ftpaccess(4)ftpaccess(4)NAMEftpaccess - ftpd configuration file
SYNOPSISDESCRIPTION
The file is used to configure the operation of (see ftpd(1M)).
Access Capabilities
[ class ... ]
If an user is a member of any of class, the ftp server will per‐
form a to groupname. This allows access to group-and-owner-
read-only files and directories to a particular class of anony‐
mous users. groupname is a valid group from (or whatever mecha‐
nism your library routine uses; see getgrent(3C)).
[ addrglob ... ]
Define class of users, with source addresses of the form addr‐
glob. Multiple members of class may be defined. There may be
multiple commands, listing additional members of the class. If
multiple commands can apply to the current session, the first
one listed in the access file is used. Failing to define a
valid class for a host will cause access to be denied. typelist
is a comma-separated list of any of the keywords and If the key‐
word is included, the class can match users using FTP to access
real accounts, and if the keyword is included, the class can
match users using anonymous FTP. The keyword matches guest
access accounts (see below for more information)
addrglob may be a globbed domain name or a globbed numeric
address. There can be multiple addrglob's for this directive.
To avoid confusion when you have multiple addrglob's, you can
put all the addrglob's in a file and specify the path of the
file in place of the addrglob's.
Placing an exclamation (!) before an addrglob negates the test.
For example:
will classify real users from outside the domain as the class
Use care with this option. Remember, the result of each test is
OR'ed with other tests on the line.
Note: addrglob can be an IPv4 glob address of the form n.n.n.n
where n is either a decimal number between 0 to 255 or an aster‐
isk addrglob can also be an IPv6 address where asterisk is not
supported. The equivalent functionality of asterisk is provided
in the form of the subnet prefix followed by a forward slash and
the prefix length.
This notation of addrglob as a glob address is applicable for
all other directives.
Always deny access to the host(s) matching addrglob. mes‐
sage_file is the file from which denial message is displayed to
the hosts that are denied access. addrglob may be to deny
access to sites without a working nameserver. It may also be
the name of a file, starting with a slash which contains addi‐
tional address globs, as well as in the form address:netmask or
address/cidr.
[ groupname ... ]
[ username ... ]
[ groupname ... ]
[ username ... ]
For if a user is a member of any of groupname, the session is
set up exactly as with anonymous FTP. In other words, a is
done, and the user is no longer permitted to issue the and com‐
mands. groupname is a valid group from (or whatever mechanism
your library routine uses).
The user's home directory must be properly set up, exactly as
anonymous FTP would be. The home directory field of the passwd
entry is divided into two directories. The first field is the
root directory which will be the argument to the call. The sec‐
ond half is the user's home directory relative to the root
directory. The two halves are separated by a
Example:
In the file, the sample entry is:
When successfully logs in, the ftp server will and then The
guest user will only be able to access the directory structure
under (which will look and act as to just as an anonymous FTP
user would.
The group name may be specified by either name or numeric ID.
To use a numeric group ID, place a before the number. Ranges
may be given. Use an asterisk to mean all groups.
works like except it uses the user name (or numeric ID).
and have the same syntax, but reverse the effect of and They
allow real user access when the remote user would otherwise be
determined a guest. For example:
causes all non-anonymous users to be treated as guest, with the
sole exception of users in the admin group who are granted real
user access.
[ class ]
Adjust the process nice value of the ftpd server process by the
indicated nice-delta value if the remote user is a member of the
named class. If class is not specified, then use nice-delta as
the default adjustment to the ftpd server process nice value.
This default nice value adjustment is used to adjust the nice
value of the server process only for those users who do not
belong to any class for which a class-specific directive exists
in the file.
[ class ]
Set the umask applied to files created by daemon if the remote
user is a member of the named class. If class is not specified,
then use the umask as the default for classes which do not have
one specified.
Set the TCP option for data sockets. can be used to control
network disconnect. means to set the TCP option. With the
behavior depends on the system default settings (see ndd(1M)).
NOTE: It is recommended to set to to keep the network traffic
connected.
