Previous     Contents     Index          Next     
iPlanet Partner Agent for ECXpert Server Site Administrator’s Handbook



Chapter 4   (Optional) Using the Master Server Controls

This chapter describes how to use the Master Server Control section of the administration system to turn the Partner Agent Server on and off, control the display of messages to users, revert the Server configuration to a previous version, and control access to users by their account type.

This chapter covers the pages for viewing and changing the Master Server Controls. These pages, which are displayed by clicking the corresponding header in the left frame of the Master screen, include:

Server Status

At the top of the Server Status page, the software version, Server status, date, and time are displayed.

If a Server shutdown is pending the time that the Server is scheduled to shut down is displayed next to the words Shutdown Pending in blue.

If the Server is not running, the word Down is displayed in red.

  • To start the Server, click Start the Server


If the Server is running, the word UP is displayed in green. Below that are controls for shutting down the Server.

Figure 4-1    Master pages, Server Status screen

Server Shutdown Options

The Server shut down options are to shut down the Server now, schedule a shut down, or stop the standalone Server.

Shutting Down the Server Now

You have the option of performing an instant shut down of the Server at any time. When you shut down the Server in this manner, it automatically disconnects all users to the Server and disables any FTP connections. This option does not display a warning to connected users. The administration Server and the ActiveAgents Server continue to run.

  • To shut down the Server immediately, click Shutdown Server Now.


Scheduling a Shutdown

The Schedule shutdown option allows you to determine at what time the Server will shut down and how much time you want to give connections and users before disabling or disconnecting.

To schedule a Server shutdown for some time in the future:

  1. Choose an absolute time or a number of minutes from the current time. To do this, in the schedule drop-down list select:


    • At (hhmm).


    • In (minutes).


    OR

    • In (hours).


  2. In the field next to the drop-down list, either enter the number of minutes or hours from the current time that the Server willstop, or enter the absolute time at which you want the Server to stop.




    3. Note

    For an absolute time, enter the time in the HHMM format, (a two-digit hour followed by two-digit minutes, based on a 24-hour clock), with no spaces or separators. If you specify a shutdown time that is before the current time, Partner Agent Server assumes that you mean to shut the Server down tomorrow. For example, if it is currently 1400 and you specify a HHMM shutdown time of 1330, the Server is scheduled to shutdown in 23 hours and 30 minutes (1:30 P.M. tomorrow).


  3. In the Disable FTP connections field, enter the number of minutes prior to shut down that you want the Server to stop allowing new connections.


  4. In the Disconnect FTP connections field, enter the number of minutes prior to shut down that you want the Server to stop and disconnect the current users.


  5. In the Shutdown Message field, enter a short text message concerning the shutdown, which will be displayed for users currently connected to the Server.


  6. Click Schedule Shutdown.


    7. The page displays the status of shutdown pending and the time that the Server will shut down. To return to the main Server Status page, click Reschedule Shutdown.

Figure 4-2    Master pages, Server Status screen with Shutdown Pending

Stopping a Standalone Server

If the Server is running in standalone mode, you can shut it down.

  • To shut down the Server, click Stop Standalone Server.


  • To restart the Server, click Start the Server.


Server Control

The Server Control page allows you to set the bounce options and select the mode of operation for the FTP Server.

Figure 4-3    Master pages, Server Control screen

Server Bounce Options

Bouncing the Partner Agent Server is required for the standalone mode of operation. This tells Partner Agent Server to re-read all of its configuration files. Since the standalone master Server reads its configuration files only at startup, any changes made through the administration system will not take effect immediately. The Server bounce feature works as a refresh for the Server when changes are made to the configuration files. A bounce does not affect any existing connections, but only new connections following the bounce.

The Server can be set to bounce whenever the configuration files are changed, or it can be bounced manually.

Setting Bounce Options

To set the bounce options:

  1. Select whether to "Bounce server only when requested" or to "Bounce server every time configuration changes." Choose from the Server Bounce Options drop-down list.


  2. Click Apply.


Manually Bouncing the Server

To manually bounce the Server, click Bounce Server Now.

FTP Server Modes of Operation

There are two modes of FTP Server operation, inetd and standalone. In inetd mode, a Partner Agent Server is started each time a request comes in for an FTP connection. All config files are read each time the Server starts.

