unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (SunOS-5.9)
Page:
Section:
Apropos / Subsearch:
optional field



File Formats                                         ftpaccess(4)



NAME
     ftpaccess - FTP Server configuration file

SYNOPSIS
     /etc/ftpd/ftpaccess

DESCRIPTION
      The ftpaccess file is used to configure  the  operation  of
     the FTP Server.

  Access Capabilities
     The following access capabilities are supported:

     autogroup groupname class [class...]
           If an anonymous user is a member of any of class,  the
           FTP  Server  will  perform  a setegid(2) to groupname.
           This allows access to group and owner read-only  files
           and  directories  to  a  particular class of anonymous
           users.  groupname  is  a  valid  group   returned   by
           getgrnam(3C).

     class class typelist addrglob [addrglob...]
           Define class of users, with source  addresses  of  the
           form  addrglob.   Multiple  members  of  class  may be
           defined. There may be multiple class commands  listing
           additional  members  of   the class. If multiple class
           commands can apply to the current session,  the  first
           one  listed  in  the  access file is used.  If a valid
           class for a  host  is  not  defined,  access  will  be
           denied.  typelist  is a comma-separated list of any of
           the keywords anonymous, guest, and real.  If the  real
           keyword  is  included, the class can match users using
           FTP to access real accounts. If the anonymous  keyword
           is  included the class can match users using anonymous
           FTP. The guest keyword matches guest access accounts.

            addrglob may be a globbed domain name  or  a  globbed
           numeric  IPv4  address.  It  may also be the name of a
           file, starting with  a  slash  ('/'),  which  contains
           additional  address  globs. IPv4 numeric addresses may
           also be  specified  in  the  form  address:netmask  or
           address/CIDR.  IPv6  numeric  addresses  can  only  be
           specified with an optional CIDR, not  using  globs  or
           netmasks.

           Placing an exclamation (!) before an addrglob  negates
           the test.  For example,


     class rmtuser real !*.example.com





SunOS 5.9           Last change: 18 Feb 2003                    1






File Formats                                         ftpaccess(4)



          will classify real users from outside  the  example.com
          domain  as  the  class  rmtuser.  Use  care   with this
          option. Remember, the result of each test is OR'ed with
          other tests on the line.

     deny addrglob [message_file]
           Deny access to host(s) that match addrglob and display
           message_file.  If the value of addrglob is !nameserved
           access to  sites  without  a  working  nameservers  is
           denied.  message_file  may  contain magic cookies. See
           message for more details.

     guestgroup groupname [groupname...]

     guestuser username [username...]

      realgroup groupname [groupname...]

     realuser username [username...]
           For guestgroup, if a real user  is  a  member  of  any
           groupname,  the  session is set up like anonymous FTP.
           groupname is a valid group returned  by  getgrnam(3C).
           The  user's  home  directory must be set up exactly as
           anonymous FTP would be. The home  directory  field  of
           the  passwd entry is divided into two directories. The
           first field is the root directory  that  will  be  the
           argument  to  the  chroot(2) call. The second field is
           the user's home directory, relative to the root direc-
           tory.  Use  a  "/./"  to  separate the two fields. For
           example,  the  following  is   the   real   entry   in
           /etc/passwd:


     guest1:x:100:92:Guest FTP:/export/home/guests/./guest1:/bin/true


     When guest1  successfully  logs  in,  the  FTP  Server  will
     chroot()    to  /export/home/guests  and  then  chdir(2)  to
     /guest1. The  guest  user  will  only   be  able  to  access
     the   directory  structure  under /export/home/guests, which
     will look and act as / to guest1, just as an  anonymous  FTP
     user  would.  The  -d option to ftpconfig(1M) is useful when
     creating guest FTP user accounts.  The  group  name  may  be
     specified  by either name or numeric ID.  To use  a  numeric
     group ID, place a  '%'  before  the  number.  You  can  give
     ranges.   Use  an asterisk to indicate all groups. guestuser
     works like guestgroup, except that it uses the user name  or
     numeric ID. realuser and realgroup have the same syntax, but
     they reverse the effect of guestuser  and  guestgroup.  They
     allow  real user access when the remote user would otherwise
     be determined a guest.




SunOS 5.9           Last change: 18 Feb 2003                    2






File Formats                                         ftpaccess(4)



     guestuser *
     realgroup admin


          causes all non-anonymous users to be treated as  guest,
          with  the sole  exception  of users in the admin group,
          who are granted real user access.

     nice nice-delta [class]
           Adjust the process nice value of the FTP  server  pro-
           cess  by the indicated  nice-delta value if the remote
           user is a member of the named class. If class  is  not
           specified,   then  use   nice-delta   as  the  default
           adjustment to the FTP server process nice value.  This
           default  nice  value  adjustment is used to adjust the
           nice  value of the server process only for those users
           who  do  not  belong  to  any class for which a class-
           specific nice directive exists in the ftpaccess file.

     defumask umask [class]
           Set the umask applied to  files  created  by  the  FTP
           server  if  the  remote  user is a member of the named
           class.  If class is not specified, then use the  umask
           as the default for classes that do not have one speci-
           fied.. The mode of files created may be  specified  by
           using the upload directive.

     tcpwindow size [class]
           Set the TCP window size (socket buffer size)  for  the
           data  connection. Use this to control network traffic.
           For instance, slow PPP dialin links may  need  smaller
           TCP windows to speed up throughput. If you do not know
           what this does, do not set it.

