ftpaccess.4 (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

ftpaccess(4) ftpaccess(4)

Directory speciﬁcations mark all ﬁles and sub-directories in the named directory as "un-gettable" or

not obtainable. The ﬁlename may be speciﬁed as a ﬁle glob. For example:

noretrieve /etc /home/*/.htaccess

speciﬁes that no ﬁles in

/etc or any of its sub-directories may be retrieved. Also, no ﬁles named

.htaccess anywhere under the /home directory may be retrieved.

The optional ﬁrst parameter selects whether names are interpreted as absolute or relative to the

current

chroot’d environment. The default is to interpret names beginning with a slash as abso-

lute.

The

noretrieve restrictions may be placed upon members of particular classes. If any

class=

is speciﬁed, then this option is set only for the users of that particular class.

allow-retrieve

[ absolute|relative ][ class= classname ] ...

[

-] ﬁlename [ ﬁlename ] ...

Allows retrieval of ﬁles which would otherwise be denied by noretrieve.

loginfails number

After number login failures, log a message and terminate the FTP connection. Default value is 5.

private { yes|no }

After a user logs in, the

SITE GROUP and SITE GPASS ftpd commands may be used to specify

an enhanced access group and associated password. If the group name and password are valid, the

user becomes (via setgid()) a member of the group speciﬁed in the group access ﬁle,

/etc/ftpd/ftpgroups

The format of the group access ﬁle is:

access_group_name

:encrypted_password:real_group_name

where access_group_name is an arbitrary (alphanumeric and punctuation) string.

encrypted_password is the password encrypted via

crypt() (see crypt (3C)) exactly like in

/etc/passwd. real_group_name is the name of a valid group listed in

/etc/group.

NOTE: For this option to work for anonymous FTP users, the ftp server must keep

/etc/group

permanently open and the group access ﬁle is loaded into memory. This means that: (1) the ftp

server now has an additional ﬁle descriptor open, and (2) the necessary passwords and access

privileges granted to users via SITE GROUP (see ftpd (1M)) will be static for the duration of an FTP

session. If you have an urgent need to change the access groups and/or passwords now (immedi-

ately), just kill all of the running FTP servers.

Informational Capabilities

greeting { full|brief|terse }

greeting text message

Allows you to control how much information is given out before the remote user logs in.

greeting

full is the default and shows the hostname and daemon version. greeting brief shows the

hostname. greeting terse only displays the message "FTP server ready." Also, this message is

printed as the output of the STAT command. Although full is the default, brief is recom-

mended.

NOTE: The two options

suppresshostname and suppressversion

, are not supported. The

greeting option can be used to suppress the hostname or the daemon version.

The

greeting text message form allows you to specify any greeting message you desire. The

message can be any string; whitespace (spaces and tabs) is converted to a single space.

banner path

Works similarly to the

message command (see below), except that the banner is displayed before

the user enters the username and password. The path is relative to the real system root, not the

base of the anonymous FTP directory.

WARNING: use of this command can completely prevent non-compliant FTP clients from making

use of the FTP server. Not all clients can handle multi-line responses (which is how the banner is

displayed).

4 Hewlett-Packard Company − 4 − HP-UX 11i Version 3: September 2010