1ftpaccess(4)                     File Formats                     ftpaccess(4)
2
3
4

NAME

6       ftpaccess - FTP Server configuration file
7

SYNOPSIS

9       /etc/ftpd/ftpaccess
10
11

DESCRIPTION

13       The  ftpaccess  file  is  used  to  configure  the operation of the FTP
14       Server.
15
16   Access Capabilities
17       The following access capabilities are supported:
18
19       autogroup groupname class class...
20
21           If an anonymous user is a member of any of class,  the  FTP  Server
22           will perform a setegid(2) to groupname. This allows access to group
23           and owner read-only files and directories to a particular class  of
24           anonymous  users.  groupname  is  a  valid group returned by getgr‐
25           nam(3C).
26
27
28       class class typelist addrglobaddrglob...
29
30           Define class of users, with source addresses of the form  addrglob.
31           Multiple  members  of  class  may be defined. There may be multiple
32           class commands listing additional members of the class. If multiple
33           class  commands  can  apply  to  the current session, the first one
34           listed in the access file is used. If a valid class for a  host  is
35           not  defined,  access will be denied. typelist is a comma-separated
36           list of any of the keywords anonymous, guest, and real. If the real
37           keyword  is included, the class can match users using FTP to access
38           real accounts. If the anonymous keyword is included the  class  can
39           match  users  using  anonymous FTP. The guest keyword matches guest
40           access accounts.
41
42           addrglob may be a globbed domain name or  a  globbed  numeric  IPv4
43           address.  It  may also be the name of a file, starting with a slash
44           ('/'),  which  contains  additional  address  globs.  IPv4  numeric
45           addresses  may  also  be  specified  in the form address:netmask or
46           address/CIDR. IPv6 numeric addresses can only be specified with  an
47           optional CIDR, not using globs or netmasks.
48
49           Placing an exclamation (!) before an addrglob negates the test. For
50           example,
51
52             class rmtuser real !*.example.com
53
54           will classify real users from outside the example.com domain as the
55           class  rmtuser.  Use care with this option. Remember, the result of
56           each test is OR'ed with other tests on the line.
57
58
59       deny addrglob [message_file]
60
61           Deny access  to  host(s)  that  match  addrglob  and  display  mes‐
62           sage_file.  If the value of addrglob is !nameserved access to sites
63           without a working nameservers is denied. message_file  may  contain
64           magic cookies. See message for more details.
65
66
67       guestgroup groupname groupname...
68       guestuser username username...
69       realgroup groupname groupname...
70       realuser username username...
71
72           For  guestgroup,  if  a real user is a member of any groupname, the
73           session is set up like anonymous FTP. groupname is  a  valid  group
74           returned  by getgrnam(3C). The user's home directory must be set up
75           exactly as anonymous FTP would be. The home directory field of  the
76           passwd  entry  is  divided into two directories. The first field is
77           the root directory that will be the argument to the chroot(2) call.
78           The second field is the user's home directory, relative to the root
79           directory. Use a "/./" to separate the two fields. For example, the
80           following is the real entry in /etc/passwd:
81
82             guest1:x:100:92:Guest FTP:/export/home/guests/./guest1:/bin/true
83
84           When  guest1  successfully logs in, the FTP Server will chroot() to
85           /export/home/guests and then chdir(2) to /guest1.  The  guest  user
86           will   only  be  able  to  access  the  directory  structure  under
87           /export/home/guests, which will look and act as / to  guest1,  just
88           as  an  anonymous  FTP user would. The d option to ftpconfig(1M) is
89           useful when creating guest FTP user accounts. The group name may be
90           specified  by either name or numeric ID. To use a numeric group ID,
91           place a percent sign (%) before the number. You  can  give  ranges.
92           Use an asterisk to indicate all groups. guestuser works like guest‐
93           group, except that it uses the user name or  numeric  ID.  realuser
94           and  realgroup have the same syntax, but they reverse the effect of
95           guestuser and guestgroup. They allow  real  user  access  when  the
96           remote user would otherwise be determined a guest.
97
98             guestuser *
99             realgroup admin
100
101           causes  all  non-anonymous  users  to be treated as guest, with the
102           sole exception of users in the admin group, who  are  granted  real
103           user access.
104
105
106       nice nice-delta class
107
108           Adjust  the  process  nice  value  of the FTP server process by the
109           indicated nice-delta value if the remote user is a  member  of  the
110           named  class. If class is not specified, then use nice-delta as the
111           default adjustment to the  FTP  server  process  nice  value.  This
112           default  nice  value adjustment is used to adjust the nice value of
113           the server process only for those users who do not  belong  to  any
114           class  for  which  a  class-specific  nice  directive exists in the
115           ftpaccess file.
116
117
118       defumask umask class
119
120           Set the umask applied to files created by the  FTP  server  if  the
121           remote  user is a member of the named class. If class is not speci‐
122           fied, then use the umask as the default for  classes  that  do  not
123           have  one specified.. The mode of files created may be specified by
124           using the upload directive.
125
126
127       tcpwindow size class
128
129           Set the TCP window size (socket buffer size) for the  data  connec‐
130           tion.  Use  this to control network traffic. For instance, slow PPP
131           dialin links may need smaller TCP windows to speed  up  throughput.
132           If you do not know what this does, do not set it.
133
134
135       ipcos control|data value [typelist]
136
137           Set  the IP Class of Service for either the control or data connec‐
138           tion.
139
140           For connections using AF_INET type sockets, this sets the  Type  of
141           Service field in the IP header to the value specified.
142
143           For  connections using AF_INET6 type sockets, this sets the Traffic
144           Class field in the IP header to the value specified.
145
146           When configured through inetd.conf(4),  the  socket  type  is  con‐
147           trolled  by  the protocol field of the ftp service. When running in
148           standalone  mode  the  default  socket  type   is   AF_INET6.   The
149           in.ftpd(1M) 4 option selects AF_INET.
150
151           typelist  is  a  comma-separated list of any of the keywords anony‐
152           mous, guest, real, and class=. When class= appears, it must be fol‐
153           lowed by a class name.
