iINSTALLING BEROFTPD
===================

CONTENTS
========
1. Quick way for impatient people
2. More detailed instructions
2.1. Configure
2.1.1. Configure options
2.1.2. A note to distributors of pre-compiled binaries
2.2. Build the program
2.3. Install the program
2.4. Make your inetd run BeroFTPD or run standalone
2.5. Edit the BeroFTPD configuration files

1. Quick way for impatient people
=================================
./configure
make
make install
# edit /etc/inetd.conf to start BeroFTPD rather than your old ftpd
# Alternatively, remove the old ftpd from your inetd.conf and run BeroFTPD
# in standalone mode.
# Look at the file /etc/ftpaccess, you will probably want to modify it to
# suit your needs. Read chapter 2.5 for more instructions on this.
# That's it, hope it works for you

2. More detailed instructions
============================= 

2.1. Configure
==============
2.1.1. Configure options
------------------------
The configure script provided with BeroFTPD will automatically detect what it
needs to know about your system.
In addition, you can specify some parameters to change BeroFTPD behavior
(disable certain features, alter pathnames, etc.):
  --prefix=PATH
	determines where "make install" will put binaries.
	The files will be put to PATH/bin, PATH/sbin, etc.
	Default is /usr.
  --disable-upload
	disables upload keyword in ftpaccess (read the ftpaccess manpage for
	details)
  --disable-overwrite
	disables overwrite keyword in ftpaccess (read the ftpaccess manpage
	for details)
  --disable-hostxs
	disable allow/deny keywords in ftpaccess (read the ftpaccess manpage
	for details)
  --disable-logfail
	disable logging of failed logins
  --disable-logtoomany
	disable logging of too many users
  --disable-private
	disallow use of private file
	(for site group and site gpass)
  --disable-dnsretry
	don't retry failed DNS lookups
  --enable-anononly
	allow only anonymous access
  --enable-paranoid
	disable all SITE commands
  --enable-chmod-limit
	limit SITE CHMOD modes to 0000-0777 (instead of 07777)
	In a future release, this switch will be replaced with a ftpaccess
	directive; it might make sense to have different values for
	different virtual hosts. Also, this will make things easier for
	distributors of pre-compiled binaries.
  --enable-skey
	enable S/Key support
  --disable-mail
	don't support notifying ftp admins of anonymous uploads by e-mail
  --disable-virtual
	don't support virtual servers
  --disable-portcheck
	don't check arguments to PORT command
  --enable-ratios
	Enable upload/download ratios (see ftpaccess manpage for details)
  --disable-internal-ls
	Don't use the internal implementation of ls; call an external program
	instead.
	Using an external program is a source of problems (you need a static
	ls, etc), and it takes extra CPU time; however, the internal ls
	command might not work on some systems.
  --enable-numeric-uids
	Make the internal ls report numeric UIDs rather than usernames; this
	saves the time for looking up the usernames.
  --disable-ident
        Do not look up RFC931 ident of users
  --disable-port
        Disable the PORT command
  --disable-pasv
        Disable the PASV command (passive mode)
  --with-confdir=PATH
	Place config files (ftpaccess etc) in PATH (rather than /etc)
  --with-logdir=PATH
	Place xferlog file in PATH (rather than /var/log)
  --with-piddir=PATH
	Place pid files in PATH (rather than /var/run)
  --enable-standalone
	Build in support for the -s, -S and -p options, permitting BeroFTPD
	to run as a standalone daemon rather than being run by inetd.
	Main advantage is that the processes are there faster - just a fork
	instead of a new exec. Main disadvantage is that BeroFTPD will use
	some memory and CPU time even if nobody is using it.
  --with-backlog=x
	Sets the maximum size of the queue of pending connections in
	standalone mode. Default is 100, don't change it unless you know
	what you're doing.
  --disable-mapping-chdir
	Return absolute disk paths for PWD (if /pub is a symlink to /.1,
	return /.1/something rather than /pub/something)
  --enable-throughput
	Keep track of total throughput, limit if required.
	This enables the throughput keyword in ftpaccess; read the ftpaccess
	man page for further details.
  --enable-transfer-cnt
	Keep track of total throughput, limit if required
  --enable-transfer-lim
	Limit files and bytes transferred
  --disable-newlines
	Suppress some extra blank lines on messages/banners
  --enable-oldvirt
	Support old-style (wu-ftpd) virtual hosts using the virtual
	command in ftpaccess
  --enable-passwd
	Enable passwd files other than /etc/passwd and /etc/shadow. This
	option enables additional commands "passwd <filename>" and
	"shadow <filename>" in the ftpaccess file.
	The most significant advantage is that you can have different users
	and different passwords for different virtual hosts.
  --enable-crackers
	Return an error message right after a wrong USER command rather
	than waiting for PASS.
	This is the behavior of older versions of BeroFTPD and wu-ftpd.
	This leaves crackers a chance to figure out the valid user names
	on your systems. This should not be used.
  --with-krb5
	Compile in support for Kerberos 5 authentication
  --with-afs
	Compile in support for AFS authentication
  --enable-pam
        Compile in PAM (Password Authentication Modules) support.
        This has been tested only with Linux-PAM (as found in BeroLinux 1.0)
        and FreeBSD 4.0, and may not work on other systems.
  --enable-quota
        Support quotas
  --enable-opie
        Enable support for OPIE (One Password In Everything)

