ftpaccess(4) ftpaccess(4)
NAME [Toc] [Back]
ftpaccess - ftpd configuration file
SYNOPSIS [Toc] [Back]
/etc/ftpd/ftpaccess
DESCRIPTION [Toc] [Back]
The /etc/ftpd/ftpaccess file is used to configure the operation of
ftpd (see ftpd(1M)).
Access Capabilities [Toc] [Back]
autogroup groupname class [ class ... ]
If an anonymous user is a member of any of class, the ftp server
will perform a setgid() to groupname. This allows access to
group-and-owner-read-only files and directories to a particular
class of anonymous users. groupname is a valid group from
/etc/group (or whatever mechanism your getgrent() library routine
uses; see getgrent(3C)).
class class typelist addrglob [ addrglob ... ]
Define class of users, with source addresses of the form
addrglob. Multiple members of class may be defined. There may
be multiple class commands, listing additional members of the
class. If multiple class commands can apply to the current
session, the first one listed in the access file is used.
Failing to define a valid class for a host will cause access to
be denied. typelist is a comma-separated list of any of the
keywords anonymous, guest and real. If the real keyword is
included, the class can match users using FTP to access real
accounts, and if the anonymous keyword is included, the class can
match users using anonymous FTP. The guest keyword matches guest
access accounts (see guestgroup below for more information)
addrglob may be a globbed domain name or a globbed numeric
address. There can be multiple addrglob's for this directive. To
avoid confusion when you have multiple addrglob's, you can put
all the addrglob's in a file and specify the path of the file in
place of the addrglob's.
Placing an exclamation (!) before an addrglob negates the test.
For example:
class rmtuser real !*.example.com
will classify real users from outside the example.com domain as
the class rmtuser. Use care with this option. Remember, the
result of each test is OR'ed with other tests on the line.
Hewlett-Packard Company - 1 - HP-UX 11i Version 2: August 2003
ftpaccess(4) ftpaccess(4)
deny addrglob message_file
Always deny access to the host(s) matching addrglob.
message_file is the file from which denial message is displayed
to the hosts that are denied access. addrglob may be !nameserved
to deny access to sites without a working nameserver. It may
also be the name of a file, starting with a slash (/), which
contains additional address globs, as well as in the form
address:netmask or address/cidr.
guestgroup groupname [ groupname ... ]
guestuser username [ username ... ]
realgroup groupname [ groupname ... ]
realuser username [ username ... ]
For guestgroup, if a real user is a member of any of groupname,
the session is set up exactly as with anonymous FTP. In other
words, a chroot() is done, and the user is no longer permitted to
issue the USER and PASS commands. groupname is a valid group
from /etc/group (or whatever mechanism your getgrent() library
routine uses).
The user's home directory must be properly set up, exactly as
anonymous FTP would be. The home directory field of the passwd
entry is divided into two directories. The first field is the
root directory which will be the argument to the chroot call.
The second half is the user's home directory relative to the root
directory. The two halves are separated by a /./.
Example:
In the /etc/passwd file, the sample entry is:
guest1:<passwd>:100:92:Guest Account:/ftp/./incoming:/etc/ftponly
When guest1 successfully logs in, the ftp server will chroot
(/ftp) and then chdir (/incoming). The guest user will only be
able to access the directory structure under /ftp (which will
look and act as / to guest1), just as an anonymous FTP user
would.
The group name may be specified by either name or numeric ID. To
use a numeric group ID, place a % before the number. Ranges may
be given. Use an asterisk (*) to mean all groups.
guestuser works like guestgroup, except it uses the user name (or
numeric ID).
realuser and realgroup have the same syntax, but reverse the
effect of guestuser and guestgroup. They allow real user access
when the remote user would otherwise be determined a guest. For
Hewlett-Packard Company - 2 - HP-UX 11i Version 2: August 2003
ftpaccess(4) ftpaccess(4)
example:
guestuser *
realgroup admin
causes all non-anonymous users to be treated as guest, with the
sole exception of users in the admin group who are granted real
user access.
nice nice-delta [ class ]
Adjust the process nice value of the ftpd server process by the
indicated nice-delta value if the remote user is a member of the
named class. If class is not specified, then use nice-delta as
the default adjustment to the ftpd server process nice value.
This default nice value adjustment is used to adjust the nice
value of the server process only for those users who do not
belong to any class for which a class-specific nice directive
exists in the ftpaccess file.
defumask umask [ class ]
Set the umask applied to files created by daemon if the remote
user is a member of the named class. If class is not specified,
then use the umask as the default for classes which do not have
one specified.
keepalive { yes|no }
Set the TCP SO_KEEPALIVE option for data sockets. keepalive can
be used to control network disconnect. yes means to set the TCP
SO_KEEPALIVE option. With no, the behaviour depends on the
system default settings (see ndd(1M)).
