Note on usage
Function: Create an FT profile
User group: FTAC user and FTAC administrator
Functional description
ftcrep stands for "create profile". This command can be used by any user to set up FT profiles for his or her login name.
The FTAC administrator can also set up FT profiles for other login names, either with or without defining a transfer admission.
When it is created, the profile is given a timestamp that is updated each time the profile is modified (e.g. using ftmodp).
Note for Windows systems
Note that the owner of an admission profile can only use their profile if they have stored their user password in openFT. The ftsetpwd command is available for this purpose. Alternatively, choose the User Password... command from the Administration menu of the openFT Explorer.
Format
ftcrep -h |
<profile name 1..8> | @s
<transfer admission> | @n
[ -ua=[<user ID>] [,[<password> | @n ]] ]
[ -v=y | -v=n ] [ -d=yyyymmdd ]
[ -u=pr | -u=pu ]
[ -priv=y | -priv=n ]
[ -iml=y | -iml=n ]
[ -iis=y | -iis=n ] [ -iir=y | -iir=n ]
[ -iip=y | -iip=n ] [ -iif=y | -iif=n ]
[ -ff=[t][m][p][r][a][l] | -ff=c ]
[ -dir=f | -dir=t | -dir=ft ]
[ -pn=<partner 1..200>,...,<partner(50) 1..200> | -pn= ]
[ -fn=<file name 1..512> | -fn= ]
[ -fnp=<file name prefix 1..511> ]
[ -ls= | -ls=@n | -ls=<command1 1..1000> ]
[ -lsp=<command2 1..999> ] [ -lss=<command3 1..999> ]
[ -lf= | -lf=@n | -lf=<command4 1..1000> ]
[ -lfp=<command5 1..999> ] [ -lfs=<command6 1..999> ]
[ -wm=o | -wm=n | -wm=e | -wm=one ]
[ -c=y | -c=n ]
[ -cm=y | -cm=n ]
[ -txt=<text 1..100> ]
Description
-h
Displays the command syntax on the screen. Entries after the -h are ignored.
profile name | @s
is the name you wish to assign to the FT profile. This name can be used to address the FT profile, for example when it is to be modified or deleted. Be sure not to confuse the profile name with the transfer admission (see below). The profile name must be unique among all the FT profiles under your login name, or FTAC will reject the ftcrep command and issue the message FT profile already exists. To have the profile names you have already assigned displayed, you can issue the ftshwp command (without options).
@s for profile name
Creates the standard admission profile for the user ID. You must specify @n as the transfer admission, because a standard admission profile in a request is addressed using the user ID and password.
You must not specify the options -v, -d and -u with a standard admission profile.
transfer admission | @n
replaces the login authorization for your system otherwise required in inbound requests. When this transfer admission is specified in an FT request, FTAC applies the access rights defined in this FT profile.
transfer admission
The transfer admission must be unique within your system so that there are no conflicts with transfer admissions defined by other FTAC users with other access rights. If the transfer admission you select has already been assigned, FTAC rejects the ftcrep command and issues the message:
Transfer admission already exists.
You can also define a binary admission with any characters, including non-printing characters, see section “Entering commands”.
As the FTAC administrator, you can assign a transfer admission for yourself under your own login name or for any other user.
In this case, if you do not have FT administrator permissions, you must specify the complete login authorization, i.e. the user ID and password.
@n for transfer admission
By entering @n, you create an FT profile without a transfer admission.
As the FTAC administrator, by specifying @n, you can create FT profiles for other login names without having to define transfer admissions.
If the profile is not a standard admission profile, it is locked until you or the owner of the profile assign a valid transfer admission with ftmodp.
You must specify @n when you create a standard admission profile.
transfer admission not specified
If you do not specify the transfer admission in the command, FTAC prompts you to enter the transfer admission after the command has been sent. Your entry is not displayed to prevent unauthorized persons from seeing the transfer admission. To exclude the possibility of typing errors, the program expects you to enter the transfer admission a second time as an entry check.
-ua=[user ID][,[password | @n ]]
As the FTAC administrator use -ua to specify the user IDs for which you want to set up FT profiles.
user ID
The user without administrator privileges can specify only his own user ID.
