|
» |
|
|
|
NAMEftpaccess — ftpd configuration file DESCRIPTIONThe
/etc/ftpd/ftpaccess
file is used to configure the operation of
ftpd
(see
ftpd(1M)). Access Capabilitiesautogroup groupname class
[ class ... ]
If an
anonymous
user is a member of any of
class,
the ftp server will perform a
setgid()
to
groupname.
This allows
access to group-and-owner-read-only files and directories to
a particular class of anonymous users.
groupname
is a valid group from
/etc/group
(or whatever mechanism your
getgrent()
library routine uses;
see
getgrent(3C)).
class class typelist addrglob
[ addrglob ... ]
Define
class
of users, with source addresses of the form
addrglob.
Multiple members of
class
may be defined. There
may be multiple
class
commands, listing additional members of
the class. If multiple
class
commands can apply to the
current session, the first one listed in the access file is
used. Failing to define a valid class for a host will cause
access to be denied.
typelist
is a comma-separated list of
any of the keywords
anonymous,
guest
and
real.
If the
real
keyword is included, the class can match users using FTP
to access real accounts, and if the
anonymous
keyword is included, the class can match users using anonymous FTP. The
guest
keyword matches guest access accounts (see
guestgroup
below
for more information) addrglob
may be a globbed domain name or a globbed numeric
address. There can be multiple
addrglob's
for this directive.
To avoid confusion when you have multiple
addrglob's,
you can
put all the
addrglob's
in a file and specify the path of the
file in place of the
addrglob's. Placing an exclamation (!) before an
addrglob
negates the test. For example: class rmtuser real !*.example.com will classify real users from outside the
example.com
domain as the class
rmtuser.
Use care with this option. Remember, the result of each test is
OR'ed with other tests on the line.
deny addrglob message_file
Always deny access to the host(s) matching
addrglob.
message_file
is the
file from which denial message is displayed to the hosts that are denied access.
addrglob
may be
!nameserved
to deny access to
sites without a working nameserver.
It may also be the name of a file, starting with a
slash
(/),
which contains additional address globs, as well as in the form
address:netmask
or
address/cidr.
guestgroup groupname
[ groupname ... ] guestuser username
[ username ... ] realgroup groupname
[ groupname ... ] realuser username
[ username ... ]
For
guestgroup,
if a
real
user is a member of any of
groupname,
the session
is set up exactly as with anonymous FTP. In other words, a
chroot()
is done, and the user is no longer permitted to issue
the
USER
and
PASS
commands.
groupname
is a valid group
from
/etc/group
(or whatever mechanism your
getgrent()
library routine uses). The user's home directory must be properly set up, exactly as
anonymous FTP would be. The home directory field of the
passwd entry is divided into two directories. The first
field is the root directory which will be the argument
to the
chroot
call. The second half is the user's
home directory relative to the root directory. The
two halves are separated by a
/./. In the
/etc/passwd
file, the sample entry is: guest1:<passwd>:100:92:Guest Account:/ftp/./incoming:/etc/ftponly When
guest1
successfully logs in, the ftp server will
chroot
(/ftp)
and then
chdir
(/incoming).
The
guest user will only be able to access the directory structure
under
/ftp
(which will look and act as
/
to
guest1),
just as an
anonymous FTP user would.
The group name may be specified by either name or numeric ID. To use a
numeric group ID, place a
%
before the number. Ranges may be given. Use
an asterisk
(*)
to mean all groups. guestuser
works like
guestgroup,
except it uses the user name (or numeric ID). realuser
and
realgroup
have the same syntax, but reverse the effect of
guestuser
and
guestgroup.
They allow real user access when the remote user
would otherwise be determined a guest.
For example: causes all non-anonymous users to be treated as guest, with the sole
exception of users in the admin group who are granted real user access.
nice nice-delta
[ class ]
Adjust the process nice value of the ftpd server process by the indicated
nice-delta
value if the remote user is a member of the named
class.
If
class
is not specified, then use
nice-delta
as the default adjustment
to the ftpd server process nice value. This default nice value adjustment
is used to adjust the nice value of the server process only for those users
who do not belong to any class for which a class-specific
nice
directive exists in the ftpaccess file.
defumask umask
[ class ]
Set the
umask
applied to files created by daemon if the remote user is a
member of the named class. If
class
is not specified, then use the
umask
as the default for classes which do not have one specified.
keepalive { yes|no }
Set the TCP
SO_KEEPALIVE
option for data sockets.
keepalive
can be used to control network disconnect.
yes
means to set the TCP
SO_KEEPALIVE
option.
