unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (SunOS-5.10)
Page:
Section:
Apropos / Subsearch:
optional field

ftpaccess(4)                     File Formats                     ftpaccess(4)



NAME
       ftpaccess - FTP Server configuration file

SYNOPSIS
       /etc/ftpd/ftpaccess

DESCRIPTION
       The  ftpaccess  file  is  used  to  configure  the operation of the FTP
       Server.

   Access Capabilities
       The following access capabilities are supported:

       autogroup groupname class [class...]

           If an anonymous user is a member of any of class,  the  FTP  Server
           will perform a setegid(2) to groupname. This allows access to group
           and owner read-only files and directories to a particular class  of
           anonymous  users.  groupname  is  a  valid group returned by getgr-
           nam(3C).



       class class typelist addrglob [addrglob...]

           Define class of users, with source addresses of the form  addrglob.
           Multiple  members  of  class  may be defined. There may be multiple
           class commands listing additional members of the class. If multiple
           class  commands  can  apply  to  the current session, the first one
           listed in the access file is used. If a valid class for a  host  is
           not  defined,  access will be denied. typelist is a comma-separated
           list of any of the keywords anonymous, guest, and real. If the real
           keyword  is included, the class can match users using FTP to access
           real accounts. If the anonymous keyword is included the  class  can
           match  users  using  anonymous FTP. The guest keyword matches guest
           access accounts.

           addrglob may be a globbed domain name or  a  globbed  numeric  IPv4
           address.  It  may also be the name of a file, starting with a slash
           ('/'),  which  contains  additional  address  globs.  IPv4  numeric
           addresses  may  also  be  specified  in the form address:netmask or
           address/CIDR. IPv6 numeric addresses can only be specified with  an
           optional CIDR, not using globs or netmasks.

           Placing an exclamation (!) before an addrglob negates the test. For
           example,


           class rmtuser real !*.example.com

           will classify real users from outside the example.com domain as the
           class  rmtuser.  Use care with this option. Remember, the result of
           each test is OR'ed with other tests on the line.



       deny addrglob [message_file]

           Deny access  to  host(s)  that  match  addrglob  and  display  mes-
           sage_file.  If the value of addrglob is !nameserved access to sites
           without a working nameservers is denied. message_file  may  contain
           magic cookies. See message for more details.



       guestgroup groupname [groupname...]
       guestuser username [username...]
       realgroup groupname [groupname...]
       realuser username [username...]

           For  guestgroup,  if  a real user is a member of any groupname, the
           session is set up like anonymous FTP. groupname is  a  valid  group
           returned  by getgrnam(3C). The user's home directory must be set up
           exactly as anonymous FTP would be. The home directory field of  the
           passwd  entry  is  divided into two directories. The first field is
           the root directory that will be the argument to the chroot(2) call.
           The second field is the user's home directory, relative to the root
           directory. Use a "/./" to separate the two fields. For example, the
           following is the real entry in /etc/passwd:


           guest1:x:100:92:Guest FTP:/export/home/guests/./guest1:/bin/true

           When  guest1  successfully logs in, the FTP Server will chroot() to
           /export/home/guests and then chdir(2) to /guest1.  The  guest  user
           will   only  be  able  to  access  the  directory  structure  under
           /export/home/guests, which will look and act as / to  guest1,  just
           as  an  anonymous FTP user would. The -d option to ftpconfig(1M) is
           useful when creating guest FTP user accounts. The group name may be
           specified  by either name or numeric ID. To use a numeric group ID,
           place a percent sign (%) before the number. You  can  give  ranges.
           Use an asterisk to indicate all groups. guestuser works like guest-
           group, except that it uses the user name or  numeric  ID.  realuser
           and  realgroup have the same syntax, but they reverse the effect of
           guestuser and guestgroup. They allow  real  user  access  when  the
           remote user would otherwise be determined a guest.


           guestuser *
           realgroup admin

           causes  all  non-anonymous  users  to be treated as guest, with the
           sole exception of users in the admin group, who  are  granted  real
           user access.






       nice nice-delta [class]

           Adjust  the  process  nice  value  of the FTP server process by the
           indicated nice-delta value if the remote user is a  member  of  the
           named  class. If class is not specified, then use nice-delta as the
           default adjustment to the  FTP  server  process  nice  value.  This
           default  nice  value adjustment is used to adjust the nice value of
           the server process only for those users who do not  belong  to  any
           class  for  which  a  class-specific  nice  directive exists in the
           ftpaccess file.



       defumask umask [class]

           Set the umask applied to files created by the  FTP  server  if  the
           remote  user is a member of the named class. If class is not speci-
           fied, then use the umask as the default for  classes  that  do  not
           have  one specified.. The mode of files created may be specified by
           using the upload directive.



       tcpwindow size [class]

           Set the TCP window size (socket buffer size) for the  data  connec-
           tion.  Use  this to control network traffic. For instance, slow PPP
           dialin links may need smaller TCP windows to speed  up  throughput.
           If you do not know what this does, do not set it.



       ipcos control|data value [typelist]

           Set  the IP Class of Service for either the control or data connec-
           tion.

           For connections using AF_INET type sockets, this sets the  Type  of
           Service field in the IP header to the value specified.

           For  connections using AF_INET6 type sockets, this sets the Traffic
           Class field in the IP header to the value specified.