NOTE: It is recommended to set keepalive to yes to keep the
network traffic connected.
timeout accept [ seconds ]
timeout connect [ seconds ]
timeout data [ seconds ]
timeout idle [ seconds ]
timeout maxidle [ seconds ]
timeout RFC931 [ seconds ]
Set various timeouts.
accept [seconds] (default 120 seconds). Specify how long the
daemon will wait for an incoming (PASV) data connection.
connect [seconds] (default 120 seconds). Specify how long the
daemon will wait attempting to establish an outgoing (PORT) data
Hewlett-Packard Company - 3 - HP-UX 11i Version 2: August 2003
ftpaccess(4) ftpaccess(4)
connection. This affects the actual connection attempt. The
daemon makes several attempts, sleeping a while between each,
before completely giving up.
data [seconds] (default 1200 seconds). Specify how long the
daemon will wait for some activity on the data connection. It is
recommended to keep this value high, because the remote client
may have a slow link and there can be quite a bit of data queued
for the client.
idle [seconds] (default 900 seconds). Specify how long the daemon
will wait for the next command. The default value (900 seconds)
can be overridden by using the -t option of ftpd (see ftpd(1M)).
If idle is specified, that value will override both the default
value as well as the value set with -t option of ftpd. The SITE
IDLE ftpd command allows the remote client to establish a higher
value for the idle timeout.
maxidle [seconds] (default 1200 seconds). Specify the the maximum
number of seconds for the idle timeout. The default value (1200
seconds) can be overridden by using the -T option of ftpd (see
ftpd(1M)). If maxidle is specified, that value will override
both the default value as well as the value set with -T option of
ftpd.
RFC931 [seconds] (default 10 seconds). Specify the maximum time
that the daemon allows for the entire RFC931 (AUTH/ident)
conversation. Setting this to zero (0) seconds completely
disables the daemon's use of this protocol. The information
obtained via RFC931 is recorded in the system logs and is not
actually used in any authentication.
file-limit [ raw ] { in|out|total } count [ class ]
Limit the number (count) of data files that a user in the given
class may transfer. The limit may be placed on files in, out or
total. If class is not specified, the limit is the default for
those classes which do not have a limit specified. The optional
raw parameter applies the limit to the total traffic rather than
just data files.
data-limit [ raw ] { in|out|total } count [ class ]
Limit the number of data bytes a user in the given class may
transfer. The limit may be place on bytes in, out or total. If
no class is specified, the limit is the default for classes which
do not have a limit specified. The optional raw parameter
applies the limit to total traffic rather than just data files.
limit-time { *|anonymous|guest } minutes
Hewlett-Packard Company - 4 - HP-UX 11i Version 2: August 2003
ftpaccess(4) ftpaccess(4)
Limit the total time a session can take. By default, there is no
limit. Real users are never limited.
guestserver [ hostname ] ...
Controls which hosts may be used for anonymous or guest access.
If used without hostname, all guest or anonymous access to this
site is denied. More than one hostname may be specified. Guest
and anonymous access will only be allowed on the named machines.
If access is denied, the user will be asked to use the first
hostname listed.
limit class n times message_file
Limit class to n users at specified times, displaying
message_file if user is denied access. The limit check is
performed at login time only. If multiple limit commands apply
to the current session, the first applicable one is used.
Failing to define a valid limit, or a limit of -1, is equivalent
to unlimited. The format for times can be any of the following:
Any Any week day
Fr Friday
Any0900-1300 Any day of week between 9.00 - 13.00 hrs.
Th|Any0900-1300 Either Thursday or between 9.00 - 13.00.
noretrieve [ absolute|relative ] [ class= classname ] ...
[-] filename [ filename ] ...
Always deny retrievability of these files. If the files are an
absolute path specification (i.e. begins with / character), then
only those files are marked unretrievable. Otherwise all files
with the matching filename are refused transfer. Example:
noretrieve /etc/passwd core
specifies that no one is able to get the file /etc/passwd,
whereas they are allowed to transfer a file, passwd, if it is not
in /etc. On the other hand, no one is able to get a file named
core wherever it is.
Directory specifications mark all files and sub-directories in
the named directory as "un-gettable" or not obtainable. The
filename may be specified as a file glob. For example:
noretrieve /etc /home/*/.htaccess
specifies that no files in /etc or any of its sub-directories may
be retrieved. Also, no files named .htaccess anywhere under the
/home directory may be retrieved.
Hewlett-Packard Company - 5 - HP-UX 11i Version 2: August 2003
ftpaccess(4) ftpaccess(4)
The optional first parameter selects whether names are
interpreted as absolute or relative to the current chroot'd
environment. The default is to interpret names beginning with a
slash as absolute.