2.1.2. A note to distributors of pre-compiled binaries
------------------------------------------------------
For distributors of pre-compiled binaries, I recommend passing the following
options to configure:
--enable-chmod-limit
  letting ftp users fiddle with setuid bits can do more harm than good.
--enable-ratios
  though most people won't need this, ratios are not enabled by default.
  aside from having a slightly larger binary, enabling support doesn't
  hurt.
--enable-standalone
  as with enable-ratios, doesn't hurt if you don't mind a slightly bigger
  binary.
--enable-throughput
  also, needs to be enabled in ftpaccess
--enable-passwd
  passwd and shadow files still default to usual - it just gets you a
  slightly bigger binary and any access to a passwd/shadow file is slightly
  slower.
--enable-internal-ls
  The internal ls command is significantly faster and less CPU intensive
  than calling an external one; also it is easier to set up (no need for
  statically linked ls commands or libraries in chroot structures anymore),
  and it will work better with non-/etc/passwd password files.
If you're building a binary for a PAMified system (such as RedHat Linux),
add --enable-pam.


2.2. Build the program
======================
Simply type "make" (without the quotation marks).
The makefiles have been tested with GNU make 3.75, 3.76, and 3.76.91, 
but should work with most other makes as well.
If you get a lot of error messages, you are probably using a
non-ANSI-compliant C compiler. In this case, get one of the following
compilers (for free):
- gcc (ftp://ftp.gnu.org/pub/gnu)
- egcs (ftp://egcs.cygnus.com/pub/egcs)
- pgcc (ftp://ftp.goof.com/pub/pcg). (Probably the best for ix86 platforms)
If this fails, report it to beroftpd-bugs@linux.net.eu.org after making sure
the problem still occurs in the most current version.

2.3. Install the program
========================
Type "make install" (again, without the quotation marks).  This will put
the compiled program in place.

Sample ftpaccess configuration files are available in doc/examples; pick
one and modify it to meet your needs, then copy it to /etc/ftpaccess.  Or
write your own ftpaccess file from scratch.

2.4. Make your inetd run BeroFTPD or run standalone
===================================================
BeroFTPD, like (almost?) all other ftp servers, is run from inetd.
If you use a "standard" inetd, you should have a line like

  ftp stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.ftpd -l -a

in your inetd configuration file (usually /etc/inetd.conf).  (For inetd
variants like xinetd, consult the daemon's documentation for the
configuration file location and syntax.)  Again assuming standard inetd,
change this to

  ftp stream tcp nowait root /usr/sbin/tcpd /usr/sbin/BeroFTPD

If you do not wish to use the /etc/ftpaccess file (though we don't see why),
pass the command line parameter -A to BeroFTPD:

  ftp stream tcp nowait root /usr/sbin/tcpd /usr/sbin/BeroFTPD -A

Restart inetd ("kill -HUP `pidof inetd`" should do the job).
"ftp localhost" to see if it works.

Check the file NOTES for further information (including the solution to "The
server runs, but anonymous users can't do ls").
If it doesn't work, send a bug report to beroftpd-bugs@linux.net.eu.org.

2.5. Edit the BeroFTPD configuration files
==========================================
The configuration files installed by default should work, but they will not
let you use all the features you might want.
Have a look at the BeroFTPD configuration files and edit them to suit your
needs (if you compiled --with-confdir=/some/dir, replace /etc with
/some/dir):

/etc/ftpservers:
	You need this if you want to use virtual servers. The format is
	<hostname|IP> <directory in which config files for this server reside>
/etc/ftpconversions:
	You need this file if you want users to be able to change
	compression of files (i.e. users can type filename.gz and will
	automatically get a gzip'ed version of filename).
	For help on the format of this file, check the ftpconversions
	manpage [man ftpaccess] and the sample [doc/examples/ftpconversions]
	The "recompress" program used in the example can be found in the
	util directory.
/etc/ftpusers:
	List all users here that may NOT log in.
	Instead of using this file, you can use the deny-uid
	command in /etc/ftpaccess (see below)
/etc/ftpgroups:
	List all groups here that may NOT log in.
	Instead of using this file, you can use the deny-gid
	command in /etc/ftpaccess (see below)
/etc/ftphosts:
	You can permit certain users to log in only from listed IPs. Read
	the ftphosts manpage [man ftphosts] for information on the format.
/etc/ftpaccess:
	The biggest and most complicated configuration file - it lets you
	configure basically everything.
	Read the ftpaccess manpage [man ftpaccess] for a list of commands
	and their descriptions.
	If you don't like editing large config files, get kBeroFTPD, the
	KDE front-end for BeroFTPD configuration. It can be downloaded
	at ftp://ftp.beroftpd.unix.eu.org/pub/BeroFTPD/ and its mirrors.
	You can probably get it in the same place you got BeroFTPD from.

$Id: INSTALL,v 1.1.1.1 1998/08/21 18:10:25 root Exp $