With
no,
the behavior depends on the system default settings (see
ndd(1M)). NOTE: It is recommended to set
keepalive
to
yes
to keep the network traffic connected.
timeout accept
[ seconds ] timeout connect
[ seconds ] timeout data
[ seconds ] timeout idle
[ seconds ] timeout maxidle
[ seconds ] timeout RFC931
[ seconds ]
accept
[seconds]
(default 120 seconds). Specify how long the daemon will wait for an incoming
(PASV) data connection. connect
[seconds]
(default 120 seconds). Specify how long the daemon will wait attempting to
establish an outgoing (PORT) data connection. This affects the actual
connection attempt. The daemon makes several attempts, sleeping a while
between each, before completely giving up. data
[seconds]
(default 1200 seconds). Specify how long the daemon will wait for some
activity on the data connection. It is recommended to keep this value high, because the
remote client may have a slow link and there can be quite a bit of data
queued for the client. idle
[seconds]
(default 900 seconds). Specify how long the daemon will wait for the next
command. The default value (900 seconds) can be overridden by
using the
-t
option of
ftpd
(see
ftpd(1M)).
If
idle
is specified, that value
will override both the default value as well as the value
set with
-t
option of
ftpd.
The SITE IDLE
ftpd
command
allows the remote client to establish a higher value for the idle
timeout.
An
idle
value of
0
implies that there is no idle timeout period and
the control connection
is set to an
infinite idle timeout period.
If
idle
is set to a value more than
maxidle
(see the
maxidle
option),
idle
will be set to the
maxidle
value. maxidle
[seconds]
(default 7200 seconds). Specify the the maximum number of seconds
for the idle timeout.
The default value (7200 seconds) can be overridden by using the
-T
option of
ftpd
(see
ftpd(1M)).
If
maxidle
is specified, that value will override both the default value as well as the
value set with
-T
option of
ftpd.
A
maxidle
value of
0
implies that there is no maximum idle timeout period and
the control connection
is set to an
infinite idle timeout period.
RFC931
[seconds]
(default 10 seconds). Specify the maximum time that the daemon allows
for the
entire RFC931 (AUTH/ident) conversation. Setting this to zero (0)
seconds
completely disables the daemon's use of this protocol. The information
obtained via RFC931 is recorded in the system logs and is not actually used in
any authentication.
ascii_count
[ bytes ]
Specify the number of bytes after which the data connection idle
time is reset, in case of an ASCII mode file transfer (see
timeout data
above for more information).
The number specified must be a positive power of 2.
By default, the number is set to 4096 bytes. NOTE: If the specified number is smaller than 4096 bytes,
ftpd
will take the default value (4096 bytes).
If the specified number is too large, a premature closure of the
data connection may be encountered.
file-limit
[ raw ]
{ in|out|total
}
count [ class ]
Limit the number
(count)
of data files that a user in the given
class
may transfer. The
limit may be placed on files
in,
out
or
total.
If
class
is not specified, the limit is the default for those classes which do not have a
limit specified.
The optional
raw
parameter applies the limit to the total traffic rather than just data
files.
data-limit
[ raw ]
{ in|out|total
}
count [ class ]
Limit the number of data bytes a user in the given class may transfer. The
limit may be place on bytes
in,
out
or
total.
If no
class
is specified, the limit is the default for classes which do not have a
limit specified.
The optional
raw
parameter applies the limit to total traffic rather than just data files.
limit-time
{ *|anonymous|guest
}
minutes
Limit the total time a session can take. By default, there is no limit.
Real users are never limited.
guestserver
[ hostname ] ...
Controls which hosts may be used for anonymous or guest access. If used
without
hostname,
all guest or anonymous access to this site is denied. More than one
hostname
may be specified. Guest and anonymous access will
only be allowed on the named machines. If access is denied, the user will
be asked to use the first
hostname
listed.
limit class n times message_file
Limit
class
to
n
users at specified
times,
displaying
message_file
if user is denied access. The limit check is
performed at login time only. If multiple
limit
commands
apply to the current session, the first applicable one is
used. Failing to define a valid limit, or a limit of
-1,
is equivalent to unlimited. The format for
times
can be any of the following:
- Any
Any week day - Fr
Friday - Any0900-1300
Any day of week between 9.00 - 13.00 hrs. - Th|Any0900-1300
Either Thursday or between 9.00 - 13.00.
noretrieve
[ absolute|relative ]
[ class=
classname ] ...
[-]
filename [ filename ] ...
Always deny retrievability of these files. If the files are an
absolute path specification (that is, begins with
/
character), then
only those files are marked unretrievable. Otherwise all files with
the matching filename are refused transfer. Example: noretrieve /etc/passwd core specifies that no one is able to get the file
/etc/passwd,
whereas
they are allowed to transfer a file,
passwd,
if it is not in
/etc.