     keepalive yes|no
           Set the TCP SO_KEEPALIVE option for control  and  data
           sockets.    This   can   be  used  to  control network
           disconnect.  If yes, then set it.  If no, then use the
           system  default  (usually  off).  You probably want to
           set this.

     timeout accept seconds

     timeout connect seconds

     timeout data seconds

     timeout idle    seconds

     timeout maxidle seconds

     timeout RFC931 seconds



SunOS 5.9           Last change: 18 Feb 2003                    3






File Formats                                         ftpaccess(4)



           Set various timeout conditions.

           accept
                  How long the FTP Server will wait for an incom-
                 ing  (PASV)  data connection. The default is 120
                 seconds.

           connect
                 How long the FTP Server will wait attempting  to
                 establish  an  outgoing  (PORT) data connection.
                 This effects the actual connection attempt.  The
                 daemon  makes several attempts, sleeping between
                 each attempt, before giving up. The  default  is
                 120 seconds.

           data  How long the  FTP  Server  will  wait  for  some
                 activity  on  the  data  connection.  You should
                 keep this long because  the  remote  client  may
                 have a slow link, and there  can  be quite a bit
                 of data queued for the client.  The  default  is
                 1200 seconds.

           idle  How long the FTP Server will wait for  the  next
                 command. The default is 900 seconds. The default
                 can also be overridden by using the -t option at
                 the  command-line.  This access clause overrides
                 both.

           maxidle
                 The SITE IDLE command allows the  remote  client
                 to   establish  a  higher  value  for  the  idle
                 timeout. The maxidle clause sets the upper limit
                 that  the  client may request.   The default can
                 also be overridden by using the -T option at the
                 command-line.    This  access  clause  overrides
                 both. The default is 7200 seconds.

           RFC931
                 The maximum time the FTP server allows  for  the
                 entire  RFC931  (AUTH/ident) conversation.  Set-
                 ting this to zero (0) disables the server's  use
                 of   this  protocol. The information obtained by
                 means of RFC931 is recorded in the  system  logs
                 and  is not actually used in any authentication.
                 The default is 10 seconds.


     file-limit [raw] in|out|total count [class]
           Limit the number of data files a  user  in  the  given
           class  may  transfer. The limit may be placed on files
           in, out, or total.  If  no  class  is  specified,  the
           limit is the default for classes which do not  have  a



SunOS 5.9           Last change: 18 Feb 2003                    4






File Formats                                         ftpaccess(4)



           limit specified.
            The optional parameter raw applies the limit  to  the
           total traffic rather than just data files.

     data-limit [raw] in|out|total count [class]
           Limit the number of data bytes a  user  in  the  given
           class  may transfer.  The limit may be placed on bytes
           in, out, or total.  If  no  class  is  specified,  the
           limit  is  the default for classes which do not have a
           limit specified. Note that once  it has been exceeded,
           this  limit  will  prevent  transfers, but it will not
           terminate a transfer in progress.  The optional param-
           eter  raw  applies  the  limit to total traffic rather
           than just data files.

     limit-time *|anonymous|guest minutes
           Limit the total time a session can take.  By  default,
           there is no limit.  Real users are never limited.

     guestserver [hostname...]
           Control which hosts may be used for anonymous  access.
           If  used  without  hostname,  all  anonymous access is
           denied to this site.  More than one  hostname  may  be
           specified.    Anonymous access will only be allowed on
           the named machines. If access is denied, the user will
           be asked to use the first hostname listed.

     limit class n times [message_file]
           Limit  class to n users  at  times  times,  displaying
           message_file   if  the user is denied access.  A limit
           check is performed at login time  only.   If  multiple
           limit  commands can apply  to the current session, the
           first applicable one is  used.  Failing  to  define  a
           valid  limit,  or  a limit of -1, is  equivalent to no
           limits. The format of times is:


     day[day...][time-range][|day[day...][time-range]]...

          The value of day can be Su, Mo, Tu, We, Th, Fr, Sa,  Wk
          (for  any weekday Monday through Friday), or Any. time-
          range is in 24-hour clock notation. If a time range  is
          not specified, any time of the day is matched. Multiple
          day and time-range may be specified by the "|"  symbol.
          For  example,  Wk1730-0900|Sa|Su specifies 5:30 p.m. to
          9:00 a.m., Monday through Friday, and anytime on  week-
          ends.  message_file may contain magic cookies. See mes-
          sage for more details.

     noretrieve [absolute|relative]

     [class=classname...][-] filename [filename...]



SunOS 5.9           Last change: 18 Feb 2003                    5






File Formats                                         ftpaccess(4)



           Always  deny  retrievability  of  these   files.    If
           filename  specifies  a  pathname that begins  with '/'
           character,  then  only  those  files  are  marked   no
           retrieve.  Otherwise all files that match the filename
           are  refused  transfer.    For   example,   noretrieve
           /etc/passwd  core  specifies  no  one  will be able to
           retrieve the /etc/passwd file. You will be allowed  to
           transfer any file named passwd that is not in /etc.

