servedat Options
The following configuration options can be used to control and customize the behavior of servedat. Most options can be specified on either the command line, or in a configuration file. Command line settings will override configuration file settings.
A complete list of the current settings and where they came from is displayed whenever Debug or LogFile is set. For example, "servedat -d 1". Look for the section of output labeled "Configuration settings".
Options with the "Boolean" type take no parameter on the command line, but require a value of 0 or 1 in the configuration file.
Maintenance Modes
Each of the following options causes servedat to perform the given maintenance task and then exit.
CLI | Value | |
-i | Windows Only. Self install as a Windows Service. servedat will copy itself to %SystemRoot%\system32 and set itself to start automatically upon system bootup. Any additional command line options will be copied to the service and will override any configuration file settings. If a servedat service is already running, it will be shutdown and overwritten. The newly installed service will be started immediately. Requires administrative privileges. | |
-R | Register an MTP/IP license code then exit. You may provide the license code on the command line or enter it when prompted. | |
-u | Windows Only. Uninstall Windows Service. The application will disable the servedat service and delete its binary from %SystemRoot%\system32. Requires administrative privileges. | |
-v | Display version and help information then exit. |
General Settings
These options set the general run-time behavior of servedat.
CLI | Config | Value |
-d | Debug | 0 to 6 |
Enable diagnostic output. Level 1 is recommended any time you are experiencing difficulties. Levels above 1 will produce copious output and may degrade performance. | ||
-f | Pathname | |
Read the given configuration file instead of the default paths. Specifying an empty path string (f "") will disable all configuration files. Windows: the path may include environment variables such as %SystemRoot%. | ||
HomeDir | Pathname | |
Sets the default Home Directory path. If SysAuth or AuthFile are set, then this may be overridden by specifying a directory for the ANONYMOUS user. On Windows, HomeDir accepts both '/' and '\' as delimiters, however Windows may truncate multiple consecutive backslashes or backslashes appearing at the end of a line, so use of forward slashes '/' is recommended. Default: See Home Directories. | ||
-F | LogFilter | 0 to 6 |
Reduce the volume of server log output by filtering certain types of reports. See Logging for values. Default: 0. | ||
-I | LogProgress | Seconds |
Report the progress of transactions at intervals of this many seconds. See Logging for format. Default: 300. | ||
-J | LogStatus | Seconds |
Report the server load and transaction counts at intervals of this many seconds. See Logging for format. Default: 600. | ||
LogRotate | Megabytes | |
The log file will be rotated at startup or upon SIGHUP if it has grown larger than this many megabytes. Set to 0 to disable log rotation. This option must appear before LogFile in the same configuration file. Default: 25 megabytes. | ||
-l | LogFile | Pathname |
Append diagnostic output to the named file path. This option will take effect immediately and multiple instances of this option may cause the log destination to change during startup. In order to capture all messages related to startup, use "-l" as the first option on the command line. As a special case, a pathname of "1" or "2" will cause logs to be sent to stdout or stderr respectively. Windows: the path may include environment variables such as %SystemRoot%. | ||
-n | Interface | IP address |
Bind servedat to a single local network interface. This option should not be used under normal conditions. It may be useful to work around improper routing such as having multiple IP addresses or overlapping WAN gateways on the same subnet. Default: INADDR_ANY. | ||
-o | ObjectHandler | code,command |
Declare an action code and program for an Object Handler. You may use this option multiple times for different codes. Default: None. | ||
-p | Port | UDP Port |
Change the UDP port number used to listen for requests. Use this option if there is a port conflict or you wish to take advantage of another UDP port that is already open in your firewall. Default: 8080. | ||
-V | ServiceName | String |
Windows: Sets the short-name of the Windows Service when installed as such. Unix: Sets the PAM service module name for SysAuth. Defaults: win32 and win64 "ServeDat"; osx "servedat"; aix "login"; all others "sshd". | ||
-X | NoEXCL | Boolean |
Unix Only. Disables checks for orphaned -sv.tmp files. This may be useful as a workaround for NFS mounts and SANs which do not properly support O_EXCL. Enable if you are receiving Permission Denied errors when uploading to an NFS mount and permissions appear to be otherwise correct. Default: False. | ||
NoFileLocks | Boolean | |
Unix Only. Disables file locking for -sv.tmp and -sv.met files. This may be useful as a workaround for filesystems which do not correctly implement file locking, such as Linux kernel 5.5 and later with SMB volumes. See "Linux SMB Upload Hangs". This option should not be used in clustered environments where multiple servedat processes are writing to the same folders. Default: False. |
Security
These options determine global access privileges and authentication policies.
