Rumpus 1.3 User's Guide

Security Options


The second tab in the Configuration window provides access to the security settings. Rumpus uses several approaches to providing FTP services and is highly configurable. You should take time to learn how Rumpus provides security and how these methods differ from other FTP servers on the Mac OS with which you may already be familiar. The Security tab of the Configuration window includes the following options:

Rumpus includes a built-in security model, in addition to Anonymous and File Sharing Users & Groups-based security, but you may choose only one of these options. Built-In Security is not only faster and easier, but it allows you to turn off File Sharing, dramatically improving overall server performance. Also, in Rumpus Pro, you can define more than 100 users by using built-in security. Remember, Rumpus cannot apply both File Sharing and built-in security at the same time.

The first group of radio buttons lets you select how Rumpus will apply security. You can select from the following options:

Anonymous Login Only

The Anonymous Login Only option, shown in Figure 3, means that only anonymous users are allowed, and that they have full read-only access to the contents of the FTP folder selected in the Basic configuration tab.


Figure 3: Configuring Anonymous Login Only.

When this option is selected, users can log in to the server by entering a username of "anonymous" and any password. The "Require E-Mail Password" checkbox option allows you to require a password that appears to be an e-mail address when anonymous users log in to the server. While it is courteous for users to enter their full e-mail address as their password, any string of characters that appears to be an e-mail address will be accepted. Note that Rumpus will not verify an e-mail address by making an SMTP connection to the user's host server and issuing the VRFY command, but simply determines that the password has a format that matches a common SMTP e-mail format.

When this option is selected, all other configuration options in the Security configuration tab will be disabled, except the "Require E-Mail Password" option. See the section entitled "Defining Users" later in this document for more information on defining access privileges for anonymous user access using Users & Groups.

Users & Groups Security

The Users & Groups Security option means that all users must provide a valid username and password as defined in the Users & Groups Control Panel. When selected, this option is used in conjunction with multiple configuration options, discussed below, many of which aren't applicable with the other two types of security. Figure 4 shows this type of security enabled in the Security configuration tab.


Figure 4: Preparing users for File Sharing.

Remember, anonymous users will not be allowed access unless the Guest user account is enabled and the items in the following section are properly configured.

When Rumpus is enforcing security using the Users & Groups security database, the checkboxes on the right side of the Security tab under "Allow Anonymous Users To" and "Allow Secure Users To" will be active. These options define exactly what users will be able to do when you allow them to "Make Changes" to a particular folder with the "Sharing..." command. When "Make Changes" is off for a folder, users will not be able to upload, create, or delete files or folders in the given folder, regardless of these settings.

Upload New Files

The Upload New Files option is self-explanatory, and tells Rumpus that new files may be uploaded by a user, when "Make Changes" is allowed for that user. Under MacOS 8, this means that the user has either "Write" or "Read and Write" permission for the folder defined in the "Sharing..." dialog.

Delete and Overwrite Files

The Delete and Overwrite Files option means that users will be allowed to delete or replace existing files , again when "Make Changes" is allowed for that user. Under MacOS 8, this means that the user has either "Write" or "Read and Write" permission for the folder defined in the "Sharing..." dialog.

Make and Delete Folders

The Make and Delete Folders option gives users with the "Make Changes" privilege in File Sharing the ability to make and delete folders on your FTP server. By default , users will not be able to add, delete, or overwrite existing files until enabled by you.

The following options are also active when the Users & Groups Security option is selected.

Require E-Mail Password

As with the Anonymous Login Only security option described above, the "Require E-Mail Password" checkbox option allows you to require a password that appears to be an e-mail address when anonymous users log in to the server.

Anonymous "Guest" Access

The Anonymous "Guest" Access option means that File Sharing security privileges will be applied to files in the Rumpus FTP folder. You can then define users in the Users & Groups Control Panel, and set privileges by using the "Sharing..." menu option under the File menu in the Finder. Users with a valid username and password are allowed with assigned privileges. Users logged in as anonymous will have the privileges of the "Guest" user as defined in the "Sharing..." dialog box for each folder. However, the "Allow guests to connect" checkbox in the Users & Groups Control Panel is ignored by Rumpus. See the "Allow Anonymous/Secure Users To..." section above for more information on controlling anonymous access with Users & Groups.

Cache Permissions

The Cache Permissions checkbox will set Rumpus to cache access privileges for files. This will make access faster since it won't have to check every time, but changes won't take effect immediately. The cache refresh occurs once per minute, so security changes may not take effect for as long as a minute in Rumpus. We suggest leaving this box checked for performance reasons, but remember that security changes made in the Finder or the Users & Groups Control Panel won't take effect for up to one minute after you make the change.

Use Drop Folders

A popular feature of Rumpus is the support for "Drop Folders," which automatically places users into a specified folder when they log in. When the "Use Drop Folders" checkbox is not checked, users will be placed in the root folder of your FTP server.

When checked, Rumpus will attempt to put the user into a defined folder for that user, based on their username. For example, the user "Bailey" would be dropped into a folder named "Bailey" in the FTP server root, if that folder exists.

If you use a drop folder, you also have the option of restricting the user to their folder. If the user is not restricted, they will be dropped into their folder, but will be able to move back up to the server root, if they wish. This allows you to create a default folder for users, but allow them full access to the entire FTP server folder.

Of course, users may still configure their FTP clients (like Fetch) to automatically place the user into a specific directory to which they have access upon connecting to Rumpus, but the Drop Folder option gives you more control over their access to your server.

Admin Key

Since Rumpus will run with an AppleShare server, a field is provided to enter the Admin Key for the server. The Admin Key is required to get privileges from an AppleShare server and must be entered on Macs running AppleShare servers. If you have not entered an admin key into your AppleShare server, don't enter one into Rumpus.

If you are only using the Mac OS built-in File Sharing, this field must be left blank.

Built-In Security

If you choose to use Rumpus' Built-In Security option, shown in Figure 5, then you will define your own users apart from the Users & Groups under the Mac OS.


Figure 5: Selecting the Built-In Security option.

To define users, you'll need to open the "Define Users" window, which can be opened by selecting the "Define Users..." option under the "File" menu or by typing Command-U. This window allows you to create, modify, and delete users and specify privilege settings, and is discussed in detail in the "Defining User Accounts" section later in this User's Guide.


[ Previous | Table Of Contents | Next ]

Copyright © 1997-9 Maxum Development Corporation
http://www.maxum.com/