In standalone mode, there is a master Partner Agent Server running, with the sole purpose of handling incoming FTP requests. The Server is started once, reads all its config files and then waits for connections. This is a higher performance mode of operation, since all the disk I/O required to read the Partner Agent Server configuration files is done only once at master startup. Each connection request then gets its own Server started preconfigured, speeding up startup time.

Changing the FTP Server Mode

To change the FTP Server mode:

  1. Select the desired mode, inetd or standalone. Choose from the Server Mode drop-down list.


    2. In standalone mode:

    • Enter a port that the Server listens to for connections, in the Port field.


    In inetd mode:

    • Enter the process number that starts the Server, in the Inetd Process Identifier field.


  2. Click Change Mode.


    3. Your changes are applied. In inetd mode, the Port field displays ftp, to indicate that Partner Agent Server is listening to the port specified in the FTP entry in /etc/services.

HTTP Server

The HTTP Server runs in standalone mode only. Each time a change is made to the configuration files, you need to bounce the Server. The port that the HTTP Server listens on can be changed for secure and non-secure modes.

    • To change the port that the HTTPS Server listens to for connections, enter a number in the Secure Port field.


    • To change the port that the HTTP Server listens to for connections, enter a number in the Non-Secure Port field.


    • Click Change Ports to apply any changes.


    • If necessary, bounce the Server, ("Server Bounce Options").


Server License

The Server License page shows you information about your current Partner Agent Server license. The license is non-expiring and should not need to be updated.

If, for some reason, you need to update your Partner Agent Server license:

  1. Contact iPlanet Technical Support to get a text file that contains a Server license.


    2. To contact ECXpert Technical Support in the United States, call Expert Alliance at:

    800-560-5749

    To contact ECXpert Technical Support outside of the United States, call Technical Support International at:

    650-937-6688

  2. Copy the contents of the text file.


  3. Paste the contents into the Update Server License window.


  4. Click Update License.


Figure 4-4    Master pages, Server License screen

User Classes

User Classes are the fundamental unit of access control in Partner Agent Server. A user class consists of a combination of user type, user name, user group, and address. The user type is either real, anonymous, or virtual (see User Types below). The user name is the user's UNIX login name. The user group is the user's UNIX group, and the address is the IP address or hostname to which this user class applies.

User classes are a way of classifying Partner Agent Server users. Create user classes to apply access rules, for example, to force certain user classes to have SSL--enabled Clients.

User Types

There are three types of users in Partner Agent Server: real, anonymous, and virtual. User types are pre-defined in Partner Agent Server. By default, all ECXpert members are configured as virtual users.

Real Users

Real users have access to the entire file system on the machine hosting the Partner Agent Server. Real users typically have a shell account permitting them to log into the machine using telnet or rlogin, in addition to FTP access. Real users are listed in the operating system password file (/etc/passwd).

Anonymous Users

Anonymous users are those logging in through a shared FTP account. One anonymous user per Server is allowed, with the user defined as ftp in /etc/passwd. When a user logs in on the FTP account, the virtual root of the file system, /, is actually the home directory of the FTP account. This means that the user cannot access files or directories outside of the FTP account.



Note

For Solaris, in order for directory listings to work correctly you must configure the dev and etc directories with certain files. To perform this configuration, run the $NSBASE/NS-apps/paserver/bin/ftpsetup script.


Anonymous user access is useful for publishing public content that does not require user authentication to access it. You can disable anonymous logins, even if the FTP user account is present ("Anonymous Logins").

Virtual Users

Virtual users are a special type of users, unique to Partner Agent Server. A virtual user has the authentication requirements of a real user with the limited file system access of an anonymous user. A virtual user is limited to browsing only those portions of the file system that are rooted in their home directory. The only exception to this is when a virtual user has access to virtual shared directories. Virtual users exist only in the context of Partner Agent Server and are unknown to the UNIX system. This prevents virtual users from logging in to the Server machine with telnet or rlogin, even if they have a valid shell, since they are not in the set of system users.

All ECXpert members are configured to be virtual users; new members are added to this user class automatically.

Default User Classes

By default, Partner Agent Server defines three classes of users that correspond to the three types of users:

    • real—users of type real connecting from any host address (*).