154
155
156       keepalive yes|no
157
158           Set  the TCP SO_KEEPALIVE option for control and data sockets. This
159           can be used to control network disconnect. If yes, then set it.  If
160           no, then use the system default (usually off). You probably want to
161           set this.
162
163
164       timeout accept seconds
165       timeout connect seconds
166       timeout data seconds
167       timeout idle seconds
168       timeout maxidle seconds
169       timeout RFC931 seconds
170
171           Set various timeout conditions.
172
173           accept     How long the FTP Server will wait for an incoming (PASV)
174                      data connection. The default is 120 seconds.
175
176
177           connect    How  long  the FTP Server will wait attempting to estab‐
178                      lish an outgoing (PORT) data  connection.  This  effects
179                      the  actual connection attempt. The daemon makes several
180                      attempts, sleeping between each attempt,  before  giving
181                      up. The default is 120 seconds.
182
183
184           data       How  long  the FTP Server will wait for some activity on
185                      the data connection. You should keep this  long  because
186                      the remote client may have a slow link, and there can be
187                      quite a bit of data queued for the client.  The  default
188                      is 1200 seconds.
189
190
191           idle       How  long the FTP Server will wait for the next command.
192                      The default is 900 seconds.  The  default  can  also  be
193                      overridden  by  using  the t option at the command-line.
194                      This access clause overrides both.
195
196
197           maxidle    The SITE IDLE command allows the remote client to estab‐
198                      lish  a  higher  value for the idle timeout. The maxidle
199                      clause sets the upper limit that the client may request.
200                      The default can also be overridden by using the T option
201                      at the command-line. This access clause overrides  both.
202                      The default is 7200 seconds.
203
204
205           RFC931     The  maximum  time  the FTP server allows for the entire
206                      RFC931 (AUTH/ident) conversation. Setting this  to  zero
207                      (0)  disables  the  server's  use  of this protocol. The
208                      information obtained by means of RFC931 is  recorded  in
209                      the  system logs and is not actually used in any authen‐
210                      tication. The default is 10 seconds.
211
212
213
214       file-limit raw in|out|total count class
215
216           Limit the number of data files a user in the given class may trans‐
217           fer.  The  limit  may  be  placed on files in, out, or total. If no
218           class is specified, the limit is the default for classes  which  do
219           not  have a limit specified. The optional parameter raw applies the
220           limit to the total traffic rather than just data files.
221
222
223       data-limit [raw] in|out|total count [class]
224
225           Limit the number of data bytes a user in the given class may trans‐
226           fer.  The  limit  may  be  placed on bytes in, out, or total. If no
227           class is specified, the limit is the default for classes  which  do
228           not  have  a  limit specified. Note that once it has been exceeded,
229           this limit will prevent transfers, but  it  will  not  terminate  a
230           transfer  in progress. The optional parameter raw applies the limit
231           to total traffic rather than just data files.
232
233
234       limit-time *|anonymous|guest minutes
235
236           Limit the total time a session can take. By default,  there  is  no
237           limit. Real users are never limited.
238
239
240       guestserver [hostname...]
241
242           Control which hosts may be used for anonymous access. If used with‐
243           out hostname, all anonymous access is denied  to  this  site.  More
244           than  one  hostname may be specified. Anonymous access will only be
245           allowed on the named machines. If access is denied, the  user  will
246           be asked to use the first hostname listed.
247
248
249       limit class n times [message_file]
250
251           Limit  class  to n users at times times, displaying message_file if
252           the user is denied access. A limit check is performed at login time
253           only.  If multiple limit commands can apply to the current session,
254           the first applicable one is used. Failing to define a valid  limit,
255           or  a  limit of -1, is equivalent to no limits. The format of times
256           is:
257
258             day[day...][time-range][|day[day...][time-range]]...
259
260           The value of day can be Su, Mo, Tu, We, Th, Fr,  Sa,  Wk  (for  any
261           weekday  Monday  through  Friday), or Any. time-range is in 24-hour
262           clock notation. If a time range is not specified, any time  of  the
263           day is matched. Multiple day and time-range may be specified by the
264           "|" symbol. For example, Wk1730-0900|Sa|Su specifies 5:30  p.m.  to
265           9:00  a.m.,  Monday  through  Friday, and anytime on weekends. mes‐
266           sage_file may contain magic cookies. See message for more details.
267
268
269       noretrieve [absolute|relative]
270       [class=classname...][-] filename [filename...]
271
272           Always deny retrievability of these files. If filename specifies  a
273           pathname  that begins with '/' character, then only those files are
274           marked no retrieve. Otherwise all files that match the filename are
275           refused  transfer. For example, noretrieve /etc/passwd core  speci‐
276           fies no one will be able to retrieve the /etc/passwd file. You will
277           be allowed to transfer any file named passwd that is not in /etc.
278
279           On  the  other  hand,  no one will be able to get files named core,
280           wherever they are. Directory specifications mark all files and sub‐
281           directories  in the named directory unretrievable. The filename may
282           be specified as a file glob. For example,
283
284             noretrieve /etc /home/*/.htaccess
285
286           specifies that no files in /etc or any of its subdirectories may be
287           retrieved.  Also, no files named .htaccess anywhere under the /home
288           directory may be retrieved. The optional  first  parameter  selects
289           whether  names  are interpreted as absolute or relative to the cur‐
290           rent chroot'd environment. The default is to interpret names begin‐
291           ning  with  a slash as absolute. The noretrieve restrictions may be
292           placed upon members of particular classes. If any class= is  speci‐
293           fied,  the named files cannot be retrieved only if the current user
294           is a member of one of the given classes.
295
296
297       allow-retrieve [absolute|relative]
298       [class=classname...][-] filename [filename...]
299
300           Allows retrieval of files which would otherwise be denied by  nore‐
301           trieve.
302
303
304       loginfails number
305
306           After  number  login failures, log a "repeated login failures" mes‐
307           sage and terminate the FTP connection. The default value for number
308           is 5.