[ seconds ]
[ seconds ]
[ seconds ]
[ seconds ]
[ seconds ]
[ seconds ]
Set various timeouts.
[seconds] (default 120 seconds). Specify how long the daemon
will wait for an incoming (PASV) data connection.
[seconds] (default 120 seconds). Specify how long the daemon
will wait attempting to establish an outgoing (PORT) data con‐
nection. This affects the actual connection attempt. The dae‐
mon makes several attempts, sleeping a while between each,
before completely giving up.
[seconds] (default 1200 seconds). Specify how long the daemon
will wait for some activity on the data connection. It is rec‐
ommended to keep this value high, because the remote client may
have a slow link and there can be quite a bit of data queued for
the client.
[seconds] (default 900 seconds). Specify how long the daemon
will wait for the next command. The default value (900 seconds)
can be overridden by using the option of (see ftpd(1M)). If is
specified, that value will override both the default value as
well as the value set with option of The SITE IDLE command
allows the remote client to establish a higher value for the
idle timeout. An value of implies that there is no idle timeout
period and the control connection is set to an infinite idle
timeout period. If is set to a value more than (see the
option), will be set to the value.
[seconds] (default 7200 seconds). Specify the the maximum num‐
ber of seconds for the idle timeout. The default value (7200
seconds) can be overridden by using the option of (see
ftpd(1M)). If is specified, that value will override both the
default value as well as the value set with option of A value of
implies that there is no maximum idle timeout period and the
control connection is set to an infinite idle timeout period.
[seconds] (default 10 seconds). Specify the maximum time that
the daemon allows for the entire RFC931 (AUTH/ident) conversa‐
tion. Setting this to zero (0) seconds completely disables the
daemon's use of this protocol. The information obtained via
RFC931 is recorded in the system logs and is not actually used
in any authentication.
[ bytes ]
Specify the number of bytes after which the data connection idle
time is reset, in case of an ASCII mode file transfer (see above
for more information). The number specified must be a positive
power of 2. By default, the number is set to 4096 bytes.
NOTE: If the specified number is smaller than 4096 bytes, will
take the default value (4096 bytes). If the specified number is
too large, a premature closure of the data connection may be
encountered.
[ raw ] count [ class ]
Limit the number (count) of data files that a user in the given
class may transfer. The limit may be placed on files or If
class is not specified, the limit is the default for those
classes which do not have a limit specified. The optional raw
parameter applies the limit to the total traffic rather than
just data files.
[ raw ] count [ class ]
Limit the number of data bytes a user in the given class may
transfer. The limit may be place on bytes or If no class is
specified, the limit is the default for classes which do not
have a limit specified. The optional raw parameter applies the
limit to total traffic rather than just data files.
minutes
Limit the total time a session can take. By default, there is
no limit. Real users are never limited.
[ hostname ] ...
Controls which hosts may be used for anonymous or guest access.
If used without hostname, all guest or anonymous access to this
site is denied. More than one hostname may be specified. Guest
and anonymous access will only be allowed on the named machines.
If access is denied, the user will be asked to use the first
hostname listed.
Limit class to n users at specified times, displaying mes‐
sage_file if user is denied access. The limit check is per‐
formed at login time only. If multiple commands apply to the
current session, the first applicable one is used. Failing to
define a valid limit, or a limit of is equivalent to unlimited.
The format for times can be any of the following:
Any week day
Friday
Any day of week between 9.00 - 13.00 hrs.
Either Thursday or between 9.00 - 13.00.
classname ] ...
filename [ filename ] ...
Always deny retrievability of these files. If the files are an
absolute path specification (that is, begins with character),
then only those files are marked unretrievable. Otherwise all
files with the matching filename are refused transfer. Example:
specifies that no one is able to get the file whereas they are
allowed to transfer a file, if it is not in On the other hand,
no one is able to get a file named wherever it is.
Directory specifications mark all files and sub-directories in
the named directory as "un-gettable" or not obtainable. The
filename may be specified as a file glob. For example:
specifies that no files in or any of its sub-directories may be
retrieved. Also, no files named anywhere under the directory
may be retrieved.