    • anon—users of type anonymous connecting from any host address (*).


    • virt—users of type virtual connecting from any host address (*).


The User Classes page is where you create new class definitions or disable or remove any of the default class definitions.

Figure 4-5    Master pages, User Classes screen



Note

If a user falls into multiple classes, Partner Agent Server categorizes them as belonging to the first matching class in the list of Current User Class Entries.


Adding a New Class Definition

To add a new class definition:

  1. Define a class name, using any unique word.


  2. Select the pre-defined user type from the User Type drop-down list.


  3. Select the user name (UNIX login name), from the User Name drop-down list.


  4. Select the user group (UNIX group name), from the User Group drop-down list.


  5. Enter a host name address or IP address in the From Address field. You can use UNIX--style wildcards, such as *, to define classes by subnet.


  6. To add your class definition, click Add Class.


    7. The definition is added to the list of Current User Class Entries with a status of Disabled.

Enabling or Disabling a Class Definition

To enable or disable a class definition, click Enable or Disable next to the desired class definition.

Editing a Class Definition

To edit a class definition from the list of Current User Class Entries:

  1. In the Action column next to the desired class definition, click Edit.


  2. Make the desired changes in the fields and drop-down lists in the Edit User Class section above the list of Current User Class Entries.


  3. Click Apply.


    4. Your changes are reflected in the list of Current User Class Entries.

Deleting a Class Definition

To delete a class definition, in the Action column next to the desired class definition, click Delete.



Note

Deleting a class definition does not delete any rules that reference that class.


Examples of User Classes

Figure 4-6    Example of user class entries



Table 4-1    User Class   Definition

local

Defines a user class named local in which users of any type, name, or group, from the localhost (127.8) address would become members.

real

Defines a user class named real in which all users of type real, from any name, group, or address would become a member.

anon

Defines a user class named anon in which all users of type anonymous, from any name, group, or address would become a member.

virt

Defines a user class named virtual in which all users of type virtual, from any name, group, or address would become a member..



Note

Any user is classified in the first class in the list to which they apply.


Wildcards are supported in all fields, but they are most useful for specifying the from address. Addresses of the following form are all valid:

tnt.acme.com
*.acme.com
192.168.1.*
192.168.1/8
127.0.*
127.0/16

Server Messages

Server Messages are messages that display to users at various points in an FTP connection. Server messages do not display for HTTP Clients.



Note

Users may or may not see these messages, depending on the software they are using to connect to your Partner Agent Server. Most FTP Client software will display these messages. Users browsing your FTP site with a Web browser will see these messages. Users downloading a single file by URL from a Web browser may not see these messages.


The Server Messages page allows you to enable and disable the sending of message files to users.

Figure 4-7    Master pages, Server Messages screen

Two types of Server messages are available: startup and run-time.

Server Startup Messages

Startup messages display during the initial connection to the Server, prior to any login prompt being displayed. One message displays to the user when the connection has been established; another displays when the Partner Agent Server is ready to accept a login. The default is to display the hostname of the Server and the Server version, but this default can be overridden.

To create or edit the Server connect message:

  1. Enter the message you want displayed in the Display on server connect field.


  2. Click Apply.


  3. Make sure it is enabled (if not, click Enable).


To create or edit the Display on server ready message:

  1. Enter the message you want displayed in the Display on server ready field.


  2. Click Apply.


  3. Make sure it is enabled (if not, click Enable).




    4. Note

    If no message is enabled, the default message, (the hostname of the Server and the Server version), displays.


Run-time Messages

Run-time messages are displayed to the user during the course of an FTP session. There are two types of run-time messages, README notifications and message displays. A README notification informs the user of the presence of a message file and asks them to read it. A message display message displays the contents of a message file.

  • When a user changes into a directory, Partner Agent Server scans the directory for filenames that start with "README." If any such files exist, the Server notifies the users that they should look at those files. This is useful for users who may be browsing software or document archives. You can specify that the user is notified of the presence of a README file on login as well as when changing a directory into a directory that contains a README file.


  • Message Display files, located in the file system, can be displayed to the user when they change directories.


Cookies

Partner Agent Server allows you to have magic cookies in message and README files. The cookies are replaced by Server-generated strings when the files are sent to users. The specifications of these cookies are similar to those supported by several University FTP Servers:


Cookie   

What the Server replaces it with.