CLI | Config | Value |
AllowEncrypt | Boolean | |
If set to 0, then transactions requesting content encryption will be rejected. Also see RequireEncrypt below. Default: True. | ||
AllowPath | Absolute Pathname | |
The given path will be accessible as an absolute pathname even when RestrictHome is in effect. You may have multiple AllowPath declarations. On Windows, AllowPath accepts both '/' and '\' as delimiters, however Windows may truncate multiple consecutive backslashes or backslashes appearing at the end of a line, so use of forward slashes '/' is recommended. See Home Directories for more use information. Default: none. | ||
AuthCache | Seconds | |
Time to cache valid credentials for SysAuth and AuthHandler. Increasing this value reduces the load on authentication databases. A zero value disables caching. Because servedat authenticates each individual transaction, not just client sessions, there may be thousands of queries per second and disabling caching may severely impair performance. Default: 300. | ||
-A | AuthFile | Pathname |
Specify an authentication file. Windows: the path may include environment variables such as %SystemRoot%. | ||
AuthHashes | Comma separated list | |
Password types allowed in authentication files. Only listed types will be supported. Legacy crypt and md5 hashes conflict with 13 and 32 character clear-text passwords. Support for legacy types may be dropped in a future release. Windows Default: clear,md5,sha256. Others: clear,crypt,sha256 | ||
-C | AuthHandler | Pathname |
Specify an Authentication Handler, a user-provided program which will be run to validate transaction credentials. | ||
AuthHandlerTimeout | Milliseconds | |
The maximum time servedat will wait for an Authentication Handler to return a result. In case of a timeout, the client request will be rejected with code MTP_APP_DENIED (25). Default: 500. | ||
AuthReload | Minutes | |
The authentication file will be automatically reloaded approximately this many minutes after a modification. Set to 0 to disable automatic reload. Default: 1 minute. | ||
-g | GetOnly | Boolean |
Only individual file downloads are permitted (with or without compression). All other actions, including directory listings, are forbidden. This can be set for individual users in the AuthFile. See Access Privileges for details. See also ReadOnly, WriteOnly, WriteListOnly. Default: False. | ||
-G | IgnoreModes | Boolean |
Ignore permission information accompanying uploaded files and when creating directories. Non-Windows hosted servers will use FileMode instead. Default: False. | ||
-H | RestrictHome | Boolean |
When enabled, users will only be allowed to directly access files inside their home directories and paths specified by AllowPath. Symbolic link targets will also be honored. This can be set for individual users in the AuthFile. Default: False. | ||
-K | RequireEncrypt | Boolean |
Require content encryption for all transactions. Transactions without content encryption will be rejected. Default: False. | ||
-M | FileMode | octal permissions mode |
Unix only. Sets the default file creation mode to be used when none is supplied by the client or when IgnoreModes is in effect. When creating a directory, "execute" will be enabled where "read" is enabled. Default: 0644 for files, 0755 for directories. | ||
-O | NoOverwrite | Boolean |
Prevents incoming files from overwriting existing files. Clients must delete an existing file prior to uploading one with the same name. Default: False. | ||
ObjectOnly | Boolean | |
Prevents direct access to the filesystem: all transactions must declare a valid Object Handler. See Access Privileges for details. Default: False. | ||
-r | ReadOnly | Boolean |
Files may only be listed and downloaded from the server. All transactions which would change the filesystem, such as uploads, deletes, folder creation, or link creation, are blocked. This can also be set for individual users in the AuthFile. See Access Privileges for details. See also GetOnly, WriteOnly, WriteListOnly. Default: False. | ||
RestrictClients | Boolean | |
When enabled, only clients with a SiteOptions entry will be allowed to perform transactions with this server. All other clients will be denied, regardless of their credentials. Default: False. | ||
-S | SysAuth | Boolean |
Use the system user database for authentication. This is the default when running with administrative privileges. Anonymous access will be prohibited unless an ANONYMOUS entry is given in AuthFile. Default: See SysAuth. | ||
SysAuthSuffix | String | |