           On the other hand, no one will be able  to  get  files
           named  core,  wherever they are.  Directory specifica-
           tions mark all files and subdirectories in  the  named
           directory  unretrievable.   The filename may be speci-
           fied as a file glob.  For example,


     noretrieve /etc /home/*/.htaccess

          specifies that no files in /etc or any of its subdirec-
          tories may be retrieved.   Also,  no files named .htac-
          cess  anywhere  under  the  /home  directory   may   be
          retrieved.    The   optional  first  parameter  selects
          whether names are interpreted as absolute  or  relative
          to the current chroot'd environment.  The default is to
          interpret names beginning with a slash as absolute. The
          noretrieve  restrictions may be placed upon members  of
          particular classes.  If any class=  is  specified,  the
          named  files  cannot  be  retrieved only if the current
          user is a member of one of the given classes.

     allow-retrieve [absolute|relative]

     [class=classname...][-] filename [filename...]
           Allows retrieval of files  which  would  otherwise  be
           denied by noretrieve.

     loginfails number
           After number login failures, log a   "repeated   login
           failures"  message  and  terminate the FTP connection.
           The default value for number is 5.

     private yes | no
           Allow or deny use of the SITE  GROUP  and  SITE  GPASS
           commands  after  the  user logs in. The SITE GROUP and
           SITE GPASS commands specify an enhanced  access  group
           and  associated  password. If the group name and pass-
           word are valid, the user   becomes  a  member  of  the
           group    specified    in   the   group   access   file
           /etc/ftpd/ftpgroups  by  means  of  setegid(2).    See
           ftpgroups(4)  for  the  format  of  the file. For this
           option to work for anonymous FTP  users,  the
            FTP Server must keep /etc/group permanently  open and



SunOS 5.9           Last change: 18 Feb 2003                    6






File Formats                                         ftpaccess(4)



           load  the  group  access file into memory.  This means
           that the  FTP  Server   now  has  an  additional  file
           descriptor   open,  and the  necessary  passwords  and
           access privileges granted to users  by means  of  SITE
           GROUP  will be static for the duration of an FTP  ses-
           sion.  If you have an urgent need to change the access
           groups  or  passwords now, you have to kill all of the
           running FTP Servers.

  Informational Capabilities
     The following informational capabilities are supported:

     greeting full|brief|terse

     greeting text message
           The greeting command allows you to  control  how  much
           information is  given out before the remote user  logs
           in. greeting full,  which  is  the  default  greeting,
           shows  the  hostname  and  daemon  version.   greeting
           brief shows the hostname.  greeting  terse simply says
           "FTP  Server  ready."   Although  full is the default,
           brief is suggested.

           The text form allows you to specify any  greeting mes-
           sage.  message  can be any  string. Whitespace (spaces
           and tabs) is converted to a single space.

     banner path
           The banner command operates similarly to  the  message
           command,  except that the banner is   displayed before
           the user enters the username.  The path  is   relative
           to  the  real  system  root,  not  to  the base of the
           anonymous FTP directory.

           Use of the banner command can completely prevent  non-
           compliant  FTP  clients  from  making  use  of the FTP
           Server.  Not  all  clients   can   handle   multi-line
           responses, which is how the banner is displayed.

     email name
           Use this command to define the email address  for  the
           FTP   Server  administrator.    This  string  will  be
           printed every time the %E  magic  cookie  is  used  in
           message files.

     hostname some.host.name
           Defines the default host name of the FTP Server.  This
           string  will   be  printed on the greeting message and
           every time the %L magic  cookie  is  used.   The  host
           name  for
            virtual  servers overrides this  value.  If  no  host
           name is specified, the default host name for the local



SunOS 5.9           Last change: 18 Feb 2003                    7






File Formats                                         ftpaccess(4)



           machine is used.

     message path [when [class...]]
           Define a file  with  path such that   the  FTP  Server
           will   display   the contents  of the file to the user
           at login time or upon using the change working  direc-
           tory  command.   The when  parameter may  be LOGIN  or
           CWD=dirglob.   If when  is CWD=dirglob, dirglob speci-
           fies  the new  default directory that will trigger the
           notification. A dirglob  of  "*"  matches  all  direc-
           tories.

           The optional class  specification allows  the  message
           to  be  displayed  only   to  members  of a particular
           class.  More than one class may be specified.

           "Magic cookies" can be present in path that cause  the
           FTP Server to replace the cookie with a specified text
           string:


           %T    Local time. For example,  Thu  Nov  15  17:12:42
                 1990.

           %F    Free space in partition of CWD, in Kbytes.

           %C    Current working directory.

           %E    The email address for the FTP Server administra-
                 tor.

           %R    Remote host name.

           %L    Local host name.

           %U    Username given at login time.

           %u    Username as defined by means of RFC 931  authen-
                 tication.

           %M    Maximum allowed number of users in this class.

           %N    Current number of users in this class.

           The message is displayed only once to  avoid  annoying
           the user. Remember that when messages are triggered by
           an anonymous or guest FTP user, they must be  relative
           to  the  base  of the anonymous or guest FTP directory
           tree.

     readme pathglob [when [class...]]
           Define a file with pathglob such that the  FTP  Server



SunOS 5.9           Last change: 18 Feb 2003                    8






File Formats                                         ftpaccess(4)



           will  notify the user at login  time or upon using the
           change working directory command that the file  exists
           and  the date that it was modified.  The when  parame-
           ter  may   be   LOGIN  or  CWD=dirglob.   If  when  is
           CWD=dirglob,  dirglob specifies the new default direc-
           tory that will trigger the notification. A dirglob  of
           "*"  matches all directories. The message will only be
           displayed once, to avoid   bothering  users.  Remember
           that   when   README  messages  are  triggered  by  an
           anonymous or guest FTP  user,  the  pathglob  must  be
           relative  to  the  base  of the anonymous or guest FTP
           directory tree.