On the other hand, no one is able to get a file named
core
wherever it is. Directory specifications mark all files and sub-directories in the named
directory as "un-gettable" or not obtainable. The
filename
may be specified as a file glob. For
example: noretrieve /etc /home/*/.htaccess specifies that no files in
/etc
or any of its sub-directories may be retrieved.
Also, no files named
.htaccess
anywhere under the
/home
directory may be
retrieved. The optional first parameter selects whether names are interpreted as
absolute or relative to the current
chroot'd
environment. The default is
to interpret names beginning with a slash as absolute. The
noretrieve
restrictions may be placed upon members of particular
classes. If any
class=
is specified, then this
option is set only for the users of that particular class.
allow-retrieve
[ absolute|relative ]
[ class=
classname ] ...
[-]
filename [ filename ] ...
Allows retrieval of files which would otherwise be denied by noretrieve.
loginfails number
After
number
login failures, log a
message and terminate the FTP connection. Default value is 5.
private { yes|no }
After a user logs in, the
SITE GROUP
and
SITE GPASS
ftpd
commands may be used to specify an enhanced access group and associated
password. If the group name and password are valid, the user
becomes (via
setgid())
a member of the group specified in the
group access file,
/etc/ftpd/ftpgroups. The format of the group access file is: access_group_name:encrypted_password:real_group_name where
access_group_name
is an arbitrary (alphanumeric and
punctuation) string.
encrypted_password
is the password
encrypted via
crypt()
(see
crypt(3C))
exactly like in
/etc/passwd.
real_group_name
is the name of a valid group listed in
/etc/group. NOTE: For this option to work for anonymous FTP users, the ftp
server must keep
/etc/group
permanently open and the group
access file is loaded into memory. This means that: (1) the ftp
server now has an additional file descriptor open, and (2) the
necessary passwords and access privileges granted to users via
SITE GROUP
(see
ftpd(1M))
will be static for the duration of an FTP session.
If you have an urgent need to change the access groups and/or
passwords
now
(immediately),
just kill all of the running FTP servers.
Informational Capabilitiesgreeting { full|brief|terse } greeting text message
Allows you to control how much information is given out before the remote
user logs in.
greeting full
is the default and shows the hostname and daemon version.
greeting brief
shows the hostname.
greeting terse
only displays the message "FTP server ready." Also, this message is
printed as the output of the
STAT
command. Although
full
is the default,
brief
is recommended. NOTE: The two options
suppresshostname
and
suppressversion,
are not supported. The greeting option can be used to suppress the
hostname or the daemon version. The
greeting text message
form allows you to specify any greeting message you desire.
The
message
can be any string; whitespace (spaces and tabs) is converted to a single space.
banner path
Works similarly to the
message
command (see below), except that the banner
is displayed before the user enters the username and password. The
path
is relative to the real system root, not the base of the
anonymous FTP directory. WARNING:
use of this command can completely prevent non-compliant FTP clients from
making use of the FTP server. Not all clients can handle multi-line
responses (which is how the banner is displayed).
hostname some.host.name
Defines the default host name of the ftp server. This string will be
printed on the greeting message and every time the
%L
magic cookie is used.
See
message
below for a list of magic cookies.
The host name for virtual servers overrides this value. If not specified,
the default host name for the local machine is used.
email name
Defines the email address of the ftp archive maintainer. This string
will be printed every time the
%E
magic cookie is used.
See
message
below for a list of magic cookies.
message path
[ when [ class... ]]
Define a file with
path
such that
ftpd
will display the
contents of the file to the user at login time or upon using the
change working directory command. The
when
parameter may be
LOGIN
or
CWD=dir.
If
when
is
CWD=dir,
dir
specifies the new default directory which will trigger the
notification. The optional
class
specification allows the message to be
displayed only to members of a particular class. More than one
class may be specified. In the message file, the user can key in a message and
use the "macros" or "magic cookies" that are available. The
ftp server will replace the cookie with a specified text string.
The following magic cookies are available:
- %T
local time (form Thu Nov 15 17:12:42 1990) - %C
current working directory - %E
the maintainer's email address as defined in ftpaccess - %R
remote host name - %L
local host name - %u
username as determined via RFC931 authentication - %U
username given at login time - %M
maximum allowed number of users in this class - %N
current number of users in this class - %B
absolute limit on disk blocks allocated - %b
preferred limit on disk blocks - %Q
current block count - %I
maximum number of allocated inodes (+1) - %i
preferred inode limit - %q
current number of allocated inodes - %H
time limit for excessive disk use - %h
time limit for excessive files
ratios:
- %xu
Uploaded bytes - %xd
Downloaded bytes - %xR
Upload/Download ratio (1:n) - %xc
Credit bytes - %xT
Time limit (minutes) - %xE
Elapsed time since login (minutes) - %xL
Time left - %xU
Upload limit - %xD
Download limit
The message will only be displayed once to avoid annoying the
user. Remember that when messages are triggered by an
anonymous FTP user, the
path
must be relative to the base of
the anonymous FTP directory tree.
readme path
[ when [ class ]]
Define a file with
path
such that
ftpd
will notify user at
login time or upon using the change working directory command
that the file exists and was modified on such-and-such date.