%T

Local time in the form: Thu Dec 19 14:15:18 1996

%F

Free space in partition of CWD (kbytes)

%C

Current working directory

%E

The Server administrator's email address

%R

Remote host name

%L

Local host name

%u

User name as determined via RFC931 authentication

%U

User name given at login time

%M

Maximum allowed number of users

Adding a Server Run-Time Message

To add a Server run-time message:

  1. Select a message type from the Message Type drop-down list—either Readme Notification or Message Display.


  2. In the Message File field, enter the message's file name.


  3. Select a trigger type from the Trigger drop-down list. Two events trigger run-time messages—a user login (login) or the first time a user changes directories (cwd=).


  4. For triggers of type cwd=, enter the directory name in the field below.


  5. Select a user class from the User Class drop-down list.


  6. Click Add Messages.


    7. The message is added to the list of Current Server Run-Time Messages, with a status of Disabled.

Enabling or Disabling a Run-Time Message Entry

To enable or disable a run-time message entry, click Enable or Disable next to the desired entry.

Editing a Run-Time Message Entry

To edit an entry from the list of Current Server Run-Time Message Entries:

  1. In the Action column next to the desired class definition, click Edit.


  2. Make the desired changes in the fields and drop-down lists in the Edit Server Run-Time Message Entry section above the list of Current Run-Time Message Entries.


  3. Click Apply.


    4. Your changes are reflected in the list of Server Run-Time Message Entries.

Deleting a Run-Time Message Entry

To delete a message entry, in the Action column next to the desired message entry, click Delete.

Command Logging

Partner Agent Server's Command Logging feature works as a tracking system. When users are on the system, typing commands, the Command Logging feature records their commands in a log. Command logging is available only for the FTP Server.

Figure 4-8    Master pages, Command Logging screen

The Command Logging page is where you view and determine which user classes will have their commands logged. You can restrict this feature by user class so that only certain user classes are logged.

Adding a Command Logging Entry

To add a new command logging entry:

  1. Select a user class from the Class drop-down list.


  2. Click Add Logging.


    3. Your entry is added to the list of Current Command Logging Entries, with a status of Enabled.

Disabling or Enabling a Command Logging Entry

To disable or enable a logging entry, click Disable or Enable next to the desired entry.

Editing a Command Logging Entry

To edit an entry from the list of Current Command Logging Entries:

  1. In the Action column next to the desired command logging entry, click Edit.


  2. Make the desired changes in the fields and drop-down lists in the Edit Command Logging Entry section, above the list of Current Command Logging Entries.


  3. Click Apply.


    4. Your changes are reflected in the list of Current Command Logging Entries.

Deleting a Command Logging Entry

To delete a logging entry, in the Action column next to the desired entry, click Delete.

Transfer Logging

Transfer Logging tracks what uploads and downloads have occurred on the system. The tracking information is kept in a log file on the system. This feature may also be enabled by user class.

Figure 4-9    Master pages, Transfer Logging screen

The Transfer Logging page is where you add and edit logging entries to determine which transfers get logged.

Adding a Transfer Logging Entry

To add a new Transfer logging entry:

  1. Select a user class from the Class drop-down list.


  2. Check in the desired Log Transfer On checkboxes to determine whether to log uploads, downloads, or both.


  3. Click Add Logging.


    4. Your entry is added to the list of Current Transfer Logging Entries, with a status of Disabled.

Enabling or Disabling a Transfer Logging Entry

To enable or disable a transfer logging entry, click Enable or Disable next to the desired entry.

Editing a Transfer Logging Entry

To edit an entry from the list of Current Transfer Logging Entries:

  1. In the Action column next to the desired command logging entry, click Edit.


  2. Make the desired changes in the fields and drop-down lists in the Edit Transfer Logging Entry section, above the list of Current Transfer Logging Entries.


  3. Click Apply.


    4. Your changes are reflected in the list of Transfer Logging Entries.

Delete a Transfer Logging Entry

To delete a logging entry, in the Action column next to the desired message entry, click Delete.

Passive Mode

Passive mode requests the FTP Server to listen on a data port, other than the default data port, and to wait for a connection rather than initiate one upon receipt of a transfer command. The response to this command includes the host and port address on which this FTP Server is listening.

