1ftpaccess(4) File Formats ftpaccess(4)
2
6 ftpaccess - FTP Server configuration file
7
9 /etc/ftpd/ftpaccess
10
13 The ftpaccess file is used to configure the operation of the FTP
14 Server.
15 Access Capabilities
17 The following access capabilities are supported:
18 autogroup groupname class class...
20 If an anonymous user is a member of any of class, the FTP Server
22 will perform a setegid(2) to groupname. This allows access to group
23 and owner read-only files and directories to a particular class of
24 anonymous users. groupname is a valid group returned by getgr‐
25 nam(3C).
26 class class typelist addrglobaddrglob...
29 Define class of users, with source addresses of the form addrglob.
31 Multiple members of class may be defined. There may be multiple
32 class commands listing additional members of the class. If multiple
33 class commands can apply to the current session, the first one
34 listed in the access file is used. If a valid class for a host is
35 not defined, access will be denied. typelist is a comma-separated
36 list of any of the keywords anonymous, guest, and real. If the real
37 keyword is included, the class can match users using FTP to access
38 real accounts. If the anonymous keyword is included the class can
39 match users using anonymous FTP. The guest keyword matches guest
40 access accounts.
41 addrglob may be a globbed domain name or a globbed numeric IPv4
43 address. It may also be the name of a file, starting with a slash
44 ('/'), which contains additional address globs. IPv4 numeric
45 addresses may also be specified in the form address:netmask or
46 address/CIDR. IPv6 numeric addresses can only be specified with an
47 optional CIDR, not using globs or netmasks.
48 Placing an exclamation (!) before an addrglob negates the test. For
50 example,
51 class rmtuser real !*.example.com
53 will classify real users from outside the example.com domain as the
55 class rmtuser. Use care with this option. Remember, the result of
56 each test is OR'ed with other tests on the line.
57 deny addrglob [message_file]
60 Deny access to host(s) that match addrglob and display mes‐
62 sage_file. If the value of addrglob is !nameserved access to sites
63 without a working nameservers is denied. message_file may contain
64 magic cookies. See message for more details.
65 guestgroup groupname groupname...
68 guestuser username username...
69 realgroup groupname groupname...
70 realuser username username...
71 For guestgroup, if a real user is a member of any groupname, the
73 session is set up like anonymous FTP. groupname is a valid group
74 returned by getgrnam(3C). The user's home directory must be set up
75 exactly as anonymous FTP would be. The home directory field of the
76 passwd entry is divided into two directories. The first field is
77 the root directory that will be the argument to the chroot(2) call.
78 The second field is the user's home directory, relative to the root
79 directory. Use a "/./" to separate the two fields. For example, the
80 following is the real entry in /etc/passwd:
81 guest1:x:100:92:Guest FTP:/export/home/guests/./guest1:/bin/true
83 When guest1 successfully logs in, the FTP Server will chroot() to
85 /export/home/guests and then chdir(2) to /guest1. The guest user
86 will only be able to access the directory structure under
87 /export/home/guests, which will look and act as / to guest1, just
88 as an anonymous FTP user would. The d option to ftpconfig(1M) is
89 useful when creating guest FTP user accounts. The group name may be
90 specified by either name or numeric ID. To use a numeric group ID,
91 place a percent sign (%) before the number. You can give ranges.
92 Use an asterisk to indicate all groups. guestuser works like guest‐
93 group, except that it uses the user name or numeric ID. realuser
94 and realgroup have the same syntax, but they reverse the effect of
95 guestuser and guestgroup. They allow real user access when the
96 remote user would otherwise be determined a guest.
97 guestuser *
99 realgroup admin
100 causes all non-anonymous users to be treated as guest, with the
102 sole exception of users in the admin group, who are granted real
103 user access.
104 nice nice-delta class
107 Adjust the process nice value of the FTP server process by the
109 indicated nice-delta value if the remote user is a member of the
110 named class. If class is not specified, then use nice-delta as the
111 default adjustment to the FTP server process nice value. This
112 default nice value adjustment is used to adjust the nice value of
113 the server process only for those users who do not belong to any
114 class for which a class-specific nice directive exists in the
115 ftpaccess file.
116 defumask umask class
119 Set the umask applied to files created by the FTP server if the
121 remote user is a member of the named class. If class is not speci‐
122 fied, then use the umask as the default for classes that do not
123 have one specified.. The mode of files created may be specified by
124 using the upload directive.
125 tcpwindow size class
128 Set the TCP window size (socket buffer size) for the data connec‐
130 tion. Use this to control network traffic. For instance, slow PPP
131 dialin links may need smaller TCP windows to speed up throughput.
132 If you do not know what this does, do not set it.
133 ipcos control|data value [typelist]
136 Set the IP Class of Service for either the control or data connec‐
138 tion.
139 For connections using AF_INET type sockets, this sets the Type of
141 Service field in the IP header to the value specified.
142 For connections using AF_INET6 type sockets, this sets the Traffic
144 Class field in the IP header to the value specified.
145 When configured through inetd.conf(4), the socket type is con‐
147 trolled by the protocol field of the ftp service. When running in
148 standalone mode the default socket type is AF_INET6. The
149 in.ftpd(1M) 4 option selects AF_INET.
