Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
ftpaccess(4)			 File Formats			  ftpaccess(4)

NAME
       ftpaccess - FTP Server configuration file

SYNOPSIS
       /etc/ftpd/ftpaccess

DESCRIPTION
	The  ftpaccess	file  is  used	to  configure the operation of the FTP
       Server.

   Access Capabilities
       The following access capabilities are supported:

       autogroup groupname class [class...]
	     If	an anonymous user is a member of any of	class, the FTP	Server
	     will  perform  a  setegid(2)  to groupname. This allows access to
	     group and owner read-only files and directories to	 a  particular
	     class  of anonymous users.	groupname is a valid group returned by
	     getgrnam(3C).

       class class typelist addrglob [addrglob...]
	     Define class of users, with source	addresses of  the  form	 addr-
	     glob.   Multiple  members	of  class may be defined. There	may be
	     multiple class commands listing additional	members	of  the	class.
	     If	 multiple class	commands can apply to the current session, the
	     first one listed in the access file is used.  If  a  valid	 class
	     for  a  host is not defined, access will be denied. typelist is a
	     comma-separated list of any of the	keywords anonymous, guest, and
	     real.  If the real	keyword	is included, the class can match users
	     using FTP to access real accounts.	If the	anonymous  keyword  is
	     included the class	can match users	using anonymous	FTP. The guest
	     keyword matches guest access accounts.

	      addrglob may be a	globbed	domain name or a globbed numeric  IPv4
	     address.  It   may	 also  be  the name of a file, starting	with a
	     slash ('/'), which	contains additional address  globs.  IPv4  nu-
	     meric addresses may also be specified in the form address:netmask
	     or	address/CIDR. IPv6 numeric addresses  can  only	 be  specified
	     with an optional CIDR, not	using globs or netmasks.

	     Placing  an  exclamation (!) before an addrglob negates the test.
	     For example,

       class rmtuser real !*.example.com

	      will classify real users from outside the	example.com domain  as
	      the class	rmtuser. Use care  with	this option. Remember, the re-
	      sult of each test	is OR'ed with other tests on the line.

       deny addrglob [message_file]
	     Deny access to host(s)  that  match  addrglob  and	 display  mes-
	     sage_file.	 If  the  value	 of  addrglob is !nameserved access to
	     sites without a working nameservers is denied.  message_file  may
	     contain magic cookies. See	message	for more details.

       guestgroup groupname [groupname...]

       guestuser username [username...]

	realgroup groupname [groupname...]

       realuser	username [username...]
	     For  guestgroup, if a real	user is	a member of any	groupname, the
	     session is	set up like anonymous FTP. groupname is	a valid	 group
	     returned  by  getgrnam(3C). The user's home directory must	be set
	     up	exactly	as anonymous FTP would be. The home directory field of
	     the passwd	entry is divided into two directories. The first field
	     is	the root directory that	will be	the argument to	the  chroot(2)
	     call.  The	second field is	the user's home	directory, relative to
	     the root directory. Use a "/./" to	separate the two  fields.  For
	     example, the following is the real	entry in /etc/passwd:

       guest1:x:100:92:Guest FTP:/export/home/guests/./guest1:/bin/true

       When guest1 successfully	logs in, the FTP Server	will chroot()  to /ex-
       port/home/guests	and then chdir(2) to /guest1. The  guest   user	  will
       only    be   able  to  access   the   directory	structure  under  /ex-
       port/home/guests, which	will look and act as / to guest1, just	as  an
       anonymous FTP user would. The -d	option to ftpconfig(1M)	is useful when
       creating	guest FTP user accounts. The group name	may  be	 specified  by
       either  name  or	numeric	ID.  To	use  a	numeric	 group ID, place a '%'
       before the number.  You can give	ranges.	 Use an	asterisk  to  indicate
       all  groups.  guestuser	works like guestgroup, except that it uses the
       user name  or numeric ID. realuser and realgroup	have the same  syntax,
       but  they  reverse  the	effect of guestuser and	guestgroup. They allow
       real user access	when the remote	user would otherwise be	 determined  a
       guest.

       guestuser *
       realgroup admin

	      causes  all  non-anonymous  users	 to be treated as guest,  with
	      the sole	exception  of  users  in  the  admin  group,  who  are
	      granted real user	access.

       nice nice-delta [class]
	     Adjust  the  process  nice	value of the FTP server	process	by the
	     indicated	nice-delta value if the	remote user is a member	of the
	     named  class. If class is not specified, then use	nice-delta  as
	     the default adjustment to the  FTP	 server	 process  nice	value.
	     This  default  nice  value	 adjustment is used to adjust the nice
	     value of the server process only for those	users who do  not  be-
	     long  to  any class for which a class-specific nice directive ex-
	     ists in the ftpaccess file.

       defumask	umask [class]
	     Set the umask applied to files created by the FTP server  if  the
	     remote  user  is  a  member  of the named class.  If class	is not
	     specified,	then use the umask as the default for classes that  do
	     not  have one specified.. The mode	of files created may be	speci-
	     fied by using the upload directive.

       tcpwindow size [class]
	     Set the TCP window	size (socket buffer size) for the  data	  con-
	     nection. Use this to control network traffic.  For	instance, slow
	     PPP dialin	links  may  need  smaller  TCP	windows	 to  speed  up
	     throughput. If you	do not know what this does, do not set it.

