As of v5.1, the GameCreate client includes a built-in FTP server that can be used to transfer files to or from each host. The FTP server is disabled by default.
Enabling FTP servers
To begin using GameCreate FTP, you must first enable the FTP service. Click on the Domain tab to access the domain configuration area. Click on the FTP Admin tab. The checkbox labelled "Allow users with suitable permissions to FTP to hosts" and a section to control Uploads and Downloads will appear if running in Basic FTP Mode (chosen by default).
At this point, you may opt to click Save to enable restricted FTP to all your hosts. Alternatively, read on for further information on the configuration choices available including restricting which hosts will have FTP access.
Each host's FTP server runs on port 2121. A Server's Files page will show the correct IP and Port combination to use to access that server's files over FTP.
In order to access FTP for a given Host or Server, you first locate which Host a given Server is located on and then FTP to that Server's Host Address on port 2121. You do not enter your GameCreate URL (such as example.au.gamecreate.com) as the FTP server in your FTP Client, rather, you enter the Host computer's IP Address (Found on the Server Overview page) that is running your game Server.
GameCreate's FTP server only supports passive transfers. Most modern FTP clients will use passive transfers by default, but others may need to be configured explicitly. Consult your FTP client's documentation for further details.
When FTP support is disabled, new FTP connections will be denied immediately, and any active FTP sessions will be disconnected within a few moments.
Permissions
GameCreate's built-in FTP server is tightly integrated with GameCreate's permission system. GameCreate's FTP access uses the following rules:
Users must login using the same username and password they use to access GameCreate.com.
Users can only enter game directories they have (at least) read access to.
For each game server a user has permission to access, that user has the same level of access to the game's installation directory for the server.
There are two important points to note here about how GameCreate handles game installations:
Game installations are performed by copying the appropriate files into a directory that is shared by all modifications (or "mods") of a particular game. This means that a user with access to a modification can access all files for that modification's parent game type.
Subdomains do not share game directories with each other (or their parent domain). This ensures each subdomain has its own installation of games so that modifications made via FTP to the subdomain do not affect other subdomains' users.
Advanced FTP Mode (Click Switch to Advanced) may be used to tightly control FTP Permissions to accomodate game mods.
Example
This may be easier to understand with an example. Consider the following domain setup:
Three hosts, named "Host A", "Host B" and "Host C".
All three hosts have "Quake 3: Arena" installed at C:\GameCreate\quake3
"Host B" has "Rocket Arena 3" installed. "Rocket Arena 3" is a modification of "Quake 3: Arena", so it is also installed at C:\GameCreate\quake3
"Host B" has "Battlefield 2" installed at C:\GameCreate\bf2
Four servers:
"Quake 3 #1" is a "Quake 3: Arena" server running on "Host A"
"Quake 3 #2" is a "Quake 3: Arena" server running on "Host B"
"Test Me" is a "Rocket Arena 3" server running on "Host B"
"BF4EVA" is a "Battlefield 2" server running on "Host B"
John has the write permission on all "Quake 3: Arena" servers
Beth has the write permission on the "Test Me" game server
If FTP were enabled:
John has write permission on all Quake 3: Arena servers. There is at least one Quake 3: Arena server on "Host A" and "Host B", so John could connect to "Host A" and "Host B" and access the C:\GameCreate\quake3 directory.
Beth has write permission on the "Test Me" game server, which is on "Host B", so Beth could connect to "Host B" and access the C:\GameCreate\quake3 directory.
Note that John and Beth can both access C:\GameCreate\quake3 on "Host B", despite them being different game types. In particular, this means that John could download the "Test Me" configuration file. IF you have different sets of user permissions for a game versus its modifications (and you do not trust your users), take one of the following steps:
Do not install different modifications of a game on the same host
Use one or more subdomains to force the software to be installed in a different location
Enable Advanced FTP Mode and define appropriate permissions per game to restrict the access each user may have based on their server's game.
In the above example, a few directories were inaccessible:
On "Host B", C:\GameCreate\bf2 was inaccessible. While there was at least one "Battlefield 2" server on "Host B", no one had permission to access it.
On "Host C", C:\GameCreate\quake3 was inaccessible. While John has appropriate permission on "Quake 3: Arena" servers, there were no "Quake 3: Arena" servers on "Host C" which meant he could not access it.
If a user does not have permission to access any servers on a host, FTP login attempts will be rejected.
Basic FTP: Uploads and Downloads
You may add additional restrictions to user's abilities to upload and download beyond the standard read/write permissions described in the previous section. The choices available for uploads are:
Do not permit uploads. The user can not upload any type of file.
Allow non-executable uploads. The user can upload any file that is not "executable", based on the file's extension. Executable files are regarded as having an extension of .exe , .dll, .com, .bat, .pif, .so, .py. In addition, Linux hosts will prevent the user from overwriting a file that has its execute bit set.