150 typelist is a comma-separated list of any of the keywords anony‐
152 mous, guest, real, and class=. When class= appears, it must be fol‐
153 lowed by a class name.
154 keepalive yes|no
157 Set the TCP SO_KEEPALIVE option for control and data sockets. This
159 can be used to control network disconnect. If yes, then set it. If
160 no, then use the system default (usually off). You probably want to
161 set this.
162 timeout accept seconds
165 timeout connect seconds
166 timeout data seconds
167 timeout idle seconds
168 timeout maxidle seconds
169 timeout RFC931 seconds
170 Set various timeout conditions.
172 accept How long the FTP Server will wait for an incoming (PASV)
174 data connection. The default is 120 seconds.
175 connect How long the FTP Server will wait attempting to estab‐
178 lish an outgoing (PORT) data connection. This effects
179 the actual connection attempt. The daemon makes several
180 attempts, sleeping between each attempt, before giving
181 up. The default is 120 seconds.
182 data How long the FTP Server will wait for some activity on
185 the data connection. You should keep this long because
186 the remote client may have a slow link, and there can be
187 quite a bit of data queued for the client. The default
188 is 1200 seconds.
189 idle How long the FTP Server will wait for the next command.
192 The default is 900 seconds. The default can also be
193 overridden by using the t option at the command-line.
194 This access clause overrides both.
195 maxidle The SITE IDLE command allows the remote client to estab‐
198 lish a higher value for the idle timeout. The maxidle
199 clause sets the upper limit that the client may request.
200 The default can also be overridden by using the T option
201 at the command-line. This access clause overrides both.
202 The default is 7200 seconds.
203 RFC931 The maximum time the FTP server allows for the entire
206 RFC931 (AUTH/ident) conversation. Setting this to zero
207 (0) disables the server's use of this protocol. The
208 information obtained by means of RFC931 is recorded in
209 the system logs and is not actually used in any authen‐
210 tication. The default is 10 seconds.
211 file-limit raw in|out|total count class
215 Limit the number of data files a user in the given class may trans‐
217 fer. The limit may be placed on files in, out, or total. If no
218 class is specified, the limit is the default for classes which do
219 not have a limit specified. The optional parameter raw applies the
220 limit to the total traffic rather than just data files.
221 data-limit [raw] in|out|total count [class]
224 Limit the number of data bytes a user in the given class may trans‐
226 fer. The limit may be placed on bytes in, out, or total. If no
227 class is specified, the limit is the default for classes which do
228 not have a limit specified. Note that once it has been exceeded,
229 this limit will prevent transfers, but it will not terminate a
230 transfer in progress. The optional parameter raw applies the limit
231 to total traffic rather than just data files.
232 limit-time *|anonymous|guest minutes
235 Limit the total time a session can take. By default, there is no
237 limit. Real users are never limited.
238 guestserver [hostname...]
241 Control which hosts may be used for anonymous access. If used with‐
243 out hostname, all anonymous access is denied to this site. More
244 than one hostname may be specified. Anonymous access will only be
245 allowed on the named machines. If access is denied, the user will
246 be asked to use the first hostname listed.
247 limit class n times [message_file]
250 Limit class to n users at times times, displaying message_file if
252 the user is denied access. A limit check is performed at login time
253 only. If multiple limit commands can apply to the current session,
254 the first applicable one is used. Failing to define a valid limit,
255 or a limit of -1, is equivalent to no limits. The format of times
256 is:
257 day[day...][time-range][|day[day...][time-range]]...
259 The value of day can be Su, Mo, Tu, We, Th, Fr, Sa, Wk (for any
261 weekday Monday through Friday), or Any. time-range is in 24-hour
262 clock notation. If a time range is not specified, any time of the
263 day is matched. Multiple day and time-range may be specified by the
264 "|" symbol. For example, Wk1730-0900|Sa|Su specifies 5:30 p.m. to
265 9:00 a.m., Monday through Friday, and anytime on weekends. mes‐
266 sage_file may contain magic cookies. See message for more details.
267 noretrieve [absolute|relative]
270 [class=classname...][-] filename [filename...]
271 Always deny retrievability of these files. If filename specifies a
273 pathname that begins with '/' character, then only those files are
274 marked no retrieve. Otherwise all files that match the filename are
275 refused transfer. For example, noretrieve /etc/passwd core speci‐
276 fies no one will be able to retrieve the /etc/passwd file. You will
277 be allowed to transfer any file named passwd that is not in /etc.
278 On the other hand, no one will be able to get files named core,
280 wherever they are. Directory specifications mark all files and sub‐
281 directories in the named directory unretrievable. The filename may
282 be specified as a file glob. For example,
283 noretrieve /etc /home/*/.htaccess
285 specifies that no files in /etc or any of its subdirectories may be
287 retrieved. Also, no files named .htaccess anywhere under the /home
288 directory may be retrieved. The optional first parameter selects
289 whether names are interpreted as absolute or relative to the cur‐
290 rent chroot'd environment. The default is to interpret names begin‐
291 ning with a slash as absolute. The noretrieve restrictions may be
292 placed upon members of particular classes. If any class= is speci‐
293 fied, the named files cannot be retrieved only if the current user
294 is a member of one of the given classes.
295 allow-retrieve [absolute|relative]
298 [class=classname...][-] filename [filename...]