The optional first parameter selects whether names are inter‐
preted as absolute or relative to the current environment. The
default is to interpret names beginning with a slash as abso‐
lute.
The restrictions may be placed upon members of particular
classes. If any is specified, then this option is set only for
the users of that particular class.
classname ] ...
filename [ filename ] ...
Allows retrieval of files which would otherwise be denied by
noretrieve.
After number login failures, log a message and terminate the FTP
connection. Default value is 5.
After a user logs in, the and commands may be used to specify an
enhanced access group and associated password. If the group
name and password are valid, the user becomes (via a member of
the group specified in the group access file,
The format of the group access file is:
where access_group_name is an arbitrary (alphanumeric and punc‐
tuation) string. encrypted_password is the password encrypted
via (see crypt(3C)) exactly like in real_group_name is the name
of a valid group listed in
NOTE: For this option to work for anonymous FTP users, the ftp
server must keep permanently open and the group access file is
loaded into memory. This means that: (1) the ftp server now has
an additional file descriptor open, and (2) the necessary pass‐
words and access privileges granted to users via (see ftpd(1M))
will be static for the duration of an FTP session. If you have
an urgent need to change the access groups and/or passwords now
(immediately), just kill all of the running FTP servers.
Informational Capabilities
Allows you to control how much information is given out before
the remote user logs in. is the default and shows the hostname
and daemon version. shows the hostname. only displays the mes‐
sage "FTP server ready." Also, this message is printed as the
output of the command. Although is the default, is recommended.
NOTE: The two options and are not supported. The greeting
option can be used to suppress the hostname or the daemon ver‐
sion.
The form allows you to specify any greeting message you desire.
The message can be any string; whitespace (spaces and tabs) is
converted to a single space.
Works similarly to the command (see below), except that the ban‐
ner is displayed before the user enters the username and pass‐
word. The path is relative to the real system root, not the
base of the anonymous FTP directory.
use of this command can completely prevent non-compliant FTP
clients from making use of the FTP server. Not all clients can
handle multi-line responses (which is how the banner is dis‐
played).
Defines the default host name of the ftp server. This string
will be printed on the greeting message and every time the magic
cookie is used. See below for a list of magic cookies. The
host name for virtual servers overrides this value. If not
specified, the default host name for the local machine is used.
Defines the email address of the ftp archive maintainer. This
string will be printed every time the magic cookie is used. See
below for a list of magic cookies.
[ when [ class... ]]
Define a file with path such that will display the contents of
the file to the user at login time or upon using the change
working directory command. The when parameter may be or If when
is dir specifies the new default directory which will trigger
the notification.
The optional class specification allows the message to be dis‐
played only to members of a particular class. More than one
class may be specified.
In the message file, the user can key in a message and use the
"macros" or "magic cookies" that are available. The ftp server
will replace the cookie with a specified text string. The fol‐
lowing magic cookies are available:
local time (form Thu Nov 15 17:12:42 1990)
current working directory
the maintainer's email address as defined in
remote host name
local host name
username as determined via RFC931 authentication
username given at login time
maximum allowed number of users in this class
current number of users in this class
absolute limit on disk blocks allocated
preferred limit on disk blocks
current block count
maximum number of allocated inodes (+1)
preferred inode limit
current number of allocated inodes
time limit for excessive disk use
time limit for excessive files
ratios:
Uploaded bytes
Downloaded bytes
Upload/Download ratio (1:n)
Credit bytes
Time limit (minutes)
Elapsed time since login (minutes)
Time left
Upload limit
Download limit
The message will only be displayed once to avoid annoying the
user. Remember that when messages are triggered by an anonymous
FTP user, the path must be relative to the base of the anonymous
FTP directory tree.
[ when [ class ]]
Define a file with path such that will notify user at login time
or upon using the change working directory command that the file
exists and was modified on such-and-such date. The when parame‐
ter may be or If when dir specifies the new default directory
which will trigger the notification. The message will only be
displayed once, to avoid bothering users. Remember that when
messages are triggered by an anonymous FTP user, the path must
be relative to the base of the anonymous FTP directory tree.