Allow all uploads. The user can upload any file at all, regardless of extension. Linux hosts still will not permit the upload of executable bit files.
The default upload option is Allow non-executable uploads, which provides some basic security against users trying to take control of a host by uploading executable code. This is particularly useful in a server rental environment.
The choices available for downloads are:
Do not permit downloads. The user can not download any type of file.
Allow text-file downloads. The user can only download a file that is regarded as being a configuration or log file, based on the file's extension. Text files are regarded as having an extension of .txt, .ini, .cfg, .log.
Allow all downloads. The user can download any file at all, regardless of extension.
The default download option is Allow text-file downloads, which lets user retrieve configuration and logging information without allowing users to download copyrighted game files that may not be distributed.
If "Do not permit uploads" and "Do not permit downloads" is selected, FTP servers will be turned off entirely. This is useful if you wish to use the per-host configuration (see next section) to allow access to only one or two of your hosts.
Advanced FTP: Permissions based on access lists
Advanced FTP Mode allows you to control access permissions to specific resources (both uploads and downloads) on a per host, user and global basis.
Permissions are defined on the 'Default Permissions' and 'User Permissions' tabs found at the top while running in Advanced FTP Mode.
On the FTP Overview section, you can choose what action GameCreate should take when a user requests a file to be uploaded or downloaded that has no matching FTP Rule. The default action is to Deny any attempt that was not explicitly permitted in the Default/User Permission sections.
Default Permissions Permissions for Advanced FTP access are controlled via FTP Access Control Lists (ACLs).
ACLs allow you to define permitted uploads and downloads based on file/folder names and using wildcards.
The permission list is evaluated from the top down, and as soon as a matching rule is found to permit or deny a user's request, that result is used.
Access control may be defined on a per game, package or global level.
Game level permissions are applied to a users FTP session when they have permission to read/write that game. Package level permissions are applied when a user has read/write access to a game which uses that particular package. Default level permissions are always applied.
For a user to be permitted to (for example) download a file called 'server.cfg' under the 'cstrike/cfg' folder, you would need to:
Select Counter-Strike from the 'Game or Package' list
Add a new Permit rule for '.cfg' in the 'Extension' type drop down and a direction of 'Download' (or Both).
Add a new Permit rule for 'cstrike/cfg/*' in the 'Path' type drop down a direction of 'Download' (or Both).
A user may now login to FTP and download .cfg files from the cstrike/cfg folder.
Paths are relative to the game's installation directory, in this case it would be (for example) c:\games\hlserver.
It's also possible to restrict only downloading .cfg files from the cstrike/cfg folder (regardless of what is listed in the Permitted list of extensions) based on a Permit rule for 'cstrike/cfg/*.cfg' in the 'Path' type drop down. You still require an extension of '.cfg' to be downloaded however.
Do not show files in directory listing that have a Deny Download rule When a Deny rule is explicitly defined for the active permission group, files/folders matching a Deny rule will be hidden from the directory listing of a user's FTP session.
User Permissions The same rules apply to this area as the Default Permissions, except that a user may have specific permission's replaced instead of using the Default Permissions for the chosen Game or Package.
Rules that are not overridden are still inherited from the Default Permissions area.
Per-User Configuration
While running in Advanced FTP mode (See above for details) user permissions may be defined on a per user basis by accessing the User Permissions section of FTP Admin.
Per-Host Configuration
Each host defaults to using the FTP settings as configured on the Domain FTP Admin page. You are also able to change the FTP settings on a host-by-host basis. Advanced FTP allows per-user permissions to be defined.
To change the FTP settings for a host, visit the host's Overview page and click on Configuration. Click the "Override the default FTP settings" checkbox to display the host's FTP settings. Uploads and Downloads can be configured in the same manner as the Domain FTP Admin screen (see the previous section "Uploads and Downloads" for details).
If FTP has not been enabled for the domain, the message "FTP is currently disabled for this domain." will appear instead. FTP access must be enabled via the Domain FTP Admin screen - even if "Do not permit uploads" and "Do not permit downloads" are the selected options.
When FTP support is disabled on the Domain FTP Admin page, it is disabled on every host, regardless of any overridden configuration.
Speed Limit Control
GameCreate Client can enforce an overall combined upload/download transfer speed per host. This value is not per user, but per host. This allows you to throttle the total bandwidth used by the FTP Server for file transfers to prevent the host from using up too much bandwidth from user FTP sessions, which may interefer with game servers running on the host.
With a transfer limit speed of 128KB/sec, two users may be uploading/download files at the same time, and they will be allocated half of this bandwidth during their transfers. If a user's transfer completes, their reserved bandwidth is given back to any other connected users to allow them to complete their transfers faster.
FTP Speed throttling may be disabled by selecting No Limit.