299 Allows retrieval of files which would otherwise be denied by nore‐
301 trieve.
302 loginfails number
305 After number login failures, log a "repeated login failures" mes‐
307 sage and terminate the FTP connection. The default value for number
308 is 5.
309 private yes | no
312 Allow or deny use of the SITE GROUP and SITE GPASS commands after
314 the user logs in. The SITE GROUP and SITE GPASS commands specify an
315 enhanced access group and associated password. If the group name
316 and password are valid, the user becomes a member of the group
317 specified in the group access file /etc/ftpd/ftpgroups by means of
318 setegid(2). See ftpgroups(4) for the format of the file. For this
319 option to work for anonymous FTP users, the FTP Server must keep
320 /etc/group permanently open and load the group access file into
321 memory. This means that the FTP Server now has an additional file
322 descriptor open, and the necessary passwords and access privileges
323 granted to users by means of SITE GROUP will be static for the
324 duration of an FTP session. If you have an urgent need to change
325 the access groups or passwords now, you have to kill all of the
326 running FTP Servers.
327 Informational Capabilities
330 The following informational capabilities are supported:
331 greeting full|brief|terse
333 greeting text message
334 The greeting command allows you to control how much information is
336 given out before the remote user logs in. greeting full, which is
337 the default greeting, shows the hostname and daemon version. greet‐
338 ing brief shows the hostname. greeting terse simply says "FTP
339 Server ready." Although full is the default, brief is suggested.
340 The text form allows you to specify any greeting message. message
342 can be any string. Whitespace (spaces and tabs) is converted to a
343 single space.
344 banner path
347 The banner command operates similarly to the message command,
349 except that the banner is displayed before the user enters the
350 username. The path is relative to the real system root, not to the
351 base of the anonymous FTP directory.
352 Use of the banner command can completely prevent non-compliant FTP
354 clients from making use of the FTP Server. Not all clients can han‐
355 dle multi-line responses, which is how the banner is displayed.
356 email name
359 Use this command to define the email address for the FTP Server
361 administrator. This string will be printed every time the %E magic
362 cookie is used in message files.
363 hostname some.host.name
366 Defines the default host name of the FTP Server. This string will
368 be printed on the greeting message and every time the %L magic
369 cookie is used. The host name for virtual servers overrides this
370 value. If no host name is specified, the default host name for the
371 local machine is used.
372 message path [when [class...]]
375 Define a file with path such that the FTP Server will display the
377 contents of the file to the user at login time or upon using the
378 change working directory command. The when parameter may be LOGIN
379 or CWD=dirglob. If whenis CWD=dirglob, dirglob specifies the new
380 default directory that will trigger the notification. A dirglob of
381 "*" matches all directories.
382 The optional class specification allows the message to be displayed
384 only to members of a particular class. More than one class may be
385 specified.
386 "Magic cookies" can be present in path that cause the FTP Server to
388 replace the cookie with a specified text string:
389 %T Local time. For example, Thu Nov 15 17:12:42 1990.
391 %F Free space in partition of CWD, in Kbytes.
394 %C Current working directory.
397 %E The email address for the FTP Server administrator.
400 %R Remote host name.
403 %L Local host name.
406 %U Username given at login time.
409 %u Username as defined by means of RFC 931 authentication.
412 %M Maximum allowed number of users in this class.
415 %N Current number of users in this class.
418 The following quota magic cookies are also supported but not always
420 set (see the quota-info capability):
421 %B absolute limit on disk blocks allocated
423 %b preferred limit on disk blocks
426 %Q current block count
429 %I maximum number of allocated inodes (+1)
432 %i preferred inode limit
435 %q current number of allocated inodes
438 %H time limit for excessive disk use
441 %h time limit for excessive files
444 The message is displayed only once to avoid annoying the user.
446 Remember that when messages are triggered by an anonymous or guest
447 FTP user, they must be relative to the base of the anonymous or
448 guest FTP directory tree.
449 quota-info uid-range [uid-range...]
452 Enable retrieval of quota information for users matching uid-range.
454 This sets the quota magic cookies. Retrieving quota information
455 might cause a significant delay when logging into the server.
456 uid-range can be a username, single UID, or a UID range. Place a
458 percent sign(%) before a number. An asterisk means "all users."
459 readme pathglob [when [class...]]
462 Define a file with pathglob such that the FTP Server will notify
464 the user at login time or upon using the change working directory
465 command that the file exists and the date that it was modified. The
466 when parameter may be LOGIN or CWD=dirglob. If when is CWD=dirglob,
467 dirglob specifies the new default directory that will trigger the
468 notification. A dirglob of "*" matches all directories. The message
469 will only be displayed once, to avoid bothering users. Remember
470 that when README messages are triggered by an anonymous or guest
471 FTP user, the pathglob must be relative to the base of the anony‐
472 mous or guest FTP directory tree.
473 The optional class specification allows the message to be displayed
475 only to members of a particular class. You can specify more than
476 one class.
477 Logging Capabilities
480 The following logging capabilities are supported:
481 log commands typelist
483 Enables logging of the individual FTP commands sent by users. type‐
485 list is a comma-separated list of any of the keywords anonymous,
486 guest, and real. Command logging information is written to the sys‐
487 tem log.
