HP-UX Reference (11i v2 03/08) - 4 File Formats (vol 8)
f
ftpaccess(4) ftpaccess(4)
Allows or disallows the ability to perform the specified function. By default, all users are allowed.
typelist is a comma-separated list of any of the keywords
anonymous
, guest, real and class=.
When
class= appears, it must be followed by a classname. If any
class= appears, the typelist
restriction applies only to users in that class.
passwd-check { none|trivial|rfc822
}[ enforce|warn ]
Define the level and enforcement of password checking done by the server for anonymous ftp.
none no password checking performed.
trivial password must contain an @.
rfc822 password must be an rfc822 compliant address.
warn warn the user, but allow them to log in.
enforce warn the user, and then log them out.
deny-email case-insensitive-email-address
The e-mail address given as an argument is considered to be invalid. If
passwd-check is set to
enforce, anonymous users giving this address as password cannot log in. This is one way that you
can stop users from having web browsers that use fake addresses like IE?0User@ or mozilla@. By
using
deny-email, you are not shutting out users using a web browser for ftp. You just making
them configure their browser correctly. Only one address per line, but you can have as many
deny-email clauses as you like.
path-filter typelist mesg allowed_charset [ disallowed_regexp ... ]
For users in typelist ,
path-filter defines regular expressions that control what a filename can
or cannot be. Disallowed regular expressions, disallowed_regexp, may be specified with multiple
regular expressions (see regexp (5)). If a filename is invalid due to failure to match the regular
expression criteria, mesg will be displayed to the user. For example:
path-filter anonymous /etc/pathmsg ˆ[-A-Za-z0-9_\.]*$ ˆ\. ˆ-
specifies that all upload filenames for anonymous users must be made of only the characters
A-Z,
a-z, 0-9, period (.), dash (-), and underscore (_
). The filenames may not begin with a period (.)
or a dash (
-) as specified by ˆ\. and ˆ- respectively. If the filename is invalid,
/etc/pathmsg will
be displayed to the user.
upload [ absolute|relative
][ class= classname ]... [-] root-dir dirglob { yes|no } owner
group mode [
dirs|nodirs ][ d_mode ]
Define a directory with dirglob that permits or denies uploads.
If it does permit uploads, all newly created files will be owned by owner and group and will have the
permissions set according to mode. Existing files which are overwritten will keep their original
ownership and permissions.
Directories are matched on a best-match basis.
For example:
upload /var/ftp * no
upload /var/ftp /incoming yes ftp daemon 0666
upload /var/ftp /incoming/gifs yes jlc guest 0600 nodirs
These upload commands would only allow uploads into /incoming and /incoming/gifs.
Files that were uploaded to /incoming would be owned by ftp/daemon and would have permis-
sions of 0666. File uploaded to /incoming/gifs would be owned by jlc/guest and have per-
missions of 0600. Note that the root-dir here must match the home directory specified in the pass-
word database for the ftp user.
The optional
dirs and nodirs keywords can be specified to allow or disallow the creation of new
subdirectories using the mkdir command.
Note that if the
upload command is used, directory creation is allowed by default. To turn it off by
default, you must specify a user, group and mode followed by the nodirs keyword as the first line
where the upload command is used in this file.
If directories are permitted, the optional d_mode determines the permissions for a newly created
directory. If d_mode is omitted, the permissions are inferred from mode or are
0777 if mode is also
omitted.
Section 4−−68 Hewlett-Packard Company − 10 − HP-UX 11i Version 2: August 2003