309
310
311       private yes | no
312
313           Allow  or  deny use of the SITE GROUP and SITE GPASS commands after
314           the user logs in. The SITE GROUP and SITE GPASS commands specify an
315           enhanced  access  group  and associated password. If the group name
316           and password are valid, the user becomes  a  member  of  the  group
317           specified  in the group access file /etc/ftpd/ftpgroups by means of
318           setegid(2). See ftpgroups(4) for the format of the file.  For  this
319           option  to  work for anonymous FTP users, the  FTP Server must keep
320           /etc/group permanently open and load the  group  access  file  into
321           memory.  This  means that the FTP Server now has an additional file
322           descriptor open, and the necessary passwords and access  privileges
323           granted  to  users  by  means  of SITE GROUP will be static for the
324           duration of an FTP session. If you have an urgent  need  to  change
325           the  access  groups  or  passwords now, you have to kill all of the
326           running FTP Servers.
327
328
329   Informational Capabilities
330       The following informational capabilities are supported:
331
332       greeting full|brief|terse
333       greeting text message
334
335           The greeting command allows you to control how much information  is
336           given  out  before the remote user logs in. greeting full, which is
337           the default greeting, shows the hostname and daemon version. greet‐
338           ing  brief  shows  the  hostname.   greeting terse simply says "FTP
339           Server ready." Although full is the default, brief is suggested.
340
341           The text form allows you to specify any greeting  message.  message
342           can  be  any string. Whitespace (spaces and tabs) is converted to a
343           single space.
344
345
346       banner path
347
348           The banner command  operates  similarly  to  the  message  command,
349           except  that  the  banner  is  displayed before the user enters the
350           username. The path is relative to the real system root, not to  the
351           base of the anonymous FTP directory.
352
353           Use  of the banner command can completely prevent non-compliant FTP
354           clients from making use of the FTP Server. Not all clients can han‐
355           dle multi-line responses, which is how the banner is displayed.
356
357
358       email name
359
360           Use  this  command  to  define the email address for the FTP Server
361           administrator. This string will be printed every time the %E  magic
362           cookie is used in message files.
363
364
365       hostname some.host.name
366
367           Defines  the  default host name of the FTP Server. This string will
368           be printed on the greeting message and  every  time  the  %L  magic
369           cookie  is  used.  The host name for virtual servers overrides this
370           value. If no host name is specified, the default host name for  the
371           local machine is used.
372
373
374       message path [when [class...]]
375
376           Define  a  file with path such that the FTP Server will display the
377           contents of the file to the user at login time or  upon  using  the
378           change  working  directory command. The when parameter may be LOGIN
379           or CWD=dirglob. If whenis CWD=dirglob, dirglob  specifies  the  new
380           default  directory that will trigger the notification. A dirglob of
381           "*" matches all directories.
382
383           The optional class specification allows the message to be displayed
384           only  to  members of a particular class. More than one class may be
385           specified.
386
387           "Magic cookies" can be present in path that cause the FTP Server to
388           replace the cookie with a specified text string:
389
390           %T    Local time. For example, Thu Nov 15 17:12:42 1990.
391
392
393           %F    Free space in partition of CWD, in Kbytes.
394
395
396           %C    Current working directory.
397
398
399           %E    The email address for the FTP Server administrator.
400
401
402           %R    Remote host name.
403
404
405           %L    Local host name.
406
407
408           %U    Username given at login time.
409
410
411           %u    Username as defined by means of RFC 931 authentication.
412
413
414           %M    Maximum allowed number of users in this class.
415
416
417           %N    Current number of users in this class.
418
419           The following quota magic cookies are also supported but not always
420           set (see the quota-info capability):
421
422           %B    absolute limit on disk blocks allocated
423
424
425           %b    preferred limit on disk blocks
426
427
428           %Q    current block count
429
430
431           %I    maximum number of allocated inodes (+1)
432
433
434           %i    preferred inode limit
435
436
437           %q    current number of allocated inodes
438
439
440           %H    time limit for excessive disk use
441
442
443           %h    time limit for excessive files
444
445           The message is displayed only once  to  avoid  annoying  the  user.
446           Remember  that when messages are triggered by an anonymous or guest
447           FTP user, they must be relative to the base  of  the  anonymous  or
448           guest FTP directory tree.
449
450
451       quota-info uid-range [uid-range...]
452
453           Enable retrieval of quota information for users matching uid-range.
454           This sets the quota magic  cookies.  Retrieving  quota  information
455           might cause a significant delay when logging into the server.
456
457           uid-range  can  be  a username, single UID, or a UID range. Place a
458           percent sign(%) before a number. An asterisk means "all users."
459
460
461       readme pathglob [when [class...]]
462
463           Define a file with pathglob such that the FTP  Server  will  notify
464           the  user  at login time or upon using the change working directory
465           command that the file exists and the date that it was modified. The
466           when parameter may be LOGIN or CWD=dirglob. If when is CWD=dirglob,
467           dirglob specifies the new default directory that will  trigger  the
468           notification. A dirglob of "*" matches all directories. The message
469           will only be displayed once, to  avoid  bothering  users.  Remember
470           that  when  README  messages are triggered by an anonymous or guest
471           FTP user, the pathglob must be relative to the base of  the  anony‐
472           mous or guest FTP directory tree.
473
474           The optional class specification allows the message to be displayed
475           only to members of a particular class. You can  specify  more  than
476           one class.
477
478
479   Logging Capabilities
480       The following logging capabilities are supported:
481
482       log commands typelist
483
484           Enables logging of the individual FTP commands sent by users. type‐
485           list is a comma-separated list of any of  the  keywords  anonymous,
486           guest, and real. Command logging information is written to the sys‐
487           tem log.
488
489
490       log transfers typelist directions
491
492           Log file transfers made by FTP users to the xferlog(4)  file.  Log‐
493           ging  of incoming transfers to the server can be enabled separately
494           from outbound transfers from the server. directions is a comma-sep‐
495           arated  list  of  any of the two keywords inbound and outbound, and
496           will respectively cause transfers to be logged for  files  sent  to
497           and from the server.