When set, only system authentication users whose usernames end in the given string are permitted access. For example, a value "-exp" would allow "joe-exp" to authenticate, but would prohibit "bob". This may be especially useful in Active Directory environments where a value such as "@domain" will allow access only to members of that domain. Does not apply to AuthFile users. Default: None. | ||
-y | SysHome | Pathname |
Override the usual home folder for system users and instead redirect them to a subfolder of the given path. The subfolder must have the exact username and its permissions must be set to allow the user access. If the subfolder does not exist, HomeDir will be used instead. You can also use symbolic links on systems which support them. When combined with RestrictHome, system users will not be allowed access outside of this folder. On Windows, SysHome accepts both '/' and '\' as delimiters, however Windows may truncate multiple consecutive backslashes or backslashes appearing at the end of a line, so use of forward slashes '/' is recommended. 1: A SysHome value of "1" will direct all SysAuth users and Shadow users with blank home fields to the HomeDir folder. 0: A SysHome value of "0" will disable SysHome. Default: None. | ||
-w | WriteOnly | Boolean |
Uploads and related actions (like folder creation) are permitted. All other actions are forbidden. This can be set for individual users in the AuthFile. See Access Privileges for details. See also ReadOnly, GetOnly, WriteListOnly. Default: False. | ||
-W | WriteListOnly | Boolean |
Folder listings, uploads, and related actions (like folder creation) are permitted. All other actions are forbidden. This can be set for individual users in the AuthFile. See Access Privileges for details. See also ReadOnly, GetOnly, WriteOnly. Default: False. |
Performance
These options set performance parameters and resource utilization. Client side settings will also influence performance.
CLI | Config | Value |
-a | Aggression | -3 to 5 |
Sets the default MTP/IP aggression level for clients which do not specify one. Aggression affects relative performance compared to all other data flows sharing the same network path, similar to prioritization. It is very rare to need to set aggression higher than 2. Never set an aggression level of 4 or higher without careful testing. See the Performance section for details. Default: 2. Note: Aggression is internally represented as a value between 125 and 133. If you see these values in diagnostic output, subtract 128 to get the user values. | ||
AggressionLimit | -3 to 5 | |
Sets the maximum Aggression value which clients may select. When setting a limit value, you should also specify a default value with Aggression. Default: None. | ||
-b | StreamSize | kilobytes |
Set the buffer size for compression, Streaming Folders, and object handlers. If your network is very fast and your latency is very high, then you may need to increase the size. The buffer should be at least twice the bandwidth-delay-product of your network path. (Multiply the path bandwidth in bits-per second by the latency in milliseconds, then divide by 4096000. The result is the minimum number of kilobytes recommended.) If you need to increase this value, increase the buffers for ExpeDat Desktop and movedat clients as well. Default: 65536. | ||
-c | Capacity | positive integer |
Set a limit for the maximum number of total concurrent transactions, or zero for the license default. See the Capacity section for more details. | ||
CapacityPerUser | positive integer | |
Set a limit for the maximum number of concurrent transactions allowed for each username, or zero for no per-user limit. See the Capacity section for more details. Default: None. | ||
-e | Expire | seconds |
Sets the default transaction timeout period for clients which do not specify one. This determines how long servedat will wait without hearing from a client before it gives up and aborts a stalled transaction. Longer values may be useful on highly unreliable networks. Default: 40 seconds. | ||
ExpireLimit | seconds | |
Sets the maximum Expire value which clients may select. When setting a limit value, you should also specify a default value with Expire. Default: None. | ||
-E | HandlerTimeout | seconds |
This sets an upper bound on how long an object handler is allowed to run. It is intended as a safety check against runaway processes. Default: None. | ||
-k | MaxRate MaxRateIn MaxRateOut | kilobytes per second |
Sets a default speed limit for individual uploads and/or downloads. You may specify different values for uploads and downloads (incoming and outgoing data) by defining separate MaxRateIn and MaxRateOut variables, or by using the syntax "in:out" with -k. Clients may override this setting. Default: None. | ||
MaxRateLimit MaxRateLimitIn MaxRateLimitOut | kilobytes per second | |