           The optional  class specification allows the   message
           to be displayed only to members of a particular class.
           You can specify more than one class.

  Logging Capabilities
     The following logging capabilities are supported:

     log commands typelist
           Enables logging of the individual FTP commands sent by
           users.  typelist   is a comma-separated list of any of
           the keywords anonymous, guest, and real. Command  log-
           ging information is written to the system log.

     log transfers typelist directions
           Log file transfers made by FTP users to the xferlog(4)
           file.  Logging of incoming transfers to the server can
           be enabled separately from outbound transfers from the
           server. directions is a comma-separated list of any of
           the  two  keywords  inbound  and  outbound,  and  will
           respectively  cause  transfers  to be logged for files
           sent to and from the server.

     log security typelist
           Enables logging of violations  of  security  rules  to
           the system log, including for example, notretrieve and
           .notar.

     log syslog

     log syslog+xferlog
           Redirect  the logging messages for incoming and outgo-
           ing  transfers  to  syslog.   Without  this option the
           messages are written  to  xferlog.  When  you  specify
           syslog+xferlog,  the transfer log messages are sent to
           both the system log file and the xferlog file.

  Miscellaneous Capabilities
     The following miscellaneous capabilities are supported:




SunOS 5.9           Last change: 18 Feb 2003                    9






File Formats                                         ftpaccess(4)



     alias string dir
           Define an alias,  string, for a  directory.   Use this
           command  to  add  the  concept of logical directories.
           For example: alias rfc: /pub/doc/rfc would  allow  the
           user to access  /pub/doc/rfc from any directory by the
           command "cd rfc:".  Aliases only apply to the cd  com-
           mand.

     cdpath dir
            Define an entry in the cdpath. This command defines a
           search  path  that  is used when changing directories.
           For example:


           cdpath /pub/packages
           cdpath /.aliases

           would allow  the  user  to  move  into  any  directory
           directly   under  either  the  /pub/packages   or  the
           /.aliases  directories.  The search path is defined by
           the  order  in which the lines appear in the ftpaccess
           file. If the user were to give the command ftp> cd foo
           the  directory  will  be searched for in the following
           order:


              o  ./foo

              o  an alias called foo

              o   /pub/packages/foo

              o  /.aliases/foo
           The cdpath is only available with the cd  command.  If
           you  have a large number of aliases, you might want to
           set up an aliases directory with links to all of   the
           areas you wish to make available to users.

     compress yes|no classglob [classglob...]

     tar yes|no classglob [classglob...]
           Enable  the  use  of  conversions  marked   with   the
           O_COMPRESS,   O_UNCOMPRESS,   and   O_TAR  options  in
           /etc/ftpd/ftpconversions. See ftpconversions(4).

     shutdown path
           If the file pointed to by path exists, the server will
           check the file regularly to see if the server is going
           to be shut down. If a shutdown is planned, the user is
           notified.   New  connections are denied after a speci-
           fied time before  shutdown.  Current  connections  are
           dropped at a specified time before shutdown.



SunOS 5.9           Last change: 18 Feb 2003                   10






File Formats                                         ftpaccess(4)



           The format of the file specified by path is:


     year month day hour minute deny_offset disc_offset text


          year  A value of 1970 or greater.

          month A value of 0 to 11.

          day   A value of 1 to 31.

          hour  A value of 0 to 23.

          minute
                A value of 0 to 59.

          deny_offset

          disc_offset
                The offsets  in HHMM format that new  connections
                will  be  denied and existing connections will be
                disconnected before the shutdown time.

          text  Follows the normal rules  for  any  message.  The
                following additional magic cookies are available:

                %s    The time at which the system  is  going  to
                      shut down.

                %r    The time at which new connections  will  be
                      denied.

                %d    The time at which current connections  will
                      be dropped.


          All times are in the form: ddd MMM  DD  hh:mm:ss  YYYY.
          Only  one shutdown command can be present in the confi-
          guration  file.   You  can  use  the  external  program
          ftpshut(1M) to automate generation of this file.

     daemonaddress address
           Listen only on the IP address specified. If the  value
           is  not  set, then the FTP Server will listen for con-
           nections on every IP address. This applies  only  when
           the FTP Server is run in standalone mode.

     virtual address root|banner|logfile path
           Enable the FTP Server limited virtual hosting capabil-
           ities.  The  address  is the IP address of the virtual
           server. The second argument specifies that the path is



SunOS 5.9           Last change: 18 Feb 2003                   11






File Formats                                         ftpaccess(4)



           either  the  path  to  the root of the  filesystem for
           this  virtual server, the banner presented to the user
           when connecting to this virtual server, or the logfile
           where transfers are recorded for this virtual  server.
           If  the  logfile is not specified the default log file
           will be used.  All other message files and permissions
           as  well  as  any other settings in this file apply to
           all virtual servers. The address may also be specified
           as  a  hostname  rather than as an IP number.  This is
           strongly discouraged since, if DNS is not available at
           the  time  the  FTP session begins, the hostname  will
           not be matched.

     root|logfile path
           In contrast to limited virtual hosting, complete  vir-
           tual hosting allows separate configuration files to be
           virtual host specific.  See  ftpservers(4).  The  only
           additions  that  are  necessary  in  a  virtual host's
           ftpaccess file is the root directive that ensures  the
           correct  root  directory is used for the virtual host.
           This only works with complete virtual  hosting,  which
           in   contrast   to  limited  virtual  hosting,  allows
           separate configuration files to be specified for  each
           virtual host.