498
499
500       log security typelist
501
502           Enables  logging of violations of security rules to the system log,
503           including for example, noretrieve and .notar.
504
505
506       log syslog
507       log syslog+xferlog
508
509           Redirect the logging messages for incoming and  outgoing  transfers
510           to syslog. Without this option the messages are written to xferlog.
511           When you specify syslog+xferlog, the transfer log messages are sent
512           to both the system log file and the xferlog file.
513
514
515       xferlog format formatstring
516
517           Customize  the  format  of  the transfer log entry written. format‐
518           string can be  any  string,  which  might  include  magic  cookies.
519           Strings of whitespace characters are converted into a single space.
520
521           The  following  transfer-specific magic cookies are recognized only
522           immediately after a transfer has been completed:
523
524           %Xt    transfer-time
525
526
527           %Xn    bytes-transferred
528
529
530           %XP    filename
531
532
533           %Xp    chroot-filename
534
535
536           %Xy    transfer-type
537
538
539           %Xf    special-action-flag
540
541
542           %Xd    direction
543
544
545           %Xm    access-mode
546
547
548           %Xa    authentication-method
549
550
551           %Xc    completion-status
552
553
554           %Xs    file-size
555
556
557           %Xr    restart-offset
558
559           xferlog(4) includes a description of these fields.  If  no  xferlog
560           format entry is present, the default is:
561
562             xferlog format %T %Xt %R %Xn %XP %Xy %Xf %Xd %Xm %U ftp %Xa %u %Xc
563
564
565
566
567   Miscellaneous Capabilities
568       The following miscellaneous capabilities are supported:
569
570       alias string dir
571
572           Define  an alias,  string, for a directory. Use this command to add
573           the  concept  of  logical  directories.  For  example:  alias  rfc:
574           /pub/doc/rfc  would  allow the user to access /pub/doc/rfc from any
575           directory by the command "cd rfc:". Aliases only apply  to  the  cd
576           command.
577
578
579       cdpath dir
580
581           Define  an  entry in the cdpath. This command defines a search path
582           that is used when changing directories. For example:
583
584             cdpath /pub/packages
585             cdpath /.aliases
586
587
588           would allow the user to move  into  any  directory  directly  under
589           either  the  /pub/packages or the /.aliases directories. The search
590           path is defined by the order in  which  the  lines  appear  in  the
591           ftpaccess  file.  If  the user were to give the command ftp> cd foo
592           the directory will be searched for in the following order:
593
594               o      ./foo
595
596               o      an alias called foo
597
598               o      /pub/packages/foo
599
600               o      /.aliases/foo
601           The cdpath is only available with the cd command.  If  you  have  a
602           large number of aliases, you might want to set up an aliases direc‐
603           tory with links to all of the areas you wish to make  available  to
604           users.
605
606
607       compress yes|no classglob [classglob...]
608       tar yes|no classglob [classglob...]
609
610           Enable  the use of conversions marked with the O_COMPRESS, O_UNCOM‐
611           PRESS, and O_TAR options in /etc/ftpd/ftpconversions.  See  ftpcon‐
612           versions(4).
613
614
615       shutdown path
616
617           If  the  file  pointed to by path exists, the server will check the
618           file regularly to see if the server is going to be shut down. If  a
619           shutdown  is  planned,  the  user  is notified. New connections are
620           denied after a specified time before shutdown. Current  connections
621           are dropped at a specified time before shutdown.
622
623           The format of the file specified by path is:
624
625             year month day hour minute deny_offset disc_offset text
626
627
628           year           A value of 1970 or greater.
629
630
631           month          A value of 0 to 11.
632
633
634           day            A value of 1 to 31.
635
636
637           hour           A value of 0 to 23.
638
639
640           minute         A value of 0 to 59.
641
642
643           deny_offset    The offsets in HHMM format that new connections will
644           disc_offset    be denied and existing connections will  be  discon‐
645                          nected before the shutdown time.
646
647
648           text           Follows  the  normal rules for any message. The fol‐
649                          lowing additional magic cookies are available:
650
651                          %s    The time at which the system is going to  shut
652                                down.
653
654
655                          %r    The  time  at  which  new  connections will be
656                                denied.
657
658
659                          %d    The time at which current connections will  be
660                                dropped.
661
662
663           All times are in the form: ddd MMM DD hh:mm:ss YYYY. Only one shut‐
664           down command can be present in the configuration file. You can  use
665           the  external  program  ftpshut(1M)  to automate generation of this
666           file.
667
668
669       daemonaddress address
670
671           Listen only on the IP address specified. If the value is  not  set,
672           then  the  FTP  Server  will  listen  for  connections  on every IP
673           address. This applies only when the FTP Server is run in standalone
674           mode.
675
676
677       virtual address root|banner|logfile path
678
679           Enable  the  FTP  Server  limited virtual hosting capabilities. The
680           address is the IP address of the virtual server. The  second  argu‐
681           ment  specifies that the path is either the path to the root of the
682           filesystem for this virtual server, the  banner  presented  to  the
683           user  when  connecting to this virtual server, or the logfile where
684           transfers are recorded for this virtual server. If the  logfile  is
685           not  specified the default log file will be used. All other message
686           files and permissions as well as any other settings  in  this  file
687           apply  to all virtual servers. The address may also be specified as
688           a hostname rather than as an IP number. This is  strongly  discour‐
689           aged  since,  if  DNS  is not available at the time the FTP session
690           begins, the hostname will not be matched.
691
692
693       root|logfile path
694
695           In contrast to limited virtual hosting,  complete  virtual  hosting
696           allows  separate  configuration  files to be virtual host specific.
697           See ftpservers(4). The only additions that are necessary in a  vir‐
698           tual  host's  ftpaccess file is the root directive that ensures the
699           correct root directory is used for  the  virtual  host.  This  only
700           works  with  complete virtual hosting, which in contrast to limited
701           virtual hosting, allows separate configuration files to  be  speci‐
702           fied for each virtual host.