       keepalive yes|no
	     Set  the  TCP  SO_KEEPALIVE  option for control and data sockets.
	     This  can	be used	to control network disconnect.	If  yes,  then
	     set  it.	If no, then use	the system default (usually off).  You
	     probably want to set this.

       timeout accept seconds

       timeout connect seconds

       timeout data seconds

       timeout idle    seconds

       timeout maxidle seconds

       timeout RFC931 seconds
	     Set various timeout conditions.

	     accept
		    How	long the FTP Server will wait for an  incoming	(PASV)
		   data	connection. The	default	is 120 seconds.

	     connect
		   How	long  the FTP Server will wait attempting to establish
		   an outgoing (PORT) data connection. This effects the	actual
		   connection  attempt.	 The  daemon  makes  several attempts,
		   sleeping between each attempt, before giving	 up.  The  de-
		   fault is 120	seconds.

	     data  How	long the FTP Server will wait for some activity	on the
		   data	connection.  You should	keep this long because the re-
		   mote	 client	may have a slow	link, and there	 can  be quite
		   a bit of data queued	for the	client.	The  default  is  1200
		   seconds.

	     idle  How long the	FTP Server will	wait for the next command. The
		   default is 900 seconds. The default can also	be  overridden
		   by  using  the  -t option at	the command-line.  This	access
		   clause overrides both.

	     maxidle
		   The SITE IDLE command allows	the remote client   to	estab-
		   lish	 a  higher  value  for	the  idle timeout. The maxidle
		   clause sets the upper limit that the	 client	 may  request.
		   The	default	 can also be overridden	by using the -T	option
		   at the command-line.	 This access  clause  overrides	 both.
		   The default is 7200 seconds.

	     RFC931
		   The	maximum	 time  the  FTP	 server	 allows	for the	entire
		   RFC931 (AUTH/ident) conversation.  Setting this to zero (0)
		   disables  the server's use of  this	protocol. The informa-
		   tion	obtained by means of RFC931 is recorded	in the	system
		   logs	 and  is  not actually used in any authentication. The
		   default is 10 seconds.

       file-limit [raw]	in|out|total count [class]
	     Limit the number of data files a user  in	the  given  class  may
	     transfer. The limit may be	placed on files	in, out, or total.  If
	     no	class is specified, the	limit is the default for classes which
	     do	not  have  a limit specified.
	      The  optional parameter raw applies the limit to the total traf-
	     fic rather	than just data files.

       data-limit [raw]	in|out|total count [class]
	     Limit the number of data bytes a user  in	the  given  class  may
	     transfer.	 The  limit  may be placed on bytes in,	out, or	total.
	     If	no class is specified, the limit is the	 default  for  classes
	     which  do not have	a limit	specified. Note	that once  it has been
	     exceeded, this limit will prevent transfers, but it will not ter-
	     minate  a	transfer  in progress.	The optional parameter raw ap-
	     plies the limit to	total traffic rather than just data files.

       limit-time *|anonymous|guest minutes
	     Limit the total time a session can	take.  By default, there is no
	     limit.  Real users	are never limited.

       guestserver [hostname...]
	     Control  which  hosts  may	 be used for anonymous access. If used
	     without hostname, all anonymous access is denied  to  this	 site.
	     More  than	one hostname may be specified.	 Anonymous access will
	     only be allowed on	the named machines. If access is  denied,  the
	     user will be asked	to use the first hostname listed.

       limit class n times [message_file]
	     Limit   class  to n users at times	times, displaying message_file
	     if	the user is denied access.  A limit check is performed at  lo-
	     gin  time	only.	If  multiple limit  commands can apply	to the
	     current session, the first	applicable one is used.	Failing	to de-
	     fine  a  valid limit, or a	limit of -1, is	 equivalent to no lim-
	     its. The format of	times is:

       day[day...][time-range][|day[day...][time-range]]...

	      The value	of day can be Su, Mo, Tu, We, Th, Fr, Sa, Wk (for  any
	      weekday Monday through Friday), or Any. time-range is in 24-hour
	      clock notation. If a time	range is not specified,	 any  time  of
	      the day is matched. Multiple day and time-range may be specified
	      by the "|" symbol. For example, Wk1730-0900|Sa|Su	specifies 5:30
	      p.m.  to	9:00 a.m., Monday through Friday, and anytime on week-
	      ends. message_file may contain magic cookies.  See  message  for
	      more details.

       noretrieve [absolute|relative]

       [class=classname...][-] filename	[filename...]
	     Always deny retrievability	of these files.	 If filename specifies
	     a pathname	that begins  with '/' character, then only those files
	     are  marked no retrieve. Otherwise	all files that match the file-
	     name are refused transfer.	 For example,  noretrieve  /etc/passwd
	     core  specifies  no  one will be able to retrieve the /etc/passwd
	     file. You will be allowed to transfer any file named passwd  that
	     is	not in /etc.