The passive mode options in the administration system allow the administrator to specify a passive mode base port and a range of ports that can be used for passive mode. If, for example, the base port is set to 10000 and the port range is 1024, passive mode connections will use only the ports from 10000 to 11023.

Figure 4-10    Master pages, Passive Mode screen

The Passive Mode page is where you specify a base port or a base port and range for passive mode.

Specifying a Base Port and Range for Passive Mode

To specify a passive mode base port and range:

  1. In the Passive Mode Base Port field, enter the desired port. Enter 0 to clear the field. Clearing the Passive Mode Base Port field also clears the Passive Mode Port Range field.


  2. If desired, in the Passive Mode Port Range field, enter a port range.


  3. Click Apply.


Mirror Servers

You can improve the reliability and performance of wide area network access to large file repositories by mirroring the file repositories onto multiplePartner Agent Servers. Partner Agent Clients for Windows 95, 98, and NT can query a Partner Agent Server for a list of mirror Servers and route to mirror Servers if a file Server is unavailable.

The Mirror Servers page allows you to control how mirrored Servers are advertised by your Partner Agent Server. The base level Server allows you to list the URL of mirrored Servers to FTP Clients that support the SITE MIRR extended command.

Figure 4-11    Master pages, Mirror Servers screen

Adding a Mirror Server Entry

A mirror Server entry consists of the pathname for the file or directory that is mirrored (or the keyword "default," which indicates that the entire Server file system is mirrored) and the URL of where the mirrored file or directory is located.

To add a new mirror Server entry:

  1. Select whether you want the mirror to reflect the entire site or a specific path from the drop-down list.


  2. In the Path to mirror field, enter the absolute pathname of the file or directory on your Partner Agent Server that is mirrored on a remote Server. If you are mirroring the entire site, you can leave this field blank.


  3. In the Mirror URL field, enter the URL of the Server where your file system, directory or file is mirrored. The URL should be of the form:


    4. ftp://Servername/pathname

  4. Click Add Mirror.


    5. The new mirror Server entry is added to the list of Current Mirror Server Entries, with a status of Disabled.

Enabling or Disabling a Mirror Server Entry

To enable or disable a mirror Server entry, click Enable or Disable next to the desired entry.

Editing a Mirror Server Entry

To edit an entry in the list of Current Mirror Server Entries:

  1. In the Action column next to the desired mirror Server entry, click Edit.


  2. Make the desired changes in the fields and drop-down lists in the Edit Mirror Server Entry section, above the list of Current Mirror Server Entries.


  3. Click Apply.


    4. Your changes are reflected in the list of Current Mirror Server Entries.

Deleting a Mirror Entry

To delete a mirror entry, in tthe Action column next to the desired entry, click Delete.

Example Mirror Entry

If the file /home/ftp/testfile is mirrored on the Server ftp://newServer/home/ftp/testfile, you must create the following two mirror entries for the mirror entry to be accessible to real and anonymous and virtual FTP users:

Figure 4-12    Example of mirror server entries



Note

The first entry defines the pathname from the root of the anonymous FTP account or a virtual users virtual root (home directory). Anonymous FTP users use this entry.

The second entry defines an absolute pathname for the file. This entry is used by real users.


Miscellaneous Options

The Miscellaneous page is where you enter the administrator's email address, set usage monitor options, enable reverse DNS lookups and valid user shell checks, and set session timeout limits.

Figure 4-13    Master pages, Miscellaneous Options screen

Setting the Administrator Email Address

The administrator email is the email address of the system administrator of the FTP Server. This address, if specified, is used in several Server response messages and is available for runtime messages via the magic cookie %E.

To set the administrator's email:

  1. Enter an email address in the Administrator Email field.


  2. Click Apply.


Setting Usage Monitor Options

The Server Usage Monitor (STATISTICS/Monitor) can be configured to monitor different aspects of the Server, or it can be turned off entirely. The possible option settings are:

  • Enable all monitoring functions.


  • Enable monitor-Measure bandwidth—keeps track of the instantaneous transfer rate of each Server process running.


  • Enable monitor-Display user commands—keeps track of which command a user is currently executing.


