Home Directories

The server can provide remote access to files contained in one or more directories.  Depending on how servedat is configured, each user may be limited to a single directory, several directories, or they may have access to the entire filesystem.

The Home Directory of a user is the base folder that a user accesses when only a relative pathname is given (one that doesn't start with a '/' or volume specifier such as 'C:').  Users can generally access all the files and sub-directories in their Home Directory.  Whether or not a user can access files outside their Home Directory depends on the type of user, the server's RestrictHome setting, the user's AuthFile options, and whether AllowPath is set.

Under the default configuration, system users (SysAuth) will use the home path retrieved from the system database and AuthFile users will use the path from their HomeDir field.  Users may be redirected to alternative paths, either as a group or individually.  servedat determines each user's home directory by following the steps below.

1. AuthFile Home

If a user is declared in AuthFile, either as a private record or with shadow authentication, then a home path given in that AuthFile record will be the user's home directory.  A private AuthFile user with no home path specified will be given the default homeSysAuth and shadow users with no AuthFile path will proceed to the next step.

2. AuthHandler Home

If an AuthHandler is declared, it may return a user record containing the users's home directory path.  If an AuthHandler returns a record with the home directory blank, then the default home is used.  If there is no AuthHandler or it returns -MTP_APP_REDIR, servedat will proceed to the next step.

3. SysHome Override

The SysHome configuration option redirects the home directories of system users and shadow authentication users.

When SysHome is set to 1, the operating system home path will be ignored.  Instead, all shadow users with a blank HomeDir field and all other SysAuth users will be directed to the default home.  This is useful if you want all or most users to share a single common folder.

If SysHome is a folder path, then servedat will search this folder for a subfolder or symbolic link matching the username.  If a match is found, that location becomes the user's home folder.  If no match is found, the user is directed to the default home.  On Windows, SysHome accepts both '/' and '\' as delimiters, however Windows may truncate multiple consecutive backslashes or backslashes appearing at the end of a line, so use of forward slashes '/' is recommended.

SysHome is only intended for use with filesystems.  Object Handlers work with the raw path supplied by the client and must implement their own mechanisms for prefixing relative paths and enforcing restrictions.

When SysHome is disabled, the system authentication database will be queried as described next.

4. System Database

When SysAuth is enabled and SysHome is disabled, the home directory of system users will be pulled from the operating system authentication database (Active Directory, PAM, LDAP, etc.).  If that database does not contain a home path, then the default home will be used.

On Windows hosts, servedat looks for the User Profile directory.  In Active Directory, this is typically the "Profile" field.  Note that Windows does not create a user's profile directory until the first time that user logs in to the Windows desktop.  If you are creating Active Directory records for users who will only access via ExpeDat, you must create their profile directories manually.  If the profile directory cannot be found or no path is given, the default home will be used.

On all other operating systems, servedat looks for the home field of the system password entry.  Non-Windows systems create home folders at the time of account creation.  If that folder does not or exist or is not accessible, users will receive an error when trying to access it.  If no home path is specified in the system database, the default home will be used.

5. Default Home

The default home directory is used when none of the methods above locate a home path for a user.  It is intended as a fallback, so servedat will search several settings and locations as follows.

Command Line
List the Default Home as the last argument of the servedat command line.  For example, typing "servedat /home/me/mysubdir" will set /home/me/subdir as the Default Home.

HomeDir Variable
You can also set the Home Directory by using the HomeDir variable in a configuration file.  The command line setting will override the configuration file setting.

Command Line Default
When running servedat on the command line with no home directory specified on the command line and no HomeDir set, the current working directory "." will be used.

Double-Click Default
When running servedat by double clicking the executable in Windows, with no HomeDir set, the folder containing servedat.exe will be served.  In macOS, the home directory of the user double clicking servedat will be served.

Windows Service Default
When installed as a Windows service and HomeDir is not set, the "common documents folder" will be used.  In Windows 7 and later this is usually "C:\Users\Public\Documents"

If all users have valid home directories specified, either in the system database or AuthFile, then the Default Home will never be used.

Restrict Home

Unless otherwise specified, all users except ANONYMOUS have the ability to request absolute paths (starting with a '/' or volume specifier such as 'C:').  Whether or not users can actually read or write any given directory or file will be determined by the operating system file access rights of the user.  Most operating systems will allow users to read most files in the system and write to many of them, just as if they were logged into the system desktop.

Enabling the RestrictHome configuration option will restrict all users to their filesystem Home Directory by denying absolute paths and relative paths which would step out of the Home Directory.  Enabling RestrictHome as an AuthFile option will apply the same restriction to just that user.  Setting RestrictHome=0 in an AuthFile record will override and disable the restriction for that user.

Symbolic links may be followed, if even if they point to a location outside the Home Directory.  However, users with RestrictHome enforced may not create any symbolic links.

Object Handlers are notified when RestrictHome has been applied, but its effect, if any, depends on the particular handler.

AllowPath

The AllowPath option creates an exception to RestrictHome for all users.  An AllowPath is an absolute folder path which any user can access, provided their filesystem privileges otherwise allow it.

For example, with "AllowPath D:/downloads" a user with a Home Directory of "C:\Users\me" could download both "C:/Users/me/file1" and "D:/downloads/file2" as follows:

movedat user@example.com:file1 . movedat user@example.com:D:/downloads/file2/ .

Note that files in the home directory are accessed using relative paths, while files in an AllowPath require the full absolute path.  You may declare multiple AllowPath statements in servedat.cf.

On Windows, AllowPath accepts both '/' and '\' as delimiters, however Windows may truncate multiple consecutive backslashes or backslashes appearing at the end of a line, so use of forward slashes '/' is recommended.

AllowPath does not affect Object Handlers.