703
704           path  is  either the root of the filesystem for this virtual server
705           or  the  logfile  where  transfers  for  this  virtual  server  are
706           recorded.  root and logfile may only be specified when not preceded
707           by virtual address in a virtual hosts's ftpaccess file.
708
709
710       virtual address hostname|email string
711
712           Set the hostname shown in the greeting message and status  command,
713           or the email address used in message files and on the HELP command,
714           to the given string.
715
716
717       virtual address allow username [username...]
718       virtual address deny username [username...]
719
720           By default, real and guest users are not allowed to log in  on  the
721           virtual  server,  unless  they  are guests that are chroot'd to the
722           virtual root. The users listed on the  virtual  allow  line(s)  are
723           granted  access. You can grant access to all users by giving '*' as
724           the username. The virtual deny clauses are processed after the vir‐
725           tual  allow  clauses.  Thus  specific  users  can  be denied access
726           although all users were allowed in an earlier clause.
727
728
729       virtual address private
730
731           Deny log in access to anonymous users on the virtual server. Anony‐
732           mous users are generally allowed to log in on the virtual server if
733           this option is not specified.
734
735
736       virtual address passwd file
737
738           Use a different passwd file for the virtual host.
739
740
741       virtual address shadow file
742
743           Use a different shadow file for the virtual host.
744
745
746       defaultserver deny username [username...]
747       defaultserver allow username [username...]
748
749           By default, all users are allowed access  to  the  non-virtual  FTP
750           Server.  Use  defaultserver deny to revoke access for specific real
751           and guest users. Specify '*' to deny access to  all  users,  except
752           anonymous  users. Specific real and guest users can then be allowed
753           access by using defaultserver allow.
754
755
756       defaultserver private
757
758           By default, all users are allowed access  to  the  non-virtual  FTP
759           Server.  Use  defaultserver  private to revoke access for anonymous
760           users.
761
762           The virtual and defaultserver allow, deny and private clauses  pro‐
763           vide a means to control which users are allowed access to which FTP
764           Servers.
765
766
767       passive address externalip cidr
768
769           Allow control of the address reported in response to a passive com‐
770           mand.  When any control connection matching cidr requests a passive
771           data connection (PASV), the externalip address  is  reported.  This
772           does  not  change  the address that the daemon actually listens on,
773           only the address reported to the client. This  feature  allows  the
774           daemon  to  operate  correctly behind IP renumbering firewalls. For
775           example:
776
777             passive address 10.0.1.15   10.0.0.0/8
778             passive address 192.168.1.5 0.0.0.0/0
779
780           Clients connecting from the class-A network 10  will  be  told  the
781           passive  connection  is listening on IP address 10.0.1.15 while all
782           others will be told the connection  is  listening  on  192.168.1.5.
783           Multiple  passive  addresses may be specified to handle complex, or
784           multi-gatewayed, networks.
785
786
787       passive ports cidr min max
788
789           Allows control of the TCP port numbers which may be used for a pas‐
790           sive data connection. If the control connection matches the cidr, a
791           port in the range min to max will be randomly selected for the dae‐
792           mon  to listen on. This feature allows firewalls to limit the ports
793           that remote clients may use to connect into the protected network.
794
795           cidr is shorthand for an IP address followed by  a  slash  and  the
796           number  of  left-most  bits  that represent the network address, as
797           opposed to the machine address. For example, if you are  using  the
798           reserved class-A network 10, instead of a netmask of 255.0.0.0, use
799           a CIDR of /8, as in 10.0.0.0/8, to represent your network.
800
801           When min and max are both 0, the kernel rather than the FTP  server
802           selects the TCP port to listen on. Kernel port selection is usually
803           not desirable if the kernel allocates TCP ports sequentially. If in
804           doubt, let the FTP server do the port selection.
805
806
807       pasv-allow class [addrglob...]
808       port-allow class [addrglob...]
809
810           Normally,  the  FTP Server does not allow a PORT command to specify
811           an address different than that of the control connection. Nor  does
812           it allow a PASV connection from another address.
813
814           The  port-allow clause provides a list of addresses that the speci‐
815           fied class of user may give on a PORT command. These addresses will
816           be  allowed even if they do not match the IP address of the client-
817           side of the control connection.
818
819           The pasv-allow clause provides a list of addresses that the  speci‐
820           fied  class of user may make data connections from. These addresses
821           will be allowed even if they do not match the  IP  address  of  the
822           client-side of the control connection.
823
824
825       lslong command [options...]
826       lsshort command [options...]
827       lsplain command [options...]
828
829           Use  the  lslong,  lsshort, and lsplain clauses to specify the com‐
830           mands and options  to  use  to  generate  directory  listings.  The
831           options  cannot  contain  spaces,  and the default values for these
832           clauses are generally correct. Use lslong, lsshort, or lsplain only
833           if absolutely necessary.
834
835
836       mailserver hostname
837
838           Specify the name of a mail server that will accept upload notifica‐
839           tions for the FTP Server. Multiple mail servers may be listed.  The
840           FTP Server will attempt to deliver the upload notification to each,
841           in order, until one accepts the message. If  no  mail  servers  are
842           specified,  localhost  is  used.  This option is only meaningful if
843           anyone is to be notified of anonymous uploads. See incmail.
844
845
846       incmail emailaddress
847       virtual address incmail emailaddress
848       defaultserver incmail emailaddress
849
850           Specify email addresses to be notified of anonymous uploads. Multi‐
851           ple  addresses  can be specified. Each will receive a notification.
852           If no addresses are specified, no notifications are sent.
853
854           If addresses are specified for a virtual host, only those addresses
855           will be sent notification of anonymous uploads on that host. Other‐
856           wise, notifications will be sent to the global addresses.
857
858           defaultserver addresses only apply when  the  FTP  session  is  not
859           using  one of the virtual hosts. In this way, you can receive noti‐
860           fications for your default anonymous area, but  not  see  notifica‐
861           tions to virtual hosts that do not have their own notifications.