           When configured through inetd.conf(4),  the  socket  type  is  con-
           trolled  by  the protocol field of the ftp service. When running in
           standalone  mode  the  default  socket  type   is   AF_INET6.   The
           in.ftpd(1M) -4 option selects AF_INET.

           typelist  is  a  comma-separated list of any of the keywords anony-
           mous, guest, real, and class=. When class= appears, it must be fol-
           lowed by a class name.



       keepalive yes|no

           Set  the TCP SO_KEEPALIVE option for control and data sockets. This
           can be used to control network disconnect. If yes, then set it.  If
           no, then use the system default (usually off). You probably want to
           set this.



       timeout accept seconds
       timeout connect seconds
       timeout data seconds
       timeout idle seconds
       timeout maxidle seconds
       timeout RFC931 seconds

           Set various timeout conditions.


           accept                  How long the FTP Server will  wait  for  an
                                   incoming   (PASV)   data   connection.  The
                                   default is 120 seconds.









           connect                 How long the FTP Server will wait  attempt-
                                   ing  to  establish  an outgoing (PORT) data
                                   connection. This effects the actual connec-
                                   tion  attempt.  The  daemon  makes  several
                                   attempts, sleeping  between  each  attempt,
                                   before  giving  up. The default is 120 sec-
                                   onds.



           data                    How long the FTP Server will wait for  some
                                   activity on the data connection. You should
                                   keep this long because  the  remote  client
                                   may  have  a  slow  link,  and there can be
                                   quite a bit of data queued for the  client.
                                   The default is 1200 seconds.



           idle                    How  long  the FTP Server will wait for the
                                   next command. The default is  900  seconds.
                                   The default can also be overridden by using
                                   the -t option  at  the  command-line.  This
                                   access clause overrides both.



           maxidle                 The  SITE  IDLE  command  allows the remote
                                   client to establish a higher value for  the
                                   idle  timeout.  The maxidle clause sets the
                                   upper limit that the  client  may  request.
                                   The default can also be overridden by using
                                   the -T option  at  the  command-line.  This
                                   access  clause  overrides both. The default
                                   is 7200 seconds.



           RFC931                  The maximum time the FTP server allows  for
                                   the  entire  RFC931  (AUTH/ident) conversa-
                                   tion. Setting this to zero (0) disables the
                                   server's use of this protocol. The informa-
                                   tion  obtained  by  means  of   RFC931   is
                                   recorded  in  the  system  logs  and is not
                                   actually used in  any  authentication.  The
                                   default is 10 seconds.



       file-limit [raw] in|out|total count [class]

           Limit the number of data files a user in the given class may trans-
           fer. The limit may be placed on files in,  out,  or  total.  If  no
           class  is  specified, the limit is the default for classes which do
           not have a limit specified.  The optional parameter raw applies the
           limit to the total traffic rather than just data files.



       data-limit [raw] in|out|total count [class]

           Limit the number of data bytes a user in the given class may trans-
           fer. The limit may be placed on bytes in,  out,  or  total.  If  no
           class  is  specified, the limit is the default for classes which do
           not have a limit specified. Note that once it  has  been  exceeded,
           this  limit  will  prevent  transfers,  but it will not terminate a
           transfer in progress. The optional parameter raw applies the  limit
           to total traffic rather than just data files.



       limit-time *|anonymous|guest minutes

           Limit  the  total  time a session can take. By default, there is no
           limit. Real users are never limited.



       guestserver [hostname...]

           Control which hosts may be used for anonymous access. If used with-
           out  hostname,  all  anonymous  access is denied to this site. More
           than one hostname may be specified. Anonymous access will  only  be
           allowed  on  the named machines. If access is denied, the user will
           be asked to use the first hostname listed.



       limit class n times [message_file]

           Limit class to n users at times times, displaying  message_file  if
           the user is denied access. A limit check is performed at login time
           only. If multiple limit commands can apply to the current  session,
           the  first applicable one is used. Failing to define a valid limit,
           or a limit of -1, is equivalent to no limits. The format  of  times
           is:


           day[day...][time-range][|day[day...][time-range]]...

           The  value  of  day  can be Su, Mo, Tu, We, Th, Fr, Sa, Wk (for any
           weekday Monday through Friday), or Any. time-range  is  in  24-hour
           clock  notation.  If a time range is not specified, any time of the
           day is matched. Multiple day and time-range may be specified by the
           "|"  symbol.  For example, Wk1730-0900|Sa|Su specifies 5:30 p.m. to
           9:00 a.m., Monday through Friday, and  anytime  on  weekends.  mes-
           sage_file may contain magic cookies. See message for more details.



       noretrieve [absolute|relative]
       [class=classname...][-] filename [filename...]

           Always  deny retrievability of these files. If filename specifies a
           pathname that begins with '/' character, then only those files  are
           marked no retrieve. Otherwise all files that match the filename are
           refused transfer. For example, noretrieve /etc/passwd  core  speci-
           fies no one will be able to retrieve the /etc/passwd file. You will
           be allowed to transfer any file named passwd that is not in /etc.

           On the other hand, no one will be able to  get  files  named  core,
           wherever they are. Directory specifications mark all files and sub-
           directories in the named directory unretrievable. The filename  may
           be specified as a file glob. For example,


           noretrieve /etc /home/*/.htaccess

           specifies that no files in /etc or any of its subdirectories may be
           retrieved. Also, no files named .htaccess anywhere under the  /home
           directory  may  be  retrieved. The optional first parameter selects
           whether names are interpreted as absolute or relative to  the  cur-
           rent chroot'd environment. The default is to interpret names begin-
           ning with a slash as absolute. The noretrieve restrictions  may  be
           placed  upon members of particular classes. If any class= is speci-
           fied, the named files cannot be retrieved only if the current  user
           is a member of one of the given classes.




       allow-retrieve [absolute|relative]
       [class=classname...][-] filename [filename...]