488 log transfers typelist directions
491 Log file transfers made by FTP users to the xferlog(4) file. Log‐
493 ging of incoming transfers to the server can be enabled separately
494 from outbound transfers from the server. directions is a comma-sep‐
495 arated list of any of the two keywords inbound and outbound, and
496 will respectively cause transfers to be logged for files sent to
497 and from the server.
498 log security typelist
501 Enables logging of violations of security rules to the system log,
503 including for example, noretrieve and .notar.
504 log syslog
507 log syslog+xferlog
508 Redirect the logging messages for incoming and outgoing transfers
510 to syslog. Without this option the messages are written to xferlog.
511 When you specify syslog+xferlog, the transfer log messages are sent
512 to both the system log file and the xferlog file.
513 xferlog format formatstring
516 Customize the format of the transfer log entry written. format‐
518 string can be any string, which might include magic cookies.
519 Strings of whitespace characters are converted into a single space.
520 The following transfer-specific magic cookies are recognized only
522 immediately after a transfer has been completed:
523 %Xt transfer-time
525 %Xn bytes-transferred
528 %XP filename
531 %Xp chroot-filename
534 %Xy transfer-type
537 %Xf special-action-flag
540 %Xd direction
543 %Xm access-mode
546 %Xa authentication-method
549 %Xc completion-status
552 %Xs file-size
555 %Xr restart-offset
558 xferlog(4) includes a description of these fields. If no xferlog
560 format entry is present, the default is:
561 xferlog format %T %Xt %R %Xn %XP %Xy %Xf %Xd %Xm %U ftp %Xa %u %Xc
563 Miscellaneous Capabilities
568 The following miscellaneous capabilities are supported:
569 alias string dir
571 Define an alias, string, for a directory. Use this command to add
573 the concept of logical directories. For example: alias rfc:
574 /pub/doc/rfc would allow the user to access /pub/doc/rfc from any
575 directory by the command "cd rfc:". Aliases only apply to the cd
576 command.
577 cdpath dir
580 Define an entry in the cdpath. This command defines a search path
582 that is used when changing directories. For example:
583 cdpath /pub/packages
585 cdpath /.aliases
586 would allow the user to move into any directory directly under
589 either the /pub/packages or the /.aliases directories. The search
590 path is defined by the order in which the lines appear in the
591 ftpaccess file. If the user were to give the command ftp> cd foo
592 the directory will be searched for in the following order:
593 o ./foo
595 o an alias called foo
597 o /pub/packages/foo
599 o /.aliases/foo
601 The cdpath is only available with the cd command. If you have a
602 large number of aliases, you might want to set up an aliases direc‐
603 tory with links to all of the areas you wish to make available to
604 users.
605 compress yes|no classglob [classglob...]
608 tar yes|no classglob [classglob...]
609 Enable the use of conversions marked with the O_COMPRESS, O_UNCOM‐
611 PRESS, and O_TAR options in /etc/ftpd/ftpconversions. See ftpcon‐
612 versions(4).
613 shutdown path
616 If the file pointed to by path exists, the server will check the
618 file regularly to see if the server is going to be shut down. If a
619 shutdown is planned, the user is notified. New connections are
620 denied after a specified time before shutdown. Current connections
621 are dropped at a specified time before shutdown.
622 The format of the file specified by path is:
624 year month day hour minute deny_offset disc_offset text
626 year A value of 1970 or greater.
629 month A value of 0 to 11.
632 day A value of 1 to 31.
635 hour A value of 0 to 23.
638 minute A value of 0 to 59.
641 deny_offset The offsets in HHMM format that new connections will
644 disc_offset be denied and existing connections will be discon‐
645 nected before the shutdown time.
646 text Follows the normal rules for any message. The fol‐
649 lowing additional magic cookies are available:
650 %s The time at which the system is going to shut
652 down.
653 %r The time at which new connections will be
656 denied.
657 %d The time at which current connections will be
660 dropped.
661 All times are in the form: ddd MMM DD hh:mm:ss YYYY. Only one shut‐
664 down command can be present in the configuration file. You can use
665 the external program ftpshut(1M) to automate generation of this
666 file.
667 daemonaddress address
670 Listen only on the IP address specified. If the value is not set,
672 then the FTP Server will listen for connections on every IP
673 address. This applies only when the FTP Server is run in standalone
674 mode.
675 virtual address root|banner|logfile path
678 Enable the FTP Server limited virtual hosting capabilities. The
680 address is the IP address of the virtual server. The second argu‐
681 ment specifies that the path is either the path to the root of the
682 filesystem for this virtual server, the banner presented to the
683 user when connecting to this virtual server, or the logfile where
684 transfers are recorded for this virtual server. If the logfile is
685 not specified the default log file will be used. All other message
686 files and permissions as well as any other settings in this file
687 apply to all virtual servers. The address may also be specified as
688 a hostname rather than as an IP number. This is strongly discour‐
689 aged since, if DNS is not available at the time the FTP session
690 begins, the hostname will not be matched.
691 root|logfile path
694 In contrast to limited virtual hosting, complete virtual hosting
696 allows separate configuration files to be virtual host specific.
