ftpaccess.4 (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

ftpaccess(4) ftpaccess(4)

virtual address shadow ﬁle

Use a different shadow ﬁle for this virtual domain.

Note: This option is currently not supported in HP-UX.

defaultserver deny

username [ username ... ]

defaultserver allow

username [ username ... ]

Normally, all users are allowed access to the default (non-virtual) FTP server. Use

defaultserver deny to revoke access for speciﬁc users. Specify

defaultserver deny

deny access to all users. Speciﬁc users can then be allowed using

defaultserver allow

defaultserver private

Normally, anonymous users are allowed on the default (non-virtual) FTP server. This statement

disallows anonymous access.

The

virtual and defaultserver allow

, deny, and private clauses provide a means to con-

trol which users are allowed access on which FTP servers.

passive address

externalip cidr

Allows control of the address reported in response to a

PASV command. When any control connec-

tion matching the cidr requests a passive data connection (

PASV), the externalip address is

reported.

NOTE: this does not change the address that the daemon actually listens on, only the address

reported to the client. This feature allows the daemon to operate correctly behind IP-renumbering

ﬁrewalls. For example:

passive address 10.0.1.15 10.0.0.0/8

passive address 192.168.1.5 0.0.0.0/0

Clients connecting from the class-A network 10 will be told the passive connection is listening on

IP-address 10.0.1.15 while all others will be told the connection is listening on 192.168.1.5.

Multiple passive addresses may be speciﬁed to handle complex, or multi-gatewayed, networks.

Note: This option is not supported on IPv6 enabled systems .

passive ports cidr min max

Allows control of the TCP port numbers which may be used for a passive data connection. If the

control connection matches the cidr, a port in the range min to max will be randomly selected for

the daemon to listen on. This feature allows ﬁrewalls to limit the ports which remote clients may

use to connect into the protected network.

cidr is shorthand for an IP address in dotted-quad notation followed by a slash and the number of

left-most bits which represent the network address (as opposed to the machine address). For exam-

ple, if you are using the reserved class-A network 10, instead of a netmask of 255.0.0.0, use a cidr of

/8 as in 10.0.0.0/8 to represent your network.

Note: This option is not supported on IPv6 enabled systems .

pasv-allow class [ addrglob ... ]

port-allow class [ addrglob ... ]

Normally, the daemon does not allow a

PORT command to specify an address different than that of

the control connection. And it does not allow a PASV connection from another address.

The

port-allow clause provides a list of addresses which the speciﬁed class of user may give on a

PORT command. These addresses will be allowed even if they do not match the IP-address of the

client-side of the control connection.

The

pasv-allow clause provides a list of addresses which the speciﬁed class of user may make

data connections from. These addresses will be allowed even if they do not match the IP-address of

the client-side of the control connection.

lslong command [ options ... ]

lsshort command [ options ... ]

lsplain command [ options ... ]

The

lslong, lsshort and lsplain clauses specify the command and the command options used

to generate directory listings. Note the options cannot contain spaces. Typically the /usr/bin/ls

HP-UX 11i Version 3: September 2010 − 9 − Hewlett-Packard Company 9