	     On	 the  other hand, no one will be able to get files named core,
	     wherever they are.	 Directory specifications mark all  files  and
	     subdirectories  in	 the named directory unretrievable.  The file-
	     name may be specified as a	file glob.  For	example,

       noretrieve /etc /home/*/.htaccess

	      specifies	that no	files in /etc or any of	its subdirectories may
	      be  retrieved.	Also,  no files	named .htaccess	anywhere under
	      the /home	directory may be retrieved.  The optional first	param-
	      eter  selects whether names are interpreted as absolute or rela-
	      tive to the current chroot'd environment.	 The default is	to in-
	      terpret names beginning with a slash as absolute.	The noretrieve
	      restrictions may be placed upon members  of particular  classes.
	      If  any class= is	specified, the named files cannot be retrieved
	      only if the current user	is  a  member  of  one	of  the	 given
	      classes.

       allow-retrieve [absolute|relative]

       [class=classname...][-] filename	[filename...]
	     Allows  retrieval	of  files  which  would	otherwise be denied by
	     noretrieve.

       loginfails number
	     After number login	failures, log a	 "repeated   login   failures"
	     message  and  terminate the FTP connection. The default value for
	     number is 5.

       private yes | no
	     Allow or deny use of the SITE GROUP and SITE GPASS	commands after
	     the  user logs in.	The SITE GROUP and SITE	GPASS commands specify
	     an	enhanced access	group and associated password.	If  the	 group
	     name  and	password  are valid, the user  becomes a member	of the
	     group specified in	the group access file  /etc/ftpd/ftpgroups  by
	     means  of	setegid(2).   See  ftpgroups(4)	 for the format	of the
	     file. For this option to work for anonymous FTP  users,  the
	      FTP Server must keep /etc/group permanently  open	and  load  the
	     group  access  file  into memory.	This means that	the FTP	Server
	     now has an	additional file	descriptor  open,  and the   necessary
	     passwords	 and  access  privileges granted to users  by means of
	     SITE GROUP	will be	static for the duration	of  an	FTP   session.
	     If	 you  have an urgent need to change the	access groups or pass-
	     words now,	you have to kill all of	the running FTP	Servers.

   Informational Capabilities
       The following informational capabilities	are supported:

       greeting	full|brief|terse

       greeting	text message
	     The greeting command allows you to	control	how  much  information
	     is	  given	 out  before  the remote user  logs in.	greeting full,
	     which is the default greeting, shows the hostname and daemon ver-
	     sion.   greeting  brief shows the hostname.  greeting  terse sim-
	     ply says "FTP Server ready."  Although full is the	default, brief
	     is	suggested.

	     The  text	form allows you	to specify any	greeting message. mes-
	     sage can be any  string. Whitespace (spaces  and  tabs)  is  con-
	     verted to a single	space.

       banner path
	     The banner	command	operates similarly to the message command, ex-
	     cept that the banner is   displayed before	the  user  enters  the
	     username.	 The path is  relative to the real system root,	not to
	     the base of the anonymous FTP directory.

	     Use of the	banner command can  completely	prevent	 non-compliant
	     FTP  clients  from	 making	use of the FTP Server. Not all clients
	     can handle	multi-line responses, which is how the banner is  dis-
	     played.

       email name
	     Use  this	command	to define the email address for	the FTP	Server
	     administrator.   This string will be printed every	 time  the  %E
	     magic cookie is used in message files.

       hostname	some.host.name
	     Defines  the  default  host  name of the FTP Server. This	string
	     will  be printed on the greeting message and every	 time  the  %L
	     magic  cookie  is	used.	The host name  for
	      virtual  servers overrides this value. If	no host	name is	speci-
	     fied, the default host name for the local machine is used.

       message path [when [class...]]
	     Define a file  with  path such that  the FTP Server will  display
	     the contents  of the file to the user at login time or upon using
	     the change	working	directory command.  The	 when	parameter  may
	     be	 LOGIN	 or  CWD=dirglob.    If	 when  is CWD=dirglob, dirglob
	     specifies the new	default	directory that will trigger the	 noti-
	     fication. A dirglob of "*"	matches	all directories.

	     The  optional  class  specification allows	the message to be dis-
	     played only  to members of	a particular  class.   More  than  one
	     class may be specified.

	     "Magic  cookies" can be present in	path that cause	the FTP	Server
	     to	replace	the cookie with	a specified text string:

	     %T	   Local time. For example, Thu	Nov 15 17:12:42	1990.

	     %F	   Free	space in partition of CWD, in Kbytes.

	     %C	   Current working directory.

	     %E	   The email address for the FTP Server	administrator.

	     %R	   Remote host name.

	     %L	   Local host name.

	     %U	   Username given at login time.

	     %u	   Username as defined by means	of RFC 931 authentication.

	     %M	   Maximum allowed number of users in this class.

	     %N	   Current number of users in this class.

	     The message is displayed only once	to avoid  annoying  the	 user.
	     Remember  that  when  messages  are  triggered by an anonymous or
	     guest FTP user, they must be relative to the base of  the	anony-
	     mous or guest FTP directory tree.

       readme pathglob [when [class...]]
	     Define  a file with pathglob such that the	FTP Server will	notify
	     the user at login	time or	upon using the change  working	direc-
	     tory  command that	the file exists	and the	date that it was modi-
	     fied.  The	when  parameter	 may  be  LOGIN	 or  CWD=dirglob.   If
	     when  is CWD=dirglob, dirglob specifies the new default directory
	     that will trigger the notification. A dirglob of "*" matches  all
	     directories.  The	message	 will only be displayed	once, to avoid
	     bothering users. Remember that when README	messages are triggered
	     by	 an anonymous or guest FTP user, the pathglob must be relative
	     to	the base of the	anonymous or guest FTP directory tree.

	     The optional  class specification allows the  message to be  dis-
	     played  only  to  members of a particular class.  You can specify
	     more than one class.