The noretrieve restrictions may be placed upon members of
particular classes. If any class= is specified, then this option
is set only for the users of that particular class.
allow-retrieve [ absolute|relative ] [ class= classname ] ...
[-] filename [ filename ] ...
Allows retrieval of files which would otherwise be denied by
noretrieve.
loginfails number
After number login failures, log a message and terminate the FTP
connection. Default value is 5.
private { yes|no }
After a user logs in, the SITE GROUP and SITE GPASS ftpd commands
may be used to specify an enhanced access group and associated
password. If the group name and password are valid, the user
becomes (via setgid()) a member of the group specified in the
group access file, /etc/ftpd/ftpgroups.
The format of the group access file is:
access_group_name:encrypted_password:real_group_name
where access_group_name is an arbitrary (alphanumeric and
punctuation) string. encrypted_password is the password
encrypted via crypt() (see crypt(3C)) exactly like in
/etc/passwd. real_group_name is the name of a valid group listed
in /etc/group.
NOTE: For this option to work for anonymous FTP users, the ftp
server must keep /etc/group permanently open and the group access
file is loaded into memory. This means that: (1) the ftp server
now has an additional file descriptor open, and (2) the necessary
passwords and access privileges granted to users via SITE GROUP
(see ftpd(1M)) will be static for the duration of an FTP session.
If you have an urgent need to change the access groups and/or
passwords now (immediately), just kill all of the running FTP
servers.
Informational Capabilities [Toc] [Back]
greeting { full|brief|terse }
Hewlett-Packard Company - 6 - HP-UX 11i Version 2: August 2003
ftpaccess(4) ftpaccess(4)
greeting text message
Allows you to control how much information is given out before
the remote user logs in. greeting full is the default and shows
the hostname and daemon version. greeting brief shows the
hostname. greeting terse only displays the message "FTP server
ready." Also, this message is printed as the output of the STAT
command. Although full is the default, brief is recommended.
NOTE: The two options suppresshostname and suppressversion, are
not supported. The greeting option can be used to suppress the
hostname or the daemon version.
The greeting text message form allows you to specify any greeting
message you desire. The message can be any string; whitespace
(spaces and tabs) is converted to a single space.
banner path
Works similarly to the message command (see below), except that
the banner is displayed before the user enters the username and
password. The path is relative to the real system root, not the
base of the anonymous FTP directory.
WARNING: use of this command can completely prevent non-compliant
FTP clients from making use of the FTP server. Not all clients
can handle multi-line responses (which is how the banner is
displayed).
hostname some.host.name
Defines the default host name of the ftp server. This string
will be printed on the greeting message and every time the %L
magic cookie is used. See message below for a list of magic
cookies. The host name for virtual servers overrides this value.
If not specified, the default host name for the local machine is
used.
email name
Defines the email address of the ftp archive maintainer. This
string will be printed every time the %E magic cookie is used.
See message below for a list of magic cookies.
message path [ when [ class... ]]
Define a file with path such that ftpd will display the contents
of the file to the user at login time or upon using the change
working directory command. The when parameter may be LOGIN or
CWD=dir. If when is CWD=dir, dir specifies the new default
directory which will trigger the notification.
Hewlett-Packard Company - 7 - HP-UX 11i Version 2: August 2003
ftpaccess(4) ftpaccess(4)
The optional class specification allows the message to be
displayed only to members of a particular class. More than one
class may be specified.
In the message file, the user can key in a message and use the
`macros' or `magic cookies' that are available. The ftp server
will replace the cookie with a specified text string. The
following magic cookies are available:
%T local time (form Thu Nov 15 17:12:42 1990)
%C current working directory
%E the maintainer's email address as defined in ftpaccess
%R remote host name
%L local host name
%u username as determined via RFC931 authentication
%U username given at login time
%M maximum allowed number of users in this class
%N current number of users in this class
%B absolute limit on disk blocks allocated
%b preferred limit on disk blocks
%Q current block count
%I maximum number of allocated inodes (+1)
%i preferred inode limit
%q current number of allocated inodes
%H time limit for excessive disk use
%h time limit for excessive files ratios:
%xu Uploaded bytes
%xd Downloaded bytes
%xR Upload/Download ratio (1:n)
%xc Credit bytes
Hewlett-Packard Company - 8 - HP-UX 11i Version 2: August 2003
ftpaccess(4) ftpaccess(4)
%xT Time limit (minutes)
%xE Elapsed time since login (minutes)
%xL Time left
%xU Upload limit
%xD Download limit
The message will only be displayed once to avoid annoying the
user. Remember that when messages are triggered by an anonymous
FTP user, the path must be relative to the base of the anonymous
FTP directory tree.
readme path [ when [ class ]]
Define a file with path such that ftpd will notify user at login
time or upon using the change working directory command that the
file exists and was modified on such-and-such date. The when
parameter may be LOGIN or CWD=<dir>. If when CWD=<dir>, dir
specifies the new default directory which will trigger the
notification. The message will only be displayed once, to avoid
bothering users. Remember that when README messages are
triggered by an anonymous FTP user, the path must be relative to
the base of the anonymous FTP directory tree.