697 See ftpservers(4). The only additions that are necessary in a vir‐
698 tual host's ftpaccess file is the root directive that ensures the
699 correct root directory is used for the virtual host. This only
700 works with complete virtual hosting, which in contrast to limited
701 virtual hosting, allows separate configuration files to be speci‐
702 fied for each virtual host.
703 path is either the root of the filesystem for this virtual server
705 or the logfile where transfers for this virtual server are
706 recorded. root and logfile may only be specified when not preceded
707 by virtual address in a virtual hosts's ftpaccess file.
708 virtual address hostname|email string
711 Set the hostname shown in the greeting message and status command,
713 or the email address used in message files and on the HELP command,
714 to the given string.
715 virtual address allow username [username...]
718 virtual address deny username [username...]
719 By default, real and guest users are not allowed to log in on the
721 virtual server, unless they are guests that are chroot'd to the
722 virtual root. The users listed on the virtual allow line(s) are
723 granted access. You can grant access to all users by giving '*' as
724 the username. The virtual deny clauses are processed after the vir‐
725 tual allow clauses. Thus specific users can be denied access
726 although all users were allowed in an earlier clause.
727 virtual address private
730 Deny log in access to anonymous users on the virtual server. Anony‐
732 mous users are generally allowed to log in on the virtual server if
733 this option is not specified.
734 virtual address passwd file
737 Use a different passwd file for the virtual host.
739 virtual address shadow file
742 Use a different shadow file for the virtual host.
744 defaultserver deny username [username...]
747 defaultserver allow username [username...]
748 By default, all users are allowed access to the non-virtual FTP
750 Server. Use defaultserver deny to revoke access for specific real
751 and guest users. Specify '*' to deny access to all users, except
752 anonymous users. Specific real and guest users can then be allowed
753 access by using defaultserver allow.
754 defaultserver private
757 By default, all users are allowed access to the non-virtual FTP
759 Server. Use defaultserver private to revoke access for anonymous
760 users.
761 The virtual and defaultserver allow, deny and private clauses pro‐
763 vide a means to control which users are allowed access to which FTP
764 Servers.
765 passive address externalip cidr
768 Allow control of the address reported in response to a passive com‐
770 mand. When any control connection matching cidr requests a passive
771 data connection (PASV), the externalip address is reported. This
772 does not change the address that the daemon actually listens on,
773 only the address reported to the client. This feature allows the
774 daemon to operate correctly behind IP renumbering firewalls. For
775 example:
776 passive address 10.0.1.15 10.0.0.0/8
778 passive address 192.168.1.5 0.0.0.0/0
779 Clients connecting from the class-A network 10 will be told the
781 passive connection is listening on IP address 10.0.1.15 while all
782 others will be told the connection is listening on 192.168.1.5.
783 Multiple passive addresses may be specified to handle complex, or
784 multi-gatewayed, networks.
785 passive ports cidr min max
788 Allows control of the TCP port numbers which may be used for a pas‐
790 sive data connection. If the control connection matches the cidr, a
791 port in the range min to max will be randomly selected for the dae‐
792 mon to listen on. This feature allows firewalls to limit the ports
793 that remote clients may use to connect into the protected network.
794 cidr is shorthand for an IP address followed by a slash and the
796 number of left-most bits that represent the network address, as
797 opposed to the machine address. For example, if you are using the
798 reserved class-A network 10, instead of a netmask of 255.0.0.0, use
799 a CIDR of /8, as in 10.0.0.0/8, to represent your network.
800 When min and max are both 0, the kernel rather than the FTP server
802 selects the TCP port to listen on. Kernel port selection is usually
803 not desirable if the kernel allocates TCP ports sequentially. If in
804 doubt, let the FTP server do the port selection.
805 pasv-allow class [addrglob...]
808 port-allow class [addrglob...]
809 Normally, the FTP Server does not allow a PORT command to specify
811 an address different than that of the control connection. Nor does
812 it allow a PASV connection from another address.
813 The port-allow clause provides a list of addresses that the speci‐
815 fied class of user may give on a PORT command. These addresses will
816 be allowed even if they do not match the IP address of the client-
817 side of the control connection.
818 The pasv-allow clause provides a list of addresses that the speci‐
820 fied class of user may make data connections from. These addresses
821 will be allowed even if they do not match the IP address of the
822 client-side of the control connection.
823 lslong command [options...]
826 lsshort command [options...]
827 lsplain command [options...]
828 Use the lslong, lsshort, and lsplain clauses to specify the com‐
830 mands and options to use to generate directory listings. The
831 options cannot contain spaces, and the default values for these
832 clauses are generally correct. Use lslong, lsshort, or lsplain only
833 if absolutely necessary.
834 mailserver hostname
837 Specify the name of a mail server that will accept upload notifica‐
839 tions for the FTP Server. Multiple mail servers may be listed. The
840 FTP Server will attempt to deliver the upload notification to each,
841 in order, until one accepts the message. If no mail servers are
842 specified, localhost is used. This option is only meaningful if
843 anyone is to be notified of anonymous uploads. See incmail.
844 incmail emailaddress
847 virtual address incmail emailaddress
848 defaultserver incmail emailaddress
849 Specify email addresses to be notified of anonymous uploads. Multi‐
851 ple addresses can be specified. Each will receive a notification.