862
863
864       mailfrom emailaddress
865       virtual address mailfrom emailaddress
866       defaultserver mailfrom emailaddress
867
868           Specify  the  sender's email address for anonymous upload notifica‐
869           tions. Only one address may be specified. If no  mailfrom  applies,
870           email is sent from the default mailbox name wu-ftpd. To avoid prob‐
871           lems if the recipient attempts to reply to a  notification,  or  if
872           downstream  mail  problems  generate bounces, you should ensure the
873           mailfrom address is deliverable.
874
875
876       sendbuf size [typelist]
877       recvbuf size [typelist]
878
879           Set the send or receive buffer sizes  used  for  binary  transfers.
880           They have no effect on ASCII transfers.
881
882
883       rhostlookup yes|no [addrglob ...]
884
885           Allows  or  disallows  the  lookup  of the remote host's name. Name
886           lookups can be slow, but skipping them means that places  where  an
887           addrglob  is  matched  (for  example, in the class capability) will
888           match only an IP address, not a name. Also deny !nameserved and dns
889           refuse_no_reverse  or  refuse_mismatch will deny access when a name
890           lookup is not done. The default is  to  lookup  the  remote  host's
891           name.
892
893           Only IP addresses, not names, are matched in addrglob.
894
895
896       flush-wait yes|no [typelist]
897
898           Controls  the  behavior at the end of a download or directory list‐
899           ing. If yes, shutdown the data connection for sending and wait  for
900           the  client  to  close  its  end before sending a transfer complete
901           reply on the control connection. This is the default  behavior.  If
902           no,  close the data connection and send the transfer complete reply
903           without waiting for the client. With this behavior, data  loss  can
904           go undetected.
905
906           If  a client hangs at the end of a directory listing, or the system
907           has many sockets in the FIN_WAIT_2 state, try setting to  no  as  a
908           workaround for broken client behavior.
909
910
911   Permission Capabilities
912       The following permission capabilities are supported:
913
914       chmod yes|no typelist
915       delete yes|no typelist
916       overwrite yes|no typelist
917       rename yes|no typelist
918       umask yes|no typelist
919
920           Allows  or disallows the ability to perform the specified function.
921           By default, all real and guest users are allowed.  Anonymous  users
922           are only allowed overwrite and umask.
923
924           typelist  is  a  comma-separated list of any of the keywords anony‐
925           mous, guest, real and class=. When class= appears, it must be  fol‐
926           lowed  by a classname. If any class= appears, the typelist restric‐
927           tion applies only to users in that class.
928
929
930       passwd-check none|trivial|rfc822 [enforce|warn]
931
932           Define the level and enforcement of password checking done  by  the
933           FTP Server for anonymous FTP.
934
935           none       No password checking is performed.
936
937
938           trivial    The password must contain an '@'.
939
940
941           rfc822     The password must be RFC 822 compliant.
942
943
944           warn       Warn, but permit the login.
945
946
947           enforce    Notify and deny the login.
948
949
950
951       deny-email case-insensitive-emailaddress
952
953           Consider  the  email  address  given  as an argument as invalid. If
954           passwd-check is set to enforce, anonymous users giving this address
955           as a password cannot log in. That way, you can stop users from hav‐
956           ing stupid WWW  browsers  use  fake  addresses  like  IE?0User@  or
957           mozilla@.  (by  using  this, you are not shutting out users using a
958           WWW browser for ftp - you just make them  configure  their  browser
959           correctly.)  Only one address is allowed per line, but you can have
960           as many deny-email addresses as you like.
961
962
963       path-filter typelist message allowed_regexp
964       [disallowed_regexp...]
965
966           For users in typelist, path-filter defines regular expressions that
967           control  what characters can be used in the filename of an uploaded
968           file or created directory. There may be multiple disallowed regular
969           expressions.  If  a filename is invalid due to failure to match the
970           regular expression criteria, message will be displayed to the user.
971           For example:
972
973             path-filter anonymous /etc/pathmsg ^[-A-Za-z0-9._]*$ ^. ^-
974
975           specifies  that  all  upload  filenames for anonymous users must be
976           made of only the characters A-Z, a-z, 0-9, and "._-"  and  may  not
977           begin with a "." or a "-". If the filename is invalid, /etc/pathmsg
978           will be displayed to the user.
979
980
981       upload [absolute|relative] [class=classname]... [-]
982       root-dir dirglob yes|no owner group mode
983       [dirs|nodirs] [d_mode]
984
985           Define a directory with dirglob that permits or denies uploads.  If
986           it  does  permit  uploads, all newly created files will be owned by
987           owner and group and will have their permissions  set  according  to
988           mode.  Existing files that are overwritten will retain their origi‐
989           nal ownership and permissions. Directories are matched on  a  best-
990           match basis. For example:
991
992             upload /var/ftp  *  no
993             upload /var/ftp /incoming yes ftp daemon 0666
994             upload /var/ftp /incoming/gifs yes jlc guest 0600 nodirs
995
996           would  only  allow uploads into /incoming and /incoming/gifs. Files
997           that were uploaded to /incoming are owned by  ftp/daemon  and  have
998           permissions  of 0666. Files uploaded to /incoming/gifs are owned by
999           jlc/guest and have permissions of 0600.  The  optional  "dirs"  and
1000           "nodirs"  keywords  can  be specified to allow or disallow the cre‐
1001           ation of new subdirectories using the mkdir command. If the  upload
1002           command  is used, directory creation is allowed by default. To turn
1003           it off by default, you must specify a user, group and mode followed
1004           by  the "nodirs" keyword as the first line where the upload command
1005           is used in this file. If directories are  permitted,  the  optional
1006           d_mode determines the permissions for a newly created directory. If
1007           d_mode is omitted, the permissions are inferred from mode. The per‐
1008           missions  are 0777 if mode is also omitted. The upload keyword only
1009           applies to users who have a home directory  of  root-dir.  root-dir
1010           may  be  specified as "*" to match any home directory. The owner or
1011           group may each be specified as "*",  in  which  case  any  uploaded
1012           files  or  directories  will  be  created with the ownership of the
1013           directory in which they are created. The optional  first  parameter
1014           selects whether root-dir names are interpreted as absolute or rela‐
1015           tive to the current chroot'd environment. The default is to  inter‐
1016           pret  <root-dir>  names  as absolute. You can specify any number of
1017           class=classname restrictions. If any  are  specified,  this  upload
1018           clause  only takes effect if the current user is a member of one of
1019           the classes.
