ftpaccess(5)
Name
ftpaccess - ftpd configuration file
Description
The ftpaccess file is used to configure the operation of
ftpd(1).
Access Capabilities
autogroup <<groupname>> <<class>> [<<class>> ...]
If an ANONYMOUS user is a member of any of <class>,
the ftp server will perform a setegid() to <group-
name>. This allows access to group-and-owner-read-
only files and directories to a particular class of
anonymous users. <groupname> is a valid group from
/etc/group (or wherever mechanism your getgrent(2)
library routine uses).
class <<class>> <<typelist>> <<addrglob>> [<<addrglob>> ...]
Define <class> of users, with source addresses of the
form <addrglob>. Multiple members of <class> may be
defined. There may be multiple "class" commands
listing additional members of the class. If multiple
"class" commands can apply to the current session,
the first one listed in the access file is used.
Failing to define a valid class for a host will cause
access to be denied. <typelist> is a comma-separated
list of any of the keywords "anonymous", "guest" and
"real". If the "real" keyword is included, the class
can match users using FTP to access real accounts,
and if the "anonymous" keyword is included the class
can match users using anonymous FTP. The "guest"
keyword matches guest access accounts (see "guest-
group" for more information)
<addrglob> may be a globbed domain name or a globbed
numeric address.
deny <<addrglob>> <<message_file>>
Always deny access to host(s) matching <addrglob>.
<message_file> is displayed. <addrglob> may be
"!nameserved" to deny access to sites without a work-
ing nameserver.
guestgroup <<groupname>> [<<groupname>> ...]
If a REAL user is a member of any of <groupname>, the
session is set up exactly as with anonymous FTP. In
other words, a chroot() is done, and the user is no
longer permitted to issue the USER and PASS commands.
<groupname> is a valid group from /etc/group (or
whatever mechanism your getgrent(3) library routine
uses).
The user's home directory must be properly set up,
exactly as anonymous FTP would be. The home
directory field of the passwd entry is divided into
two directories. The first field is the root direc-
tory which will be the argument to the chroot(2)
call. The second half is the user's home directory
relative to the root directory. The two halves are
separated by a "/./".
Example:
in /etc/passwd, the real entry:
guest1:<passwd>:100:92:Guest Account:/ftp/./incom-
ing:/etc/ftponly
When guest1 successfully logs in, the ftp server will
chroot("/ftp") and then chdir("/incoming"). The
guest user will only be able to access the directory
structure under /ftp (which will look and act as / to
guest1), just as an anonymous FTP user would.
limit <<class>> <<n>> <<times>> <<message_file>>
Limit <class> to <n> users at times <times>, display-
ing <message_file> if user is denied access. Limit
check is performed at login time only. If multiple
"limit" commands can apply to the current session,
the first applicable one is used. Failing to define
a valid limit, or a limit of -1, is equivalent to
unlimited. <times> is in same format as the times in
the UUCP L.sys file.
noretrieve <<filename>> <<filename>> ....
Always deny retrieve-ability of these files. If the
files are an absolute path specification (i.e. begins
with '/' character) then only those files are marked
un-gettable, otherwise all files with matching the
filename are refused transfer. Example:
noretrieve /etc/passwd core
specifies no one will be able to get the file
/etc/passwd whereas they will be allowed to transfer
a file `passwd' if it is not in /etc. On the other
hand no one will be able to get files named `core'
wherever it is.
No globbing is done.
loginfails <<number>>
After <number> login failures, log a "repeated login
failures" message and terminate the FTP connection.
Default value is 5.
private <<yes|no>>
After user logs in, the SITE GROUP and SITE GPASS
commands may be used to specify an enhanced access
group and associated password. If the group name and
password are valid, the user becomes (via setegid())
a member of the group specified in the group access
file /etc/ftpgroups.
The format of the group access file is:
access_group_name:encrypted_password:real_group_name
where access_group_name is an arbitrary (alphanumeric
+ punctuation) string. encrypted_password is the
password encrypted via crypt(3), exactly like in
/etc/passwd. real_group_name is the name of a valid
group listed in /etc/group.
NOTE: For this option to work for anonymous FTP
users, the ftp server must keep /etc/group perma-
nently open and the group access file is loaded into
memory. This means that (1) the ftp server now has
an additional file descriptor open, and (2) the nec-
essary passwords and access privileges granted to
users via SITE GROUP will be static for the duration
of an FTP session. If you have an urgent need to
change the access groups and/or passwords *NOW*, you
just kill all of the running FTP servers.