As the FTAC administrator, you can specify any user ID.
,password
Specifies the password of the login name. A binary password must be specified in hexadecimal format, see section “Entering commands”. The FT profile for the login name is only valid while the password is valid for the login name. If the password is changed, the profile can no longer be used.
If you want to assign an FT profile for another user and also assign a transfer admission for that profile, you must specify the login name as well as the password for that login name if you do not have FT administrator privileges.
@n for password
This entry may only be specified by the FTAC administrator. With @n, you cannot assign any transfer admission for the FT profile if you do not have FT administrator privileges.
comma only (,) no password
Entering comma (,) without password causes FTAC to query the password on the screen after the command is entered. The entry is not displayed to prevent unauthorized persons from seeing the transfer admission.
user ID only (without comma and no password) specified
the profile is valid for all the passwords for user ID.
-ua= specified or -ua not specified
the FT profile is created for the individual login name.
-v=y | -v=n
defines the status of the transfer admission.
Possible values are:
y (default value)
the transfer admission is not disabled (it is valid).
n
the transfer admission is disabled (it is not valid).
-v must not be specified with a standard admission profile.
-d=yyyymmdd
specifies the period during which the transfer admission can be used. The FT profile is disabled when this period has expired.
You can specify an eight-digit date (e.g. 20170602 for June 2, 2017). The transfer admission can no longer be used after 00:00 hours on the specified day. The largest possible value which can be specified as the date is 20380119 (January 19, 2038).
-d must not be specified with a standard admission profile.
-d not specified (default value)
no period is specified for using the transfer admission.
-u=pr | -u=pu
with -u, you can control how FTAC reacts when someone attempts to create an FT profile with the same transfer admission. Normally, the transfer admission must be disabled immediately.
Transfer admissions that do not require as much protection are designated as public. This means that they are not disabled, even if a user attempts to assign another transfer admission of the same name.
pr (default value)
the transfer admission is disabled as soon as someone under another login name attempts to specify a transfer admission of the same name (private). In this case, the values for -u and -d are set to their default values at the same time.
pu
the transfer admission is not disabled, even if someone attempts to specify a transfer admission of the same name (public).
-u must not be specified with a standard admission profile.
-priv=n | -priv=y
is used by the FTAC administrator to grant privileged status to FT profiles.
As a user, you can only revoke an existing privileged status, y is not permitted.
n (default value)
The FT profile is not privileged (initially).
y
For the FTAC administrator only: The FT profile is privileged.
-iml=y | -iml=n
-iml (ignore max. level) is used to specify whether the FT profile is to be restricted by the values in the admission set. You can override your own entries (the MAX. USER LEVELS) for requests using this FT profile.
If the FT profile is also privileged by the FTAC administrator, the values of the FTAC administrator (the MAX. ADM LEVELS) can also be ignored. This FT profile would then allow inbound basic functions which are disabled in the admission set to be used. Possible values are:
y
allows the values in the admission set to be ignored.
n (default value)
restricts the functionality of the profile to the values in the admission set.
-iis=y | -iis=n
-iis (ignore inbound send) allows the value for the basic function inbound send in the admission set to be ignored (see -iml for details).
y
allows the basic function inbound send to be used even if it is disabled in the admission set. At the same time, the component "display file attributes" of the basic function inbound file management can also be used.
Specifying this option is enough as long as the basic function inbound send was disabled by the user, but if it was disabled by the FTAC administrator, it is also necessary that he/she grant privileged status to the FT profile.
n (default value)
restricts the profile to the value in the admission set for the basic function inbound send.
-iir=y | -iir=n
-iir (ignore inbound receive) allows the value for the basic function inbound receive in the admission set to be ignored (see -iml for details).
y
allows the basic function inbound receive to be used even if it is disabled in the admission set. At the same time, components of the basic function inbound file management can also be used (see table at -iif).
Specifying this option is enough as long as the basic function inbound receive was disabled by the user, but if it was disabled by the FTAC administrator, it is also necessary that he/she grant privileged status to the FT profile.
n (default value)
restricts the profile to the value in the admission set for the basic function inbound receive.