   Logging Capabilities
       The following logging capabilities are supported:

       log commands typelist
	     Enables logging of	the individual FTP  commands  sent  by	users.
	     typelist  is a comma-separated list of any	of the keywords	anony-
	     mous, guest, and real. Command logging information	is written  to
	     the system	log.

       log transfers typelist directions
	     Log file transfers	made by	FTP users to the xferlog(4) file. Log-
	     ging of incoming transfers	to the server  can  be	enabled	 sepa-
	     rately  from  outbound transfers from the server. directions is a
	     comma-separated list of any of the	two keywords inbound and  out-
	     bound,  and  will	respectively  cause transfers to be logged for
	     files sent	to and from the	server.

       log security typelist
	     Enables logging of	violations  of	security  rules	to the	system
	     log, including for	example, notretrieve and .notar.

       log syslog

       log syslog+xferlog
	     Redirect	the  logging messages for incoming and outgoing	trans-
	     fers to syslog.  Without  this option the messages	are written to
	     xferlog.	When you specify syslog+xferlog, the transfer log mes-
	     sages are sent to both the	system log file	and the	xferlog	file.

   Miscellaneous Capabilities
       The following miscellaneous capabilities	are supported:

       alias string dir
	     Define an alias,  string, for a  directory.   Use this command to
	     add  the concept of logical directories.  For example: alias rfc:
	     /pub/doc/rfc would	allow the user to  access   /pub/doc/rfc  from
	     any  directory  by	 the command "cd rfc:".	 Aliases only apply to
	     the cd command.

       cdpath dir
	      Define an	entry in the cdpath. This command  defines  a	search
	     path that is used when changing directories. For example:

	     cdpath /pub/packages
	     cdpath /.aliases

	     would  allow  the user to move into any directory	directly under
	     either the	/pub/packages  or  the	/.aliases   directories.   The
	     search  path is defined by	the order in which the lines appear in
	     the ftpaccess file. If the	user were to give the command ftp>  cd
	     foo the directory will be searched	for in the following order:

		o  ./foo

		o  an alias called foo

		o
		    /pub/packages/foo

		o  /.aliases/foo
	     The  cdpath is only available with	the cd	command.  If you  have
	     a large number of aliases,	you might want to set  up  an  aliases
	     directory with links to all of  the areas you wish	to make	avail-
	     able to users.

       compress	yes|no classglob [classglob...]

       tar yes|no classglob [classglob...]
	     Enable the	use of conversions marked with the  O_COMPRESS,	 O_UN-
	     COMPRESS, and O_TAR options in /etc/ftpd/ftpconversions. See ftp-
	     conversions(4).

       shutdown	path
	     If	the file pointed to by path exists, the	server will check  the
	     file  regularly to	see if the server is going to be shut down. If
	     a shutdown	is planned, the	user is	notified.  New connections are
	     denied  after  a  specified time before shutdown. Current connec-
	     tions are dropped at a specified time before shutdown.

	     The format	of the file specified by path is:

       year month day hour minute deny_offset disc_offset text

	      year  A value of 1970 or greater.

	      month A value of 0 to 11.

	      day   A value of 1 to 31.

	      hour  A value of 0 to 23.

	      minute
		    A value of 0 to 59.

	      deny_offset

	      disc_offset
		    The	offsets	 in HHMM format	that new connections  will  be
		    denied  and	 existing connections will be disconnected be-
		    fore the shutdown time.

	      text  Follows the	normal rules for any  message.	The  following
		    additional magic cookies are available:

		    %s	  The time at which the	system is going	to shut	down.

		    %r	  The time at which new	connections will be denied.

		    %d	  The  time  at	 which	current	 connections  will  be
			  dropped.

	      All times	are in the form: ddd MMM DD hh:mm:ss YYYY.   Only  one
	      shutdown	command	can be present in the configuration file.  You
	      can use the external program ftpshut(1M) to automate  generation
	      of this file.

       daemonaddress address
	     Listen only on the	IP address specified. If the value is not set,
	     then the FTP Server will listen for connections on	every  IP  ad-
	     dress. This applies only when the FTP Server is run in standalone
	     mode.

       virtual address root|banner|logfile path
	     Enable the	FTP Server limited virtual hosting  capabilities.  The
	     address is	the IP address of the virtual server. The second argu-
	     ment specifies that the path is either the	path to	 the  root  of
	     the  filesystem for this  virtual server, the banner presented to
	     the user when connecting to this virtual server, or  the  logfile
	     where transfers are recorded for this virtual server. If the log-
	     file is not specified the default log file	 will  be  used.   All
	     other  message  files  and	permissions as well as	any other set-
	     tings in this file	apply to all virtual servers. The address  may
	     also  be  specified  as  a	 hostname rather than as an IP number.
	     This is strongly discouraged since, if DNS	is  not	 available  at
	     the  time	the  FTP  session  begins,  the	 hostname  will	not be
	     matched.

       root|logfile path
	     In	contrast to limited virtual hosting, complete virtual  hosting
	     allows  separate configuration files to be	virtual	host specific.
	     See ftpservers(4).	The only additions that	 are  necessary	 in  a
	     virtual  host's ftpaccess file is the root	directive that ensures
	     the correct root directory	is used	for  the  virtual  host.  This
	     only  works  with	complete virtual hosting, which	in contrast to
	     limited virtual hosting, allows separate configuration  files  to
	     be	specified for each virtual host.