           Allows  retrieval of files which would otherwise be denied by nore-
           trieve.




       loginfails number

           After number login failures, log a "repeated login  failures"  mes-
           sage and terminate the FTP connection. The default value for number
           is 5.



       private yes | no

           Allow or deny use of the SITE GROUP and SITE GPASS  commands  after
           the user logs in. The SITE GROUP and SITE GPASS commands specify an
           enhanced access group and associated password. If  the  group  name
           and  password  are  valid,  the  user becomes a member of the group
           specified in the group access file /etc/ftpd/ftpgroups by means  of
           setegid(2).  See  ftpgroups(4) for the format of the file. For this
           option to work for anonymous FTP users, the FTP  Server  must  keep
           /etc/group  permanently  open  and  load the group access file into
           memory. This means that the FTP Server now has an  additional  file
           descriptor  open, and the necessary passwords and access privileges
           granted to users by means of SITE GROUP  will  be  static  for  the
           duration  of  an  FTP session. If you have an urgent need to change
           the access groups or passwords now, you have to  kill  all  of  the
           running FTP Servers.



   Informational Capabilities
       The following informational capabilities are supported:

       greeting full|brief|terse
       greeting text message

           The  greeting command allows you to control how much information is
           given out before the remote user logs in. greeting full,  which  is
           the default greeting, shows the hostname and daemon version. greet-
           ing brief shows the hostname.   greeting  terse  simply  says  "FTP
           Server ready." Although full is the default, brief is suggested.

           The  text  form allows you to specify any greeting message. message
           can be any string. Whitespace (spaces and tabs) is converted  to  a
           single space.




       banner path

           The  banner  command  operates  similarly  to  the message command,
           except that the banner is displayed  before  the  user  enters  the
           username.  The path is relative to the real system root, not to the
           base of the anonymous FTP directory.

           Use of the banner command can completely prevent non-compliant  FTP
           clients from making use of the FTP Server. Not all clients can han-
           dle multi-line responses, which is how the banner is displayed.



       email name

           Use this command to define the email address  for  the  FTP  Server
           administrator.  This string will be printed every time the %E magic
           cookie is used in message files.



       hostname some.host.name

           Defines the default host name of the FTP Server. This  string  will
           be  printed  on  the  greeting  message and every time the %L magic
           cookie is used. The host name for virtual  servers  overrides  this
           value.  If no host name is specified, the default host name for the
           local machine is used.



       message path [when [class...]]

           Define a file with path such that the FTP Server will  display  the
           contents  of  the  file to the user at login time or upon using the
           change working directory command. The when parameter may  be  LOGIN
           or  CWD=dirglob.  If  whenis CWD=dirglob, dirglob specifies the new
           default directory that will trigger the notification. A dirglob  of
           "*" matches all directories.

           The optional class specification allows the message to be displayed
           only to members of a particular class. More than one class  may  be
           specified.

           "Magic cookies" can be present in path that cause the FTP Server to
           replace the cookie with a specified text string:


           %T       Local time. For example, Thu Nov 15 17:12:42 1990.




           %F       Free space in partition of CWD, in Kbytes.



           %C       Current working directory.



           %E       The email address for the FTP Server administrator.



           %R       Remote host name.



           %L       Local host name.



           %U       Username given at login time.



           %u       Username as defined by means of RFC 931 authentication.



           %M       Maximum allowed number of users in this class.



           %N       Current number of users in this class.


           The following quota magic cookies are also supported but not always
           set (see the quota-info capability):


           %B       absolute limit on disk blocks allocated



           %b       preferred limit on disk blocks



           %Q       current block count



           %I       maximum number of allocated inodes (+1)



           %i       preferred inode limit



           %q       current number of allocated inodes



           %H       time limit for excessive disk use



           %h       time limit for excessive files


           The  message  is  displayed  only  once to avoid annoying the user.
           Remember that when messages are triggered by an anonymous or  guest
           FTP  user,  they  must  be relative to the base of the anonymous or
           guest FTP directory tree.


       quota-info uid-range [uid-range...]

           Enable retrieval of quota information for users matching uid-range.
           This  sets  the  quota  magic cookies. Retrieving quota information
           might cause a significant delay when logging into the server.

           uid-range can be a username, single UID, or a UID  range.  Place  a
           percent sign(%) before a number. An asterisk means "all users."



       readme pathglob [when [class...]]

           Define  a  file  with pathglob such that the FTP Server will notify
           the user at login time or upon using the change  working  directory
           command that the file exists and the date that it was modified. The
           when parameter may be LOGIN or CWD=dirglob. If when is CWD=dirglob,
           dirglob  specifies  the new default directory that will trigger the
           notification. A dirglob of "*" matches all directories. The message
           will  only  be  displayed  once, to avoid bothering users. Remember
           that when README messages are triggered by an  anonymous  or  guest
           FTP  user,  the pathglob must be relative to the base of the anony-
           mous or guest FTP directory tree.

           The optional class specification allows the message to be displayed
           only  to  members  of a particular class. You can specify more than
           one class.