The optional class specification allows the message to be
displayed only to members of a particular class. More than one
class may be specified.
Logging Capabilities [Toc] [Back]
log commands typelist
Enables logging of individual commands by users. typelist is a
comma-separated list of any of the keywords anonymous, guest and
real. If the real keyword is included, logging will be done for
users using FTP to access real accounts, and if the anonymous
keyword is included logging will done for users using anonymous
FTP. The guest keyword matches guest access accounts (see
guestgroup in the Access Capabilities subsection above for more
information).
log transfers typelist directions
Enables logging of file transfers for either real or anonymous
FTP users. Logging of transfers TO the server (incoming) can be
enabled separately from transfers FROM the server (outbound).
typelist is a comma-separated list of any of the keywords
anonymous, guest and real. If the real keyword is included,
logging will be done for users using FTP to access real accounts.
Hewlett-Packard Company - 9 - HP-UX 11i Version 2: August 2003
ftpaccess(4) ftpaccess(4)
If the anonymous keyword is included, logging will be done for
users using anonymous FTP. The guest keyword matches guest access
accounts (see guestgroup in the Access Capabilities subsection
above for more information). directions is a comma-separated
list of any of the two keywords inbound and outbound, and will
respectively cause transfers to be logged for files sent to the
server and sent from the server. All the logging is done into the
file /var/adm/syslog/xferlog.
log security typelist
Enables logging of violations of security rules (noretrieve,
.notar, ...) for real, guest and/or anonymous users. typelist is
a comma-separated list of any of the keywords anonymous, guest,
and real. If the real keyword is included, logging will be done
for users using FTP to access real accounts. If the anonymous
keyword is included, logging will done for users using anonymous
FTP. The guest keyword matches guest access accounts (see
guestgroup for more information).
log syslog
log syslog+xferlog
Redirects the logging messages for incoming and outgoing
transfers to either syslog, or xferlog, or both. By default (if
log is not specified), the transfer log messages are put into
xferlog. log syslog will put the log messages into only syslog.
log syslog+xferlog will put the log messages into both syslog and
xferlog.
Upload/Download Ratios
ul-dl-rate rate [ class ... ]
Specify an Upload/Download ratio (1:rate). For each byte that an
ftp user uploads, rate bytes can be downloaded. By default,
there is no ratio.
dl-free filename [ class ... ]
The file filename can be downloaded freely ignoring the ratio.
See ul-dl-rate above.
dl-free-dir dirname [ class ... ]
All files in the directory dirname and its subdirectories can be
downloaded freely ignoring the ratio. See ul-dl-rate above.
Note that both dl-free and dl-free-dir are relative to the
system's root environment, not the chroot environment.
Hewlett-Packard Company - 10 - HP-UX 11i Version 2: August 2003
ftpaccess(4) ftpaccess(4)
Miscellaneous Capabilities [Toc] [Back]
alias string dir
Defines an alias, string, for the specified directory, dir. Can
be used to add the concept of logical directories.
For example:
alias rfc /pub/doc/rfc
would allow the user to access /pub/doc/rfc from any directory by
the command cd rfc:. Aliases only apply to the cd command.
cdpath dir
Defines a directory entry in the cdpath. dir defines a search
path that is used when changing directories.
For example:
cdpath /pub/packages
cdpath /.aliases
would allow the user to cd into any directory directly under
/pub/packages or /.aliases directories. The search path is
defined by the order in which the lines appear in the
/etc/ftpd/ftpaccess file.
If the user were to give the command:
cd foo
The directory will be searched for in the following order:
./foo an alias called foo
/pub/packages/foo
/.aliases/foo
The cd path is only available with the cd command. If you have a
large number of aliases, you might want to set up an aliases
directory with links to all of the areas that you wish to make
available to users.
compress { yes|no } classglob [ classglob ... ]
tar { yes|no } classglob [ classglob ... ]
Enables compress or tar capabilities for any class matching any
of classglob. The actual conversions are defined in the external
file /etc/ftpd/ftpconversions.