1020
1021           In the absence of any matching upload clause, real and guest  users
1022           can  upload files and make directories, but anonymous users cannot.
1023           The mode of uploaded files is 0666. For  created  directories,  the
1024           mode is 0777. Both modes are modified by the current umask setting.
1025
1026
1027       throughput root-dir subdir-glob file-glob-list
1028       bytes-per-second bytes-per-second-multiply remote-glob-list
1029
1030           Define files by means of a comma-separated file-glob-list in subdir
1031           matched by subdir-glob under root-dir that have restricted transfer
1032           throughput of bytes-per-second on download when the remote hostname
1033           or remote IP address matches the comma-separated  remote-glob-list.
1034           Entries are matched on a best-match basis. For example:
1035
1036             throughput /e/ftp *    *      oo   -   *
1037             throughput /e/ftp /sw* *      1024 0.5 *
1038             throughput /e/ftp /sw* README oo   -   *
1039             throughput /e/ftp /sw* *      oo   -   *.foo.com
1040
1041           would  set maximum throughput per default, but restrict download to
1042           1024 bytes per second for any files under /e/ftp/sw/ that  are  not
1043           named  README. The only exceptions are remote hosts from within the
1044           domain foo.com which always get maximum throughput.  Every  time  a
1045           remote  client  has retrieved a file under /e/ftp/sw/ the bytes per
1046           seconds of the matched entry line are internally  multiplied  by  a
1047           factor, here 0.5. When the remote client retrieves its second file,
1048           it is served with 512 bytes per second, the third  time  with  only
1049           256  bytes per second, the fourth time with only 128 bytes per sec‐
1050           ond, and so on. The string "oo" for  the  bytes  per  second  field
1051           means  no  throughput  restriction. A multiply factor of 1.0 or "-"
1052           means no change of the throughput after every successful  transfer.
1053           The  root-dir  here  must match the home directory specified in the
1054           password database . The throughput keyword only  applies  to  users
1055           who have a home directory of root-dir.
1056
1057
1058       anonymous-root root-dir [class...]
1059
1060           root-dir  specifies  the  chroot()  path for anonymous users. If no
1061           anonymous-root is matched, the  old  method  of  parsing  the  home
1062           directory  for the FTP user is used. If no class is specified, this
1063           is the root directory for anonymous users  who  do  not  match  any
1064           other  anonymous-root specification. Multiple classes may be speci‐
1065           fied on this line. If an anonymous-root is chosen for the user, the
1066           FTP  user's  home directory in the root-dir/etc/passwd file is used
1067           to determine the initial directory and the FTP user's  home  direc‐
1068           tory in the system-wide /etc/passwd is not used. For example:
1069
1070             anonymous-root /home/ftp
1071             anonymous-root /home/localftp localnet
1072
1073           causes  all  anonymous  users  to  be  chroot'd  to  the  directory
1074           /home/ftp. If the FTP user exists  in  /home/ftp/etc/passwd,  their
1075           initial  CWD  is  that home directory. Anonymous users in the class
1076           localnet, however, are chroot'd to the directory /home/localftp and
1077           their  initial  CWD  is taken from the FTP user's home directory in
1078           /home/localftp/etc/passwd.
1079
1080
1081       guest-root root-dir [uid-range...]
1082
1083           root-dir specifies the chroot() path for guest users. If no  guest-
1084           root  is  matched, the old method of parsing the user's home direc‐
1085           tory is used. If no uid-range is specified, this is the root direc‐
1086           tory  for guestusers who do not match any other guest-root specifi‐
1087           cation. Multiple UID ranges may be given on this line. If a  guest-
1088           root is chosen for the user, the user's home directory in the root-
1089           dir/etc/passwd file is used to determine the initial directory  and
1090           the home directory in the system-wide /etc/passwd is not used. uid-
1091           range specifies names or numeric UID values. To use numbers, put  a
1092           percent  sign  (%) symbol before it or before the range. Ranges are
1093           specified by giving the lower and upper bounds  (inclusive),  sepa‐
1094           rated by a dash. If the lower bound is omitted, it means all up to.
1095           If the upper bound is omitted, it  means  all  starting  from.  For
1096           example:
1097
1098             guest-root /home/users
1099             guest-root /home/staff %100-999 sally
1100             guest-root /home/users/owner/ftp frank
1101
1102           causes  all guest users to chroot() to /home/users then starts each
1103           user   in   the   user's    home    directory,    as    specifiedin
1104           /home/users/etc/passwd.  Users in the range 100 through 999, inclu‐
1105           sive, and user sally, will be chroot'd to /home/staff and  the  CWD
1106           will  be  taken  from  their entries in /home/staff/etc/passwd. The
1107           single user frank will be chroot'd to /home/users/owner/ftp and the
1108           CWD will be from his entry in /home/users/owner/ftp/etc/passwd.
1109
1110           The order is important for both anonymous-root and guest-root. If a
1111           user would match multiple clauses, only the first applies; with the
1112           exception  of  the  clause  which  has no class or uid-range, which
1113           applies only if no other clause matches.
1114
1115
1116       deny-uid uid-range [uid-range...]
1117       deny-gid gid-range [gid-range...]
1118       allow-uid uid-range  [uid-range...]
1119       allow-gid gid-range [gid-range...]