   Logging Capabilities
       The following logging capabilities are supported:

       log commands typelist

           Enables logging of the individual FTP commands sent by users. type-
           list  is  a  comma-separated list of any of the keywords anonymous,
           guest, and real. Command logging information is written to the sys-
           tem log.



       log transfers typelist directions

           Log  file  transfers made by FTP users to the xferlog(4) file. Log-
           ging of incoming transfers to the server can be enabled  separately
           from outbound transfers from the server. directions is a comma-sep-
           arated list of any of the two keywords inbound  and  outbound,  and
           will  respectively  cause  transfers to be logged for files sent to
           and from the server.



       log security typelist

           Enables logging of violations of security rules to the system  log,
           including for example, noretrieve and .notar.



       log syslog
       log syslog+xferlog

           Redirect  the  logging messages for incoming and outgoing transfers
           to syslog. Without this option the messages are written to xferlog.
           When you specify syslog+xferlog, the transfer log messages are sent
           to both the system log file and the xferlog file.




       xferlog format formatstring

           Customize the format of the transfer  log  entry  written.  format-
           string  can  be  any  string,  which  might  include magic cookies.
           Strings of whitespace characters are converted into a single space.

           The following transfer-specific magic cookies are  recognized  only
           immediately after a transfer has been completed:


           %Xt      transfer-time




           %Xn      bytes-transferred



           %XP      filename



           %Xp      chroot-filename



           %Xy      transfer-type



           %Xf      special-action-flag



           %Xd      direction



           %Xm      access-mode



           %Xa      authentication-method



           %Xc      completion-status



           %Xs      file-size



           %Xr      restart-offset


           xferlog(4)  includes  a  description of these fields. If no xferlog
           format entry is present, the default is:


           xferlog format %T %Xt %R %Xn %XP %Xy %Xf %Xd %Xm %U ftp %Xa %u %Xc



   Miscellaneous Capabilities
       The following miscellaneous capabilities are supported:

       alias string dir

           Define an alias,  string, for a directory. Use this command to  add
           the  concept  of  logical  directories.  For  example:  alias  rfc:
           /pub/doc/rfc would allow the user to access /pub/doc/rfc  from  any
           directory  by  the  command "cd rfc:". Aliases only apply to the cd
           command.



       cdpath dir

           Define an entry in the cdpath. This command defines a  search  path
           that is used when changing directories. For example:


           cdpath /pub/packages
           cdpath /.aliases

           would  allow  the  user  to  move into any directory directly under
           either the /pub/packages or the /.aliases directories.  The  search
           path  is  defined  by  the  order  in which the lines appear in the
           ftpaccess file. If the user were to give the command  ftp>>  cd  foo
           the directory will be searched for in the following order:


                ./foo

                an alias called foo

                /pub/packages/foo

                /.aliases/foo

           The  cdpath  is  only  available with the cd command. If you have a
           large number of aliases, you might want to set up an aliases direc-
           tory  with  links to all of the areas you wish to make available to
           users.



       compress yes|no classglob [classglob...]
       tar yes|no classglob [classglob...]

           Enable the use of conversions marked with the O_COMPRESS,  O_UNCOM-
           PRESS,  and  O_TAR options in /etc/ftpd/ftpconversions. See ftpcon-
           versions(4).




       shutdown path

           If the file pointed to by path exists, the server  will  check  the
           file  regularly to see if the server is going to be shut down. If a
           shutdown is planned, the user is  notified.   New  connections  are
           denied  after a specified time before shutdown. Current connections
           are dropped at a specified time before shutdown.

           The format of the file specified by path is:


           year month day hour minute deny_offset disc_offset text


           year                    A value of 1970 or greater.




           month                   A value of 0 to 11.



           day                     A value of 1 to 31.



           hour                    A value of 0 to 23.



           minute                  A value of 0 to 59.



           deny_offset             The offsets in HHMM format that new connec-
           disc_offset             tions  will  be denied and existing connec-
                                   tions will be disconnected before the shut-
                                   down time.




           text                    Follows  the  normal rules for any message.
                                   The following additional magic cookies  are
                                   available:


                                   %s       The  time  at  which the system is
                                            going to shut down.




                                   %r       The time at which new  connections
                                            will be denied.



                                   %d       The  time at which current connec-
                                            tions will be dropped.


           All times are in the form: ddd MMM DD hh:mm:ss YYYY. Only one shut-
           down  command can be present in the configuration file. You can use
           the external program ftpshut(1M) to  automate  generation  of  this
           file.


       daemonaddress address

           Listen  only  on the IP address specified. If the value is not set,
           then the FTP  Server  will  listen  for  connections  on  every  IP
           address. This applies only when the FTP Server is run in standalone
           mode.



       virtual address root|banner|logfile path

           Enable the FTP Server limited  virtual  hosting  capabilities.  The
           address  is  the IP address of the virtual server. The second argu-
           ment specifies that the path is either the path to the root of  the
           filesystem  for  this  virtual  server, the banner presented to the
           user when connecting to this virtual server, or the  logfile  where
           transfers  are  recorded for this virtual server. If the logfile is
           not specified the default log file will be used. All other  message
           files  and  permissions  as well as any other settings in this file
           apply to all virtual servers. The address may also be specified  as
           a  hostname  rather than as an IP number. This is strongly discour-
           aged since, if DNS is not available at the  time  the  FTP  session
           begins, the hostname will not be matched.