Hewlett-Packard Company - 11 - HP-UX 11i Version 2: August 2003
ftpaccess(4) ftpaccess(4)
shutdown path
If the file pointed to by path exists, the server will check the
file regularly to see if the server is going to be shut down. If
a shutdown is planned, the user is notified, new connections are
denied after a specified time before shutdown and current
connections are dropped at a specified time before shutdown.
path points to a file structured as follows:
year month day hour minute deny_offset disc_offset
text
year any year > 1970
month 0-11 <-- Note: month index begins from 0
hour 0-23
minute 0-59
deny_offset and disc_offset are the offsets in HHMM format before
the shutdown time that new connections will be denied and
existing connections will be disconnected.
text follows the normal rules for any message (see message in the
Informational Capabilities subsection), with the following
additional magic cookies available:
%s time system is going to shut down
%r time new connections will be denied
%d time current connections will be dropped
All times are in the form: ddd MMM DD hh:mm:ss YYYY. There can
be only one shutdown command in the configuration file.
The external program ftpshut can be used to automate the process
of generating this file.
daemonaddress address
If this value is not set, then the server will listen for
connections on every IP addresses. Otherwise it will only listen
on the IP address specified. Use of this clause is discouraged as
it will break virtual hosting. This option will work only when
ftpd is running in the standalone mode (see ftpd(1M)).
virtual address { root|banner|logfile } path
Enables the virtual ftp server capabilities. The address is the
IP address of the virtual server. The second argument specifies
that the path is one of the following:
root The root of the filesystem for this virtual server.
Hewlett-Packard Company - 12 - HP-UX 11i Version 2: August 2003
ftpaccess(4) ftpaccess(4)
banner The banner presented to the user when connecting to
this virtual server.
logfile The logfile where transfers are recorded for this
virtual server. If logfile is not specified, the
default logfile will be used.
All other message files and permissions as well as any other
settings in this file apply to all virtual servers.
The address may also be specified as the hostname rather than the
IP number. This is strongly discouraged because if DNS is not
available at the time the FTP session begins, the hostname will
not be matched.
virtual address { hostname|email } string
Sets string to either the hostname shown in the greeting message
and STAT command, or to the email address used in message files
and on the HELP command.
virtual address allow username [ username ... ]
virtual address deny username [ username ... ]
Normally, real and guest users are not allowed to log in on the
virtual server unless they are guests and chroot'd to the virtual
root. The users listed on the virtual allow line(s) will be
granted access. All users can be granted access by giving '*' as
the username. The virtual deny clauses are processed after the
virtual allow clauses and are used to deny access to specific
users when all users were allowed.
virtual address private
Normally, anonymous users are allowed to log in on the virtual
server. This option denies them access.
virtual address passwd file
Use a different passwd file for the virtual domain.
Note: This option is currently not supported in HP-UX.
virtual address shadow file
Use a different shadow file for this virtual domain.
Note: This option is currently not supported in HP-UX.
defaultserver deny username [ username ... ]
Hewlett-Packard Company - 13 - HP-UX 11i Version 2: August 2003
ftpaccess(4) ftpaccess(4)
defaultserver allow username [ username ... ]
Normally, all users are allowed access to the default (nonvirtual)
FTP server. Use defaultserver deny to revoke access for
specific users. Specify defaultserver deny to deny access to all
users. Specific users can then be allowed using defaultserver
allow.
defaultserver private
Normally, anonymous users are allowed on the default (nonvirtual)
FTP server. This statement disallows anonymous access.
The virtual and defaultserver allow, deny, and private clauses
provide a means to control which users are allowed access on
which FTP servers.
passive address externalip cidr
Allows control of the address reported in response to a PASV
command. When any control connection matching the cidr requests
a passive data connection (PASV), the externalip address is
reported.
NOTE: this does not change the address that the daemon actually
listens on, only the address reported to the client. This
feature allows the daemon to operate correctly behind IPrenumbering
firewalls. For example:
passive address 10.0.1.15 10.0.0.0/8
passive address 192.168.1.5 0.0.0.0/0
Clients connecting from the class-A network 10 will be told the
passive connection is listening on IP-address 10.0.1.15 while all
others will be told the connection is listening on 192.168.1.5.
Multiple passive addresses may be specified to handle complex, or
multi-gatewayed, networks.
Note: This option is not supported on IPv6 enabled systems.
passive ports cidr min max
Allows control of the TCP port numbers which may be used for a
passive data connection. If the control connection matches the
cidr, a port in the range min to max will be randomly selected
for the daemon to listen on. This feature allows firewalls to
limit the ports which remote clients may use to connect into the
protected network.
Hewlett-Packard Company - 14 - HP-UX 11i Version 2: August 2003
ftpaccess(4) ftpaccess(4)
cidr is shorthand for an IP address in dotted-quad notation
followed by a slash and the number of left-most bits which
represent the network address (as opposed to the machine
address). For example, if you are using the reserved class-A
network 10, instead of a netmask of 255.0.0.0, use a cidr of /8
as in 10.0.0.0/8 to represent your network.