852 If no addresses are specified, no notifications are sent.
853 If addresses are specified for a virtual host, only those addresses
855 will be sent notification of anonymous uploads on that host. Other‐
856 wise, notifications will be sent to the global addresses.
857 defaultserver addresses only apply when the FTP session is not
859 using one of the virtual hosts. In this way, you can receive noti‐
860 fications for your default anonymous area, but not see notifica‐
861 tions to virtual hosts that do not have their own notifications.
862 mailfrom emailaddress
865 virtual address mailfrom emailaddress
866 defaultserver mailfrom emailaddress
867 Specify the sender's email address for anonymous upload notifica‐
869 tions. Only one address may be specified. If no mailfrom applies,
870 email is sent from the default mailbox name wu-ftpd. To avoid prob‐
871 lems if the recipient attempts to reply to a notification, or if
872 downstream mail problems generate bounces, you should ensure the
873 mailfrom address is deliverable.
874 sendbuf size [typelist]
877 recvbuf size [typelist]
878 Set the send or receive buffer sizes used for binary transfers.
880 They have no effect on ASCII transfers.
881 rhostlookup yes|no [addrglob ...]
884 Allows or disallows the lookup of the remote host's name. Name
886 lookups can be slow, but skipping them means that places where an
887 addrglob is matched (for example, in the class capability) will
888 match only an IP address, not a name. Also deny !nameserved and dns
889 refuse_no_reverse or refuse_mismatch will deny access when a name
890 lookup is not done. The default is to lookup the remote host's
891 name.
892 Only IP addresses, not names, are matched in addrglob.
894 flush-wait yes|no [typelist]
897 Controls the behavior at the end of a download or directory list‐
899 ing. If yes, shutdown the data connection for sending and wait for
900 the client to close its end before sending a transfer complete
901 reply on the control connection. This is the default behavior. If
902 no, close the data connection and send the transfer complete reply
903 without waiting for the client. With this behavior, data loss can
904 go undetected.
905 If a client hangs at the end of a directory listing, or the system
907 has many sockets in the FIN_WAIT_2 state, try setting to no as a
908 workaround for broken client behavior.
909 Permission Capabilities
912 The following permission capabilities are supported:
913 chmod yes|no typelist
915 delete yes|no typelist
916 overwrite yes|no typelist
917 rename yes|no typelist
918 umask yes|no typelist
919 Allows or disallows the ability to perform the specified function.
921 By default, all real and guest users are allowed. Anonymous users
922 are only allowed overwrite and umask.
923 typelist is a comma-separated list of any of the keywords anony‐
925 mous, guest, real and class=. When class= appears, it must be fol‐
926 lowed by a classname. If any class= appears, the typelist restric‐
927 tion applies only to users in that class.
928 passwd-check none|trivial|rfc822 [enforce|warn]
931 Define the level and enforcement of password checking done by the
933 FTP Server for anonymous FTP.
934 none No password checking is performed.
936 trivial The password must contain an '@'.
939 rfc822 The password must be RFC 822 compliant.
942 warn Warn, but permit the login.
945 enforce Notify and deny the login.
948 deny-email case-insensitive-emailaddress
952 Consider the email address given as an argument as invalid. If
954 passwd-check is set to enforce, anonymous users giving this address
955 as a password cannot log in. That way, you can stop users from hav‐
956 ing stupid WWW browsers use fake addresses like IE?0User@ or
957 mozilla@. (by using this, you are not shutting out users using a
958 WWW browser for ftp - you just make them configure their browser
959 correctly.) Only one address is allowed per line, but you can have
960 as many deny-email addresses as you like.
961 path-filter typelist message allowed_regexp
964 [disallowed_regexp...]
965 For users in typelist, path-filter defines regular expressions that
967 control what characters can be used in the filename of an uploaded
968 file or created directory. There may be multiple disallowed regular
969 expressions. If a filename is invalid due to failure to match the
970 regular expression criteria, message will be displayed to the user.
971 For example:
972 path-filter anonymous /etc/pathmsg ^[-A-Za-z0-9._]*$ ^. ^-
974 specifies that all upload filenames for anonymous users must be
976 made of only the characters A-Z, a-z, 0-9, and "._-" and may not
977 begin with a "." or a "-". If the filename is invalid, /etc/pathmsg
978 will be displayed to the user.
979 upload [absolute|relative] [class=classname]... [-]
982 root-dir dirglob yes|no owner group mode
983 [dirs|nodirs] [d_mode]
984 Define a directory with dirglob that permits or denies uploads. If
986 it does permit uploads, all newly created files will be owned by
987 owner and group and will have their permissions set according to
988 mode. Existing files that are overwritten will retain their origi‐
989 nal ownership and permissions. Directories are matched on a best-
990 match basis. For example:
991 upload /var/ftp * no
993 upload /var/ftp /incoming yes ftp daemon 0666
994 upload /var/ftp /incoming/gifs yes jlc guest 0600 nodirs
995 would only allow uploads into /incoming and /incoming/gifs. Files
997 that were uploaded to /incoming are owned by ftp/daemon and have
998 permissions of 0666. Files uploaded to /incoming/gifs are owned by
999 jlc/guest and have permissions of 0600. The optional "dirs" and
1000 "nodirs" keywords can be specified to allow or disallow the cre‐
1001 ation of new subdirectories using the mkdir command. If the upload
1002 command is used, directory creation is allowed by default. To turn
1003 it off by default, you must specify a user, group and mode followed
1004 by the "nodirs" keyword as the first line where the upload command
1005 is used in this file. If directories are permitted, the optional
1006 d_mode determines the permissions for a newly created directory. If
1007 d_mode is omitted, the permissions are inferred from mode. The per‐
1008 missions are 0777 if mode is also omitted. The upload keyword only
1009 applies to users who have a home directory of root-dir. root-dir
1010 may be specified as "*" to match any home directory. The owner or
1011 group may each be specified as "*", in which case any uploaded
1012 files or directories will be created with the ownership of the
1013 directory in which they are created. The optional first parameter
1014 selects whether root-dir names are interpreted as absolute or rela‐
1015 tive to the current chroot'd environment. The default is to inter‐
1016 pret <root-dir> names as absolute. You can specify any number of
1017 class=classname restrictions. If any are specified, this upload
1018 clause only takes effect if the current user is a member of one of
1019 the classes.