1120
1121           Use these clauses to specify UID and GID values that will be denied
1122           access  to  the FTP Server. The allow-uid and allow-gid clauses may
1123           be used to allow access for UID and GID values which  would  other‐
1124           wise  be  denied.  These  checks  occur  before all others. deny is
1125           checked before allow. The default is to allow access. These clauses
1126           do  not apply to anonymous users. Use defaultserver private to deny
1127           access to anonymous users. In most cases, these clauses obviate the
1128           need  for  an  ftpusers(4) file. For example, the following clauses
1129           deny FTP Server access to  all  privileged  or  special  users  and
1130           groups, except the guest1 user or group.
1131
1132             deny-gid %-99 nobody noaccess nogroup
1133             deny-uid %-99 nobody noaccess nobody4
1134             allow-gid guest1
1135             allow-uid guest1
1136
1137           Support  for the ftpusers file still exists, so it may be used when
1138           changing the ftpaccess file is not desired. In any place  a  single
1139           UID  or  GID is allowed throughout the ftpaccess file, either names
1140           or numbers also may be used. To use a number, put  a  percent  sign
1141           (%)  symbol  before it. In places where a range is allowed, put the
1142           percent sign before the range. A "*" matches all UIDs or GIDs.
1143
1144
1145       restricted-uid uid-range [uid-range...]
1146       restricted-gid gid-range [gid-range...]
1147       unrestricted-uid uid-range [uid-range...]
1148       unrestricted-gid gid-range [gid-range...]
1149
1150           These clauses control whether or not real or guest  users  will  be
1151           allowed access to areas on the FTP site outside their home directo‐
1152           ries. These clauses are not meant to replace the use of  guestgroup
1153           and  guestuser. Instead, use these clauses to supplement the opera‐
1154           tion of guests. The unrestricted-uid and  unrestricted-gid  clauses
1155           may be used to allow users outside their home directories who would
1156           otherwise be restricted.
1157
1158           The following example shows the intended  use  for  these  clauses.
1159           Assume  user  dick  has  a home directory /home/dick and jane has a
1160           home directory /home/jane:
1161
1162             guest-root /home dick jane
1163             restricted-uid dick jane
1164
1165           While both dick and jane are chroot'd to /home, they cannot  access
1166           each other's files because they are restricted to their home direc‐
1167           tories. However, you should not rely solely upon the  FTP  restric‐
1168           tions  to  control  access. As with all other FTP access rules, you
1169           should also use directory and file permissions to support the oper‐
1170           ation of the ftpaccess configuration.
1171
1172
1173       site-exec-max-lines number [class...]
1174
1175           The  SITE  EXEC feature traditionally limits the number of lines of
1176           output that may be sent to the remote client. Use  this  clause  to
1177           set this limit. If this clause is omitted, the limit is 20 lines. A
1178           limit of 0 (zero) implies no limit. Be very careful if  you  choose
1179           to  remove  the  limit.  If  a  clause is found matching the remote
1180           user's class, that limit is used. Otherwise, the clause with  class
1181           '*', or no class given, is used. For example:
1182
1183             site-exec-max-lines 200 remote
1184             site-exec-max-lines 0 local
1185             site-exec-max-lines 25
1186
1187           limits  output  from  SITE  EXEC  (and therefore SITE INDEX) to 200
1188           lines for remote users, specifies there is  no  limit  at  all  for
1189           local users, and sets a limit of 25 lines for all other users.
1190
1191
1192       dns refuse_mismatch filename [override]
1193
1194           Refuse  FTP  sessions  when the forward and reverse lookups for the
1195           remote site do not match. Lookups are done using the system's  name
1196           service  as configured in nsswitch.conf(4). Display the named file,
1197           like a message file, admonishing the user. If the optional override
1198           is specified, allow the connection after complaining.
1199
1200
1201       dns refuse_no_reverse filename [override]
1202
1203           Refuse  FTP sessions when the remote host's IP address has no asso‐
1204           ciated name. Lookups are done using the system's  name  service  as
1205           configured  in  nsswitch.conf(4). Display the named file, such as a
1206           message file, admonishing the user. If  the  optional  override  is
1207           specified, allow the connection after complaining.
1208
1209
1210       dns resolveroptions [options]
1211
1212           Modify certain internal resolver variables. This only has an effect
1213           when DNS is used as the system's name service.  The  line  takes  a
1214           series of options which are used to set the RES_OPTIONS environment
1215           variable, see resolv.conf(4) for details. For example:
1216
1217             dns resolveroptions rotate attempts:1
1218
1219           turns on querying name servers  round-robin  and  selects  querying
1220           each name server only once.
1221
1222
1223
1224       Lines  that  begin  with  a # sign are treated as comment lines and are
1225       ignored.
1226

FILES

1228        /etc/ftpd/ftpaccess
1229
1230

ATTRIBUTES

1232       See attributes(5) for descriptions of the following attributes:
1233
1234
1235
1236
1237       ┌─────────────────────────────┬─────────────────────────────┐
1238       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
1239       ├─────────────────────────────┼─────────────────────────────┤
1240       │Availability                 │SUNWftpr                     │
1241       ├─────────────────────────────┼─────────────────────────────┤
1242       │Interface Stability          │External                     │
1243       └─────────────────────────────┴─────────────────────────────┘
1244

SEE ALSO

1246       compress(1), ls(1), tar(1), ftpaddhost(1M), ftpconfig(1M), ftpshut(1M),
1247       in.ftpd(1M),     chroot(2),     nice(2),     umask(2),    getgrnam(3C),
1248       resolver(3RESOLV),  ftpconversions(4),   ftpgroups(4),   ftpservers(4),
1249       ftpusers(4), nsswitch.conf(4), resolv.conf(4), timezone(4), xferlog(4),
1250       attributes(5), fnmatch(5)
1251
1252
1253       Crocker, David H. RFC 822, Standard For The  Format  Of  ARPA  Internet
1254       Text Messages. Network Information Center. August 1982.
1255
1256
1257       St.  Johns,  Michael.  RFC  931, Authentication Server. Network Working
1258       Group. January 1985.
1259
1260
1261
1262SunOS 5.11                        10 Sep 2003                     ftpaccess(4)
Impressum