Note: This option is not supported on IPv6 enabled systems.
pasv-allow class [ addrglob ... ]
port-allow class [ addrglob ... ]
Normally, the daemon does not allow a PORT command to specify an
address different than that of the control connection. And it
does not allow a PASV connection from another address.
The port-allow clause provides a list of addresses which the
specified class of user may give on a PORT command. These
addresses will be allowed even if they do not match the IPaddress
of the client-side of the control connection.
The pasv-allow clause provides a list of addresses which the
specified class of user may make data connections from. These
addresses will be allowed even if they do not match the IPaddress
of the client-side of the control connection.
lslong command [ options ... ]
lsshort command [ options ... ]
lsplain command [ options ... ]
The lslong, lsshort and lsplain clauses specify the command and
the command options used to generate directory listings. Note
the options cannot contain spaces. Typically the /usr/bin/ls
command is used to provide directory listings. To change the
path for ls, specify it in command. The defaults for these
clauses are generally correct. For normal users lsshort is used.
For anonymous users lslong is used. lsplain is used for special
cases. Use lslong, lsshort, or lsplain only if absolutely
necessary.
mailserver hostname [ hostname ... ]
Specify the name of a mail server which will accept upload
notifications for the FTP daemon. Multiple mail servers may be
listed; the daemon will attempt to deliver the upload
notification to each, in order, until one accepts the message.
If no mail servers are specified, localhost is used. This option
is only meaningful if anyone is to be notified of anonymous
uploads (see incmail below).
Hewlett-Packard Company - 15 - HP-UX 11i Version 2: August 2003
ftpaccess(4) ftpaccess(4)
incmail emailaddress
virtual address incmail emailaddress
defaultserver incmail emailaddress
Specify email addresses to be notified of anonymous uploads.
Multiple addresses can be specified; each will receive a
notification. If none are specified, no notifications are sent.
If addresses are specified for a virtual host, only those
addresses will receive notification up anonymous uploads on that
host. Otherwise, notifications will be sent to the global
addresses.
The defaultserver addresses only apply to real hosts and not
virtual hosts. In this way, the real host can receive
notifications of uploads on their default anonymous area.
However, with this option set, the virtual hosts will not be
notified.
mailfrom emailaddress
virtual address mailfrom emailaddress
defaultserver mailfrom emailaddress
Specify the sender's email address for anonymous upload
notifications. Only one address may be specified. If no
mailfrom applies, email is sent from the default mailbox name
'wu-ftpd'. To avoid problems if the recipient attempts to reply
to a notification, or if downstream mail problems generate
bounces, you should ensure the mailfrom emailaddress is
deliverable.
Permission Capabilities [Toc] [Back]
chmod { yes|no } typelist
delete { yes|no } typelist
overwrite { yes|no } typelist
rename { yes|no } typelist
umask { yes|no } typelist
Allows or disallows the ability to perform the specified
function. By default, all users are allowed.
typelist is a comma-separated list of any of the keywords
anonymous, guest, real and class=. When class= appears, it must
be followed by a classname. If any class= appears, the typelist
restriction applies only to users in that class.
passwd-check { none|trivial|rfc822 } [ enforce|warn ]
Define the level and enforcement of password checking done by the
server for anonymous ftp.
Hewlett-Packard Company - 16 - HP-UX 11i Version 2: August 2003
ftpaccess(4) ftpaccess(4)
none no password checking performed.
trivial password must contain an @.
rfc822 password must be an rfc822 compliant address.
warn warn the user, but allow them to log in.
enforce warn the user, and then log them out.
deny-email case-insensitive-email-address
The e-mail address given as an argument is considered to be
invalid. If passwd-check is set to enforce, anonymous users
giving this address as password cannot log in. This is one way
that you can stop users from having web browsers that use fake
addresses like IE?0User@ or mozilla@. By using deny-email, you
are not shutting out users using a web browser for ftp. You just
making them configure their browser correctly. Only one address
per line, but you can have as many deny-email clauses as you
like.
path-filter typelist mesg allowed_charset [ disallowed_regexp ... ]
For users in typelist, path-filter defines regular expressions
that control what a filename can or cannot be. Disallowed
regular expressions, disallowed_regexp, may be specified with
multiple regular expressions (see regexp(5)). If a filename is
invalid due to failure to match the regular expression criteria,
mesg will be displayed to the user. For example:
path-filter anonymous /etc/pathmsg ^[-A-Za-z0-9_\.]*$ ^\. ^-
specifies that all upload filenames for anonymous users must be
made of only the characters A-Z, a-z, 0-9, period (.), dash (-),
and underscore (_). The filenames may not begin with a period
(.) or a dash (-) as specified by ^\. and ^- respectively. If
the filename is invalid, /etc/pathmsg will be displayed to the
user.
upload [ absolute|relative ] [ class= classname ]... [-] root-dir
dirglob { yes|no } owner group mode [ dirs|nodirs ] [ d_mode ]
Define a directory with dirglob that permits or denies uploads.