       root|logfile path

           In  contrast  to  limited virtual hosting, complete virtual hosting
           allows separate configuration files to be  virtual  host  specific.
           See  ftpservers(4). The only additions that are necessary in a vir-
           tual host's ftpaccess file is the root directive that  ensures  the
           correct  root  directory  is  used  for the virtual host. This only
           works with complete virtual hosting, which in contrast  to  limited
           virtual  hosting,  allows separate configuration files to be speci-
           fied for each virtual host.

           path is either the root of the filesystem for this  virtual  server
           or  the  logfile  where  transfers  for  this  virtual  server  are
           recorded. root and logfile may only be specified when not  preceded
           by virtual address in a virtual hosts's ftpaccess file.



       virtual address hostname|email string

           Set  the hostname shown in the greeting message and status command,
           or the email address used in message files and on the HELP command,
           to the given string.



       virtual address allow username [username...]
       virtual address deny username [username...]

           By  default,  real and guest users are not allowed to log in on the
           virtual server, unless they are guests that  are  chroot'd  to  the
           virtual  root.  The  users  listed on the virtual allow line(s) are
           granted access.  You can grant access to all users by giving '*' as
           the username. The virtual deny clauses are processed after the vir-
           tual allow clauses.  Thus  specific  users  can  be  denied  access
           although all users were allowed in an earlier clause.




       virtual address private

           Deny log in access to anonymous users on the virtual server. Anony-
           mous users are generally allowed to log in on the virtual server if
           this option is not specified.



       virtual address passwd file

           Use a different passwd file for the virtual host.



       virtual address shadow file

           Use a different shadow file for the virtual host.



       defaultserver deny username [username...]
       defaultserver allow username [username...]

           By  default,  all  users  are allowed access to the non-virtual FTP
           Server. Use defaultserver deny to revoke access for  specific  real
           and  guest  users.  Specify '*' to deny access to all users, except
           anonymous users. Specific real and guest users can then be  allowed
           access by using defaultserver allow.




       defaultserver private

           By  default,  all  users  are allowed access to the non-virtual FTP
           Server. Use defaultserver private to revoke  access  for  anonymous
           users.

           The  virtual and defaultserver allow, deny and private clauses pro-
           vide a means to control which users are allowed access to which FTP
           Servers.



       passive address externalip cidr

           Allow control of the address reported in response to a passive com-
           mand. When any control connection matching cidr requests a  passive
           data  connection  (PASV),  the externalip address is reported. This
           does not change the address that the daemon  actually  listens  on,
           only  the  address  reported to the client. This feature allows the
           daemon to operate correctly behind IP  renumbering  firewalls.  For
           example:


           passive address 10.0.1.15   10.0.0.0/8
           passive address 192.168.1.5 0.0.0.0/0

           Clients  connecting  from  the  class-A network 10 will be told the
           passive connection is listening on IP address 10.0.1.15  while  all
           others  will  be  told  the connection is listening on 192.168.1.5.
           Multiple passive addresses may be specified to handle  complex,  or
           multi-gatewayed, networks.



       passive ports cidr min max

           Allows control of the TCP port numbers which may be used for a pas-
           sive data connection. If the control connection matches the cidr, a
           port in the range min to max will be randomly selected for the dae-
           mon to listen on. This feature allows firewalls to limit the  ports
           that remote clients may use to connect into the protected network.

           cidr  is  shorthand  for  an IP address followed by a slash and the
           number of left-most bits that represent  the  network  address,  as
           opposed  to  the machine address. For example, if you are using the
           reserved class-A network 10, instead of a netmask of 255.0.0.0, use
           a CIDR of /8, as in 10.0.0.0/8, to represent your network.

           When  min and max are both 0, the kernel rather than the FTP server
           selects the TCP port to listen on. Kernel port selection is usually
           not desirable if the kernel allocates TCP ports sequentially. If in
           doubt, let the FTP server do the port selection.



       pasv-allow class [addrglob...]
       port-allow class [addrglob...]

           Normally, the FTP Server does not allow a PORT command  to  specify
           an  address different than that of the control connection. Nor does
           it allow a PASV connection from another address.

           The port-allow clause provides a list of addresses that the  speci-
           fied class of user may give on a PORT command. These addresses will
           be allowed even if they do not match the IP address of the  client-
           side of the control connection.

           The  pasv-allow clause provides a list of addresses that the speci-
           fied class of user may make data connections from. These  addresses
           will  be  allowed  even  if they do not match the IP address of the
           client-side of the control connection.




       lslong command [options...]
       lsshort command [options...]
       lsplain command[options...]

           Use the lslong, lsshort, and lsplain clauses to  specify  the  com-
           mands  and  options  to  use  to  generate  directory listings. The
           options cannot contain spaces, and the  default  values  for  these
           clauses are generally correct. Use lslong, lsshort, or lsplain only
           if absolutely necessary.





       mailserver hostname

           Specify the name of a mail server that will accept upload notifica-
           tions  for the FTP Server. Multiple mail servers may be listed. The
           FTP Server will attempt to deliver the upload notification to each,
           in  order,  until  one  accepts the message. If no mail servers are
           specified, localhost is used. This option  is  only  meaningful  if
           anyone is to be notified of anonymous uploads. See incmail.



       incmail emailaddress
       virtual address incmail emailaddress
       defaultserver incmail emailaddress

           Specify email addresses to be notified of anonymous uploads. Multi-
           ple addresses can be specified. Each will receive  a  notification.
           If no addresses are specified, no notifications are sent.