The
when
parameter may be
LOGIN
or
CWD=<dir>.
If
when
CWD=<dir>,
dir
specifies the new default directory which
will trigger the notification. The message will only be
displayed once, to avoid bothering users. Remember that when
README
messages are triggered by an anonymous FTP user, the
path
must be relative to the base of the anonymous FTP
directory tree. The optional
class
specification allows the message to be
displayed only to members of a particular class. More than one
class may be specified.
Logging Capabilitieslog commands typelist
Enables logging of individual commands by users.
typelist
is a comma-separated list of any of the keywords
anonymous,
guest
and
real.
If the
real
keyword is included, logging
will be done for users using FTP to access real accounts, and
if the
anonymous
keyword is included logging will done for users using anonymous FTP. The
guest
keyword matches guest
access accounts (see
guestgroup
in the
Access Capabilities
subsection above
for more information). The individual commands are logged in the
/var/adm/syslog/syslog.log
file.
log transfers typelist directions
Enables logging of file transfers for either real or anonymous
FTP users. Logging of transfers
TO
the server (incoming) can
be enabled separately from transfers
FROM
the server
(outbound).
typelist
is a comma-separated list of any of the
keywords
anonymous,
guest
and
real.
If the
real
keyword is included, logging will be done for users using FTP
to access real accounts. If the
anonymous
keyword is included, logging will be done for users using anonymous FTP. The
guest
keyword matches guest access accounts (see
guestgroup
in the
Access Capabilities
subsection above
for more information).
directions
is a comma-separated list
of any of the two keywords
inbound
and
outbound,
and will respectively cause transfers to be logged for files sent to the
server and sent from the server. All the logging is done into the
file
/var/adm/syslog/xferlog.
log security typelist
Enables logging of violations of security rules (noretrieve, notar, ...)
for real, guest and/or anonymous users.
typelist
is a comma-separated list of any of the keywords
anonymous,
guest,
and
real.
If the
real
keyword is included, logging will be done for users using FTP to access
real accounts. If the
anonymous
keyword is included, logging will done
for users using anonymous FTP. The
guest
keyword matches guest access
accounts (see
guestgroup
for more information).
log syslog log syslog+xferlog
Redirects the logging messages for incoming and outgoing transfers to
either
syslog,
or
xferlog,
or both.
By default (if
log
is not specified), the transfer log messages are put into
xferlog.
log syslog
will put the log messages into only
syslog.
log syslog+xferlog
will put the log messages into both
syslog
and
xferlog.
Upload/Download Ratiosul-dl-rate rate
[ class ... ]
Specify
an Upload/Download ratio
(1:rate).
For each byte that an ftp user uploads,
rate
bytes can be downloaded.
By default, there is no ratio.
dl-free filename
[ class ... ]
The file
filename
can be downloaded freely ignoring the ratio.
See
ul-dl-rate
above.
dl-free-dir dirname
[ class ... ]
All files in the directory
dirname
and its subdirectories can be downloaded freely ignoring the ratio.
See
ul-dl-rate
above. Note that both
dl-free
and
dl-free-dir
are relative to the system's
root environment, not the
chroot
environment.
Miscellaneous Capabilitiesalias string dir
Defines an alias,
string,
for the specified directory,
dir.
Can be
used to add the concept of logical directories. would allow the user to access
/pub/doc/rfc
from any
directory by the command
cd rfc:.
Aliases only apply to the
cd
command.
cdpath dir
Defines a directory entry in the
cdpath.
dir
defines a search path that is used
when changing directories. would allow the user to
cd
into any directory directly under
/pub/packages
or
/.aliases
directories.
The search path is defined by
the order in which the lines appear in the
/etc/ftpd/ftpaccess file. If the user were to give the command: The directory will be searched for in the following order:
./foo an alias called foo
/pub/packages/foo
/.aliases/foo
The
cd
path is only available with the
cd
command. If you have a large
number of aliases, you might want to set up an aliases directory with
links to all of the areas that you wish to make available to users.
compress { yes|no }
classglob [ classglob ... ] tar { yes|no }
classglob [ classglob ... ]
Enables
compress
or
tar
capabilities for any class matching any
of
classglob.