Informational Capabilities
banner <<path>>
Works similarly to the message command, except that
the banner is displayed before the user enters the
username/password. The <path> is relative to the
real system root, not the base of the anonymous FTP
directory.
WARNING: use of this command can completely prevent
non-compliant FTP clients from making use of the FTP
server. Not all clients can handle multi-line
responses (which is how the banner is displayed).
email <<name>>
Defines the email address of the ftp archive main-
tainer. This string will be printed every time the
%E magic cookie is used.
message <<path>> {<<when>> {<<class>> ...}}
Define a file with <path> such that ftpd will display
the contents of the file to the user login time or
upon using the change working directory command. The
<when> parameter may be "LOGIN" or "CWD=<dir>". If
<when> is "CWD=<dir>", <dir> specifies the new
default directory which will trigger the notifica-
tion.
The optional <class> specification allows the message
to be displayed only to members of a particular
class. More than one class may be specified.
There can be "magic cookies" in the readme file which
cause the ftp server to replace the cookie with a
specified text string:
%T local time (form Thu Nov 15 17:12:42
1990)
%F free space in partition of CWD (kbytes)
[not supported on all systems]
%C current working directory
%E the maintainer's email address as
defined in ftpaccess
%R remote host name
%L local host name
%u username as determined via RFC931
authentication
%U username given at login time
%M maximum allowed number of users in this
class
%N current number of users in this class
The message will only be displayed once to avoid
annoying the user. Remember that when MESSAGEs are
triggered by an anonymous FTP user, the <path> must
be relative to the base of the anonymous FTP direc-
tory tree.
readme <<path>> {<<when>> {<<class>>}}
Define a file with <path> such that ftpd will notify
user at login time or upon using the change working
directory command that the file exists and was modi-
fied on such-and-such date. The <when> parameter may
be "LOGIN" or "CWD=<dir>". If <when> is "CWD=<dir>",
<dir> specifies the new default directory which will
trigger the notification. The message will only be
displayed once, to avoid bothering users. Remember
that when README messages are triggered by an anony-
mous FTP user, the <path> must be relative to the
base of the anonymous FTP directory tree.
The optional <class> specification allows the message
to be displayed only to members of a particular
class. More than one class may be specified.
Logging Capabilities
log commands <<typelist>>
Enables logging of individual commands by users.
<typelist> is a comma-separated list of any of the
keywords "anonymous", "guest" and "real". If the
"real" keyword is included, logging will be done for
users using FTP to access real accounts, and if the
"anonymous" keyword is included logging will done for
users using anonymous FTP. The "guest" keyword
matches guest access accounts (see "guestgroup" for
more information).
log transfers <<typelist>> <<directions>>
Enables logging of file transfers for either real or
anonymous FTP users. Logging of transfers TO the
server (incoming) can be enabled separately from
transfers FROM the server (outbound). <typelist> is
a comma-separated list of any of the keywords "anony-
mous", "guest" and "real". If the "real" keyword is
included, logging will be done for users using FTP to
access real accounts, and if the "anonymous" keyword
is included logging will done for users using anony-
mous FTP. The "guest" keyword matches guest access
accounts (see "guestgroup" for more information).
<directions> is a comma-separated list of any of the
two keywords "inbound" and "outbound", and will
respectively cause transfers to be logged for files
sent to the server and sent from the server.
Miscellaneous Capabilities
alias <<string>> <<dir>>
Defines an alias, <string>, for a directory. Can be
used to add the concept of logical directories.
For example:
alias rfc: /pub/doc/rfc
would allow the user to access /pub/doc/rfc from any
directory by the command "cd rfc:". Aliases only
apply to the cd command.
cdpath <<dir>>
Defines an entry in the cdpath. This defines a search
path that is used when changing directories.
For example:
cdpath /pub/packages
cdpath /.aliases
would allow the user to cd into any directory
directly under /pub/packages or /.aliases directo-
ries. The search path is defined by the order the
lines appear in the ftpaccess file.
If the user were to give the command:
cd foo
The directory will be searched for in the following
order:
./foo
an alias called "foo"
/pub/packages/foo
/.aliases/foo
The cd path is only available with the cd command. If
you have a large number of aliases you might want to
set up an aliases directory with links to all of the
areas you wish to make available to users.
compress <<yes|no>> <<classglob>> [<<classglob>> ...]
tar <<yes|no>> <<classglob>> [<<classglob>> ...]