           path is either the root of  the  filesystem  for  this
           virtual server or the logfile where transfers for this
           virtual server are recorded. root and logfile may only
           be specified when not preceded by virtual address in a
           virtual hosts's ftpaccess file.

     virtual address hostname|email string
           Set the hostname shown in the  greeting   message  and
           status  command,  or the email address used in message
           files and on the HELP command, to the given string.

     virtual address allow username [username...]

     virtual address deny username   [username...]
           By default, real and guest users are  not  allowed  to
           log  in  on the virtual server, unless they are guests
           that are chroot'd to  the  virtual  root.   The  users
           listed  on  the  virtual  allow  line(s)  are  granted
           access.
            You can grant access to all users by  giving  '*'  as
           the  username.  The virtual deny clauses are processed
           after  the virtual allow clauses. Thus specific  users
           can  be  denied access although all users were allowed
           in an earlier clause.

     virtual address private
           Deny log in access to anonymous users on  the  virtual



SunOS 5.9           Last change: 18 Feb 2003                   12






File Formats                                         ftpaccess(4)



           server.  Anonymous  users are generally allowed to log
           in on the virtual server if this option is not  speci-
           fied.

     virtual address passwd file
           Use a different passwd file for the virtual host.

     virtual address shadow file
           Use a different shadow file for the virtual host.

     defaultserver deny username [username...]

     defaultserver allow username [username...]
           By default, all users are allowed  access to the  non-
           virtual  FTP Server.  Use defaultserver deny to revoke
           access for specific real and guest users. Specify  '*'
           to   deny   access  to  all   users,  except anonymous
           users. Specific real  and  guest  users  can  then  be
           allowed access by using defaultserver allow.

     defaultserver private
           By default, all users are allowed access to  the  non-
           virtual  FTP  Server.  Use  defaultserver  private  to
           revoke access for anonymous users.

           The  virtual  and  defaultserver  allow,   deny    and
           private   clauses  provide  a  means  to control which
           users are allowed access to which FTP Servers.

     passive address externalip cidr
           Allow control of the address reported in response to a
           passive   command.   When   any   control   connection
           matching  cidr  requests  a  passive  data  connection
           (PASV), the externalip address is reported.  This does
           not  change  the  address  that  the  daemon  actually
           listens  on,  only the address reported to the client.
           This feature allows the daemon  to  operate  correctly
           behind IP renumbering firewalls. For example:


     passive address 10.0.1.15   10.0.0.0/8
     passive address 192.168.1.5 0.0.0.0/0

          Clients connecting from the class-A network 10 will  be
          told  the passive connection is listening on IP address
          10.0.1.15 while all others will be told the  connection
          is listening on 192.168.1.5  Multiple passive addresses
          may be specified to handle complex, or multi-gatewayed,
          networks.

     passive ports cidr min max
           Allows control of the TCP port numbers  which  may  be



SunOS 5.9           Last change: 18 Feb 2003                   13






File Formats                                         ftpaccess(4)



           used  for  a  passive  data connection. If the control
           connection matches the cidr, a port in the  range  min
           to  max  will  be randomly selected  for the daemon to
           listen on. This feature allows firewalls to limit  the
           ports  that remote clients may use to connect into the
           protected network.

           cidr  is shorthand for an IP  address  followed  by  a
           slash  and the number of left-most bits that represent
           the  network   address,  as  opposed  to  the  machine
           address.    For example, if you are using the reserved
           class-A network 10, instead of a netmask of 255.0.0.0,
           use  a  CIDR  of /8, as  in  10.0.0.0/8,  to represent
           your network.

     pasv-allow class [addrglob...]

     port-allow class [addrglob...]
           Normally, the FTP Server does not allow a PORT command
           to  specify an address different than that of the con-
           trol connection. Nor does it allow a  PASV  connection
           from another address.

           The port-allow clause provides a   list  of  addresses
           that  the  specified  class of user may give on a PORT
           command.  These addresses will be allowed even if they
           do not match the  IP address of the client-side of the
           control connection.

           The pasv-allow clause provides a  list  of   addresses
           that the specified class of user may make data connec-
           tions from. These addresses will be  allowed  even  if
           they   do  not match the IP address of the client-side
           of the control connection.

     lslong command [options...]

     lsshort command [options...]

     lsplain command [options...]
           Use  the  lslong,  lsshort,  and  lsplain  clauses  to
           specify  the  commands  and options to use to generate
           directory listings. The options cannot contain spaces,
           and the default values for these clauses are generally
           correct. Use lslong, lsshort, or lsplain only if abso-
           lutely necessary.

     mailserver hostname
           Specify the name of a mail  server  that  will  accept
           upload  notifications  for  the  FTP Server.  Multiple
           mail servers may  be  listed.   The  FTP  Server  will
           attempt to deliver the upload notification to each, in



SunOS 5.9           Last change: 18 Feb 2003                   14






File Formats                                         ftpaccess(4)



           order, until one  accepts  the  message.  If  no  mail
           servers are specified, localhost is used.  This option
           is only  meaningful if anyone is  to  be  notified  of
           anonymous uploads. See incmail.

     incmail emailaddress

     virtual address incmail emailaddress

     defaultserver incmail     emailaddress
           Specify email addresses to be  notified  of  anonymous
           uploads.  Multiple  addresses  can  be specified. Each
           will  receive a  notification.  If  no  addresses  are
           specified, no notifications are sent.

