HP-UX Reference (11i v2 07/12) - 4 File Formats (vol 8)
f
ftpaccess(4) ftpaccess(4)
Define a directory with dirglob that permits or denies uploads.
If it does permit uploads, all newly created files will be owned by owner and group and will have the
permissions set according to mode. Existing files which are overwritten will keep their original own-
ership and permissions.
Directories are matched on a best-match basis.
For example:
upload /var/ftp * no
upload /var/ftp /incoming yes ftp daemon 0666
upload /var/ftp /incoming/gifs yes jlc guest 0600 nodirs
These upload commands would only allow uploads into
/incoming and /incoming/gifs
.
Files that were uploaded to
/incoming would be owned by
ftp/daemon and would have permis-
sions of
0666. File uploaded to /incoming/gifs
would be owned by
jlc/guest and have per-
missions of
0600. Note that the root-dir here must match the home directory specified in the pass-
word database for the
ftp user.
The optional dirs and nodirs keywords can be specified to allow or disallow the creation of new
subdirectories using the mkdir
command.
Note that if the
upload command is used, directory creation is allowed by default. To turn it off by
default, you must specify a user, group and mode followed by the nodirs keyword as the first line
where the upload command is used in this file.
If directories are permitted, the optional d_mode determines the permissions for a newly created
directory. If d_mode is omitted, the permissions are inferred from mode or are 0777 if mode is also
omitted.
upload only applies to users who have a home directory (the argument to the chroot())ofroot-
dir. root-dir may be specified as "*" to match any home directory.
The owner and/or group may each be specified as "*", in which case any uploaded files or directories
will be created with the ownership of the directory in which they are created.
The optional first parameter selects whether root-dir names are interpreted as absolute or relative to
the current
chroot’d environment. The default is to interpret root-dir names as absolute.
You can specify any number of class=classname restrictions. If any are specified, this upload clause
only takes effect if the current user is a member of one of the classes.
anonymous-root root-dir [ class ... ]
root-dir specifies the
chroot() path for anonymous users. If no anonymous-root
is matched,
the old method of parsing the home directory for the ftp user is used. If no class is specified, root-dir
is the root directory for anonymous users who do not have any other
anonymous-root
specification. Multiple classes may be given on the line. If an anonymous-root
is chosen for the
user, the ftp user’s home directory in the root-dir
/etc/passwd file is used to determine the initial
directory, and the ftp user’s home directory in the system-wide
/etc/passwd
is not used. For
example:
anonymous-root /home/ftp
anonymous-root /home/localftp localnet
causes all anonymous users to be chroot()’d to the directory /home/ftp . Then, if the ftp user
exists in /home/ftp/etc/passwd, their initial CWD is that home directory. Anonymous users in
the class localnet, however, are chroot()’d to the directory /home/localftp, and their initial
CWD is taken from the ftp user’s home directory in /home/localftp/etc/passwd
.
guest-root root-dir [ uid-range ... ]
root-dir specifies the chroot() path for guest users. If guest-root is not matched, the old
method of parsing the user’s home directory is used. If no uid-range is specified, the root directory is
for guest users who do not match any other guest-root specification. Multiple uid ranges may be given
on the line. If a guest-root is chosen for the user, the user’s home directory in the root-
dir/etc/passwd file is used to determine the initial directory and their home directory in the system-
wide /etc/passwd is not used.
uid-range specifies numeric UID values. Ranges are specified by giving the lower and upper bounds
(inclusive), separated by a dash. Omitting the lower bound means "all up to", and omitted the upper
94 Hewlett-Packard Company − 11 − HP-UX 11i Version 2: December 2007 Update