-iip=y | -iip=n
-iip (ignore inbound processing) allows the value for the basic function inbound followup processing + preprocessing + postprocessing in the admission set to be ignored
(see -iml for details).
y
allows the basic function inbound follow-up processing + preprocessing + postprocessing to be used even if it is disabled in the admission set.
Specifying -iip=y is enough as long as the basic function inbound follow-up processing + preprocessing + postprocessing was disabled by the user. But if it was disabled by the FTAC administrator, it is also necessary that he/she grant privileged status to the FT profile.
n (default value)
restricts the profile to the value in the admission set for the basic function inbound follow-up processing + preprocessing + postprocessing.
-iif=y | -iif=n
-iif (ignore inbound file management) allows the values for the basic function inbound file management in the admission set to be ignored (see -iml for details).
y
allows the basic function inbound file management to be used even if it is disabled in the admission set. Specifying this option is enough as long as the basic function inbound file management was disabled by the user, but if it was disabled by the FTAC administrator, it is also necessary that he/she grant privileged status to the FT profile.
n (default value)
restricts the profile to the value in the admission set for the basic function inbound file management.
The following table shows which subcomponents of the file management can be used under which conditions.
Inbound file management | Values of the admission set |
Display file attributes | Inbound Send (IBS) enabled |
Modify file attributes | Inbound Receive (IBR) and |
Rename files | Inbound Receive (IBR) and |
Delete files | Inbound Receive (IBR) enabled and |
Display directories | Inbound File Management (IBF) enabled |
Create, rename and delete | Inbound File Management (IBF) enabled |
-ff=[t][m][p][r][a][l] | -ff=c
-ff defines the FT function for which the FT profile can be used. With the exception of c, these letters can be combined in any way (tm, mt, mr, ...). c must not be combined with other values.
t (transfer)
The FT profile can be used for the file transfer functions "Transfer files", "Display file attributes" and "Delete files".
m (modify file attributes)
The FT profile can be used for the file transfer functions "Display file attributes" and "Modify file attributes".
p (processing)
The FT profile can be used for the file transfer functions "File Preprocessing" or "File Postprocessing". The FT function "Transfer files" must also be permitted.
Specification of p has no significance for profiles with a file name prefix (-fnp=) or a file name (-fn=) since, in this case, the first character of the file name or file name prefix decides whether the profile can only be used for preprocessing and postprocessing ("|") or only for file transfer/file management (no "|").
The use of follow-up processing is not controlled by -ff=, but by -lf= and -ls=.
r (read directory)
The FT profile can be used for the file transfer functions "Display directories" and "Display file attributes".
a (administration)
The admission profile is allowed to be used for the "remote administration" function. This means that it authorizes a remote administration server to access the local openFT instance. To do this, the associated transfer admission must be configured in the remote administration server.
-ff=a may only be specified by the FT administrator or FTAC administrator.
l (logging)
The admission profile is allowed to be used for the "ADM traps" function. This allows another openFT instance to send its ADM traps to the remote administration server via this profile. This specification only makes sense if the local openFT instance is flagged as a remote administration server (ftmodo -admcs=y command).
-ff=l may only be specified by the FT administrator.
c (client access)
The admission profile is allowed to be used for the "access to remote administration server" function (ADM profile). This allows a remote administrator on a remote computer to use this profile to access the local remote administration server and issue remote administration requests. The local openFT instance must be flagged as a remote administration server (ftmodo -admcs=y command).
The value c must not be combined with any other value. -ff=c may only be specified by the ADM administrator.
-ff not specified
Corresponds to the specification -ff=tmr, i.e. the admission profile can be used for all file transfer functions other than "file processing", but cannot be used for remote administration functions (a, c) and ADM traps (l).
-dir=f | -dir=t | -dir=ft
specifies for which transfer direction(s) the FT profile may be used.
f
allows data transfer only from a remote system to the local system.
t
allows data transfer only from a local to a remote system. Directories cannot be
created, renamed nor deleted.
ft, tf
both transfer directions are allowed.
-dir not specified
transfer direction is not restricted in the FT profile.
-pn=partner[,partner2, ...] | -pn=
You use -pn to specify that this admission profile is to be used only for FT requests which are processed by a certain partner system. You can specify the name of the partner system in the partner list or the address of the partner system. For details on address specifications, see section “Specifying partner addresses”.