The optional class specification allows the message to be dis‐
played only to members of a particular class. More than one
class may be specified.
Logging Capabilities
Enables logging of individual commands by users. typelist is a
comma-separated list of any of the keywords and If the keyword
is included, logging will be done for users using FTP to access
real accounts, and if the keyword is included logging will done
for users using anonymous FTP. The keyword matches guest access
accounts (see in the subsection above for more information).
The individual commands are logged in the file.
Enables logging of file transfers for either real or anonymous
FTP users. Logging of transfers TO the server (incoming) can be
enabled separately from transfers FROM the server (outbound).
typelist is a comma-separated list of any of the keywords and If
the keyword is included, logging will be done for users using
FTP to access real accounts. If the keyword is included, log‐
ging will be done for users using anonymous FTP. The keyword
matches guest access accounts (see in the subsection above for
more information). directions is a comma-separated list of any
of the two keywords and and will respectively cause transfers to
be logged for files sent to the server and sent from the server.
All the logging is done into the file
Enables logging of violations of security rules (noretrieve,
notar, ...) for real, guest and/or anonymous users. typelist
is a comma-separated list of any of the keywords and If the key‐
word is included, logging will be done for users using FTP to
access real accounts. If the keyword is included, logging will
done for users using anonymous FTP. The keyword matches guest
access accounts (see for more information).
Redirects the logging messages for incoming and outgoing trans‐
fers to either or or both. By default (if is not specified),
the transfer log messages are put into will put the log messages
into only will put the log messages into both and
Upload/Download Ratios
[ class ... ]
Specify an Upload/Download ratio (1:rate). For each byte that
an ftp user uploads, rate bytes can be downloaded. By default,
there is no ratio.
[ class ... ]
The file filename can be downloaded freely ignoring the ratio.
See above.
[ class ... ]
All files in the directory dirname and its subdirectories can be
downloaded freely ignoring the ratio. See above.
Note that both and are relative to the system's root environ‐
ment, not the environment.
Miscellaneous Capabilities
Defines an alias, string, for the specified directory, dir. Can
be used to add the concept of logical directories.
For example:
would allow the user to access from any directory by the command
Aliases only apply to the command.
Defines a directory entry in the dir defines a search path that
is used when changing directories.
For example:
would allow the user to into any directory directly under or
directories. The search path is defined by the order in which
the lines appear in the
If the user were to give the command:
The directory will be searched for in the following order:
The path is only available with the command. If you have a
large number of aliases, you might want to set up an aliases
directory with links to all of the areas that you wish to make
available to users.
classglob [ classglob ... ]
classglob [ classglob ... ]
Enables or capabilities for any class matching any of classglob.
The actual conversions are defined in the external file
If the file pointed to by path exists, the server will check the
file regularly to see if the server is going to be shut down.
If a shutdown is planned, the user is notified, new connections
are denied after a specified time before shutdown and current
connections are dropped at a specified time before shutdown.
path points to a file structured as follows:
year month day hour minute deny_offset disc_offset
text
year any year > 1970
month <-- Note: month index begins from
hour
minute
deny_offset and disc_offset are the offsets in HHMM format
before the shutdown time that new connections will be denied and
existing connections will be disconnected.
text follows the normal rules for any message (see in the sub‐
section), with the following additional magic cookies available:
time system is going to shut down
time new connections will be denied
time current connections will be dropped
All times are in the form: ddd MMM DD hh:mm:ss YYYY. There can
be only one command in the configuration file.
The external program can be used to automate the process of gen‐
erating this file.
If this value is not set, then the server will listen for con‐
nections on every IP addresses. Otherwise it will only listen
on the IP address specified. Use of this clause is discouraged
as it will break virtual hosting. This option will work only
when is running in the standalone mode (see ftpd(1M)).
Specifies the transfer logfile for the default server. Virtual
hosts can override this with the "" option. If omitted, the
default logfile is used.
Normally used in a virtual host file, the root directive is used
to specify the path to the root of the directory for this
server.
path
Enables the virtual ftp server capabilities. The address is the
IP address of the virtual server. The second argument specifies
that the path is one of the following:
The root of the filesystem for this virtual server.