           If addresses are specified for a virtual host, only those addresses
           will be sent notification of anonymous uploads on that host. Other-
           wise, notifications will be sent to the global addresses.

           defaultserver  addresses  only  apply  when  the FTP session is not
           using one of the virtual hosts. In this way, you can receive  noti-
           fications  for  your  default anonymous area, but not see notifica-
           tions to virtual hosts that do not have their own notifications.





       mailfrom emailaddress
       virtual address mailfrom emailaddress
       defaultserver mailfrom emailaddress

           Specify the sender's email address for anonymous  upload  notifica-
           tions.  Only  one address may be specified. If no mailfrom applies,
           email is sent from the default mailbox name wu-ftpd. To avoid prob-
           lems  if  the  recipient attempts to reply to a notification, or if
           downstream mail problems generate bounces, you  should  ensure  the
           mailfrom address is deliverable.





       sendbuf size [typelist]
       recvbuf size [typelist]

           Set  the  send  or  receive buffer sizes used for binary transfers.
           They have no effect on ASCII transfers.




       rhostlookup yes|no [addrglob ...]

           Allows or disallows the lookup of  the  remote  host's  name.  Name
           lookups  can  be slow, but skipping them means that places where an
           addrglob is matched (for example, in  the  class  capability)  will
           match only an IP address, not a name. Also deny !nameserved and dns
           refuse_no_reverse or refuse_mismatch will deny access when  a  name
           lookup  is  not  done.  The  default is to lookup the remote host's
           name.

           Only IP addresses, not names, are matched in addrglob.



       flush-wait yes|no [typelist]

           Controls the behavior at the end of a download or  directory  list-
           ing.  If yes, shutdown the data connection for sending and wait for
           the client to close its end  before  sending  a  transfer  complete
           reply  on  the control connection. This is the default behavior. If
           no, close the data connection and send the transfer complete  reply
           without  waiting  for the client. With this behavior, data loss can
           go undetected.

           If a client hangs at the end of a directory listing, or the  system
           has  many  sockets  in the FIN_WAIT_2 state, try setting to no as a
           workaround for broken client behavior.



   Permission Capabilities
       The following permission capabilities are supported:

       chmod yes|no typelist
       delete yes|no typelist
       overwrite yes|no typelist
       rename yes|no typelist
       umask yes|no typelist

           Allows or disallows the ability to perform the specified  function.
           By  default,  all real and guest users are allowed. Anonymous users
           are only allowed overwrite and umask.

           typelist is a comma-separated list of any of  the  keywords  anony-
           mous,  guest, real and class=. When class= appears, it must be fol-
           lowed by a classname. If any class= appears, the typelist  restric-
           tion applies only to users in that class.







       passwd-check none|trivial|rfc822 [enforce|warn]

           Define  the  level and enforcement of password checking done by the
           FTP Server for anonymous FTP.


           none            No password checking is performed.




           trivial         The password must contain an '@'.



           rfc822          The password must be RFC 822 compliant.



           warn            Warn, but permit the login.



           enforce         Notify and deny the login.



       deny-email case-insensitive-emailaddress

           Consider the email address given as  an  argument  as  invalid.  If
           passwd-check is set to enforce, anonymous users giving this address
           as a password cannot log in. That way, you can stop users from hav-
           ing  stupid  WWW  browsers  use  fake  addresses  like IE?0User@ or
           mozilla@. (by using this, you are not shutting out  users  using  a
           WWW  browser  for  ftp - you just make them configure their browser
           correctly.) Only one address is allowed per line, but you can  have
           as many deny-email addresses as you like.



       path-filter typelist message allowed_regexp
       [disallowed_regexp...]

           For users in typelist, path-filter defines regular expressions that
           control what characters can be used in the filename of an  uploaded
           file or created directory. There may be multiple disallowed regular
           expressions. If a filename is invalid due to failure to  match  the
           regular expression criteria, message will be displayed to the user.
           For example:


           path-filter anonymous /etc/pathmsg ^[-A-Za-z0-9._]*$ ^. ^-

           specifies that all upload filenames for  anonymous  users  must  be
           made  of  only  the characters A-Z, a-z, 0-9, and "._-" and may not
           begin with a "." or a "-". If the filename is invalid, /etc/pathmsg
           will be displayed to the user.




       upload [absolute|relative] [class=classname]... [-]
       root-dir dirglob yes|no owner group mode
       [dirs|nodirs] [d_mode]

           Define  a directory with dirglob that permits or denies uploads. If
           it does permit uploads, all newly created files will  be  owned  by
           owner  and  group  and will have their permissions set according to
           mode. Existing files that are overwritten will retain their  origi-
           nal  ownership  and permissions. Directories are matched on a best-
           match basis. For example:


           upload /var/ftp  *  no
           upload /var/ftp /incoming yes ftp daemon 0666
           upload /var/ftp /incoming/gifs yes jlc guest 0600 nodirs

