Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
FTPUSERS(5)		  FreeBSD File Formats Manual		   FTPUSERS(5)

     ftpusers, ftpchroot -- tnftpd(8) access control file

     The ftpusers file provides	user access control for	tnftpd(8) by defining
     which users may login.

     If	the ftpusers file does not exist, all users are	denied access.

     A "\" is the escape character; it can be used to escape the meaning of
     the comment character, or if it is	the last character on a	line, extends
     a configuration directive across multiple lines.  A "#" is	the comment
     character,	and all	characters from	it to the end of line are ignored (un-
     less it is	escaped	with the escape	character).

     The syntax	of each	line is:
	   userglob[:groupglob][@host] [directive [class]]

     These elements are:

	   userglob   matched against the user name, using fnmatch(3) glob
		      matching (e.g, `f*').

	   groupglob  matched against all the groups that the user is a	member
		      of, using	fnmatch(3) glob	matching (e.g, `*src').

	   host	      either a CIDR address (refer to inet_net_pton(3))	to
		      match against the	remote address (e.g, `'), or
		      an fnmatch(3) glob to match against the remote hostname
		      (e.g, `*').

	   directive  If "allow" or "yes" the user is allowed access.  If
		      "deny" or	"no", or directive is not given, the user is
		      denied access.

	   class      defines the class	to use in ftpd.conf(5).

     If	class is not given, it defaults	to one of the following:

	   chroot  If there is a match in /usr/local/etc/ftpchroot for the

	   guest   If the user name is "anonymous" or `ftp'.

	   real	   If neither of the above is true.

     No	further	comparisons are	attempted after	the first successful match.
     If	no match is found, the user is granted access.	This syntax is back-
     ward-compatible with the old syntax.

     If	a user requests	a guest	login, the tnftpd(8) server checks to see that
     both "anonymous" and "ftp"	have access, so	if you deny all	users by de-
     fault, you	will need to add both "anonymous allow"	and "ftp allow"	to
     /usr/local/etc/ftpusers in	order to allow guest logins.

     The file /usr/local/etc/ftpchroot is used to determine which users	will
     have their	session's root directory changed (using	chroot(2)), either to
     the directory specified in	the ftpd.conf(5) chroot	directive (if set), or
     to	the home directory of the user.	 If the	file does not exist, the root
     directory change is not performed.

     The syntax	is similar to ftpusers,	except that the	class argument is ig-
     nored.  If	there's	a positive match, the session's	root directory is
     changed.  No further comparisons are attempted after the first successful
     match.  This syntax is backward-compatible	with the old syntax.

     /usr/local/etc/ftpchroot			List of	normal users who
						should have their ftp ses-
						sion's root directory changed
						by using chroot(2).
     /usr/local/etc/ftpusers			This file.
     /usr/local/share/examples/tnftpd/ftpusers	A sample ftpusers file.

     fnmatch(3), inet_net_pton(3), ftpd.conf(5), tnftpd(8)

FreeBSD	13.0		       February	28, 2003		  FreeBSD 13.0


Want to link to this manual page? Use this URL:

home | help