You can specify more than one partner system (maximum 50) with a maximum total of 1000 characters.
-pn not specified (or -pn=)
means that any remote system can use the FT profile.
-fn=file name | -fn=
-fn specifies which file under your login name may be accessed using this FT profile. If you specify a fully qualified file name, only the file with this name can be transferred.
If the file name ends with %unique or %UNIQUE, this string is replaced during the file transfer by a string which changes for each new call, see section “Entering commands”.
If file name starts with a "|" (pipe character) then it is interpreted as a preprocessing or postprocessing command.
-fn not specified (or -fn=)
omitting -fn means that the FT profile allows unrestricted access to all files under the login name (exception see -fnp).
-fnp=file name prefix
restricts access to a set of files whose names begin with the same prefix. FTAC adds the character string specified as file-name-prefix to the file name in the request and attempts to transfer the file with the expanded name.
Example:
Unix systems: If this option is specified as -fnp=scrooge/ and the request contains the file name stock, the file is transferred as scrooge/stock.
Windows systems: If this option is specified as -fnp=scrooge\ and the request contains the file name stock , the file is transferred as scrooge\stock .
In this way, you can designate the files you have released for transfer. If the -fnp option was used to specify a prefix, the file name specified in the request must not contain a directory separator (Unix systems: "/", Windows systems: "\"). This disables (unintentionally) changing directories specifying ../ or ..\. You should also ensure that there is no chance for a symbolic link to cause a jump to another place in the file tree.
%unique or %UNIQUE cannot be used for a file name prefix. In the case of a file transfer request, the user can use a file name ending with %UNIQUE (or %UNIQUE.suffix or %unique or %unique.suffix) to generate a unique file name with the prefix specified here.
A file name prefix which starts with the | (pipe) character indicates that the admission profile can only be used for file transfer with preprocessing and postprocessing, since the file name created using the prefix and the name specified for the ncopy or ft command also starts with the | character. In this case, no follow-up commands may be specified.
Exception on Windows systems: The filename prefix under Windows starts with |cmd /c or |&cmd /c .
filename prefix can be up to 511 bytes in length (for the representation in UTF-8, see section “Entering commands” ).
Notes on profiles with preprocessing or postprocessing
On Unix systems, the shell metacharacters | ; & < > and "newline" may only be specified if they are enclosed in '...' (single quotes) or "..." (double quotes) or if each of them is escaped with "\" (backslash). The character ` (accent grave) and the string $( (dollar+open bracket) may only be specified if they are enclosed in '...' (single quotes) or if they are specified directly after a backslash ("\").
The following strings may not be specified for the name entered in the ncopy or ft command:
.. (two dots)
.\ (dot + backslash)
.' (dot + single quote, only for Unix systems)
This makes it impossible to navigate to higher-level directories.
Special cases
You must specify a file name or file name prefix which starts with the string "|ftexecsv " for admission profiles which are to be used exclusively for the ftexec command.
If a command prefix is also to be defined, you must specify it as follows:
-fnp="|ftexecsv -p= command prefix "
(e.g.:
-fnp="|ftexecsv -p=\"ftshwr \"")The same restrictions apply to the command string of the ftexec call as to the filename prefix during preprocessing and postprocessing.
For admission profiles that are only to be used for getting monitoring data, specify the filename prefix "|*FTMONITOR ". The functions of the profile must permit File Preprocessing (-ff=tp). For details, see Example 3.
-fnp not specified
FTAC adds no prefix to the file name.
-ls= | -ls=@n | -ls=command1
-ls specifies follow-up processing which is to be performed under your login name in the event that file transfer is successful. If -ls is specified, no success follow-up processing may be requested in the FT request. Specifying -ls only makes sense if you also make an entry for -lf (see below) to preclude the possibility than an intentionally unsuccessful request can circumvent the -ls entry. If you have defined a prefix for the file name with -fnp and plan follow-up processing for this file, you must specify the complete file name here.
@n for command1
If -ls=@n is specified, no success follow-up processing is permitted in the event of a successful file transfer.
For details on follow-up processing, please refer to section “Commands for follow-up processing” .