The actual conversions are defined in the
external file
/etc/ftpd/ftpconversions.
shutdown path
If the file pointed to by
path
exists, the server will check
the file regularly to see if the server is going to be shut
down. If a shutdown is planned, the user is notified, new
connections are denied after a specified time before shutdown
and current connections are dropped at a specified time before
shutdown.
path
points to a file structured as follows: year month day hour minute deny_offset disc_offset
- year
any year > 1970 - month
0-11
<-- Note: month index begins from
0 - hour
0-23 - minute
0-59
deny_offset
and
disc_offset
are the offsets in
HHMM
format
before the shutdown time that new connections will be denied and
existing connections will be disconnected. text
follows the normal rules for any message (see
message
in the
Informational Capabilities
subsection),
with the following additional magic cookies available:
- %s
time system is going to shut down - %r
time new connections will be denied - %d
time current connections will be dropped
All times are in the form:
ddd MMM DD hh:mm:ss YYYY.
There can be only one
shutdown
command in the configuration file. The external program
ftpshut
can be used to automate the process of generating this file.
daemonaddress address
If this value is not set, then the server will listen for connections on
every IP addresses. Otherwise it will only listen on the IP address
specified. Use of this clause is discouraged as it will break virtual hosting.
This option will work only when
ftpd
is running in the standalone mode (see
ftpd(1M)).
logfile path
Specifies the transfer logfile
(xferlog)
for the default server.
Virtual hosts can override this with the "virtual address logfile path
" option.
If omitted, the default logfile is used.
root path
Normally used in a virtual host
ftpaccess
file, the root directive is used
to specify the
path
to the root of the
ftp
directory for this server.
virtual address
{ root|banner|logfile
}
path
Enables the virtual ftp server capabilities. The
address
is the IP address
of the virtual server. The second argument specifies that the
path
is one of the following:
- root
The root of the filesystem for this virtual server. - banner
The banner presented to the user when connecting to this virtual server. - logfile
The logfile where transfers are recorded for this virtual server. If
logfile
is not specified, the default logfile will be used.
All other message files and permissions as well as any
other settings in this file apply to all virtual servers. The
address
may also be specified as the hostname rather than the IP
number. This is strongly discouraged because if DNS is not available at the
time the FTP session begins, the hostname will not be matched. The above options must be used in the
/etc/ftpd/ftpaccess
file only and not in the virtual domain ftpaccess file.
virtual address
{ hostname|email } string
Sets
string
to either the hostname shown in the greeting message and
STAT
command, or to the email address used in message files and on the
HELP
command. The above options must be used in the
/etc/ftpd/ftpaccess
file only and not in the virtual domain ftpaccess file.
virtual address allow username
[ username ... ] virtual address deny username
[ username ... ]
Normally, real and guest users are not allowed to log in on the virtual
server unless they are guests and
chroot'd
to the virtual root. The users
listed on the
virtual allow
line(s) will be granted access. All users can
be granted access by giving
*
as the username. The
virtual deny
clauses are processed after the
virtual allow
clauses and are used to
deny access
to specific users when all users were allowed. The above options can be used in both the
/etc/ftpd/ftpaccess
file and in the virtual domain ftpaccess file.
virtual address private
Normally, anonymous users are allowed to log in on the virtual server.
This option denies them access. The above option must be used in the
/etc/ftpd/ftpaccess
file only and not in the virtual domain ftpaccess file.
virtual address passwd file
Use a different
passwd
file
for the virtual domain. Note: This option is currently not supported in HP-UX.
virtual address shadow file
Use a different
shadow
file
for this virtual domain. Note: This option is currently not supported in HP-UX.
defaultserver deny username
[ username ... ] defaultserver allow username
[ username ... ]
Normally, all users are allowed access to the default (non-virtual) FTP
server. Use
defaultserver deny
to revoke access for specific users.
Specify
defaultserver deny
to deny access to all users. Specific users can then be
allowed using
defaultserver allow.
defaultserver private
Normally, anonymous users are allowed on the default (non-virtual) FTP
server. This statement disallows anonymous access. The
virtual
and
defaultserver
allow,
deny,
and
private
clauses provide a
means to control which users are allowed access on which FTP servers.
passive address externalip cidr
Allows control of the address reported in response to a
PASV
command. When any control connection matching the
cidr
requests a passive data connection
(PASV),
the
externalip
address is reported. NOTE: this does not change the address that the daemon
actually listens on, only the address reported to the client. This feature
allows the daemon to operate correctly behind IP-renumbering firewalls.