           If addresses are specified for a  virtual  host,  only
           those addresses will be sent notification of anonymous
           uploads on that host.  Otherwise,  notifications  will
           be sent to the global addresses.

           defaultserver addresses only apply when the FTP   ses-
           sion  is  not  using one of the virtual hosts. In this
           way, you can receive notifications  for  your  default
           anonymous  area,  but not see notifications to virtual
           hosts that do not have their own notifications.

     mailfrom emailaddress

     virtual address mailfrom emailaddress

     defaultserver mailfrom     emailaddress
           Specify  the  sender's  email  address  for  anonymous
           upload  notifications.  Only one address may be speci-
           fied.  If no mailfrom applies, email is sent from  the
           default  mailbox   name  wu-ftpd. To avoid problems if
           the recipient attempts to reply to a notification,  or
           if  downstream  mail  problems  generate  bounces, you
           should ensure the mailfrom address is deliverable.

  Permission Capabilities
     The following permission capabilities are supported:

     chmod yes|no typelist

     delete yes|no typelist

     overwrite yes|   no typelist

     rename yes|no typelist

     umask yes|no typelist
            Allows  or  disallows  the  ability  to  perform  the



SunOS 5.9           Last change: 18 Feb 2003                   15






File Formats                                         ftpaccess(4)



           specified  function.  By  default,  all real and guest
           users are allowed. Anonymous users  are  only  allowed
           overwrite and umask.

           typelist is a comma-separated list of any of the  key-
           words  anonymous,  guest, real and class=. When class=
           appears, it must be followed by a  classname.  If  any
           class=  appears, the typelist restriction applies only
           to users in that class.

     passwd-check none|trivial|rfc822 [enforce|warn]
           Define the level and enforcement of password  checking
           done by the FTP Server for anonymous FTP.

           none  No password checking is performed.

           trivial
                 The password must contain an '@'.

           rfc822
                 The password must be RFC 822 compliant.

           warn  Warn, but permit the login.

           enforce
                 Notify and deny the login.


     deny-email case-insensitive-emailaddress
           Consider the email address given  as  an  argument  as
           invalid.    If  passwd-check   is   set   to  enforce,
           anonymous users giving this address as a password can-
           not log in.  That way, you can stop  users from having
           stupid WWW browsers use fake addresses like  IE?0User@
           or  mozilla@. (by using this, you are not shutting out
           users using a  WWW  browser  for  ftp   -   you   just
           make them configure their browser correctly.) Only one
           address is allowed per line, but you can have as  many
           deny-email addresses as you like.

     path-filter typelist message allowed_regexp

     [disallowed_regexp...]
           For users in  typelist,  path-filter  defines  regular
           expressions  that  control what characters can be used
           in the filename of an uploaded file or created  direc-
           tory.    There  may  be  multiple  disallowed  regular
           expressions.  If a filename is invalid due to  failure
           to match the regular expression criteria, message will
           be displayed to the user.  For example:





SunOS 5.9           Last change: 18 Feb 2003                   16






File Formats                                         ftpaccess(4)



     path-filter anonymous /etc/pathmsg ^[-A-Za-z0-9._]*$ ^. ^-

          specifies that all upload filenames for anonymous users
          must  be made of only the characters A-Z, a-z, 0-9, and
          "._-" and may not begin with a  "."   or  a  "-".    If
          the filename is invalid, /etc/pathmsg will be displayed
          to the user.

     upload [absolute|relative] [class=classname]... [-]

     root-dir dirglob yes|   no owner group mode

     [dirs|nodirs] [d_mode]
           Define a directory with dirglob that permits or denies
           uploads.  If it does permit uploads, all newly created
           files will be owned by owner and group and  will  have
           their  permissions  set  according  to  mode. Existing
           files that are  overwritten will retain their original
           ownership  and permissions. Directories are matched on
           a best-match basis. For example:


     upload /var/ftp  *  no
     upload /var/ftp /incoming yes ftp daemon 0666
     upload /var/ftp /incoming/gifs yes jlc guest 0600 nodirs

     would   only   allow   uploads    into     /incoming     and
     /incoming/gifs.  Files  that  were uploaded to /incoming are
     owned  by ftp/daemon and have  permissions  of  0666.  Files
     uploaded   to /incoming/gifs are owned by jlc/guest and have
     permissions of 0600. The optional "dirs" and  "nodirs"  key-
     words  can be specified to allow or disallow the creation of
     new subdirectories using the mkdir command.  If  the  upload
     command is used,  directory  creation is allowed by default.
     To turn it off by default, you must specify  a  user,  group
     and  mode  followed  by  the  "nodirs"  keyword as the first
     line where the upload command is  used  in  this  file.   If
     directories  are  permitted, the optional  d_mode determines
     the permissions for  a newly created directory. If d_mode is
     omitted, the permissions are inferred from mode. The permis-
     sions are 0777  if mode is also omitted.  The upload keyword
     only applies to users who have a home directory of root-dir.
     root-dir may be specified as "*" to match  any  home  direc-
     tory.  The  owner  or group may each be specified as "*", in
     which case  any   uploaded  files  or  directories  will  be
     created  with  the  ownership of the directory in which they
     are created. The optional first  parameter  selects  whether
     root-dir  names  are  interpreted as absolute or relative to
     the current chroot'd environment. The default is  to  inter-
     pret   <root-dir>  names  as  absolute.  You can specify any
     number of class=classname restrictions. If  any  are  speci-
     fied,  this  upload  clause only takes effect if the current



SunOS 5.9           Last change: 18 Feb 2003                   17






File Formats                                         ftpaccess(4)



     user is a member of one of the classes.