The banner presented to the user when connecting to this virtual
server.
The logfile where transfers are recorded for this virtual
server. If
is not specified, the default logfile will be used.
All other message files and permissions as well as any other
settings in this file apply to all virtual servers.
The address may also be specified as the hostname rather than
the IP number. This is strongly discouraged because if DNS is
not available at the time the FTP session begins, the hostname
will not be matched.
The above options must be used in the file only and not in the
virtual domain file.
{ hostname|email } string
Sets string to either the hostname shown in the greeting message
and command, or to the email address used in message files and
on the command.
The above options must be used in the file only and not in the
virtual domain file.
[ username ... ]
[ username ... ]
Normally, real and guest users are not allowed to log in on the
virtual server unless they are guests and to the virtual root.
The users listed on the line(s) will be granted access. All
users can be granted access by giving as the username. The
clauses are processed after the clauses and are used to deny
access to specific users when all users were allowed.
The above options can be used in both the file and in the vir‐
tual domain file.
Normally, anonymous users are allowed to log in on the virtual
server. This option denies them access.
The above option must be used in the file only and not in the
virtual domain file.
Use a different passwd file for the virtual domain.
Note: This option is currently not supported in HP-UX.
Use a different shadow file for this virtual domain.
Note: This option is currently not supported in HP-UX.
[ username ... ]
[ username ... ]
Normally, all users are allowed access to the default (non-vir‐
tual) FTP server. Use to revoke access for specific users.
Specify to deny access to all users. Specific users can then be
allowed using
Normally, anonymous users are allowed on the default (non-vir‐
tual) FTP server. This statement disallows anonymous access.
The and and clauses provide a means to control which users are
allowed access on which FTP servers.
Allows control of the address reported in response to a command.
When any control connection matching the cidr requests a passive
data connection the externalip address is reported.
NOTE: this does not change the address that the daemon actually
listens on, only the address reported to the client. This fea‐
ture allows the daemon to operate correctly behind IP-renumber‐
ing firewalls. For example:
Clients connecting from the class-A network 10 will be told the
passive connection is listening on IP-address 10.0.1.15 while
all others will be told the connection is listening on
192.168.1.5.
Multiple passive addresses may be specified to handle complex,
or multi-gatewayed, networks.
Note: This option is not supported on IPv6 enabled systems.
Allows control of the TCP port numbers which may be used for a
passive data connection. If the control connection matches the
cidr, a port in the range min to max will be randomly selected
for the daemon to listen on. This feature allows firewalls to
limit the ports which remote clients may use to connect into the
protected network.
cidr is shorthand for an IP address in dotted-quad notation fol‐
lowed by a slash and the number of left-most bits which repre‐
sent the network address (as opposed to the machine address).
For example, if you are using the reserved class-A network 10,
instead of a netmask of 255.0.0.0, use a cidr of /8 as in
10.0.0.0/8 to represent your network.
Note: This option is not supported on IPv6 enabled systems.
[ addrglob ... ]
[ addrglob ... ]
Normally, the daemon does not allow a command to specify an
address different than that of the control connection. And it
does not allow a connection from another address.
The clause provides a list of addresses which the specified
class of user may give on a command. These addresses will be
allowed even if they do not match the IP-address of the client-
side of the control connection.
The clause provides a list of addresses which the specified
class of user may make data connections from. These addresses
will be allowed even if they do not match the IP-address of the
client-side of the control connection.
[ options ... ]
[ options ... ]
[ options ... ]
The and clauses specify the command and the command options used
to generate directory listings. Note the options cannot contain
spaces. Typically the command is used to provide directory
listings. To change the path for specify it in The defaults for
these clauses are generally correct. For normal users is used.
For anonymous users is used. is used for special cases. Use or
only if absolutely necessary.
[ hostname ... ]
Specify the name of a mail server which will accept upload noti‐
fications for the FTP daemon. Multiple mail servers may be
listed; the daemon will attempt to deliver the upload notifica‐
tion to each, in order, until one accepts the message. If no
mail servers are specified, localhost is used. This option is
only meaningful if anyone is to be notified of anonymous uploads
(see below).