For example: passive address 10.0.1.15 10.0.0.0/8 passive address 192.168.1.5 0.0.0.0/0 Clients connecting from the class-A network 10 will be told the passive
connection is listening on IP-address 10.0.1.15 while all others will be
told the connection is listening on 192.168.1.5. Multiple passive addresses may be specified to handle complex, or
multi-gatewayed, networks. Note: This option is not supported on
IPv6 enabled systems.
passive ports cidr min max
Allows control of the TCP port numbers which may be used for a passive data
connection. If the control connection matches the
cidr,
a port in the range
min
to
max
will be randomly selected for the daemon to listen on. This feature allows
firewalls to limit the ports which remote clients may use to connect into
the protected network. cidr
is shorthand for an IP address in dotted-quad notation followed by a slash
and the number of left-most bits which represent the network address (as
opposed to the machine address). For example, if you are using the reserved
class-A network 10, instead of a netmask of 255.0.0.0, use a
cidr
of /8 as
in 10.0.0.0/8 to represent your network. Note: This option is not supported on
IPv6 enabled systems.
pasv-allow class
[ addrglob ... ] port-allow class
[ addrglob ... ]
Normally, the daemon does not allow a
PORT
command to specify an address
different than that of the control connection. And it does not allow a
PASV
connection from another address. The
port-allow
clause provides a list of addresses which the specified
class
of user may give on a
PORT
command. These addresses will be allowed
even if they do not match the IP-address of the client-side of the control
connection. The
pasv-allow
clause provides a list of addresses which the specified
class
of user may make data connections from. These addresses will be
allowed even if they do not match the IP-address of the client-side of the
control connection.
lslong command
[ options ... ] lsshort command
[ options ... ] lsplain command
[ options ... ]
The
lslong,
lsshort
and
lsplain
clauses specify the command
and the command options used to generate directory listings.
Note the options cannot contain spaces.
Typically the
/usr/bin/ls
command is used to provide directory listings.
To change the path for
ls,
specify it in
command.
The defaults for these clauses are generally correct.
For normal users
lsshort
is used. For anonymous users
lslong
is used.
lsplain
is used for special cases.
Use
lslong,
lsshort,
or
lsplain
only if absolutely necessary.
mailserver hostname
[ hostname ... ]
Specify the name of a mail server which will accept upload notifications
for the FTP daemon. Multiple mail servers may be listed; the daemon will
attempt to deliver the upload notification to each, in order, until one
accepts the message. If no mail servers are specified, localhost is used.
This option is only meaningful if anyone is to be notified of anonymous
uploads (see
incmail
below).
incmail emailaddress virtual address incmail emailaddress defaultserver incmail emailaddress
Specify email addresses to be notified of anonymous uploads. Multiple
addresses can be specified; each will receive a notification. If none are
specified, no notifications are sent. If addresses are specified for a
virtual
host, only those addresses will
receive notification up anonymous uploads on that host. Otherwise,
notifications will be sent to the global addresses. The above
virtual
option must be used in the
/etc/ftpd/ftpaccess
file only and not in the virtual domain ftpaccess file. The
defaultserver
addresses only apply to real hosts and not
virtual hosts. In this way, the real host can receive notifications
of uploads on their default anonymous area. However, with this option
set, the virtual hosts will not be notified.
mailfrom emailaddress virtual address mailfrom emailaddress defaultserver mailfrom emailaddress
Specify the sender's email address for anonymous upload notifications.
Only one address may be specified. If no
mailfrom
applies, email is sent
from the default mailbox name
wu-ftpd.
To avoid problems if the
recipient attempts to reply to a notification, or if downstream mail
problems generate bounces, you should ensure the
mailfrom emailaddress
is
deliverable. The above
virtual
option must be used in the
/etc/ftpd/ftpaccess
file only and not in the virtual domain ftpaccess file.
Permission Capabilitieschmod { yes|no }
typelist delete { yes|no }
typelist overwrite { yes|no }
typelist rename { yes|no }
typelist umask { yes|no }
typelist
Allows or disallows the ability to perform
the specified function. By default, all users
are allowed. typelist
is a comma-separated list of any of the
keywords
anonymous,
guest,
real
and
class=.
When
class=
appears, it must be followed
by a classname. If any
class=
appears, the
typelist
restriction applies only to users in that class.
passwd-check { none|trivial|rfc822 }
[ enforce|warn ]
Define the level and enforcement of password checking
done by the server for anonymous ftp.
- none
no password checking performed. - trivial
password must contain an
@. - rfc822
password must be an rfc822 compliant address. - warn
warn the user, but allow them to log in. - enforce
warn the user, and then log them out.
deny-email case-insensitive-email-address
The e-mail address given as an argument is considered to be invalid. If
passwd-check
is set to enforce, anonymous users giving this address as
password cannot log in. This is one way that you can stop users from
having web browsers that use fake addresses like IE?0User@ or mozilla@.
