ftpaccess(4)

Define class of users, with source addresses of the form addrglob. Multiple members of class may be defined. There may be multiple class commands, listing additional members of the class. If multiple class commands can apply to the current session, the first one listed in the access file is used. Failing to define a valid class for a host will cause access to be denied. typelist is a comma-separated list of any of the keywords anonymous, guest and real. If the real keyword is included, the class can match users using FTP to access real accounts, and if the anonymous keyword is included, the class can match users using anonymous FTP. The guest keyword matches guest access accounts (see guestgroup below for more information)

addrglob may be a globbed domain name or a globbed numeric address. There can be multiple addrglob's for this directive. To avoid confusion when you have multiple addrglob's, you can put all the addrglob's in a file and specify the path of the file in place of the addrglob's.

If a real user is a member of any of groupname, the session is set up exactly as with anonymous FTP. In other words, a chroot() is done, and the user is no longer permitted to issue the USER and PASS commands. groupname is a valid group from /etc/group (or whatever mechanism your getgrent() library routine uses).

The user's home directory must be properly set up, exactly as anonymous FTP would be. The home directory field of the passwd entry is divided into two directories. The first field is the root directory which will be the argument to the chroot call. The second half is the user's home directory relative to the root directory. The two halves are separated by a /./.

Example:

In the /etc/passwd file, the sample entry is:

guest1:<passwd>:100:92:Guest Account:/ftp/./incoming:/etc/ftponly

When guest1 successfully logs in, the ftp server will chroot (/ftp) and then chdir (/incoming). The guest user will only be able to access the directory structure under /ftp (which will look and act as / to guest1), just as an anonymous FTP user would.

Always deny retrievability of these files. If the files are an absolute path specification (i.e. begins with / character), then only those files are marked unretrievable. Otherwise all files with the matching filename are refused transfer. Example:

noretrieve /etc/passwd core

specifies that no one is able to get the file /etc/passwd, whereas they are allowed to transfer a file, passwd, if it is not in /etc. On the other hand, no one is be able to get a file named core wherever it is.

No globbing is done.

After a user logs in, the SITE GROUP and SITE GPASS ftpd commands may be used to specify an enhanced access group and associated password. If the group name and password are valid, the user becomes (via setgid()) a member of the group specified in the group access file, /etc/ftpd/ftpgroups.

The format of the group access file is:

access_group_name:encrypted_password:real_group_name

where access_group_name" is an arbitrary (alphanumeric and punctuation) string. encrypted_password is the password encrypted via crypt() (see crypt(3C)) exactly like in /etc/passwd. real_group_name is the name of a valid group listed in /etc/group.

NOTE: For this option to work for anonymous FTP users, the ftp server must keep /etc/group permanently open and the group access file is loaded into memory. This means that: (1) the ftp server now has an additional file descriptor open, and (2) the necessary passwords and access privileges granted to users via SITE GROUP (see ftpd(1M)) will be static for the duration of an FTP session. If you have an urgent need to change the access groups and/or passwords now, you just kill all of the running FTP servers.

Define a file with path such that ftpd will display the contents of the file to the user at login time or upon using the change working directory command. The when parameter may be LOGIN or CWD=<dir>. If when is CWD=<dir>, dir specifies the new default directory which will trigger the notification.

The optional class specification allows the message to be displayed only to members of a particular class. More than one class may be specified.

In the message file the user can key in a message and use the `macros' or `magic cookies' that are available. The ftp server will replace the cookie with a specified text string. The following magic cookies are available:

Define a file with path such that ftpd will notify user at login time or upon using the change working directory command that the file exists and was modified on such-and-such date. The when parameter may be LOGIN or CWD=<dir>. If when CWD=<dir>, dir specifies the new default directory which will trigger the notification. The message will only be displayed once, to avoid bothering users. Remember that when README messages are triggered by an anonymous FTP user, the path must be relative to the base of the anonymous FTP directory tree.

The optional class specification allows the message to be displayed only to members of a particular class. More than one class may be specified.

Defines an alias, string, for the specified directory, dir. Can be used to add the concept of logical directories.

For example:

alias rfc /pub/doc/rfc

would allow the user to access /pub/doc/rfc from any directory by the command cd rfc:. Aliases only apply to the cd command.

Defines a directory entry in the cdpath. dir defines a search path that is used when changing directories.

For example:

cdpath /pub/packages cdpath /.aliases

would allow the user to cd into any directory directly under /pub/packages or /.aliases directories. The search path is defined by the order in which the lines appear in the /etc/ftpd/ftpaccess file.

If the user were to give the command:

cd foo

The directory will be searched for in the following order:

If the file pointed to by path exists, the server will check the file regularly to see if the server is going to be shut down. If a shutdown is planned, the user is notified, new connections are denied after a specified time before shutdown and current connections are dropped at a specified time before shutdown. path points to a file structured as follows:

deny_offset and disc_offset are the offsets in HHMM format before the shutdown time that new connections will be denied and existing connections will be disconnected.

text follows the normal rules for any message (see message in the Informational Capabilities subsection), with the following additional magic cookies available:

All times are in the form: ddd MMM DD hh:mm:ss YYYY. There can be only one shutdown command in the configuration file.

The external program ftpshut can be used to automate the process of generating this file.

Allows or disallows the ability to perform the specified function. By default, all users are allowed.

typelist is a comma-separated list of any of the keywords anonymous, guest and real.

For users in typelist, path-filter defines regular expressions that control what a filename can or cannot be. Disallowed regular expressions, disallowed_regexp, may be specified with multiple regular expressions (see regexp(5)). If a filename is invalid due to failure to match the regular expression criteria, mesg will be displayed to the user. For example:

path-filter anonymous /etc/pathmsg ^[-A-Za-z0-9_\.]*$ ^\. ^-

specifies that all upload filenames for anonymous users must be made of only the characters A-Z, a-z, 0-9, period (.), dash (-), and underscore (_); and may not begin with a period (.) or a dash (-). If the filename is invalid, /etc/pathmsg will be displayed to the user.

Define a directory with dirglob that permits or denies uploads.

If it does permit uploads, all files will be owned by owner and group and will have the permissions set according to mode.

Directories are matched on a best-match basis.

For example:

This would only allow uploads into /incoming and /incoming/gifs. Files that were uploaded to /incoming would be owned by ftp/daemon and would have permissions of 0666. File uploaded to /incoming/gifs would be owned by jlc/guest and have permissions of 0600. Note that the root-dir here must match the home directory specified in the password database for the ftp user.

The optional dirs and nodirs keywords can be specified to allow or disallow the creation of new subdirectories using the mkdir command.

The upload keyword only applies to users who have a home directory (the argument to the chroot()) of root-dir.