Specify email addresses to be notified of anonymous uploads.
Multiple addresses can be specified; each will receive a notifi‐
cation. If none are specified, no notifications are sent.
If addresses are specified for a host, only those addresses will
receive notification up anonymous uploads on that host. Other‐
wise, notifications will be sent to the global addresses.
The above option must be used in the file only and not in the
virtual domain file.
The addresses only apply to real hosts and not virtual hosts.
In this way, the real host can receive notifications of uploads
on their default anonymous area. However, with this option set,
the virtual hosts will not be notified.
Specify the sender's email address for anonymous upload notifi‐
cations. Only one address may be specified. If no applies,
email is sent from the default mailbox name To avoid problems if
the recipient attempts to reply to a notification, or if down‐
stream mail problems generate bounces, you should ensure the is
deliverable.
The above option must be used in the file only and not in the
virtual domain file.
Permission Capabilities
typelist
typelist
typelist
typelist
typelist
Allows or disallows the ability to perform the specified func‐
tion. By default, all users are allowed.
typelist is a comma-separated list of any of the keywords and
When appears, it must be followed by a classname. If any
appears, the typelist restriction applies only to users in that
class.
Define the level and enforcement of password checking done by
the server for anonymous ftp.
no password checking performed.
password must contain an
password must be an rfc822 compliant address.
warn the user, but allow them to log in.
warn the user, and then log them out.
The e-mail address given as an argument is considered to be
invalid. If is set to enforce, anonymous users giving this
address as password cannot log in. This is one way that you can
stop users from having web browsers that use fake addresses like
IE?0User@ or mozilla@. By using you are not shutting out users
using a web browser for ftp. You just making them configure
their browser correctly. Only one address per line, but you can
have as many clauses as you like.
[ disallowed_regexp ... ]
For users in typelist, defines regular expressions that control
what a filename can or cannot be. Disallowed regular expres‐
sions, disallowed_regexp, may be specified with multiple regular
expressions (see regexp(5)). If a filename is invalid due to
failure to match the regular expression criteria, mesg will be
displayed to the user. For example:
specifies that all upload filenames for anonymous users must be
made of only the characters period dash and underscore The file‐
names may not begin with a period or a dash as specified by ^\.
and ^- respectively. If the filename is invalid, will be dis‐
played to the user.
classname ]... [-] root-dir dirglob owner group mode [ d_mode ]
Define a directory with dirglob that permits or denies uploads.
If it does permit uploads, all newly created files will be owned
by owner and group and will have the permissions set according
to mode. Existing files which are overwritten will keep their
original ownership and permissions.
Directories are matched on a best-match basis.
For example:
These commands would only allow uploads into and Files that were
uploaded to would be owned by and would have permissions of File
uploaded to would be owned by and have permissions of Note that
the root-dir here must match the home directory specified in the
password database for the user.
The optional and keywords can be specified to allow or disallow
the creation of new subdirectories using the command.
Note that if the command is used, directory creation is allowed
by default. To turn it off by default, you must specify a user,
group and mode followed by the keyword as the first line where
the command is used in this file.
If directories are permitted, the optional d_mode determines the
permissions for a newly created directory. If d_mode is omit‐
ted, the permissions are inferred from mode or are if mode is
also omitted.
only applies to users who have a home directory (the argument to
the of root-dir. root-dir may be specified as to match any home
directory.
The owner and/or group may each be specified as in which case
any uploaded files or directories will be created with the own‐
ership of the directory in which they are created.
The optional first parameter selects whether root-dir names are
interpreted as absolute or relative to the current environment.
The default is to interpret root-dir names as absolute.
You can specify any number of restrictions. If any are speci‐
fied, this upload clause only takes effect if the current user
is a member of one of the classes.
