Authentication File
One of the ways the Server can control who has access, is through the use of a private authentication file, or AuthFile. The file consists of plain text lines, each specifying a username, password, and other options. An AuthFile is also the preferred method to enable Anonymous Access.
A sample AuthFile, named svpasswd, is included in the "Server Files" folder.
An AuthFile is activated by specifying its path with the AuthFile configuration variable or the "-A <password-file>" command line option. The recommended location in Windows is "%SYSTEMROOT%". An "Install svpasswd.bat" script is included which will copy the example svpasswd.txt file into that location after you are done editing it. For unix systems, "/etc" or "/usr/local/etc" are recommended locations.
The contents of the file must be plain text with each line containing no more than 255 characters and the following colon separated fields:
Username : Password : UserId : GroupId : HomeDir : Options
| Username | Up to 31 characters that will be matched against the username given by the client. It is best to avoid special characters and spaces. The first match will be used and a username found here will override any listing in the system database. |
| Password | The plain or hashed text that the client's password must match. Password hashes can be generated using mkpasswd and are recommended for security. Unix systems require that a hash be a unix crypt string, while Windows systems require that a hash be 128-bit MD5. |
| UserId | If you specify a system user id number here, then all accesses matching Username will be performed with the privileges of this user id. Note that servedat must be started as root to set user ids. This field is ignored in Windows. |
| GroupId | If you specify a system group id number here, then all accesses matching Username will be performed with the privileges of this group id. Note that servedat must be started as root or as a user belonging to the given group id. This field is ignored in Windows. |
| HomeDir | You may specify a Home Directory for the Username. Leave this blank to use servedat’s default home directory. As a special case, the Windows version will allow volume labels like "D:\path", even though this use of a colon violates the field delimiting. |
| Options | This is a comma separated list of additional per-user options. |
| NoOverwrite | Prevents incoming files from overwriting existing files. An existing file must be deleted prior to uploading one with the same name. |
| ReadOnly | Prohibits any actions which would change filesystem. |
| RestrictHome | Prohibits direct access to files outside of the home directory. Symbolic links will be honored. |
See the enclosed svpasswd sample file for an example of formatting. Note that servedat will not start if it is unable to parse the private authentication file. For the best security, be sure to locate this file outside of the default home directory, set its permissions so that access is restricted to trusted users, and use mkpasswd to generate password hashes instead of using plain-text.