          In the absence of any matching upload clause, real  and
          guest  users can upload files and make directories, but
          anonymous users cannot. The mode of uploaded  files  is
          0666.  For  created directories, the mode is 0777. Both
          modes are modified by the current umask setting.

     throughput root-dir subdir-glob file-glob-list

     bytes-per-second bytes-per-second-multiply remote-glob-list
           Define files by means of a comma-separated  file-glob-
           list in subdir matched  by  subdir-glob under root-dir
           that have restricted  transfer  throughput  of  bytes-
           per-second  on  download  when  the remote hostname or
           remote IP address matches the comma-separated  remote-
           glob-list.  Entries are matched on a best-match basis.
           For example:


     throughput /e/ftp *    *      oo   -   *
     throughput /e/ftp /sw* *      1024 0.5 *
     throughput /e/ftp /sw* README oo   -   *
     throughput /e/ftp /sw* *      oo   -   *.foo.com

          would set maximum throughput per default, but  restrict
          download  to 1024  bytes per second for any files under
          /e/ftp/sw/ that are not named README. The  only  excep-
          tions are remote hosts from  within the domain  foo.com
          which always get  maximum  throughput.   Every  time  a
          remote  client  has  retrieved a file under  /e/ftp/sw/
          the bytes per seconds of the matched  entry   line  are
          internally  multiplied by a factor, here 0.5.  When the
          remote client retrieves its second file,  it is  served
          with 512 bytes per second, the third time with only 256
          bytes per second, the fourth time with only  128  bytes
          per  second, and so on. The string  "oo"  for the bytes
          per second field means  no  throughput  restriction.  A
          multiply  factor  of  1.0 or "-" means no change of the
          throughput after every successful transfer.  The  root-
          dir here must match the home directory specified in the
          password  database  .  The  throughput   keyword   only
          applies to users who have a home directory of root-dir.

     anonymous-root root-dir [class...]
           root-dir specifies the  chroot()  path  for  anonymous
           users.    If  no  anonymous-root  is  matched, the old
           method of parsing the home directory  for the FTP user
           is  used. If no class  is specified,  this is the root
           directory for anonymous users who  do  not  match  any
           other  anonymous-root specification.  Multiple classes
           may be specified on this line. If an anonymous-root is



SunOS 5.9           Last change: 18 Feb 2003                   18






File Formats                                         ftpaccess(4)



           chosen for the user,  the FTP user's   home  directory
           in the  root-dir/etc/passwd  file is used to determine
           the initial directory and the FTP user's  home  direc-
           tory in  the system-wide /etc/passwd is not used.  For
           example:


     anonymous-root /home/ftp
     anonymous-root /home/localftp localnet

          causes all anonymous users to be chroot'd to the direc-
          tory   /home/ftp.   If   the   FTP   user   exists   in
          /home/ftp/etc/passwd, their initial CWD  is  that  home
          directory.  Anonymous users in the class localnet, how-
          ever,  are chroot'd to the directory /home/localftp and
          their  initial  CWD  is  taken from the FTP user's home
          directory in /home/localftp/etc/passwd.

     guest-root root-dir [uid-range...]
           root-dir specifies the chroot() path for guest  users.
           If no guest-root is matched, the old method of parsing
           the user's home directory is used.  If no uid-range is
           specified,  this is the  root directory for guestusers
           who do not match any other  guest-root  specification.
           Multiple  UID ranges may be  given on this  line. If a
           guest-root is chosen for the  user,  the  user's  home
           directory  in  the root-dir/etc/passwd file is used to
           determine the initial directory and the home directory
           in  the system-wide /etc/passwd is not used. uid-range
           specifies names or numeric UID values. To use numbers,
           put  a  % symbol before it or before the range. Ranges
           are specified by  giving the lower  and  upper  bounds
           (inclusive),  separated  by a dash. If the lower bound
           is omitted, it means all up to. If the upper bound  is
           omitted, it means all starting from.  For example:


     guest-root /home/users
     guest-root /home/staff %100-999 sally
     guest-root /home/users/owner/ftp frank


     causes all guest  users  to  chroot()  to  /home/users  then
     starts each user in    the user's  home directory, as speci-
     fied  in /home/users/etc/passwd.  Users  in  the  range  100
     through   999,  inclusive,  and user sally, will be chroot'd
     to /home/staff and  the  CWD   will   be  taken  from  their
     entries  in  /home/staff/etc/passwd.  The  single user frank
     will be chroot'd to /home/users/owner/ftp and the  CWD  will
     be from his entry  in /home/users/owner/ftp/etc/passwd.