1020 In the absence of any matching upload clause, real and guest users
1022 can upload files and make directories, but anonymous users cannot.
1023 The mode of uploaded files is 0666. For created directories, the
1024 mode is 0777. Both modes are modified by the current umask setting.
1025 throughput root-dir subdir-glob file-glob-list
1028 bytes-per-second bytes-per-second-multiply remote-glob-list
1029 Define files by means of a comma-separated file-glob-list in subdir
1031 matched by subdir-glob under root-dir that have restricted transfer
1032 throughput of bytes-per-second on download when the remote hostname
1033 or remote IP address matches the comma-separated remote-glob-list.
1034 Entries are matched on a best-match basis. For example:
1035 throughput /e/ftp * * oo - *
1037 throughput /e/ftp /sw* * 1024 0.5 *
1038 throughput /e/ftp /sw* README oo - *
1039 throughput /e/ftp /sw* * oo - *.foo.com
1040 would set maximum throughput per default, but restrict download to
1042 1024 bytes per second for any files under /e/ftp/sw/ that are not
1043 named README. The only exceptions are remote hosts from within the
1044 domain foo.com which always get maximum throughput. Every time a
1045 remote client has retrieved a file under /e/ftp/sw/ the bytes per
1046 seconds of the matched entry line are internally multiplied by a
1047 factor, here 0.5. When the remote client retrieves its second file,
1048 it is served with 512 bytes per second, the third time with only
1049 256 bytes per second, the fourth time with only 128 bytes per sec‐
1050 ond, and so on. The string "oo" for the bytes per second field
1051 means no throughput restriction. A multiply factor of 1.0 or "-"
1052 means no change of the throughput after every successful transfer.
1053 The root-dir here must match the home directory specified in the
1054 password database . The throughput keyword only applies to users
1055 who have a home directory of root-dir.
1056 anonymous-root root-dir [class...]
1059 root-dir specifies the chroot() path for anonymous users. If no
1061 anonymous-root is matched, the old method of parsing the home
1062 directory for the FTP user is used. If no class is specified, this
1063 is the root directory for anonymous users who do not match any
1064 other anonymous-root specification. Multiple classes may be speci‐
1065 fied on this line. If an anonymous-root is chosen for the user, the
1066 FTP user's home directory in the root-dir/etc/passwd file is used
1067 to determine the initial directory and the FTP user's home direc‐
1068 tory in the system-wide /etc/passwd is not used. For example:
1069 anonymous-root /home/ftp
1071 anonymous-root /home/localftp localnet
1072 causes all anonymous users to be chroot'd to the directory
1074 /home/ftp. If the FTP user exists in /home/ftp/etc/passwd, their
1075 initial CWD is that home directory. Anonymous users in the class
1076 localnet, however, are chroot'd to the directory /home/localftp and
1077 their initial CWD is taken from the FTP user's home directory in
1078 /home/localftp/etc/passwd.
1079 guest-root root-dir [uid-range...]
1082 root-dir specifies the chroot() path for guest users. If no guest-
1084 root is matched, the old method of parsing the user's home direc‐
1085 tory is used. If no uid-range is specified, this is the root direc‐
1086 tory for guestusers who do not match any other guest-root specifi‐
1087 cation. Multiple UID ranges may be given on this line. If a guest-
1088 root is chosen for the user, the user's home directory in the root-
1089 dir/etc/passwd file is used to determine the initial directory and
1090 the home directory in the system-wide /etc/passwd is not used. uid-
1091 range specifies names or numeric UID values. To use numbers, put a
1092 percent sign (%) symbol before it or before the range. Ranges are
1093 specified by giving the lower and upper bounds (inclusive), sepa‐
1094 rated by a dash. If the lower bound is omitted, it means all up to.
1095 If the upper bound is omitted, it means all starting from. For
1096 example:
1097 guest-root /home/users
1099 guest-root /home/staff %100-999 sally
1100 guest-root /home/users/owner/ftp frank
1101 causes all guest users to chroot() to /home/users then starts each
1103 user in the user's home directory, as specifiedin
1104 /home/users/etc/passwd. Users in the range 100 through 999, inclu‐
1105 sive, and user sally, will be chroot'd to /home/staff and the CWD
1106 will be taken from their entries in /home/staff/etc/passwd. The
1107 single user frank will be chroot'd to /home/users/owner/ftp and the
1108 CWD will be from his entry in /home/users/owner/ftp/etc/passwd.
1109 The order is important for both anonymous-root and guest-root. If a
1111 user would match multiple clauses, only the first applies; with the
1112 exception of the clause which has no class or uid-range, which
1113 applies only if no other clause matches.
