HP-UX Reference (11i v3 07/02) - 4 File Formats (vol 8)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

111

112

113

114

115

116

117

118

119

120

ftpaccess(4) ftpaccess(4)

speciﬁes that all upload ﬁlenames for anonymous users must be made of only the characters

A-Z, a-

, 0-9, period (.), dash (

-), and underscore (_). The ﬁlenames may not begin with a period (

.)ora

dash (

-) as speciﬁed by ˆ\. and ˆ- respectively. If the ﬁlename is invalid,

/etc/pathmsg will be

displayed to the user.

upload [ absolute|relative ][ class=

classname ]... [-] root-dir dirglob { yes|no } owner

group mode [

dirs|nodirs ][ d_mode ]

Deﬁne a directory with dirglob that permits or denies uploads.

If it does permit uploads, all newly created ﬁles will be owned by owner and group and will have the

permissions set according to mode. Existing ﬁles which are overwritten will keep their original own-

ership and permissions.

Directories are matched on a best-match basis.

For example:

upload /var/ftp * no

upload /var/ftp /incoming yes ftp daemon 0666

upload /var/ftp /incoming/gifs yes jlc guest 0600 nodirs

These upload commands would only allow uploads into /incoming and /incoming/gifs

Files that were uploaded to

/incoming would be owned by ftp/daemon and would have permis-

sions of 0666. File uploaded to /incoming/gifs

would be owned by jlc/guest and have per-

missions of

0600. Note that the root-dir here must match the home directory speciﬁed in the pass-

word database for the ftp user.

The optional dirs and nodirs keywords can be speciﬁed to allow or disallow the creation of new

subdirectories using the

mkdir command.

Note that if the

upload command is used, directory creation is allowed by default. To turn it off by

default, you must specify a user, group and mode followed by the nodirs keyword as the ﬁrst line

where the upload command is used in this ﬁle.

If directories are permitted, the optional d_mode determines the permissions for a newly created

directory. If d_mode is omitted, the permissions are inferred from mode or are 0777 if mode is also

omitted.

upload only applies to users who have a home directory (the argument to the chroot())ofroot-

dir. root-dir may be speciﬁed as

* to match any home directory.

The owner and/or group may each be speciﬁed as

*, in which case any uploaded ﬁles or directories will

be created with the ownership of the directory in which they are created.

The optional ﬁrst parameter selects whether root-dir names are interpreted as absolute or relative to

the current

chroot’d environment. The default is to interpret root-dir names as absolute.

You can specify any number of class=classname restrictions. If any are speciﬁed, this upload clause

only takes effect if the current user is a member of one of the classes.

anonymous-root root-dir [ class ... ]

root-dir speciﬁes the

chroot() path for anonymous users. If no anonymous-root is matched,

the old method of parsing the home directory for the ftp user is used. If no class is speciﬁed, root-dir

is the root directory for anonymous users who do not have any other anonymous-root

speciﬁcation. Multiple classes may be given on the line. If an anonymous-root is chosen for the

user, the ftp user’s home directory in the root-dir/etc/passwd ﬁle is used to determine the initial

directory, and the ftp user’s home directory in the system-wide /etc/passwd is not used. For

example:

anonymous-root /home/ftp

anonymous-root /home/localftp localnet

causes all anonymous users to be chroot()’d to the directory /home/ftp . Then, if the ftp user

exists in /home/ftp/etc/passwd, their initial CWD is that home directory. Anonymous users in

the class localnet, however, are chroot()’d to the directory /home/localftp, and their initial

CWD is taken from the ftp user’s home directory in /home/localftp/etc/passwd.

120 Hewlett-Packard Company − 11 − HP-UX 11i Version 3: February 2007