Enables compress or tar capabilities for any class
matching any of <classglob>. The actual conversions
are defined in the external file FTPLIB/ftpconver-
sions.
shutdown <<path>>
If the file pointed to by <path> exists, the server
will check the file regularly to see if the server is
going to be shut down. If a shutdown is planned, the
user is notified, new connections are denied after a
specified time before shutdown and current connec-
tions are dropped at a specified time before shut-
down. <path> points to a file structured as follows:
<year> <month> <day> <hour> <minute> <deny_offset>
<disc_offset>
<text>
<year> any year > 1970
<month> 0-11 <---- LOOK!
<hour> 0-23
<minute> 0-59
<deny_offset> and <disc_offset> are the offsets in
HHMM format before the shutdown time that new connec-
tions will be denied and existing connections will be
disconnected.
<text> follows the normal rules for any message (see
"message"), with the following additional magic cook-
ies available:
%s time system is going to shut down
%r time new connections will be denied
%d time current connections will be dropped
all times are in the form: ddd MMM DD hh:mm:ss YYYY.
There can be only one "shutdown" command in the con-
figuration file.
The external program ftpshut(8) can be used to
automate the process of generating this file.
virtual <<address>> <<root|banner|logfile>> <<path>>
Enables the virtual ftp server capabilities. The
<address> is the ip address of the virtual server.
The second argument specifies that the <path> is
either the path to the root of the filesystem for
this virtual server, the banner presented to the user
when connecting to this virtual server, or the log-
file where transfers are recorded for this virtual
server. If the logfile is not specified the default
logfile will be used. All other message files and
permissions as well as any other settings in this
file apply to all virtual servers.
NOTE: Your operating system may not support this fea-
ture. It has been tested on BSD/OS, Solaris 2.X and
Linux.
Permission Capabilities
chmod <<yes|no>> <<typelist>>
delete <<yes|no>> <<typelist>>
overwrite <<yes|no>> <<typelist>>
rename <<yes|no>> <<typelist>>
umask <<yes|no>> <<typelist>>
Allows or disallows the ability to perform the speci-
fied function. By default, all users are allowed.
<typelist> is a comma-separated list of any of the
keywords "anonymous", "guest" and "real".
passwd-check <<none|trivial|rfc822>> (<<enforce|warn>>)
Define the level and enforcement of password checking
done by the server for anonymous ftp.
none no password checking performed.
trivial password must contain an '@'.
rfc822 password must be an rfc822 compliant
address.
warn warn the user, but allow them to log in.
enforce warn the user, and then log them out.
path-filter <<typelist>> <<mesg>> <<allowed_charset>>
{<<disallowed reg- exp>> ...}
For users in <typelist>, path-filter defines regular
expressions that control what a filename can or can
not be. There may be multiple disallowed regexps.
If a filename is invalid due to failure to match the
regexp criteria, <mesg> will be displayed to the
user. For example:
path-filter anonymous /etc/pathmsg ^[-A-Za-
z0-9._]*$ ^\. ^-
specifies that all upload filenames for anonymous
users must be made of only the characters A-Z, a-z,
0-9, and "._-" and may not begin with a "." or a "-".
If the filename is invalid, /etc/pathmsg will be dis-
played to the user.
upload <<root-dir>> <<dirglob>> <<yes|no>> <<owner>> <<group>>
<<mode>> ["dirs"|"nodirs"]
Define a directory with <dirglob> that permits or
denies uploads.
If it does permit uploads, all files will be owned by
<owner> and <group> and will have the permissions set
according to <mode>.
Directories are matched on a best-match basis.
For example:
upload /var/ftp * no
upload /var/ftp /incoming yes ftp daemon
0666
upload /var/ftp /incoming/gifs yes jlc guest
0600 nodirs
This would only allow uploads into /incoming and
/incoming/gifs. Files that were uploaded to /incom-
ing would be owned by ftp/daemon and would have per-
missions of 0666. File uploaded to /incoming/gifs
would be owned by jlc/guest and have permissions of
0600. Note that the <root-dir> here must match the
home directory specified in the password database for
the "ftp" user.
The optional "dirs" and "nodirs" keywords can be
specified to allow or disallow the creation of new
subdirectories using the mkdir command.
The upload keyword only applies to users who have a
home directory (the argument to the chroot() ) of
<root-dir>.
Files
FTPLIB/ftpaccess
See Also
ftpd(8), umask(2), ftplog(5), ftpconversions(5), ftp-
shut(8)