HP-UX Reference (11i v2 03/08) - 4 File Formats (vol 8)
f
ftpaccess(4) ftpaccess(4)
upload only applies to users who have a home directory (the argument to the
chroot())ofroot-
dir. root-dir may be specified as "*" to match any home directory.
The owner and/or group may each be specified as "*", in which case any uploaded files or directories
will be created with the ownership of the directory in which they are created.
The optional first parameter selects whether root-dir names are interpreted as absolute or relative
to the current
chroot’d environment. The default is to interpret root-dir names as absolute.
You can specify any number of
class=classname restrictions. If any are specified, this upload
clause only takes effect if the current user is a member of one of the classes.
anonymous-root
root-dir [ class ... ]
root-dir specifies the
chroot() path for anonymous users. If no
anonymous-root
is matched,
the old method of parsing the home directory for the ftp user is used. If no class is specified, root-
dir is the root directory for anonymous users who do not have any other
anonymous-root
specification. Multiple classes may be given on the line. If an
anonymous-root
is chosen for the
user, the ftp user’s home directory in the root-dir
/etc/passwd file is used to determine the initial
directory, and the ftp user’s home directory in the system-wide
/etc/passwd is not used. For
example:
anonymous-root /home/ftp
anonymous-root /home/localftp localnet
causes all anonymous users to be chroot()’d to the directory /home/ftp. Then, if the ftp user
exists in /home/ftp/etc/passwd
, their initial CWD is that home directory. Anonymous users in
the class localnet, however, are
chroot()’d to the directory /home/localftp
, and their initial
CWD is taken from the ftp user’s home directory in /home/localftp/etc/passwd
.
guest-root root-dir [ uid-range ... ]
root-dir specifies the
chroot() path for guest users. If guest-root is not matched, the old
method of parsing the user’s home directory is used. If no uid-range is specified, the root directory
is for guest users who do not match any other guest-root specification. Multiple uid ranges may be
given on the line. If a
guest-root is chosen for the user, the user’s home directory in the root-
dir/etc/passwd file is used to determine the initial directory and their home directory in the
system-wide
/etc/passwd is not used.
uid-range specifies numeric UID values. Ranges are specified by giving the lower and upper bounds
(inclusive), separated by a dash. Omitting the lower bound means "all up to", and omitted the upper
bound means "all starting from". For example:
guest-root /home/users guest-root /home/staff %100-999 sally
guest-root /home/users/frank/ftp frank
causes all guest users to chroot() to /home/users then starts each user in their home directory
specified in /home/users/etc/passwd
. Users in the range 100 through 999, inclusive, and
user
sally, will be chroot()’d to /home/staff and the CWD will be taken from their entries
in /home/staff/etc/passwd. The single user frank will be chroot()’d to
/home/users/owner/ftp and the CWD will be from his entry in
/home/users/owner/ftp/etc/passwd.
Note that order is important for both
anonymous-root and guest-root. If a user would match
multiple clauses, only the first applies; with the exception of the clause which has no class or uid-
range, which applies only if no other clause matches.
deny-uid uid-range [...]
deny-gid gid-range [...]
allow-uid uid-range [...]
allow-gid gid-range [...]
These clauses allow specification of UID and GID values which will be denied access to the ftp
server. The
allow-uid and allow-gid clauses may be used to allow access for uid/gid which
would otherwise be denied. These checks occur before all others. Deny is checked before allow.
The default is to allow access. Note that in most cases, this can remove the need for an
/etc/ftpd/ftpusers files. For example:
deny-gid %-99 %65535 deny-uid %-99 %65535
HP-UX 11i Version 2: August 2003 − 11 − Hewlett-Packard Company Section 4−−69