HP-UX Reference (11i v3 07/02) - 4 File Formats (vol 8)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

111

112

113

114

115

116

117

118

119

120

ftpaccess(4) ftpaccess(4)

defaultserver private

Normally, anonymous users are allowed on the default (non-virtual) FTP server. This statement

disallows anonymous access.

The virtual and defaultserver allow

, deny, and private clauses provide a means to

control which users are allowed access on which FTP servers.

passive address

externalip cidr

Allows control of the address reported in response to a

PASV command. When any control connection

matching the cidr requests a passive data connection (

PASV), the externalip address is reported.

NOTE: this does not change the address that the daemon actually listens on, only the address

reported to the client. This feature allows the daemon to operate correctly behind IP-renumbering

ﬁrewalls. For example:

passive address 10.0.1.15 10.0.0.0/8

passive address 192.168.1.5 0.0.0.0/0

Clients connecting from the class-A network 10 will be told the passive connection is listening on IP-

address 10.0.1.15 while all others will be told the connection is listening on 192.168.1.5.

Multiple passive addresses may be speciﬁed to handle complex, or multi-gatewayed, networks.

Note: This option is not supported on IPv6 enabled systems.

passive ports cidr min max

Allows control of the TCP port numbers which may be used for a passive data connection. If the con-

trol connection matches the cidr, a port in the range min to max will be randomly selected for the

daemon to listen on. This feature allows ﬁrewalls to limit the ports which remote clients may use to

connect into the protected network.

cidr is shorthand for an IP address in dotted-quad notation followed by a slash and the number of

left-most bits which represent the network address (as opposed to the machine address). For exam-

ple, if you are using the reserved class-A network 10, instead of a netmask of 255.0.0.0, use a cidr of /8

as in 10.0.0.0/8 to represent your network.

Note: This option is not supported on IPv6 enabled systems.

pasv-allow class [ addrglob ... ]

port-allow class [ addrglob ... ]

Normally, the daemon does not allow a PORT command to specify an address different than that of

the control connection. And it does not allow a PASV connection from another address.

The port-allow clause provides a list of addresses which the speciﬁed class of user may give on a

PORT command. These addresses will be allowed even if they do not match the IP-address of the

client-side of the control connection.

The pasv-allow clause provides a list of addresses which the speciﬁed class of user may make data

connections from. These addresses will be allowed even if they do not match the IP-address of the

client-side of the control connection.

lslong command [ options ... ]

lsshort command [ options ... ]

lsplain command [ options ... ]

The lslong, lsshort and lsplain clauses specify the command and the command options used

to generate directory listings. Note the options cannot contain spaces. Typically the /usr/bin/ls

command is used to provide directory listings. To change the path for ls, specify it in command.

The defaults for these clauses are generally correct. For normal users lsshort is used. For

anonymous users lslong is used. lsplain is used for special cases. Use lslong, lsshort,or

lsplain only if absolutely necessary.

mailserver hostname [ hostname ... ]

Specify the name of a mail server which will accept upload notiﬁcations for the FTP daemon. Multiple

mail servers may be listed; the daemon will attempt to deliver the upload notiﬁcation to each, in

order, until one accepts the message. If no mail servers are speciﬁed, localhost is used. This option is

only meaningful if anyone is to be notiﬁed of anonymous uploads (see incmail below).

118 Hewlett-Packard Company − 9 − HP-UX 11i Version 3: February 2007