Sets a hard speed limit for individual uploads and/or downloads. You may specify different values for uploads and downloads (incoming and outgoing data) by defining separate MaxRateLimitIn and MaxRateLimitOut variables. Clients may not override this value. When setting a limit value, you should also specify a default value with MaxRate, MaxRateIn, or MaxRateOut. Default: None. | ||
-t | MaxRateTotal MaxRateTotalIn MaxRateTotalOut | kilobytes per second |
Limits the total bandwidth of all uploads and of all downloads. You may specify different values for uploads and downloads (incoming and outgoing data) by defining separate MaxRateTotalIn and MaxRateTotalOut variables, or by using the syntax "in:out" with -t. Upload and download bandwidths are calculated independently (full-duplex is assumed). Default: None. | ||
MaxRTT | milliseconds | |
Request that the path latency for each transaction be limited to the given amount of time. Use this option if other applications (such as VoIP or video) require that latency along the path be kept below a specific target. Transfer speed will be reduced any time latency exceeds this value. This could severely degrade performance if other network traffic is causing high latency. Consider Aggression level -3 as an alternative. Default: None. | ||
MaxRTTLimit | milliseconds | |
Sets the maximum MaxRTT value which clients may select. Default: None. | ||
-L | MinRTT | milliseconds |
Advise MTP/IP of operation on a path with very high latency. The value should be the minimum observed round trip time of the path, in milliseconds. This setting will have no effect for RTTs less than 500ms and has little effect for RTTs less than 2000ms. | ||
-N | NoiseRatio | 4 to 5000 |
MTP/IP normally regards packet loss as an indication of network congestion. This option will cause MTP/IP to ignore packet losses up to a rate of one in N, for a given number N. For example, a value of 100 will cause MTP/IP to ignore a loss rate of up to 1%. This option should only be used on noisy data paths where loss is occurring due to external factors such as uncorrected bit errors. Improper use of this option may severely disrupt the network and result in a loss of performance or connectivity, especially when Aggression is elevated. Default: None. | ||
NoiseRatioLimit | 4 to 5000 | |
Set the lowest NoiseRatio value which clients may select. As a special case, setting NoiseRatioLimit to 0 will disable NoiseRatio for all clients. Default: None. | ||
-T | MaxDatagram | bytes |
Limit the size of network datagram payloads to no more than this amount. The full IP datagram size will be 56 bytes larger when MTP/UDP/IP headers are included. Tunneling, VPNs, IPsec, MPLS and other encapsulations will add more. If your network is known to have an MTU less than 1500 bytes or problems with IP fragmentation, try setting a value of 1408 or smaller. Default: None. | ||
-U | MinDatagram | bytes |
Use network datagram payloads of at least this size. If your network path is very fast (gigabit or more) and every device along that path supports Jumbo frames (MTU 9000), you may be able to improve performance by setting this to 8192. Even larger values, up to 61440 may be used on networks configured to support such MTUs (e.g. InfiniBand). Settings above 1408 without Jumbo frames fully supported may cause severe performance problems or loss of connectivity. Note that setting MinDatagram will increase the minimum throttling limit discussed in the Performance chapter. Default: None. | ||
SiteOptions | address[/bits] [Option[=Value]], ... | |
Set configuration options based on the client host's public IP address. Address must be a DNS name, IP address, or subnet. For subnets, use an address followed by a slash and the number of mask bits. The remaining fields are comma separated pairs of the form Option=Value. The following options are currently available: If a value is given, then that value will be used in place of the corresponding global configuration value. If an option is given with no value, then the corresponding global value will be ignored for this site. Some global settings trigger changes in others (e.g. MaxRate also sets MaxRateIn and MaxRateOut). To override such a setting, you must override all of the settings it triggers. When setting a limit value, you should also specify a matching default value. You may have multiple SiteOptions declarations. If more than one SiteOptions matches a client, the last matching SiteOptions will be used. servedat will attempt to resolve DNS names when it first runs and will refresh them periodically. Default: None. | ||
-Z | NoCompression | Boolean |
Disables support for inline ZLIB compression (zli). Requests seeking compression will be denied. Default: False. |