-ls not specified (or -ls=)
does not restrict follow-up processing in the local system in the event of successful file transfer (however, see also -lsp or -lss).
-lsp=command2
-lsp defines a prefix for follow-up processing in the local system in the event of successful file transfer. FTAC then adds the character string command2 to the follow-up processing specified in the FT request and attempts to execute the resulting command.
Example:
Unix systems: If this option is specified as -lsp='lpr ' and the request specifies file1.txt as follow-up processing, FTAC executes lpr file1.txt as follow-up processing.
Windows systems: If this option is specified as -lsp="print " and the request specifies file1.txt as follow-up processing, FTAC executes print file1.txt as follow-up processing.
Please also bear in mind the information provided on the -ls option!
For details on follow-up processing, please refer to section “Commands for follow-up processing” .
-lsp not specified
FTAC adds no prefix to the follow-up processing specified in the request in the event of successful file transfer.
-lss=command3
-lss defines a suffix for follow-up processing in the local system in the event of successful file transfer. FTAC then appends the character string command3 to the followup processing specified in the FT request and attempts to execute the resulting command.
Example:
Unix systems: If this option is specified as -lss=' file2.txt' and the request specifies lpr as follow-up processing, FTAC executes lpr file2.txt as follow-up processing.
Windows systems: If this option is specified as -lss=" file2.txt" and the request specifies print as follow-up processing, FTAC executes print file2.txt as follow-up processing.
Please also bear in mind the information provided on the -ls option!
For details on follow-up processing, please refer to section “Commands for follow-up processing” .
-lss not specified
FTAC adds no suffix to the follow-up processing specified in the request in the event of successful file transfer.
-lf=command4 | @n
-lf specifies follow-up processing to be executed under your login name if the file transfer is aborted due to an error. If -lf is specified, no failure follow-up processing may be requested in the FT request. Making an -lf entry only makes sense if you also make an entry for -ls (see above) to preclude the possibility that a successful request can circumvent the -lf entry. If you have defined a prefix for the file name with -fnp and plan follow-up processing for this file, you must specify the complete file name here.
@n for command4
If -lf=@n is specified, no failure follow-up processing is then permitted in the event of unsuccessful file transfer.
For details on follow-up processing, please refer to section “Commands for follow-up processing” .
-lf not specified
does not restrict follow-up processing in the local system in the event of unsuccessful file transfer (Exception see -lfp or -lfs).
-lfp=command5
-lfp defines a prefix for follow-up processing in the local system in the event of unsuccessful file transfer. FTAC then sets the character string command5 in front of the followup processing specified in the FT request and attempts to execute the resulting command.
Example:
Unix systems: If this option is specified as -lfp='lpr ' and the request specifies error.txt as follow-up processing, FTAC executes lpr error.txt as follow-up processing.
Windows systems: If this option is specified as -lfp="print " and the request specifies error.txt as follow-up processing, FTAC executes print error.txt as followup processing.
Please also bear in mind the information provided on the -lf option!
For details on follow-up processing, please refer to section “Commands for follow-up processing” .
-lfp not specified
FTAC sets no prefix in front of the follow-up processing specified in the request in the event of unsuccessful file transfer.
-lfs=command6
-lfs defines a suffix for follow-up processing in the local system in the event of unsuccessful file transfer. FTAC then sets the character string command6 after the follow-up processing specified in the FT request and attempts to execute the resulting command.
Example:
Unix systems: If this option is specified as -lfs=' error.txt' and the request specifies lpr as follow-up processing, FTAC executes lpr error.txt as follow-up processing.
Windows systems: If this option is specified as -lfs=" error.txt" and the request specifies print as follow-up processing, FTAC executes print error.txt as follow-up processing.
Please also bear in mind the information provided on the -lf option!
For details on follow-up processing, please refer to section “Commands for follow-up processing” .
-lfs not specified
FTAC sets no suffix after the follow-up processing specified in the request in the event of unsuccessful file transfer.
-wm=o | -wm=n | -wm=e | -wm=one
-wm specifies which write modes may be used in the file transfer request and what they effect.
o (overwrite)
In the FT request of openFT or FTAM partners, only -o or -e may be entered for write mode. The receive file is overwritten if it already exists, and is created if it does not yet exist.
