ftpaccess.4 (2010 09)
f
ftpaccess(4) ftpaccess(4)
Example:
In the
/etc/passwd file, the sample entry is:
guest1:<passwd>:100:92:Guest Account:/ftp/./incoming:/etc/ftponly
When guest1 successfully logs in, the ftp server will
chroot (/ftp) and then chdir (/incom-
ing). The guest user will only be able to access the directory structure under
/ftp (which will look
and act as
/ to guest1), just as an anonymous FTP user would.
The group name may be specified by either name or numeric ID. To use a numeric group ID, place a
% before the number. Ranges may be given. Use an asterisk (
*) to mean all groups.
guestuser works like guestgroup, except it uses the user name (or numeric ID).
realuser and realgroup have the same syntax, but reverse the effect of
guestuser and
guestgroup. They allow real user access when the remote user would otherwise be determined a
guest. For example:
guestuser *
realgroup admin
causes all non-anonymous users to be treated as guest, with the sole exception of users in the admin
group who are granted real user access.
nice nice-delta [ class ]
Adjust the process nice value of the ftpd server process by the indicated nice-delta value if the
remote user is a member of the named class .Ifclass is not specified, then use nice-delta as the
default adjustment to the ftpd server process nice value. This default nice value adjustment is used
to adjust the nice value of the server process only for those users who do not belong to any class for
which a class-specific
nice directive exists in the ftpaccess file.
defumask umask [ class ]
Set the umask applied to files created by daemon if the remote user is a member of the named class.
If class is not specified, then use the umask as the default for classes which do not have one
specified.
keepalive { yes|no }
Set the TCP
SO_KEEPALIVE option for data sockets. keepalive can be used to control network
disconnect. yes means to set the TCP SO_KEEPALIVE option. With no, the behavior depends on
the system default settings (see ndd(1M)).
NOTE: It is recommended to set
keepalive to yes to keep the network traffic connected.
timeout accept [ seconds ]
timeout connect [ seconds ]
timeout data [ seconds ]
timeout idle [ seconds ]
timeout maxidle [ seconds ]
timeout RFC931 [ seconds ]
Set various timeouts.
accept [seconds ] (default 120 seconds). Specify how long the daemon will wait for an incoming
(PASV) data connection.
connect [seconds ] (default 120 seconds). Specify how long the daemon will wait attempting to
establish an outgoing (PORT) data connection. This affects the actual connection attempt. The dae-
mon makes several attempts, sleeping a while between each, before completely giving up.
data [seconds ] (default 1200 seconds). Specify how long the daemon will wait for some activity on
the data connection. It is recommended to keep this value high, because the remote client may have
a slow link and there can be quite a bit of data queued for the client.
idle [seconds ] (default 900 seconds). Specify how long the daemon will wait for the next com-
mand. The default value (900 seconds) can be overridden by using the -t option of ftpd (see
ftpd (1M)). If idle is specified, that value will override both the default value as well as the value
set with -t option of ftpd. The SITE IDLE ftpd command allows the remote client to establish a
higher value for the idle timeout. An idle value of 0 implies that there is no idle timeout period
and the control connection is set to an infinite idle timeout period. If idle is set to a value more
2 Hewlett-Packard Company − 2 − HP-UX 11i Version 3: September 2010