| Value |
Constant |
Description |
| 1 |
ftpAccessRead |
The client can download files using the RETR command. If
this permission is not granted, the server will reject all
requests by the client to download files, regardless of the
actual file access rights. |
| 2 |
ftpAccessWrite |
The client can upload files using the STOR and STOU commands. If this
permission is not granted, the server will reject all requests
by the client to upload files. By default, anonymous clients are
not granted this permission. If the server is started in
restricted mode, this option must be explicitly specified to
allow a client to upload files. |
| 4 |
ftpAccessAppend |
The client can append to files using the APPE command. If
this permission is granted, it will automatically grant the
ftpAccessWrite permission as well. If this
permission is not granted, the server will reject all requests
by the client to append data to a file. By default, anonymous clients are
not granted this permission. If the server is started in
restricted mode, this option must be explicitly specified to
allow a client to upload files. |
| 8 |
ftpAccessList |
The client can request a list of files in a directory using
the LIST, NLST or MLSD commands. This permission is also
required for the client to be able to obtain information about a
specific file using the STAT, MDTM, MLST or SIZE commands. If
this permission is not granted, the server will reject all
requests for a file list. |
| &H10 |
ftpAccessModify |
The client can modify the attributes or modification times
for a file using the MFMT, SITE ATTRIB, SITE CHMOD and SITE
UTIME commands. If this permission is not granted, the server
will reject all requests to modify the attributes of a file. By
default, anonymous clients are not granted this permission. |
| &H20 |
ftpAccessRename |
The client can rename or move a file using the RNFR and RNTO
commands. If this permission is not granted, the server will
reject all requests to rename a file, even if the file name is
valid and the server process has the appropriate access rights.
By default, anonymous clients are not granted this permission. |
| &H40 |
ftpAccessDelete
|
The client can delete a file using the DELE command. If this
permission is not granted, the server will reject all requests
to delete a file, even if the file name is valid and the server
process has the appropriate access rights. By default, anonymous
clients are not granted this permission. |
| &H80 |
ftpAccessChdir
|
The client can change its current working directory using
the CWD or CDUP commands. If this permission is not granted, the
client is effectively locked to its home directory, although it
can still specify a path when sending file or directory
commands. If the server was started in restricted mode, the
client will be unable to move outside of its home directory or
subdirectories, regardless of whether this permission has been
specified or not. |
| &H100 |
ftpAccessMkdir |
The client can create a directory using the MKD command. If this
permission is not granted, the server will reject all requests
to create a directory, even if the name is valid and the server
process has the appropriate access rights. By default, anonymous
clients are not granted this permission. |
| &H200 |
ftpAccessRmdir |
The client can remove a directory using the RMD command. If this
permission is not granted, the server will reject all requests
to remove a directory, even if the directory is empty and the server
process has the appropriate access rights. By default, anonymous
clients are not granted this permission. |
| &H400 |
ftpAccessIdle |
The client can change the idle timeout period from the value
that was specified in the server configuration. This controls
the amount of time that the client can remain idle until the
server terminates the session. The minimum idle timeout period
is 60 seconds and the maximum is 7200 seconds (2 hours). By
default, anonymous clients are not granted this permission. |
| &H800 |
ftpAccessExecute |
The client can execute commands on the server using the SITE
EXEC command. This command executes a console application and
redirects the standard output to the control channel of the
client session. Because this can introduce potential security
threats to the server, this permission is never granted by
default and its should only be granted to specific users who
require this functionality. |
| &H100000 |
ftpAccessRestricted |
The client is restricted to accessing files in its home
directory and any subdirectories of the home directory. The
client home directory is considered to be the root directory for
the client session, with all file and directory paths being
considered relative to the home directory. If this permission is
specified alone without being combined with any other
permissions, it will also grant the ftpAccessRead,
ftpAccessList and ftpAccessChdir permissions to the client
session. |
| &H200000 |
ftpAccessAnonymous |
The client should be considered an anonymous user and is
subject to the restrictions imposed on all anonymous client
sessions. If the server was started in multiuser mode, the
client will be restricted to the public directory and any
subdirectories. If this permission is specified alone without
being combined with any other permissions, it will also grant
the ftpAccessRead, ftpAccessList and ftpAccessChdir
permissions to the client session. |
| &H800000 |
ftpAccessDefault |
A set of default permissions for the user based on the
initial configuration of the server. Normally all permissions
are granted except for ftpAccessExecute. If the Restricted
property was set to True when the server was started,
the default permissions will limit the client to downloading
files and directory listings. |
The permission ftpAccessNone will grant no access rights to
the client. It is not recommended that you use this value,
particularly if your server is going to be publicly accessible using
third-party applications. Assigning ftpAccessNone to a user can
cause third-party applications to fail in unexpected ways if they
login as that user. Most client software expects authenticated users
to be able to obtain information about files in their current working
directory. To prevent clients from accessing files outside of their
home directory and limiting the actions they can take, set the
Restricted property to True and use ftpAccessDefault
as the permission granted to users.
The permission ftpAccessAll will grant all access rights to
a client, including the the permission to execute registered programs
using the SITE EXEC command. Any external programs that you have
registered for use should be thoroughly reviewed to ensure that they
do not present a security risk to the server. Note that the
ftpAccessAll permission will never permit a client to execute an
arbitrary executable on the server. The only external programs that
can be executed using SITE EXEC are those that are explicitly
registered using the RegisterProgram method.