes instead of using plain-text.
Overlap
If a username in the AuthFile matches that of a system user, then the AuthFile record will be used in place of the system settings. This may change in a future version.
Reloading
The AuthFile is only read at startup or restart. On unix systems, sending the HUP signal to a running servedat process will cause it to restart and reload all of its settings. On Windows systems with servedat in service mode, the service manager can be used to restart servedat. Note that any active transactions will be interrupted by such a restart.