With FTP partners, -n may also be entered if the file does not yet exist.
n (no overwrite)
In the FT request -o, -n or -e may be entered for write mode. The receive file is created if it does not yet exist. If the receive file already exists, the request is not executed.
e (extend)
In the FT request only -e may be entered for write mode, i.e. the receive file is extended by appending the transferred file to the end if the receive file already exists. The receive file is created if it does not yet exist.
one (default value)
means that the FT profile does not restrict the write mode.
-c=y | -c=n
Precondition: openFT-CR must be installed.
Using -c, you can determine whether data encryption is required or forbidden. If the setting in the profile does not correspond to the setting in the request, the request is denied. The setting is not valid for file management requests, since there is no encryption for these requests.
y
Only requests with data encryption may be processed using this profile.
n
Only requests without data encryption may be processed using this profile.
-c not specified
Data encryption is neither required nor forbidden.
-cm=y | -cm=n
Precondition: openFT-CR must be installed.
Using -cm, you can determine whether file(s) and/or directory list attributes encryption is required or forbidden. If the setting in the profile does not correspond to the setting in the request, the request is denied.
y
Only requests with file(s) and/or directory list attributes encryption may be processed using this profile.
n
Only requests without file(s) and/or directory list attributes encryption may be processed using this profile.
-cm not specified
File(s) and/or directory list attributes encryption is neither required nor forbidden.
-txt=text
enables you to store a comment in the FT profile (up to 100 characters).
-txt not specified
the FT profile is stored without a comment.
If you use the options -ff=p, -fn, -fnp, -ls , -lsp, -lss, -lf, -lfp or -lfs, you must remember
that a file-name restriction can be bypassed by renaming the file unless followup processing is also restricted;
that follow-up processing must always be restricted for both successful and unsuccessful file transfer and, if necessary, equivalent restrictions must exist for any permitted preprocessing;
that prefixes for the file name and follow-up processing must be matched to one another;
that no symbolic links should occur in the part of your file tree that is referenced by the file name prefix.
that restrictions applied to preprocessing, postprocessing, or follow-up processing can be circumvented if it is possible to replace this command with, for example, a "Trojan horse".
Examples
You wish to create an FT profile for the following purpose:
The Duck Goldmines are to be able to send their monthly reports from their computer goldmine to the president at head office via file transfer. The file monthlyreport_goldmine01 is to be printed out after transfer. The command required to create such an FT profile at head office is:
Unix systems :
ftcrep goldmrep fortheboss -d=20171231 -dir=f\ -pn=goldmine -fn=monthlyreport_goldmine01\ -ls='lpr monthlyreport_goldmine01' -lf=@n -wm=o
Windows systems:
ftcrep goldmrep fortheboss -d=20171231 -dir=f-pn=goldmine -fn=monthlyreport_goldmine01-ls="print monthlyreport_goldmine01" -lf=@n -wm=oThe FT profile has the name goldmrep and the transfer admission fortheboss. It permits only the monthlyreport_goldmine01 file to be transferred to the bank. Following successful transfer, the file is printed out in the bank. Follow-up processing after unsuccessful file transfer is, however, prohibited. The transfer admission is only valid until December 30, 2017, the FT profile disabled as of 00:00 hours on December 31, 2017.
You want to set up the standard admission profile on your user ID in such a way that only the file transfer and file creation functions are possible. This profile can, for instance, be used by FTAM partners that always have to specify the user ID and the password for inbound access.
The command is as follows:
ftcrep @s @n -wm=n -ff=tYou want to define an admission profile monitor1 that only allows monitoring data to be output. Assign onlyftmonitor as the transfer admission. The command is as follows:
ftcrep monitor1 onlyftmonitor -ff=tp -fnp="|*FTMONITOR "The purpose of the blank after *FTMONITOR is to automatically separate any options specified during the call from the command. A profile such as this can be used to call the openFT monitor (e.g. using the ftmonitor command) and in the ncopy command. The admission profile is only valid for communicating via the openFT protocol.
You will find further details in the section "Monitoring with openFT" in the manual "openFT (Unix and Windows systems) - Installation and Operation".