From: Daira Hopwood <daira@jacaranda.org>
Date: Thu, 5 Sep 2013 17:10:39 +0000 (+0100)
Subject: Thu Mar 22 22:04:53 GMT 2012  david-sarah@jacaranda.org
X-Git-Url: https://git.rkrishnan.org/specifications/%5B/%5D%20/%22doc.html/index.php?a=commitdiff_plain;h=24c4c8306059bd6ea100b6c3d379f49ae18dc5e9;p=tahoe-lafs%2Ftahoe-lafs.git

Thu Mar 22 22:04:53 GMT 2012  david-sarah@jacaranda.org
  * Put SFTP before FTP in various docs. fixes #1692
---

diff --git a/docs/configuration.rst b/docs/configuration.rst
index 35466e2e..811b30ea 100644
--- a/docs/configuration.rst
+++ b/docs/configuration.rst
@@ -396,12 +396,12 @@ CLI
     filesystem, uploading/downloading files, and creating/running Tahoe
     nodes. See `<frontends/CLI.rst>`_ for details.
 
-FTP, SFTP
+SFTP, FTP
 
-    Tahoe can also run both FTP and SFTP servers, and map a username/password
+    Tahoe can also run both SFTP and FTP servers, and map a username/password
     pair to a top-level Tahoe directory. See `<frontends/FTP-and-SFTP.rst>`_
-    for instructions on configuring these services, and the ``[ftpd]`` and
-    ``[sftpd]`` sections of ``tahoe.cfg``.
+    for instructions on configuring these services, and the ``[sftpd]`` and
+    ``[ftpd]`` sections of ``tahoe.cfg``.
 
 Drop-Upload
 
diff --git a/docs/frontends/FTP-and-SFTP.rst b/docs/frontends/FTP-and-SFTP.rst
index ac576743..786d2f7f 100644
--- a/docs/frontends/FTP-and-SFTP.rst
+++ b/docs/frontends/FTP-and-SFTP.rst
@@ -6,8 +6,8 @@ Tahoe-LAFS SFTP and FTP Frontends
 2.  `Tahoe-LAFS Support`_
 3.  `Creating an Account File`_
 4.  `Running An Account Server (accounts.url)`_
-5.  `Configuring FTP Access`_
-6.  `Configuring SFTP Access`_
+5.  `Configuring SFTP Access`_
+6.  `Configuring FTP Access`_
 7.  `Dependencies`_
 8.  `Immutable and Mutable Files`_
 9.  `Known Issues`_
@@ -38,11 +38,11 @@ for details.
 Tahoe-LAFS Support
 ==================
 
-All Tahoe-LAFS client nodes can run a frontend FTP server, allowing regular
-FTP clients (like /usr/bin/ftp, ncftp, and countless others) to access the
-virtual filesystem. They can also run an SFTP server, so SFTP clients (like
-/usr/bin/sftp, the sshfs FUSE plugin, and others) can too. These frontends
-sit at the same level as the web-API interface.
+All Tahoe-LAFS client nodes can run a frontend SFTP server, allowing regular
+SFTP clients (like ``/usr/bin/sftp``, the ``sshfs`` FUSE plugin, and many
+others) to access the virtual filesystem. They can also run an FTP server,
+so FTP clients (like ``/usr/bin/ftp``, ``ncftp``, and others) can too. These
+frontends sit at the same level as the web-API interface.
 
 Since Tahoe-LAFS does not use user accounts or passwords, the SFTP/FTP
 servers must be configured with a way to first authenticate a user (confirm
@@ -60,11 +60,11 @@ HTTP-based login mechanism, backed by simple PHP script and a database.
 Creating an Account File
 ========================
 
-To use the first form, create a file (probably in
-BASEDIR/private/ftp.accounts) in which each non-comment/non-blank line is a
-space-separated line of (USERNAME, PASSWORD, ROOTCAP), like so::
+To use the first form, create a file (for example ``BASEDIR/private/accounts``)
+in which each non-comment/non-blank line is a space-separated line of
+(USERNAME, PASSWORD, ROOTCAP), like so::
 
- % cat BASEDIR/private/ftp.accounts
+ % cat BASEDIR/private/accounts
  # This is a password line, (username, password, cap)
  alice password URI:DIR2:ioej8xmzrwilg772gzj4fhdg7a:wtiizszzz2rgmczv4wl6bqvbv33ag4kvbr6prz3u6w3geixa6m6a
  bob sekrit URI:DIR2:6bdmeitystckbl9yqlw7g56f4e:serp5ioqxnh34mlbmzwvkp3odehsyrr7eytt5f64we3k9hhcrcja
@@ -103,37 +103,6 @@ makes it harder for attackers to brute force the password or use DNS
 poisoning to cause the Tahoe-LAFS gateway to talk with the wrong server,
 thereby revealing the usernames and passwords.
 