If it does permit uploads, all newly created files will be owned
by owner and group and will have the permissions set according to
mode. Existing files which are overwritten will keep their
original ownership and permissions.
Directories are matched on a best-match basis.
For example:
Hewlett-Packard Company - 17 - HP-UX 11i Version 2: August 2003
ftpaccess(4) ftpaccess(4)
upload /var/ftp * no
upload /var/ftp /incoming yes ftp daemon 0666
upload /var/ftp /incoming/gifs yes jlc guest 0600 nodirs
These upload commands would only allow uploads into /incoming and
/incoming/gifs. Files that were uploaded to /incoming would be
owned by ftp/daemon and would have permissions of 0666. File
uploaded to /incoming/gifs would be owned by jlc/guest and have
permissions of 0600. Note that the root-dir here must match the
home directory specified in the password database for the ftp
user.
The optional dirs and nodirs keywords can be specified to allow
or disallow the creation of new subdirectories using the mkdir
command.
Note that if the upload command is used, directory creation is
allowed by default. To turn it off by default, you must specify a
user, group and mode followed by the nodirs keyword as the first
line where the upload command is used in this file.
If directories are permitted, the optional d_mode determines the
permissions for a newly created directory. If d_mode is omitted,
the permissions are inferred from mode or are 0777 if mode is
also omitted.
upload only applies to users who have a home directory (the
argument to the chroot()) of root-dir. root-dir may be specified
as "*" to match any home directory.
The owner and/or group may each be specified as "*", in which
case any uploaded files or directories will be created with the
ownership of the directory in which they are created.
The optional first parameter selects whether root-dir names are
interpreted as absolute or relative to the current chroot'd
environment. The default is to interpret root-dir names as
absolute.
You can specify any number of class=classname restrictions. If
any are specified, this upload clause only takes effect if the
current user is a member of one of the classes.
anonymous-root root-dir [ class ... ]
root-dir specifies the chroot() path for anonymous users. If no
anonymous-root is matched, the old method of parsing the home
directory for the ftp user is used. If no class is specified,
root-dir is the root directory for anonymous users who do not
have any other anonymous-root specification. Multiple classes
may be given on the line. If an anonymous-root is chosen for the
Hewlett-Packard Company - 18 - HP-UX 11i Version 2: August 2003
ftpaccess(4) ftpaccess(4)
user, the ftp user's home directory in the root-dir/etc/passwd
file is used to determine the initial directory, and the ftp
user's home directory in the system-wide /etc/passwd is not used.
For example:
anonymous-root /home/ftp
anonymous-root /home/localftp localnet
causes all anonymous users to be chroot()'d to the directory
/home/ftp. Then, if the ftp user exists in /home/ftp/etc/passwd,
their initial CWD is that home directory. Anonymous users in the
class localnet, however, are chroot()'d to the directory
/home/localftp, and their initial CWD is taken from the ftp
user's home directory in /home/localftp/etc/passwd.
guest-root root-dir [ uid-range ... ]
root-dir specifies the chroot() path for guest users. If guest-
root is not matched, the old method of parsing the user's home
directory is used. If no uid-range is specified, the root
directory is for guest users who do not match any other guest-
root specification. Multiple uid ranges may be given on the
line. If a guest-root is chosen for the user, the user's home
directory in the root-dir/etc/passwd file is used to determine
the initial directory and their home directory in the system-wide
/etc/passwd is not used.
uid-range specifies numeric UID values. Ranges are specified by
giving the lower and upper bounds (inclusive), separated by a
dash. Omitting the lower bound means "all up to", and omitted
the upper bound means "all starting from". For example:
guest-root /home/users guest-root /home/staff %100-999 sally
guest-root /home/users/frank/ftp frank
causes all guest users to chroot() to /home/users then starts
each user in their home directory specified in
/home/users/etc/passwd. Users in the range 100 through 999,
inclusive, and user sally, will be chroot()'d to /home/staff and
the CWD will be taken from their entries in
/home/staff/etc/passwd. The single user frank will be chroot()'d
to /home/users/owner/ftp and the CWD will be from his entry in
/home/users/owner/ftp/etc/passwd.
Note that order is important for both anonymous-root and guest-
root. If a user would match multiple clauses, only the first
applies; with the exception of the clause which has no class or
uid-range, which applies only if no other clause matches.
deny-uid uid-range [...]