  • Enable monitor-No bandwidth/commands—displays process information per Server connection.




    • Note

    Each of these options requires additional CPU resources per Server process to compute and track the enabled measurements. If monitoring is not needed or you want to increase the performance of the Server, disable all monitoring functions.


  • Disable monitor.


To set usage monitor options:

  1. Select the desired option from the Usage Monitor Options drop-down list.


  2. Click Apply.


Enabling or Disabling Reverse DNS Lookups

Reverse DNS lookups are used to resolve an IP address into a fully qualified domain name for logging purposes. When the DNS Server is under heavy load, the startup time of an FTP session can be significantly affected. If the domain name is not needed in the log files, it is recommended that you turn off this feature.

To enable or disable reverse DNS lookups:

  1. Select the desired option from the Reverse DNS Lookups drop-down list.


  2. Click Apply.


Enabling or Disabling Valid User Shell Checks

Valid user shell checks are used to determine if a user has a valid shell as listed in the /etc/shells file. This option can be disabled.

To disable or enable valid user shell checks:

  1. Select the desired option from the Check for valid user shell drop-down list.


  2. Click Apply.


Setting the Session Timeout

Set session timeout so Partner Agent Server automatically logs users out if they are inactive for a given time period.

To set the session timeout threshold:

  1. Enter a number of seconds in the Session Timeout (seconds) field.


  2. Click Apply.


Version Control

Version Control allows Partner Agent Server to store a record of each change made to the administration system's configuration through the administration system; these files are stored on ther server in the $NSBASE/NS-apps/paserver/var/db/hist/conf directory. Version control is disabled by default.

The Version Control page is where you enable and disable version control, take snapshots of the current system configuration, and revert to an old configuration.

Figure 4-14    Master pages, Version Control screen

The first time you access the Version Control page after you install Partner Agent Server, the following two options are available:

  • Enable version control.


  • Snapshot current version.


Enabling or Disabling Version Control

When version control is enabled, every change made to the administration system configuration through the administration system is recorded. Each incremental version is stored as the change from the most recent snapshot (version). If no current snapshot exists when a change is made to system configuration with version control enabled, one is taken automatically prior to recording the change.

To enable or disable Version control:

  1. Select the desired option from the Version Control drop-down list.


  2. Click Apply.




    3. Note

    Version control significantly slows down the system; it is disabled by default.


Taking a Snapshot of the Current Version

A version snapshot copies the administration system configuration files and stores them as a baseline snapshot tagged with the date and time the snapshot was taken. This baseline snapshot is then used as a reference point for any subsequent incremental versions. Once a set of versions are available, you can revert to any incremental version off the current snapshot, or you can revert to a particular snapshot. When you create a new snapshot, you establish a new baseline, and you can revert only to versions of this current baseline.

Versions are never deleted unless you explicitly request it. You can delete any version or snapshot. Deleting a baseline snapshot also deletes all incremental versions based on this snapshot. If you delete the current baseline, the incremental versions of the previous baseline become available again.

Creating a New Baseline

To take a snapshot of the system configuration and create a new baseline, click Snapshot Current Version.

The Current Snapshot list displays a list of the current baseline and any incremental versions of the baseline. Below that is the Previous Snapshots list, which displays any other baseline snapshots.

Incremental Version Display

The first line of an incremental version shows the actual configuration file that has been changed, along with the date and time the version was recorded. The rest of the display shows what has actually changed. The changes are shown as the difference between that version and the baseline. A + indicates something that has been added since the snapshot, and a - indicates something that has been removed since the snapshot. There is no limit to the number of snapshots or incremental versions that can be stored.

Deleting a Version Entry

To Delete a version entry, click Delete next to the desired entry in the list.

Reverting to a Previous Version

To revert to a version, click Revert next to the desired entry.

Recommended Usage

The recommended usage of version control is:

  • Get your Partner Agent Server configuration to a stable state with version control enabled.


  • Perform a snapshot.


  • Disable version control.


This allows you to make subsequent changes to the configuration and also have the ability to revert to a stable version if required.


Previous     Contents     Index          Next     

Copyright © 2000 Sun Microsystems, Inc.
Some preexisting portions Copyright © 2000 Netscape Communications Corp. All rights reserved.
Last Updated December 04, 2000