HP-UX Reference (11i v3 07/02) - 4 File Formats (vol 8)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

101

102

103

104

105

106

107

108

109

110

ftpaccess(4) ftpaccess(4)

NAME

ftpaccess - ftpd conﬁguration ﬁle

SYNOPSIS

/etc/ftpd/ftpaccess

DESCRIPTION

The /etc/ftpd/ftpaccess

ﬁle is used to conﬁgure the operation of

ftpd (see ftpd(1M)).

Access Capabilities

autogroup groupname class [ class ... ]

If an anonymous user is a member of any of class, the ftp server will perform a

setgid() to

groupname. This allows access to group-and-owner-read-only ﬁles and directories to a particular class

of anonymous users. groupname is a valid group from

/etc/group (or whatever mechanism your

getgrent() library routine uses; see getgrent(3C)).

class class typelist addrglob [ addrglob ... ]

Deﬁne class of users, with source addresses of the form addrglob. Multiple members of class may be

deﬁned. There may be multiple

class commands, listing additional members of the class. If multi-

ple class commands can apply to the current session, the ﬁrst one listed in the access ﬁle is used.

Failing to deﬁne a valid class for a host will cause access to be denied. typelist is a comma-separated

list of any of the keywords

anonymous, guest and real. If the real keyword is included, the

class can match users using FTP to access real accounts, and if the

anonymous keyword is included,

the class can match users using anonymous FTP. The

guest keyword matches guest access accounts

(see guestgroup below for more information)

addrglob may be a globbed domain name or a globbed numeric address. There can be multiple

addrglob’s for this directive. To avoid confusion when you have multiple addrglob’s, you can put all

the addrglob’s in a ﬁle and specify the path of the ﬁle in place of the addrglob’s.

Placing an exclamation (!) before an addrglob negates the test. For example:

class rmtuser real !*.example.com

will classify real users from outside the example.com domain as the class rmtuser. Use care

with this option. Remember, the result of each test is OR’ed with other tests on the line.

deny addrglob message_ﬁle

Always deny access to the host(s) matching addrglob. message_ﬁle is the ﬁle from which denial mes-

sage is displayed to the hosts that are denied access. addrglob may be !nameserved to deny access

to sites without a working nameserver. It may also be the name of a ﬁle, starting with a slash (

/),

which contains additional address globs, as well as in the form address:netmask or address/cidr.

guestgroup groupname [ groupname ... ]

guestuser username [ username ... ]

realgroup groupname [ groupname ... ]

realuser username [ username ... ]

For guestgroup ,ifareal user is a member of any of groupname, the session is set up exactly as

with anonymous FTP. In other words, a chroot() is done, and the user is no longer permitted to

issue the USER and PASS commands. groupname is a valid group from /etc/group (or whatever

mechanism your getgrent() library routine uses).

The user’s home directory must be properly set up, exactly as anonymous FTP would be. The home

directory ﬁeld of the passwd entry is divided into two directories. The ﬁrst ﬁeld is the root directory

which will be the argument to the chroot call. The second half is the user’s home directory relative

to the root directory. The two halves are separated by a /./.

Example:

In the /etc/passwd ﬁle, the sample entry is:

guest1:<passwd>:100:92:Guest Account:/ftp/./incoming:/etc/ftponly

When guest1 successfully logs in, the ftp server will chroot (/ftp) and then chdir (/incom-

ing

). The guest user will only be able to access the directory structure under /ftp (which will look

and act as / to guest1), just as an anonymous FTP user would.

110 Hewlett-Packard Company − 1 − HP-UX 11i Version 3: February 2007