           would only allow uploads into /incoming and  /incoming/gifs.  Files
           that  were  uploaded  to /incoming are owned by ftp/daemon and have
           permissions of 0666. Files uploaded to /incoming/gifs are owned  by
           jlc/guest  and  have  permissions  of 0600. The optional "dirs" and
           "nodirs" keywords can be specified to allow or  disallow  the  cre-
           ation  of new subdirectories using the mkdir command. If the upload
           command is used, directory creation is allowed by default. To  turn
           it off by default, you must specify a user, group and mode followed
           by the "nodirs" keyword as the first line where the upload  command
           is  used  in  this file. If directories are permitted, the optional
           d_mode determines the permissions for a newly created directory. If
           d_mode is omitted, the permissions are inferred from mode. The per-
           missions are 0777 if mode is also omitted. The upload keyword  only
           applies  to  users  who have a home directory of root-dir. root-dir
           may be specified as "*" to match any home directory. The  owner  or
           group  may  each  be  specified  as "*", in which case any uploaded
           files or directories will be created  with  the  ownership  of  the
           directory  in  which they are created. The optional first parameter
           selects whether root-dir names are interpreted as absolute or rela-
           tive  to the current chroot'd environment. The default is to inter-
           pret <&lt;root-dir>&gt; names as absolute. You can specify  any  number  of
           class=classname  restrictions.  If  any  are specified, this upload
           clause only takes effect if the current user is a member of one  of
           the classes.

           In  the absence of any matching upload clause, real and guest users
           can upload files and make directories, but anonymous users  cannot.
           The  mode  of  uploaded files is 0666. For created directories, the
           mode is 0777. Both modes are modified by the current umask setting.





       throughput root-dir subdir-glob file-glob-list
       bytes-per-second bytes-per-second-multiply remote-glob-list

           Define files by means of a comma-separated file-glob-list in subdir
           matched by subdir-glob under root-dir that have restricted transfer
           throughput of bytes-per-second on download when the remote hostname
           or  remote IP address matches the comma-separated remote-glob-list.
           Entries are matched on a best-match basis. For example:


           throughput /e/ftp *    *      oo   -   *
           throughput /e/ftp /sw* *      1024 0.5 *
           throughput /e/ftp /sw* README oo   -   *
           throughput /e/ftp /sw* *      oo   -   *.foo.com

           would set maximum throughput per default, but restrict download  to
           1024  bytes  per second for any files under /e/ftp/sw/ that are not
           named README. The only exceptions are remote hosts from within  the
           domain  foo.com  which  always get maximum throughput. Every time a
           remote client has retrieved a file under /e/ftp/sw/ the  bytes  per
           seconds  of  the  matched entry line are internally multiplied by a
           factor, here 0.5. When the remote client retrieves its second file,
           it  is  served  with 512 bytes per second, the third time with only
           256 bytes per second, the fourth time with only 128 bytes per  sec-
           ond,  and  so  on.  The  string "oo" for the bytes per second field
           means no throughput restriction. A multiply factor of  1.0  or  "-"
           means  no change of the throughput after every successful transfer.
           The root-dir here must match the home directory  specified  in  the
           password  database  .  The throughput keyword only applies to users
           who have a home directory of root-dir.




       anonymous-root root-dir [class...]

           root-dir specifies the chroot() path for  anonymous  users.  If  no
           anonymous-root  is  matched,  the  old  method  of parsing the home
           directory for the FTP user is used. If no class is specified,  this
           is  the  root  directory  for  anonymous users who do not match any
           other anonymous-root specification. Multiple classes may be  speci-
           fied on this line. If an anonymous-root is chosen for the user, the
           FTP user's home directory in the root-dir/etc/passwd file  is  used
           to  determine  the initial directory and the FTP user's home direc-
           tory in the system-wide /etc/passwd is not used. For example:


           anonymous-root /home/ftp
           anonymous-root /home/localftp localnet

           causes  all  anonymous  users  to  be  chroot'd  to  the  directory
           /home/ftp.  If  the  FTP user exists in /home/ftp/etc/passwd, their
           initial CWD is that home directory. Anonymous users  in  the  class
           localnet, however, are chroot'd to the directory /home/localftp and
           their initial CWD is taken from the FTP user's  home  directory  in
           /home/localftp/etc/passwd.



       guest-root root-dir [uid-range...]

           root-dir  specifies the chroot() path for guest users. If no guest-
           root is matched, the old method of parsing the user's  home  direc-
           tory is used. If no uid-range is specified, this is the root direc-
           tory for guestusers who do not match any other guest-root  specifi-
           cation.  Multiple UID ranges may be given on this line. If a guest-
           root is chosen for the user, the user's home directory in the root-
           dir/etc/passwd  file is used to determine the initial directory and
           the home directory in the system-wide /etc/passwd is not used. uid-
           range  specifies names or numeric UID values. To use numbers, put a
           percent sign (%) symbol before it or before the range.  Ranges  are
           specified  by  giving the lower and upper bounds (inclusive), sepa-
           rated by a dash. If the lower bound is omitted, it means all up to.
           If  the  upper  bound  is  omitted, it means all starting from. For
           example:


           guest-root /home/users
           guest-root /home/staff %100-999 sally
           guest-root /home/users/owner/ftp frank

           causes all guest users to chroot() to /home/users then starts  each
           user    in    the    user's    home   directory,   as   specifiedin
           /home/users/etc/passwd. Users in the range 100 through 999,  inclu-
           sive,  and  user sally, will be chroot'd to /home/staff and the CWD
           will be taken from their  entries  in  /home/staff/etc/passwd.  The
           single user frank will be chroot'd to /home/users/owner/ftp and the
           CWD will be from his entry in /home/users/owner/ftp/etc/passwd.

           The order is important for both anonymous-root and guest-root. If a
           user would match multiple clauses, only the first applies; with the
           exception of the clause which has  no  class  or  uid-range,  which
           applies only if no other clause matches.



       deny-uid uid-range [uid-range...]
       deny-gid gid-range [gid-range...]
       allow-uid uid-range  [uid-range...]
       allow-gid gid-range [gid-range...]