	     path is either the	root of	the filesystem for this	virtual	server
	     or	the logfile  where  transfers  for  this  virtual  server  are
	     recorded.	root  and  logfile may only be specified when not pre-
	     ceded by virtual address in a virtual hosts's ftpaccess file.

       virtual address hostname|email string
	     Set the hostname shown in the greeting  message and  status  com-
	     mand,  or the email address used in message files and on the HELP
	     command, to the given string.

       virtual address allow username [username...]

       virtual address deny username   [username...]
	     By	default, real and guest	users are not allowed to log in	on the
	     virtual  server,  unless they are guests that are chroot'd	to the
	     virtual root.  The	users listed on	the virtual allow line(s)  are
	     granted access.
	      You can grant access to all users	by giving '*' as the username.
	     The virtual deny clauses are processed after  the	virtual	 allow
	     clauses.  Thus  specific  users can be denied access although all
	     users were	allowed	in an earlier clause.

       virtual address private
	     Deny log in access	to anonymous  users  on	 the  virtual  server.
	     Anonymous	users  are  generally allowed to log in	on the virtual
	     server if this option is not specified.

       virtual address passwd file
	     Use a different passwd file for the virtual host.

       virtual address shadow file
	     Use a different shadow file for the virtual host.

       defaultserver deny username [username...]

       defaultserver allow username [username...]
	     By	default, all users are allowed	access to the non-virtual  FTP
	     Server.   Use  defaultserver  deny	 to revoke access for specific
	     real and guest users. Specify   '*'   to	deny   access  to  all
	     users,  except anonymous users. Specific real and guest users can
	     then be allowed access by using defaultserver allow.

       defaultserver private
	     By	default, all users are allowed access to the  non-virtual  FTP
	     Server.  Use defaultserver	private	to revoke access for anonymous
	     users.

	     The virtual and defaultserver allow,  deny	 and  private  clauses
	     provide  a	 means	to  control  which users are allowed access to
	     which FTP Servers.

       passive address externalip cidr
	     Allow control of the address reported in response to  a   passive
	     command.  When  any  control  connection matching cidr requests a
	     passive data connection (PASV), the  externalip  address  is  re-
	     ported.   This  does not change the address that the daemon actu-
	     ally listens on, only the address reported	to the	client.	  This
	     feature  allows  the daemon to operate correctly behind IP	renum-
	     bering firewalls. For example:

       passive address 10.0.1.15   10.0.0.0/8
       passive address 192.168.1.5 0.0.0.0/0

	      Clients connecting from the class-A network 10 will be told  the
	      passive  connection  is  listening on IP address 10.0.1.15 while
	      all  others  will	 be  told  the	connection  is	listening   on
	      192.168.1.5  Multiple passive addresses may be specified to han-
	      dle complex, or multi-gatewayed, networks.

       passive ports cidr min max
	     Allows control of the TCP port numbers which may be  used	for  a
	     passive  data  connection.	 If the	control	connection matches the
	     cidr, a port in the range min to max will	be  randomly  selected
	     for  the  daemon  to  listen on. This feature allows firewalls to
	     limit the ports that remote clients may use to connect  into  the
	     protected network.

	     cidr   is shorthand for an	IP address followed by a slash and the
	     number of left-most bits that represent the network  address,  as
	     opposed  to  the machine address.	 For example, if you are using
	     the  reserved  class-A  network  10,  instead  of	a  netmask  of
	     255.0.0.0,	 use  a	 CIDR of /8, as	 in  10.0.0.0/8,  to represent
	     your network.

       pasv-allow class	[addrglob...]

       port-allow class	[addrglob...]
	     Normally, the FTP Server does not allow a PORT command to specify
	     an	 address  different  than  that	of the control connection. Nor
	     does it allow a PASV connection from another address.

	     The port-allow clause provides a	list  of  addresses  that  the
	     specified	 class	of user	may give on a PORT command.  These ad-
	     dresses will be allowed even if they do not match the  IP address
	     of	the client-side	of the control connection.

	     The  pasv-allow  clause  provides	a  list	of  addresses that the
	     specified class of	user may make data connections from. These ad-
	     dresses  will  be	allowed	even if	 they  do not match the	IP ad-
	     dress of the client-side of the control connection.

       lslong command [options...]

       lsshort command [options...]

       lsplain command [options...]
	     Use the lslong, lsshort, and lsplain clauses to specify the  com-
	     mands  and	options	to use to generate directory listings. The op-
	     tions cannot contain spaces, and the  default  values  for	 these
	     clauses  are  generally  correct. Use lslong, lsshort, or lsplain
	     only if absolutely	necessary.

       mailserver hostname
	     Specify the name of a mail	server that will accept	 upload	 noti-
	     fications	for  the  FTP  Server.	 Multiple  mail	servers	may be
	     listed.  The FTP Server will attempt to deliver the upload	 noti-
	     fication  to each,	in order, until	one accepts the	message. If no
	     mail servers are specified, localhost is used.   This  option  is
	     only   meaningful	if  anyone  is to be notified of anonymous up-
	     loads. See	incmail.

       incmail emailaddress

       virtual address incmail emailaddress

       defaultserver incmail	 emailaddress
	     Specify email addresses to	be notified of anonymous uploads. Mul-
	     tiple  addresses can be specified.	Each will  receive a notifica-
	     tion. If no addresses are specified, no notifications are sent.