          The order is important  for  both  anonymous-root   and



SunOS 5.9           Last change: 18 Feb 2003                   19






File Formats                                         ftpaccess(4)



          guest-root.  If  a  user  would match multiple clauses,
          only the first  applies;  with  the  exception  of  the
          clause  which  has no class or uid-range, which applies
          only if no other clause matches.

     deny-uid uid-range [uid-range...]

     deny-gid gid-range [gid-range...]

     allow-uid uid-range   [uid-range...]

     allow-gid gid-range [gid-range...]
           Use these clauses to specify UID and GID  values  that
           will be denied access to the FTP Server. The allow-uid
           and allow-gid clauses may be used to allow access  for
           UID  and  GID  values which would otherwise be denied.
           These checks occur before all others. deny is  checked
           before  allow.  The default is to allow  access. These
           clauses  do  not  apply  to   anonymous   users.   Use
           defaultserver  private  to  deny  access  to anonymous
           users. In most cases,  these clauses obviate the  need
           for  an  ftpusers(4) file.  For example, the following
           clauses deny FTP Server access to  all  privileged  or
           special  users  and  groups, except the guest1 user or
           group.


     deny-gid %-99 nobody noaccess nogroup
     deny-uid %-99 nobody noaccess nobody4
     allow-gid guest1
     allow-uid guest1

          Support for the ftpusers file still exists, so  it  may
          be  used  when  changing  the  ftpaccess  file  is  not
          desired. In any place a single UID or  GID  is  allowed
          throughout the ftpaccess file,  either names or numbers
          also may be used.  To use a number, put  a  '%'  symbol
          before it.  In places where a range is allowed, put the
          '%' before the range. A "*" matches all UIDs or GIDs.

     restricted-uid uid-range [uid-range...]

     restricted-gid gid-range [gid-range...]

     unrestricted-uid    uid-range [uid-range...]

     unrestricted-gid gid-range [gid-range...]
           These clauses control whether or  not  real  or  guest
           users  will   be  allowed  access to areas on the  FTP
           site outside their home  directories.   These  clauses
           are  not  meant  to  replace the use of guestgroup and
           guestuser. Instead, use these  clauses  to  supplement



SunOS 5.9           Last change: 18 Feb 2003                   20






File Formats                                         ftpaccess(4)



           the  operation  of  guests.  The  unrestricted-uid and
           unrestricted-gid clauses may be used  to  allow  users
           outside  their home directories who would otherwise be
           restricted.

           The following example shows the intended use for these
           clauses.  Assume   user   dick  has  a  home directory
           /home/dick and jane has a home directory /home/jane:


     guest-root /home dick jane
     restricted-uid dick jane

          While both dick and jane are chroot'd  to  /home,  they
          cannot access each other's  files because they are res-
          tricted to their home directories. However, you  should
          not  rely  solely  upon the FTP restrictions to control
          access.  As with all other FTP access rules, you should
          also use directory  and file permissions to support the
          operation of the ftpaccess configuration.

     site-exec-max-lines number [class...]
           The SITE EXEC feature traditionally limits the  number
           of  lines  of  output  that may  be sent to the remote
           client.  Use this clause to set this  limit.  If  this
           clause is omitted, the limit is 20 lines. A limit of 0
           (zero)  implies no  limit.  Be  very  careful  if  you
           choose  to  remove  the  limit.  If a clause is  found
           matching the remote user's  class, that limit is used.
           Otherwise,  the  clause  with  class  '*', or no class
           given, is used.  For example:


     site-exec-max-lines 200 remote
     site-exec-max-lines 0 local
     site-exec-max-lines 25

          limits output from SITE EXEC (and therefore SITE INDEX)
          to   200  lines  for remote users,  specifies there  is
          no limit at all for local users, and sets a limit of 25
          lines for all other users.

     dns refuse_mismatch filename [override]
           Refuse FTP sessions when the forward and reverse look-
           ups  for  the  remote  site do not match.  Display the
           named file, like a message file, admonishing the user.
           If  the optional override is specified, allow the con-
           nection after complaining.

     dns refuse_no_reverse filename [override]
           Refuse FTP sessions when there is no reverse DNS entry
           for  the  remote  site. Display the named file, like a



SunOS 5.9           Last change: 18 Feb 2003                   21






File Formats                                         ftpaccess(4)



           message file, admonishing the user.  If  the  optional
           override is specified, allow the connection after com-
           plaining.

     dns resolveroptions [options]
           The dns resolveroptions  option allows  you to  adjust
           name  server options. The line takes a series of flags
           as documented in resolver(3resolv), with  the  leading
           RES_  removed.  Each  can be preceded by an optional +
           or -.  For example:


     dns resolveroptions +aaonly -dnsrch

          turns on the aaonly option (only  accept  authoritative
          answers)  and  turns  off the dnsrch option (search the
          domain path).

     Lines that begin with a # sign are treated as comment  lines
     and are ignored.

FILES
      /etc/ftpd/ftpaccess


ATTRIBUTES
     See attributes(5)  for descriptions of the following  attri-
     butes:

     ____________________________________________________________
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    |_____________________________|_____________________________|
    | Availability                | SUNWftpr                    |
    |_____________________________|_____________________________|


SEE ALSO
     compress(1), ls(1), tar(1),  ftpaddhost(1M),  ftpconfig(1M),
     ftpshut(1M),   in.ftpd(1M),  chroot(2),  nice(2),  umask(2),
     getgrnam(3C),     resolver(3resolv),      ftpconversions(4),
     ftpgroups(4), ftpservers(4), ftpusers(4), timezone(4), xfer-
     log(4), attributes(5), fnmatch(5)

     Crocker, David H. RFC 822, Standard For The Format  Of  ARPA
     Internet  Text  Messages. Network Information Center. August
     1982.

     St. Johns, Michael. RFC 931, Authentication Server.  Network
     Working Group. January 1985.






SunOS 5.9           Last change: 18 Feb 2003                   22