           Use these clauses to specify UID and GID values that will be denied
           access to the FTP Server. The allow-uid and allow-gid  clauses  may
           be  used  to allow access for UID and GID values which would other-
           wise be denied. These checks  occur  before  all  others.  deny  is
           checked before allow. The default is to allow access. These clauses
           do not apply to anonymous users. Use defaultserver private to  deny
           access to anonymous users. In most cases, these clauses obviate the
           need for an ftpusers(4) file. For example,  the  following  clauses
           deny  FTP  Server  access  to  all  privileged or special users and
           groups, except the guest1 user or group.


           deny-gid %-99 nobody noaccess nogroup
           deny-uid %-99 nobody noaccess nobody4
           allow-gid guest1
           allow-uid guest1

           Support for the ftpusers file still exists, so it may be used  when
           changing  the  ftpaccess file is not desired. In any place a single
           UID or GID is allowed throughout the ftpaccess file,  either  names
           or  numbers  also  may be used. To use a number, put a percent sign
           (%) symbol before it. In places where a range is allowed,  put  the
           percent sign before the range. A "*" matches all UIDs or GIDs.






       restricted-uid uid-range [uid-range...]
       restricted-gid gid-range [gid-range...]
       unrestricted-uid uid-range [uid-range...]
       unrestricted-gid gid-range [gid-range...]

           These  clauses  control  whether or not real or guest users will be
           allowed access to areas on the FTP site outside their home directo-
           ries.  These clauses are not meant to replace the use of guestgroup
           and guestuser. Instead, use these clauses to supplement the  opera-
           tion  of  guests. The unrestricted-uid and unrestricted-gid clauses
           may be used to allow users outside their home directories who would
           otherwise be restricted.

           The  following  example  shows  the intended use for these clauses.
           Assume user dick has a home directory /home/dick  and  jane  has  a
           home directory /home/jane:


           guest-root /home dick jane
           restricted-uid dick jane

           While  both dick and jane are chroot'd to /home, they cannot access
           each other's files because they are restricted to their home direc-
           tories.  However,  you should not rely solely upon the FTP restric-
           tions to control access.  As with all other FTP access  rules,  you
           should also use directory and file permissions to support the oper-
           ation of the ftpaccess configuration.






       site-exec-max-lines number [class...]

           The SITE EXEC feature traditionally limits the number of  lines  of
           output  that  may  be sent to the remote client. Use this clause to
           set this limit. If this clause is omitted, the limit is 20 lines. A
           limit  of  0 (zero) implies no limit. Be very careful if you choose
           to remove the limit. If a  clause  is  found  matching  the  remote
           user's  class, that limit is used. Otherwise, the clause with class
           '*', or no class given, is used. For example:


           site-exec-max-lines 200 remote
           site-exec-max-lines 0 local
           site-exec-max-lines 25

           limits output from SITE EXEC (and  therefore  SITE  INDEX)  to  200
           lines  for  remote  users,  specifies  there is no limit at all for
           local users, and sets a limit of 25 lines for all other users.



       dns refuse_mismatch filename [override]

           Refuse FTP sessions when the forward and reverse  lookups  for  the
           remote  site do not match. Lookups are done using the system's name
           service as configured in nsswitch.conf(4). Display the named  file,
           like a message file, admonishing the user. If the optional override
           is specified, allow the connection after complaining.



       dns refuse_no_reverse filename [override]

           Refuse FTP sessions when the remote host's IP address has no  asso-
           ciated  name.  Lookups  are done using the system's name service as
           configured in nsswitch.conf(4). Display the named file, such  as  a
           message  file,  admonishing  the  user. If the optional override is
           specified, allow the connection after complaining.



       dns resolveroptions [options]

           Modify certain internal resolver variables. This only has an effect
           when  DNS  is  used  as the system's name service. The line takes a
           series of options which are used to set the RES_OPTIONS environment
           variable, see resolv.conf(4) for details. For example:


           dns resolveroptions rotate attempts:1

           turns  on  querying  name  servers round-robin and selects querying
           each name server only once.



       Lines that begin with a # sign are treated as  comment  lines  and  are
       ignored.

FILES
        /etc/ftpd/ftpaccess



ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:


       tab()     allbox;     cw(2.750000i)|    cw(2.750000i)    lw(2.750000i)|
       lw(2.750000i).   ATTRIBUTE  TYPEATTRIBUTE  VALUE   AvailabilitySUNWftpr
       Interface StabilityExternal


SEE ALSO
       compress(1), ls(1), tar(1), ftpaddhost(1M), ftpconfig(1M), ftpshut(1M),
       in.ftpd(1M),    chroot(2),     nice(2),     umask(2),     getgrnam(3C),
       resolver(3RESOLV),   ftpconversions(4),   ftpgroups(4),  ftpservers(4),
       ftpusers(4), nsswitch.conf(4), resolv.conf(4), timezone(4), xferlog(4),
       attributes(5), fnmatch(5)

       Crocker,  David  H.  RFC  822, Standard For The Format Of ARPA Internet
       Text Messages. Network Information Center. August 1982.

       St. Johns, Michael. RFC 931,  Authentication  Server.  Network  Working
       Group. January 1985.



SunOS 5.10                        10 Sep 2003                     ftpaccess(4)