ftpaccess.4 (2010 09)
f
ftpaccess(4) ftpaccess(4)
An example of the use of these clauses shows their intended use. Assume user
dick has a home
directory
/home/dick and jane has a home directory
/home/jane:
guest-root /home dick jane
restricted-uid dick jane
While both dick and jane are chroot
’d to /home, they cannot access each other’s files because
they are restricted to their home directories.
Wherever possible, in situations such as this example, try not to rely solely upon the ftp restrictions.
As with all other ftp access rules, try to use directory and file permissions to backstop the operation
of the
ftpaccess configuration.
site-exec-max-lines
number [ class ... ]
The SITE EXEC feature traditionally limits the number of lines of output which may be sent to the
remote client. This clause allows you to set this limit. If omitted, the limit is 20 lines. A limit of 0
(zero) implies no limit. Be very careful if you choose to remove the limit. If a clause is found match-
ing the remote user’s class, that limit is used. Otherwise, the clause with class
*, or no class given,
is used. For example:
site-exec-max-lines 200 remote
site-exec-max-lines 0 local
site-exec-max-lines 25
The above examples limit output from SITE EXEC (and therefore SITE INDEX) to 200 lines for
remote users, specifies there is no limit at all for local users, and sets a limit of
25 lines for all
other users.
dns refuse_mismatch
filename [ override ]
Refuse FTP sessions when the forward and reverse lookups for the remote site do not match.
Display the named file, filename (like a message file), admonishing the user. If the optional
over-
ride is specified, allow the connection after complaining.
dns refuse_no_reverse
filename [ override ]
Refuse FTP sessions when there is no reverse DNS entry for the remote site. Display the named
file, filename (like a message file), admonishing the user. If the optional
override
is specified,
allow the connection after complaining.
dns resolveroptions
[ options ]
dns resolveroptions
allows you to tweak name server options. The line takes a series of flags
as documented in resolver (3N) (with the leading RES_ removed). Each can be preceded by an
optional
+ or -. For example,
dns resolveroptions +aaonly -dnsrch
turns on the aaonly option (only accept authoritative answers) and turns off the
dnsrch option
(search the domain path).
NOTE: For any clause that involves
chroot, make sure that you copy the libraries
/usr/lib/libnss_files.1 and /usr/lib/libdld.2
to the /usr/lib directory of the current
chroot’d environment.
FILES
/etc/ftpd/ftpaccess
AUTHOR
ftpaccess was developed by the Washington University, St. Louis, Missouri.
SEE ALSO
ftpshut(1), groups(1), passwd(1), ftpd(1M), chroot(2), umask(2), resolver(3N), ftpconversions(4),
ftpgroups(4).
HP-UX 11i Version 3: September 2010 − 13 − Hewlett-Packard Company 13