mod_tar
The mod_tar
module supports on-the-fly creation of tar files.
Whenever a client attempts to download a directory as a tar file, the
mod_tar
module will automatically create a tar file of that
directory.
To provide this feature, the mod_tar
module uses the
libtar
library; see:
http://www.feep.net/libtar/
This module is contained in the mod_tar
file for
ProFTPD 1.3.x, and is not compiled by default. Installation
instructions are discussed here. More examples
of mod_tar
usage can be found here.
The most current version of mod_tar
can be found at:
http://www.castaglia.org/proftpd/
Please contact TJ Saunders <tj at castaglia.org> with any questions, concerns, or suggestions regarding this module.
<Directory>
, .ftpaccess
Module: mod_tar
The TarEnable
directive can be used to block or prevent a
directory from being turned into a tar file by mod_tar
.
<VirtualHost>
, <Global>
, <Anonymous>
The TarEngine
directive enables or disables the module's
support for on-the-fly tar file creation.
<VirtualHost>
, <Global>
The TarLog
directive is used to a specify a log file for
mod_tar
reporting and debugging, and can be done a per-server
basis. The file parameter must be the full path to the file to use for
logging. Note that this path must not be to a world-writeable
directory and, unless AllowLogSymlinks
is explicitly set to
on (generally a bad idea), the path must not be a symbolic
link.
If file is "none", no logging will be done at all; this
setting can be used to override a TarLog
setting inherited from
a <Global>
context.
<VirtualHost>
, <Global>
, <Anonymous>
The TarOptions
directive is used to configure various optional
behavior of mod_tar
, usually pertaining to how the
.tar
files are constructed.
Example:
TarOptions dereference
The currently implemented options are:
dereference
Instead of creating .tar
files which include symlinks,
include the files that the symlinks point to.
<VirtualHost>
, <Global>
, <Anonymous>
The TarTempPath
directive controls the directory where
mod_tar
will writes its temporary .tar
files.
Keep in mind that the TarTempPath
is subject to any chroot
(i.e. use of DefaultRoot
or
<Anonymous>
).
The default TarTempPath
is "./", which means that the
temporary .tar
files are written in the current directory of
the FTP session.
mod_tar
, copy the mod_tar.c
file into:
proftpd-dir/contrib/after unpacking the latest proftpd-1.3.x source code. For including
mod_tar
as a staticly linked module:
./configure --with-modules=mod_tarTo build
mod_tar
as a DSO module:
./configure --enable-dso --with-shared=mod_tarThen follow the usual steps:
make make install
For those with an existing ProFTPD installation, you can use the
prxs
tool to add mod_tar
, as a DSO module, to
your existing server:
# prxs -c -i -d -I /path/to/libtar/include -L /path/to/libtar/lib mod_tar.c
Note that in order to support gzip and bzip2 compression, the
mod_tar
module requires linking with the zlib (-lz
)
and bzip2 lib (-lbz2
) libraries. You may need to install
these packages on your system in order to build mod_tar
.
The mod_tar
module works by watching all download requests
(i.e. RETR
commands), looking specifically for requests
like:
RETR $dir.tar.gzThe following extensions will trigger
mod_tar
to attempt
on-the-fly tar file creation:
If the requested tar file already exists, then mod_tar
does
nothing, and lets the download proceed normally. If the requested tar file is
not for a directory, then mod_tar
does nothing.
Next, the mod_tar
module checks for the existence of a
"$dir/.notar" file. If this file is present, then mod_tar
does nothing. (This provides feature compatibility with wu-ftpd's on-the-fly
tar file creation feature.)
The mod_tar
module then checks to see if TarEnable
has been configured for the requested directory. For example, you can
block certain directories from being bundled up by mod_tar
by using:
<Directory $dir> TarEnable off </Directory>
Once these checks have passed, a randomly generated unique filename is
generated for the tar file to be created; the tar file is created in the
session's current working directory (although this can be changed
using the TarTempPath
directive), and
is deleted after the download finishes. This means that the client will need
write privileges in that directory in order for the tar file to be created.
No external commands are used for creating the tar file. Searches
for on-the-fly tar file creation will turn up reports
of vulnerabilities and issues with the tar file feature in wu-ftpd. The
problem there was that wu-ftpd used external commands, such as
/bin/tar
, to create the tar files. These commands take a range
of command-line options; malicious FTP clients could exploit those
command-line options, and wu-ftpd's on-the-fly tar file implementation, to
attack the server. By contrast, the mod_tar
module does
not use any external commands; it uses the libtar
library
for creating the tar file. And mod_tar
ensures that the
requested path is indeed a directory and that that directory path is treated
as-is, with no special interpolation or interpretation.
Example configuration:
<IfModule mod_tar.c> TarEngine on TarLog /var/ftpd/tar.log </IfModule>