	     If	addresses are specified	for a virtual  host,  only  those  ad-
	     dresses  will  be	sent notification of anonymous uploads on that
	     host.  Otherwise, notifications will be sent to  the  global  ad-
	     dresses.

	     defaultserver  addresses  only apply when the FTP	session	is not
	     using one of the virtual hosts. In	this way, you can receive  no-
	     tifications  for your default anonymous  area,  but not see noti-
	     fications to virtual hosts	that do	not have their	own  notifica-
	     tions.

       mailfrom	emailaddress

       virtual address mailfrom	emailaddress

       defaultserver mailfrom	  emailaddress
	     Specify the sender's email	address	for anonymous upload notifica-
	     tions. Only one address may be specified.	 If  no	 mailfrom  ap-
	     plies,  email  is sent from the default mailbox  name wu-ftpd. To
	     avoid problems if the recipient attempts to reply to a  notifica-
	     tion, or if downstream mail problems generate bounces, you	should
	     ensure the	mailfrom address is deliverable.

   Permission Capabilities
       The following permission	capabilities are supported:

       chmod yes|no typelist

       delete yes|no typelist

       overwrite yes|	no typelist

       rename yes|no typelist

       umask yes|no typelist
	      Allows or	disallows the ability to perform the  specified	 func-
	     tion. By default, all real	and guest users	are allowed. Anonymous
	     users are only allowed overwrite and umask.

	     typelist is a comma-separated list	of any of the keywords	anony-
	     mous,  guest,  real  and  class=. When class= appears, it must be
	     followed by a classname. If any class= appears, the typelist  re-
	     striction applies only to users in	that class.

       passwd-check none|trivial|rfc822	[enforce|warn]
	     Define  the  level	 and enforcement of password  checking done by
	     the FTP Server for	anonymous FTP.

	     none  No password checking	is performed.

	     trivial
		   The password	must contain an	'@'.

	     rfc822
		   The password	must be	RFC 822	compliant.

	     warn  Warn, but permit the	login.

	     enforce
		   Notify and deny the login.

       deny-email case-insensitive-emailaddress
	     Consider the email	address	given as an argument as	 invalid.   If
	     passwd-check   is	 set  to enforce,  anonymous users giving this
	     address as	a password cannot log in.   That  way,	you  can  stop
	     users  from  having  stupid  WWW browsers use fake	addresses like
	     IE?0User@ or mozilla@. (by	using this, you	are not	 shutting  out
	     users  using  a   WWW   browser  for  ftp	-  you	just make them
	     configure their browser correctly.) Only one address  is  allowed
	     per  line,	 but  you can have as many deny-email addresses	as you
	     like.

       path-filter typelist message allowed_regexp

       [disallowed_regexp...]
	     For users in typelist, path-filter	defines	 regular   expressions
	     that  control  what  characters can be used in the	filename of an
	     uploaded file or created directory.  There	may be multiple	disal-
	     lowed regular expressions.	 If a filename is invalid due to fail-
	     ure to match the regular expression  criteria,  message  will  be
	     displayed to the user.  For example:

       path-filter anonymous /etc/pathmsg ^[-A-Za-z0-9._]*$ ^. ^-

	      specifies	 that all upload filenames for anonymous users must be
	      made of only the characters A-Z, a-z, 0-9, and "._-" and may not
	      begin  with  a   "."   or	 a  "-".   If the filename is invalid,
	      /etc/pathmsg will	be displayed to	the user.

       upload [absolute|relative] [class=classname]... [-]

       root-dir	dirglob	yes|   no owner	group mode

       [dirs|nodirs] [d_mode]
	     Define a directory	with dirglob that permits or  denies  uploads.
	     If	 it does permit	uploads, all newly created files will be owned
	     by	owner and group	and  will  have	 their permissions set accord-
	     ing  to  mode.  Existing  files that are  overwritten will	retain
	     their original ownership and permissions. Directories are matched
	     on	a best-match basis. For	example:

       upload /var/ftp	*  no
       upload /var/ftp /incoming yes ftp daemon	0666
       upload /var/ftp /incoming/gifs yes jlc guest 0600 nodirs

       would  only  allow  uploads into	 /incoming  and	 /incoming/gifs. Files
       that were uploaded to /incoming are owned  by ftp/daemon	and have  per-
       missions	 of  0666.  Files  uploaded   to  /incoming/gifs  are owned by
       jlc/guest and  have  permissions	 of  0600.  The	 optional  "dirs"  and
       "nodirs"	 keywords   can	be specified to	allow or disallow the creation
       of new subdirectories using the mkdir command. If the upload command is
       used,  directory	 creation is allowed by	default. To turn it off	by de-
       fault, you must specify	a  user,  group	 and  mode  followed  by   the
       "nodirs"	 keyword as the	first line where the upload command is used in
       this file.  If directories are permitted, the optional	d_mode	deter-
       mines  the  permissions	for   a	 newly created directory. If d_mode is
       omitted,	the permissions	are inferred from mode.	 The  permissions  are
       0777   if  mode	is  also  omitted.  The	upload keyword only applies to
       users who have a	home directory of root-dir. root-dir may be  specified
       as  "*"	to  match  any	home directory.	The owner or group may each be
       specified as "*", in which case any  uploaded files or directories will
       be  created  with the ownership of the directory	in which they are cre-
       ated. The optional first	parameter selects whether root-dir  names  are
       interpreted  as	absolute  or relative to the current chroot'd environ-
       ment. The default is to interpret  <root-dir> names  as	absolute.  You
       can  specify  any  number  of  class=classname restrictions. If any are
       specified, this upload clause only takes	effect if the current user  is
       a member	of one of the classes.