-Configuring FTP Access
-======================
-
-To enable the FTP server with an accounts file, add the following lines to
-the BASEDIR/tahoe.cfg file::
-
- [ftpd]
- enabled = true
- port = tcp:8021:interface=127.0.0.1
- accounts.file = private/ftp.accounts
-
-The FTP server will listen on the given port number and on the loopback
-interface only. The "accounts.file" pathname will be interpreted relative to
-the node's BASEDIR.
-
-To enable the FTP server with an account server instead, provide the URL of
-that server in an "accounts.url" directive::
-
- [ftpd]
- enabled = true
- port = tcp:8021:interface=127.0.0.1
- accounts.url = https://example.com/login
-
-You can provide both accounts.file and accounts.url, although it probably
-isn't very useful except for testing.
-
-FTP provides no security, and so your password or caps could be eavesdropped
-if you connect to the FTP server remotely. The examples above include
-":interface=127.0.0.1" in the "port" option, which causes the server to only
-accept connections from localhost.
-
 Configuring SFTP Access
 =======================
 
@@ -172,7 +141,7 @@ lines to the BASEDIR/tahoe.cfg file::
  port = tcp:8022:interface=127.0.0.1
  host_pubkey_file = private/ssh_host_rsa_key.pub
  host_privkey_file = private/ssh_host_rsa_key
- accounts.file = private/ftp.accounts
+ accounts.file = private/accounts
 
 The SFTP server will listen on the given port number and on the loopback
 interface only. The "accounts.file" pathname will be interpreted relative to
@@ -195,6 +164,37 @@ clients and with the sshfs filesystem, see wiki:SftpFrontend_
 
 .. _wiki:SftpFrontend: https://tahoe-lafs.org/trac/tahoe-lafs/wiki/SftpFrontend
 
+Configuring FTP Access
+======================
+
+To enable the FTP server with an accounts file, add the following lines to
+the BASEDIR/tahoe.cfg file::
+
+ [ftpd]
+ enabled = true
+ port = tcp:8021:interface=127.0.0.1
+ accounts.file = private/accounts
+
+The FTP server will listen on the given port number and on the loopback
+interface only. The "accounts.file" pathname will be interpreted relative to
+the node's BASEDIR.
+
+To enable the FTP server with an account server instead, provide the URL of
+that server in an "accounts.url" directive::
+
+ [ftpd]
+ enabled = true
+ port = tcp:8021:interface=127.0.0.1
+ accounts.url = https://example.com/login
+
+You can provide both accounts.file and accounts.url, although it probably
+isn't very useful except for testing.
+
+FTP provides no security, and so your password or caps could be eavesdropped
+if you connect to the FTP server remotely. The examples above include
+":interface=127.0.0.1" in the "port" option, which causes the server to only
+accept connections from localhost.
+
 Dependencies
 ============
 
diff --git a/docs/frontends/drop-upload.rst b/docs/frontends/drop-upload.rst
index 4f220b51..3608acd6 100644
--- a/docs/frontends/drop-upload.rst
+++ b/docs/frontends/drop-upload.rst
@@ -17,7 +17,7 @@ several platforms, but it currently works only on Linux.
 
 The implementation was written as a prototype at the First International
 Tahoe-LAFS Summit in June 2011, and is not currently in as mature a state as
-the other frontends (web, CLI, FTP and SFTP). This means that you probably
+the other frontends (web, CLI, SFTP and FTP). This means that you probably
 should not keep important data in the upload directory, and should not rely
 on all changes to files in the local directory to result in successful uploads.
 There might be incompatible changes to how the feature is configured in
diff --git a/docs/frontends/webapi.rst b/docs/frontends/webapi.rst
index 63d61d97..0c69e444 100644
--- a/docs/frontends/webapi.rst
+++ b/docs/frontends/webapi.rst
@@ -2045,7 +2045,7 @@ When modifying the file, be careful to update it atomically, otherwise a
 request may arrive while the file is only halfway written, and the partial
 file may be incorrectly parsed.
 
-The blacklist is applied to all access paths (including FTP, SFTP, and CLI
+The blacklist is applied to all access paths (including SFTP, FTP, and CLI
 operations), not just the web-API. The blacklist also applies to directories.
 If a directory is blacklisted, the gateway will refuse access to both that
 directory and any child files/directories underneath it, when accessed via