By using
deny-email,
you are not shutting out users using a web browser for ftp.
You just making
them configure their browser correctly.
Only one address per line, but you
can have as many
deny-email
clauses as you like.
path-filter typelist mesg allowed_charset
[ disallowed_regexp ... ]
For users in
typelist,
path-filter
defines regular expressions
that control what a filename can or cannot be.
Disallowed regular expressions,
disallowed_regexp,
may be specified with multiple
regular expressions (see
regexp(5)).
If a filename is invalid due to
failure to match the regular expression criteria,
mesg
will be displayed to
the user. For example: path-filter anonymous /etc/pathmsg ^[-A-Za-z0-9_\.]*$ ^\. ^- specifies that all upload filenames for anonymous users must be
made of only the characters
A-Z,
a-z,
0-9,
period
(.),
dash
(-),
and underscore
(_).
The filenames
may not
begin with a period
(.)
or a dash
(-)
as specified by
^\.
and
^-
respectively.
If the filename is invalid,
/etc/pathmsg
will be displayed to the user.
upload
[ absolute|relative ]
[ class=
classname ]...
[-] root-dir dirglob
{ yes|no }
owner group mode
[ dirs|nodirs ]
[ d_mode ]
Define a directory with
dirglob
that permits or denies uploads. If it does permit uploads, all newly created files will be owned
by
owner
and
group
and will have the permissions
set according to
mode.
Existing files which are overwritten will keep their original ownership and
permissions. Directories are matched on a best-match basis. upload /var/ftp /incoming yes ftp daemon 0666 upload /var/ftp /incoming/gifs yes jlc guest 0600 nodirs These
upload
commands would only allow uploads into
/incoming
and
/incoming/gifs.
Files that were uploaded to
/incoming
would be owned by
ftp/daemon
and would
have permissions of
0666.
File uploaded to
/incoming/gifs
would be owned by
jlc/guest
and have permissions of
0600.
Note that the
root-dir
here must
match the home directory specified in the password database for the
ftp
user. The optional
dirs
and
nodirs
keywords can be
specified to allow or disallow the creation of
new subdirectories using the
mkdir
command. Note that if the
upload
command is used, directory creation is allowed by
default. To turn it off by default, you must specify a user, group and mode
followed by the
nodirs
keyword as the first line where the
upload
command is used in this file. If directories are permitted, the optional
d_mode
determines the permissions for a newly created directory. If
d_mode
is omitted, the permissions are inferred from
mode
or are
0777
if
mode
is also omitted. upload
only applies to users who have a home directory (the
argument to the
chroot())
of
root-dir.
root-dir
may be specified as
*
to match any home directory. The
owner
and/or
group
may each be specified as
*,
in which case any
uploaded files or directories will be created with the ownership of the
directory in which they are created. The optional first parameter selects whether
root-dir
names are
interpreted as absolute or relative to the current
chroot'd
environment.
The default is to interpret
root-dir
names as absolute. You can specify any number of
class=classname
restrictions. If any are
specified, this upload clause only takes effect if the current user is a
member of one of the classes.
anonymous-root root-dir
[ class ... ]
root-dir
specifies the
chroot()
path for anonymous users. If no
anonymous-root
is matched, the old method of parsing the home directory for
the ftp user is used. If no
class
is specified,
root-dir
is the root
directory for anonymous users who do not have any other
anonymous-root
specification. Multiple classes may be given on the line. If an
anonymous-root
is chosen for the user, the ftp user's home directory in the
root-dir/etc/passwd
file is used to determine the initial directory,
and the ftp user's home directory in the system-wide
/etc/passwd
is not used.
For example: anonymous-root /home/localftp localnet causes all anonymous users to be
chroot()'d
to the directory
/home/ftp.
Then, if the ftp user exists in
/home/ftp/etc/passwd,
their initial
CWD
is that home directory. Anonymous users in the class localnet, however, are
chroot()'d
to the directory
/home/localftp,
and their initial
CWD
is taken from the ftp user's home directory in
/home/localftp/etc/passwd.
guest-root root-dir
[ uid-range ... ]
root-dir
specifies the
chroot()
path for guest users. If
guest-root
is not matched, the old method of parsing the user's home directory is used.
If no
uid-range
is specified, the root directory is for guest users
who do not match any other
guest-root
specification. Multiple uid ranges may be given on the line. If a
guest-root
is chosen for the user, the user's home directory in the
root-dir/etc/passwd
file is used to
determine the initial directory and their home directory in the system-wide
/etc/passwd
is not used. uid-range
specifies numeric UID values. Ranges are specified by giving
the lower and upper bounds (inclusive), separated by a dash. Omitting the
lower bound means "all up to", and omitted the upper bound means "all
starting from".