Hewlett-Packard Company - 19 - HP-UX 11i Version 2: August 2003
ftpaccess(4) ftpaccess(4)
deny-gid gid-range [...]
allow-uid uid-range [...]
allow-gid gid-range [...]
These clauses allow specification of UID and GID values which
will be denied access to the ftp server. The allow-uid and
allow-gid clauses may be used to allow access for uid/gid which
would otherwise be denied. These checks occur before all others.
Deny is checked before allow. The default is to allow access.
Note that in most cases, this can remove the need for an
/etc/ftpd/ftpusers files. For example:
deny-gid %-99 %65535 deny-uid %-99 %65535
allow-gid ftp
allow-uid ftp
denies ftp access to all privileged or special users and groups
on a Linux box except the anonymous ftp user/group. In many
cases, this can eliminate the need for the /etc/ftpd/ftpusers
file. Support for that file still exists so it may be used when
changing /etc/ftpd/ftpaccess is not desired.
Throughout the ftpaccess file, at any place that a single UID or
GID is allowed, either names or numbers may be used. To use
numbers, put a % before it. In places where a range is allowed,
put the % before the range.
restricted-uid uid-range [...]
restricted-gid gid-range [...]
unrestricted-uid uid-range [...]
unrestricted-gid gid-range [...]
These clauses control whether or not real or guest users will be
allowed access to areas on the FTP site outside their home
directories. They are not meant to replace the use of guestgroup
and guestuser. Instead, use these to supplement the operation of
guests. The unrestricted-uid and unrestricted-gid clauses may be
used to allow users outside their home directories who would
otherwise be restricted.
An example of the use of these clauses shows their intended use.
Assume user dick has a home directory /home/dick and jane has a
home directory /home/jane:
guest-root /home dick jane
restricted-uid dick jane
While both dick and jane are chroot'd to /home, they cannot
access each other's files because they are restricted to their
home directories.
Hewlett-Packard Company - 20 - HP-UX 11i Version 2: August 2003
ftpaccess(4) ftpaccess(4)
Wherever possible, in situations such as this example, try not to
rely solely upon the ftp restrictions. As with all other ftp
access rules, try to use directory and file permissions to
backstop the operation of the ftpaccess configuration.
NOTE: For the above clauses, you must copy the libraries
/usr/lib/libnss_files.1 and /usr/lib/libdld.2 to the /usr/lib
directory of the current chroot'd environment.
site-exec-max-lines number [ class ... ]
The SITE EXEC feature traditionally limits the number of lines of
output which may be sent to the remote client. This clause
allows you to set this limit. If omitted, the limit is 20 lines.
A limit of 0 (zero) implies no limit. Be very careful if you
choose to remove the limit. If a clause is found matching the
remote user's class, that limit is used. Otherwise, the clause
with class '*', or no class given, is used. For example:
site-exec-max-lines 200 remote
site-exec-max-lines 0 local
site-exec-max-lines 25
The above examples limit output from SITE EXEC (and therefore
SITE INDEX) to 200 lines for remote users, specifies there is no
limit at all for local users, and sets a limit of 25 lines for
all other users.
dns refuse_mismatch filename [ override ]
Refuse FTP sessions when the forward and reverse lookups for the
remote site do not match. Display the named file, filename (like
a message file), admonishing the user. If the optional override
is specified, allow the connection after complaining.
dns refuse_no_reverse filename [ override ]
Refuse FTP sessions when there is no reverse DNS entry for the
remote site. Display the named file, filename (like a message
file), admonishing the user. If the optional override is
specified, allow the connection after complaining.
dns resolveroptions [ options ]
dns resolveroptions allows you to tweak name server options. The
line takes a series of flags as documented in resolver(3N) (with
the leading RES_ removed). Each can be preceded by an optional +
or -. For example,
dns resolveroptions +aaonly -dnsrch
Hewlett-Packard Company - 21 - HP-UX 11i Version 2: August 2003
ftpaccess(4) ftpaccess(4)
turns on the aaonly option (only accept authoritative answers)
and turns off the dnsrch option (search the domain path).
WARNINGS [Toc] [Back]
IPv6 is supported on HP-UX 11i Version 1.0, with the optional IPv6
software installed. Currently, IPv6 is not supported on systems
running HP-UX 11i Version 1.6.
FILES [Toc] [Back]
/etc/ftpd/ftpaccess
AUTHOR [Toc] [Back]
ftpaccess was developed by the Washington University, St. Louis,
Missouri.
SEE ALSO [Toc] [Back]
ftpshut(1), groups(1), passwd(1), ftpd(1M), chroot(2), umask(2),
resolver(3N), ftpconversions(4), ftpgroups(4).
Hewlett-Packard Company - 22 - HP-UX 11i Version 2: August 2003 [ Back ] |
