HP-UX Reference (11i v2 03/08) - 4 File Formats (vol 8)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

ftpaccess(4) ftpaccess(4)

not be matched.

virtual address { hostname|email } string

Sets string to either the hostname shown in the greeting message and

STAT command, or to the

email address used in message ﬁles and on the

HELP command.

virtual address allow username [ username ... ]

virtual address deny username [ username ... ]

Normally, real and guest users are not allowed to log in on the virtual server unless they are guests

and

chroot’d to the virtual root. The users listed on the

virtual allow line(s) will be granted

access. All users can be granted access by giving ’*’ as the username. The

virtual deny clauses

are processed after the

virtual allow clauses and are used to deny access to speciﬁc users when

all users were allowed.

virtual address private

Normally, anonymous users are allowed to log in on the virtual server. This option denies them

access.

virtual address passwd ﬁle

Use a different passwd ﬁle for the virtual domain.

Note: This option is currently not supported in HP-UX.

virtual address shadow ﬁle

Use a different shadow ﬁle for this virtual domain.

Note: This option is currently not supported in HP-UX.

defaultserver deny

username [ username ... ]

defaultserver allow

username [ username ... ]

Normally, all users are allowed access to the default (non-virtual) FTP server. Use

defaultserver deny to revoke access for speciﬁc users. Specify defaultserver deny

deny access to all users. Speciﬁc users can then be allowed using

defaultserver allow

defaultserver private

Normally, anonymous users are allowed on the default (non-virtual) FTP server. This statement

disallows anonymous access.

The

virtual and defaultserver allow

, deny, and private clauses provide a means to con-

trol which users are allowed access on which FTP servers.

passive address externalip cidr

Allows control of the address reported in response to a

PASV command. When any control connec-

tion matching the cidr requests a passive data connection (PASV), the externalip address is

reported.

NOTE: this does not change the address that the daemon actually listens on, only the address

reported to the client. This feature allows the daemon to operate correctly behind IP-renumbering

ﬁrewalls. For example:

passive address 10.0.1.15 10.0.0.0/8

passive address 192.168.1.5 0.0.0.0/0

Clients connecting from the class-A network 10 will be told the passive connection is listening on

IP-address 10.0.1.15 while all others will be told the connection is listening on 192.168.1.5.

Multiple passive addresses may be speciﬁed to handle complex, or multi-gatewayed, networks.

Note: This option is not supported on IPv6 enabled systems .

passive ports cidr min max

Allows control of the TCP port numbers which may be used for a passive data connection. If the

control connection matches the cidr , a port in the range min to max will be randomly selected for

the daemon to listen on. This feature allows ﬁrewalls to limit the ports which remote clients may

use to connect into the protected network.

Section 4−−66 Hewlett-Packard Company − 8 − HP-UX 11i Version 2: August 2003