[ class ... ]
root-dir specifies the path for anonymous users. If no is
matched, the old method of parsing the home directory for the
ftp user is used. If no class is specified, root-dir is the
root directory for anonymous users who do not have any other
specification. Multiple classes may be given on the line. If
an is chosen for the user, the ftp user's home directory in the
file is used to determine the initial directory, and the ftp
user's home directory in the system-wide is not used. For exam‐
ple:
causes all anonymous users to be to the directory Then, if the
ftp user exists in their initial is that home directory. Anony‐
mous users in the class localnet, however, are to the directory
and their initial is taken from the ftp user's home directory in
[ uid-range ... ]
root-dir specifies the path for guest users. If is not matched,
the old method of parsing the user's home directory is used. If
no uid-range is specified, the root directory is for guest users
who do not match any other guest-root specification. Multiple
uid ranges may be given on the line. If a is chosen for the
user, the user's home directory in the file is used to determine
the initial directory and their home directory in the system-
wide is not used.
uid-range specifies numeric UID values. Ranges are specified by
giving the lower and upper bounds (inclusive), separated by a
dash. Omitting the lower bound means "all up to", and omitted
the upper bound means "all starting from". For example:
causes all guest users to to then starts each user in their home
directory specified in Users in the range 100 through 999,
inclusive, and user will be to and the CWD will be taken from
their entries in The single user will be to and the CWD will be
from his entry in
Note that order is important for both and If a user would match
multiple clauses, only the first applies; with the exception of
the clause which has no class or uid-range, which applies only
if no other clause matches.
These clauses allow specification of UID and GID values which
will be denied access to the ftp server. The and clauses may be
used to allow access for uid/gid which would otherwise be
denied. These checks occur before all others. Deny is checked
before allow. The default is to allow access. Note that in
most cases, this can remove the need for an files. For example:
denies ftp access to all privileged or special users and groups
on a Linux box except the anonymous ftp user/group. In many
cases, this can eliminate the need for the file. Support for
that file still exists so it may be used when changing is not
desired.
Throughout the file, at any place that a single UID or GID is
allowed, either names or numbers may be used. To use numbers,
put a before it. In places where a range is allowed, put the
before the range.
These clauses control whether or not real or guest users will be
allowed access to areas on the FTP site outside their home
directories. They are not meant to replace the use of guest‐
group and guestuser. Instead, use these to supplement the oper‐
ation of guests. The and clauses may be used to allow users
outside their home directories who would otherwise be
restricted.
An example of the use of these clauses shows their intended use.
Assume user has a home directory and has a home directory
While both and are to they cannot access each other's files
because they are restricted to their home directories.
Wherever possible, in situations such as this example, try not
to rely solely upon the ftp restrictions. As with all other ftp
access rules, try to use directory and file permissions to back‐
stop the operation of the configuration.
[ class ... ]
The SITE EXEC feature traditionally limits the number of lines
of output which may be sent to the remote client. This clause
allows you to set this limit. If omitted, the limit is 20
lines. A limit of 0 (zero) implies no limit. Be very careful
if you choose to remove the limit. If a clause is found match‐
ing the remote user's class, that limit is used. Otherwise, the
clause with class or no class given, is used. For example:
The above examples limit output from SITE EXEC (and therefore
SITE INDEX) to lines for users, specifies there is no limit at
all for users, and sets a limit of lines for all other users.
Refuse FTP sessions when the forward and reverse lookups for the
remote site do not match. Display the named file, filename
(like a message file), admonishing the user. If the optional is
specified, allow the connection after complaining.
Refuse FTP sessions when there is no reverse DNS entry for the
remote site. Display the named file, filename (like a message
file), admonishing the user. If the optional is specified,
allow the connection after complaining.
[ options ]
allows you to tweak name server options. The line takes a
series of flags as documented in resolver(3N) (with the leading
RES_ removed). Each can be preceded by an optional or For exam‐
ple,
turns on the option (only accept authoritative answers) and
turns off the option (search the domain path).
NOTE: For any clause that involves make sure that you copy the
libraries and to the directory of the current environment.
FILESAUTHOR
was developed by the Washington University, St. Louis, Missouri.
SEE ALSOftpshut(1), groups(1), passwd(1), ftpd(1M), chroot(2), umask(2),
resolver(3N), ftpconversions(4), ftpgroups(4).
ftpaccess(4)