	      In  the  absence	of  any	matching upload	clause,	real and guest
	      users can	upload files and make directories, but anonymous users
	      cannot. The mode of uploaded files is 0666. For created directo-
	      ries, the	mode is	0777. Both modes are modified by  the  current
	      umask setting.

       throughput root-dir subdir-glob file-glob-list

       bytes-per-second	bytes-per-second-multiply remote-glob-list
	     Define files by means of a	comma-separated	file-glob-list in sub-
	     dir matched  by  subdir-glob under	root-dir that have  restricted
	     transfer  throughput of bytes-per-second on download when the re-
	     mote hostname or remote IP	address	 matches  the  comma-separated
	     remote-glob-list.	Entries	are matched on a best-match basis. For
	     example:

       throughput /e/ftp *    *	     oo	  -   *
       throughput /e/ftp /sw* *	     1024 0.5 *
       throughput /e/ftp /sw* README oo	  -   *
       throughput /e/ftp /sw* *	     oo	  -   *.foo.com

	      would set	maximum	throughput per default,	but restrict  download
	      to  1024	 bytes	per second for any files under /e/ftp/sw/ that
	      are not named README. The	only exceptions	are remote hosts  from
	      within  the domain  foo.com which	always get maximum throughput.
	      Every  time  a  remote  client  has  retrieved  a	  file	 under
	      /e/ftp/sw/  the bytes per	seconds	of the matched entry  line are
	      internally multiplied by a factor, here 0.5.   When  the	remote
	      client  retrieves	 its second file,  it is served	with 512 bytes
	      per second, the third time with only 256 bytes per  second,  the
	      fourth  time  with  only	128  bytes  per	second,	and so on. The
	      string  "oo"  for	the bytes per second field means no throughput
	      restriction.  A multiply factor of 1.0 or	"-" means no change of
	      the throughput after every  successful  transfer.	 The  root-dir
	      here  must  match	 the  home directory specified in the password
	      database . The throughput	 keyword only  applies	to  users  who
	      have a home directory of root-dir.

       anonymous-root root-dir [class...]
	     root-dir specifies	the chroot() path for anonymous	users.	 If no
	     anonymous-root is matched,	the old	method of parsing the home di-
	     rectory   for  the	 FTP  user is used. If no class	 is specified,
	     this is the root directory	for anonymous users who	do  not	 match
	     any  other	anonymous-root specification.  Multiple	classes	may be
	     specified on this line. If	an anonymous-root is  chosen  for  the
	     user,    the   FTP	  user's     home   directory  in  the	 root-
	     dir/etc/passwd  file is used to determine the  initial  directory
	     and   the	 FTP  user's   home   directory	 in   the  system-wide
	     /etc/passwd is not	used. For example:

       anonymous-root /home/ftp
       anonymous-root /home/localftp localnet

	      causes all anonymous users  to  be  chroot'd  to	the  directory
	      /home/ftp. If the	FTP user exists	in /home/ftp/etc/passwd, their
	      initial CWD is that home	directory.   Anonymous	users  in  the
	      class   localnet,	  however,   are  chroot'd  to	the  directory
	      /home/localftp and their initial	CWD  is	 taken	from  the  FTP
	      user's home directory in /home/localftp/etc/passwd.

       guest-root root-dir [uid-range...]
	     root-dir  specifies  the  chroot()	 path  for  guest users. If no
	     guest-root	is matched, the	old method of parsing the user's  home
	     directory	is  used.   If	no uid-range is	specified, this	is the
	     root directory for	guestusers who do not match any	 other	guest-
	     root  specification.  Multiple  UID  ranges may be	 given on this
	     line. If a	 guest-root is chosen for the user,  the  user's  home
	     directory	in  the	 root-dir/etc/passwd file is used to determine
	     the initial directory and the home	directory in  the  system-wide
	     /etc/passwd is not	used. uid-range	specifies names	or numeric UID
	     values. To	use numbers, put a % symbol before it  or  before  the
	     range. Ranges are specified by  giving the	lower and upper	bounds
	     (inclusive), separated by a dash. If the lower bound is  omitted,
	     it	 means	"all  up  to." If the upper bound is omitted, it means
	     "all starting from." For example:

       guest-root /home/users
       guest-root /home/staff %100-999 sally
       guest-root /home/users/owner/ftp	frank

       causes all guest	users to chroot() to /home/users then starts each user
       in	the    user's	  home	  directory,	as    specified	    in
       /home/users/etc/passwd.	Users in the range 100	through	  999,	inclu-
       sive,   and  user  sally,  will	be chroot'd to /home/staff and the CWD
       will  be	taken from their entries in /home/staff/etc/passwd. The	single
       user  frank  will be chroot'd to	/home/users/owner/ftp and the CWD will
       be from his entry  in /home/users/owner/ftp/etc/passwd.