For example: guest-root /home/users
guest-root /home/staff %100-999 sally guest-root /home/users/frank/ftp frank causes all guest users to
chroot()
to
/home/users
then starts each user in
their home directory specified in
/home/users/etc/passwd.
Users in the range 100 through 999, inclusive, and user
sally,
will be
chroot()'d
to
/home/staff
and the CWD will be taken from their entries in
/home/staff/etc/passwd.
The single user
frank
will be
chroot()'d
to
/home/users/owner/ftp
and the CWD will be from his entry in
/home/users/owner/ftp/etc/passwd. Note that order is important for both
anonymous-root
and
guest-root.
If a user would match multiple clauses, only the first applies; with the
exception of the clause which has no
class
or
uid-range,
which applies only if no other clause matches.
deny-uid uid-range
[...] deny-gid gid-range
[...] allow-uid uid-range
[...] allow-gid gid-range
[...]
These clauses allow specification of UID and GID values which will be
denied access to the ftp server. The
allow-uid
and
allow-gid
clauses may
be used to allow access for uid/gid which would otherwise be denied. These
checks occur before all others. Deny is checked before allow. The default
is to allow access. Note that in most cases, this can remove the need for
an
/etc/ftpd/ftpusers
files. For example: deny-gid %-99 %65535
deny-uid %-99 %65535 denies ftp access to all privileged or special users and groups on a Linux
box except the anonymous ftp user/group. In many cases, this can
eliminate the need for the
/etc/ftpd/ftpusers
file. Support for that file still exists so it may be used when changing
/etc/ftpd/ftpaccess
is not desired. Throughout the
ftpaccess
file, at any place that a single UID or GID is allowed,
either names or numbers may be used. To use numbers, put a
%
before it.
In places where a range is allowed, put the
%
before the range.
restricted-uid uid-range
[...] restricted-gid gid-range
[...] unrestricted-uid uid-range
[...] unrestricted-gid gid-range
[...]
These clauses control whether or not real or guest users will be allowed
access to areas on the FTP site outside their home directories. They are
not meant to replace the use of guestgroup and guestuser. Instead, use
these to supplement the operation of guests. The
unrestricted-uid
and
unrestricted-gid
clauses may be used to allow users outside their home
directories who would otherwise be restricted. An example of the use of these clauses shows their intended use. Assume
user
dick
has a home directory
/home/dick
and
jane
has a home directory
/home/jane: guest-root /home dick jane While both
dick
and
jane
are
chroot'd
to
/home,
they cannot access each
other's files because they are restricted to their home directories. Wherever possible, in situations such as this example, try not to rely
solely upon the ftp restrictions. As with all other ftp access rules, try
to use directory and file permissions to backstop the operation of the
ftpaccess configuration.
site-exec-max-lines number
[ class ... ]
The SITE EXEC feature traditionally limits the number of lines of output
which may be sent to the remote client. This clause allows you to set this
limit. If omitted, the limit is 20 lines. A limit of 0 (zero) implies no
limit. Be very careful if you choose to remove the limit. If a clause is
found matching the remote user's class, that limit is used. Otherwise, the
clause with class
*,
or no class given, is used. For example: site-exec-max-lines 200 remote site-exec-max-lines 0 local The above examples
limit output from SITE EXEC (and therefore SITE INDEX) to
200
lines for
remote
users, specifies there is no limit at all for
local
users, and sets a limit of
25
lines for all other users.
dns refuse_mismatch filename
[ override ]
Refuse FTP sessions when the forward and reverse lookups for the remote
site do not match. Display the named file,
filename
(like a message file),
admonishing the user. If the optional
override
is specified, allow the
connection after complaining.
dns refuse_no_reverse filename
[ override ]
Refuse FTP sessions when there is no reverse DNS entry for the remote site.
Display the named file,
filename
(like a message file),
admonishing the user. If the optional
override
is specified, allow the
connection after complaining.
dns resolveroptions
[ options ]
dns resolveroptions
allows you to tweak name server options. The
line takes a series of flags as documented in
resolver(3N)
(with the leading RES_ removed). Each can be preceded by an optional
+
or
-.
For example, dns resolveroptions +aaonly -dnsrch turns on the
aaonly
option (only accept authoritative answers) and turns
off the
dnsrch
option (search the domain path).
NOTE: For any clause that involves
chroot,
make sure that you copy the
libraries
/usr/lib/libnss_files.1
and
/usr/lib/libdld.2
to the
/usr/lib
directory of the current
chroot'd
environment. AUTHORftpaccess
was developed by the Washington University, St. Louis, Missouri.
|