	      The order	is important for both anonymous-root  and  guest-root.
	      If  a user would match multiple clauses, only the	first applies;
	      with the exception of the	clause which  has  no  class  or  uid-
	      range, which applies only	if no other clause matches.

       deny-uid	uid-range [uid-range...]

       deny-gid	gid-range [gid-range...]

       allow-uid uid-range   [uid-range...]

       allow-gid gid-range [gid-range...]
	     Use  these	clauses	to specify UID and GID values that will	be de-
	     nied access to  the  FTP  Server.	The  allow-uid	and  allow-gid
	     clauses may be used to allow access for  UID and GID values which
	     would otherwise be	denied.	 These checks occur before all others.
	     deny  is  checked before allow.  The default is to	allow  access.
	     These clauses do not apply	to anonymous users. Use	 defaultserver
	     private  to deny access to	anonymous users. In most cases,	 these
	     clauses obviate the need for an ftpusers(4) file.	 For  example,
	     the following clauses deny	FTP Server access to all privileged or
	     special users and groups, except the guest1 user or group.

       deny-gid	%-99 nobody noaccess nogroup
       deny-uid	%-99 nobody noaccess nobody4
       allow-gid guest1
       allow-uid guest1

	      Support for the ftpusers file still exists, so it	 may  be  used
	      when  changing the ftpaccess file	is not desired.	In any place a
	      single UID or  GID  is allowed throughout	 the  ftpaccess	 file,
	      either  names or numbers also may	be used.  To use a number, put
	      a	'%' symbol before it.  In places where a range is allowed, put
	      the '%' before the range.	A "*" matches all UIDs or GIDs.

       restricted-uid uid-range	[uid-range...]

       restricted-gid gid-range	[gid-range...]

       unrestricted-uid	   uid-range [uid-range...]

       unrestricted-gid	gid-range [gid-range...]
	     These clauses control whether or not real or guest	users will  be
	     allowed access to areas on	the  FTP  site outside their home  di-
	     rectories.	  These	 clauses  are  not meant to replace the	use of
	     guestgroup	and guestuser. Instead,	use these clauses  to  supple-
	     ment  the	operation  of  guests.	The unrestricted-uid and unre-
	     stricted-gid clauses may be used to  allow	 users	outside	 their
	     home directories who would	otherwise be restricted.

	     The  following  example shows the intended	use for	these clauses.
	     Assume  user  dick	has a home directory /home/dick	and jane has a
	     home directory /home/jane:

       guest-root /home	dick jane
       restricted-uid dick jane

	      While both dick and jane are chroot'd to /home, they  cannot ac-
	      cess each	other's	 files because they are	 restricted  to	 their
	      home  directories.  However, you should not rely solely upon the
	      FTP restrictions to control access.  As with all other  FTP  ac-
	      cess  rules, you should also use directory  and file permissions
	      to support the operation of the ftpaccess	configuration.

       site-exec-max-lines number [class...]
	     The SITE EXEC feature traditionally limits	the number of lines of
	     output  that  may	be sent	to the remote client.  Use this	clause
	     to	set this limit.	If this	clause is omitted,  the	 limit	is  20
	     lines.  A limit of	0 (zero)  implies no limit. Be very careful if
	     you choose	to remove the limit.  If a clause is   found  matching
	     the  remote  user's   class,  that	 limit is used.	Otherwise, the
	     clause with class '*', or no class	given, is used.	 For example:

       site-exec-max-lines 200 remote
       site-exec-max-lines 0 local
       site-exec-max-lines 25

	      limits output from SITE EXEC (and	therefore SITE INDEX)  to  200
	      lines   for  remote  users,  specifies there  is no limit	at all
	      for local	users, and sets	a limit	of  25	lines  for  all	 other
	      users.

       dns refuse_mismatch filename [override]
	     Refuse  FTP sessions when the forward and reverse lookups for the
	     remote site do not	match.	Display	the named file,	like a message
	     file,  admonishing	 the user.  If the optional override is	speci-
	     fied, allow the connection	after complaining.

       dns refuse_no_reverse filename [override]
	     Refuse FTP	sessions when there is no reverse DNS  entry  for  the
	     remote  site. Display the named file, like	a message file,	admon-
	     ishing the	user. If the optional override is specified, allow the
	     connection	after complaining.

       dns resolveroptions [options]
	     The  dns  resolveroptions	 option	 allows	  you  to  adjust name
	     server options. The line takes a series of	flags as documented in
	     resolver(3resolv),	 with  the leading RES_	removed.  Each	can be
	     preceded by an optional + or -.  For example:

       dns resolveroptions +aaonly -dnsrch

	      turns on the aaonly option  (only	  accept   authoritative   an-
	      swers) and turns off the dnsrch option (search the domain	path).

       Lines that begin	with a # sign are treated as comment lines and are ig-
       nored.

FILES
	/etc/ftpd/ftpaccess

ATTRIBUTES
       See attributes(5)  for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE	TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWftpr			   |
       +-----------------------------+-----------------------------+

SEE ALSO
       compress(1), ls(1), tar(1), ftpaddhost(1M), ftpconfig(1M), ftpshut(1M),
       in.ftpd(1M),  chroot(2),	nice(2), umask(2), getgrnam(3C), resolver(3re-
       solv),  ftpconversions(4),  ftpgroups(4),  ftpservers(4),  ftpusers(4),
       timezone(4), xferlog(4),	attributes(5), fnmatch(5)

       Crocker,	 David	H.  RFC	 822, Standard For The Format Of ARPA Internet
       Text Messages. Network Information Center. August 1982.

       St. Johns, Michael. RFC 931,  Authentication  Server.  Network  Working
       Group. January 1985.

SunOS 5.9			  16 Oct 2001			  ftpaccess(4)

NAME | SYNOPSIS | DESCRIPTION | FILES | ATTRIBUTES | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=ftpaccess&sektion=4&manpath=SunOS+5.9>

home | help