1114 deny-uid uid-range [uid-range...]
1117 deny-gid gid-range [gid-range...]
1118 allow-uid uid-range [uid-range...]
1119 allow-gid gid-range [gid-range...]
1120 Use these clauses to specify UID and GID values that will be denied
1122 access to the FTP Server. The allow-uid and allow-gid clauses may
1123 be used to allow access for UID and GID values which would other‐
1124 wise be denied. These checks occur before all others. deny is
1125 checked before allow. The default is to allow access. These clauses
1126 do not apply to anonymous users. Use defaultserver private to deny
1127 access to anonymous users. In most cases, these clauses obviate the
1128 need for an ftpusers(4) file. For example, the following clauses
1129 deny FTP Server access to all privileged or special users and
1130 groups, except the guest1 user or group.
1131 deny-gid %-99 nobody noaccess nogroup
1133 deny-uid %-99 nobody noaccess nobody4
1134 allow-gid guest1
1135 allow-uid guest1
1136 Support for the ftpusers file still exists, so it may be used when
1138 changing the ftpaccess file is not desired. In any place a single
1139 UID or GID is allowed throughout the ftpaccess file, either names
1140 or numbers also may be used. To use a number, put a percent sign
1141 (%) symbol before it. In places where a range is allowed, put the
1142 percent sign before the range. A "*" matches all UIDs or GIDs.
1143 restricted-uid uid-range [uid-range...]
1146 restricted-gid gid-range [gid-range...]
1147 unrestricted-uid uid-range [uid-range...]
1148 unrestricted-gid gid-range [gid-range...]
1149 These clauses control whether or not real or guest users will be
1151 allowed access to areas on the FTP site outside their home directo‐
1152 ries. These clauses are not meant to replace the use of guestgroup
1153 and guestuser. Instead, use these clauses to supplement the opera‐
1154 tion of guests. The unrestricted-uid and unrestricted-gid clauses
1155 may be used to allow users outside their home directories who would
1156 otherwise be restricted.
1157 The following example shows the intended use for these clauses.
1159 Assume user dick has a home directory /home/dick and jane has a
1160 home directory /home/jane:
1161 guest-root /home dick jane
1163 restricted-uid dick jane
1164 While both dick and jane are chroot'd to /home, they cannot access
1166 each other's files because they are restricted to their home direc‐
1167 tories. However, you should not rely solely upon the FTP restric‐
1168 tions to control access. As with all other FTP access rules, you
1169 should also use directory and file permissions to support the oper‐
1170 ation of the ftpaccess configuration.
1171 site-exec-max-lines number [class...]
1174 The SITE EXEC feature traditionally limits the number of lines of
1176 output that may be sent to the remote client. Use this clause to
1177 set this limit. If this clause is omitted, the limit is 20 lines. A
1178 limit of 0 (zero) implies no limit. Be very careful if you choose
1179 to remove the limit. If a clause is found matching the remote
1180 user's class, that limit is used. Otherwise, the clause with class
1181 '*', or no class given, is used. For example:
1182 site-exec-max-lines 200 remote
1184 site-exec-max-lines 0 local
1185 site-exec-max-lines 25
1186 limits output from SITE EXEC (and therefore SITE INDEX) to 200
1188 lines for remote users, specifies there is no limit at all for
1189 local users, and sets a limit of 25 lines for all other users.
1190 dns refuse_mismatch filename [override]
1193 Refuse FTP sessions when the forward and reverse lookups for the
1195 remote site do not match. Lookups are done using the system's name
1196 service as configured in nsswitch.conf(4). Display the named file,
1197 like a message file, admonishing the user. If the optional override
1198 is specified, allow the connection after complaining.
1199 dns refuse_no_reverse filename [override]
1202 Refuse FTP sessions when the remote host's IP address has no asso‐
1204 ciated name. Lookups are done using the system's name service as
1205 configured in nsswitch.conf(4). Display the named file, such as a
1206 message file, admonishing the user. If the optional override is
1207 specified, allow the connection after complaining.
1208 dns resolveroptions [options]
1211 Modify certain internal resolver variables. This only has an effect
1213 when DNS is used as the system's name service. The line takes a
1214 series of options which are used to set the RES_OPTIONS environment
1215 variable, see resolv.conf(4) for details. For example:
1216 dns resolveroptions rotate attempts:1
1218 turns on querying name servers round-robin and selects querying
1220 each name server only once.
1221 Lines that begin with a # sign are treated as comment lines and are
1225 ignored.
1226
1228 /etc/ftpd/ftpaccess
1229
1232 See attributes(5) for descriptions of the following attributes:
1233 ┌─────────────────────────────┬─────────────────────────────┐
1238 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
1239 ├─────────────────────────────┼─────────────────────────────┤
1240 │Availability │SUNWftpr │
1241 ├─────────────────────────────┼─────────────────────────────┤
1242 │Interface Stability │External │
1243 └─────────────────────────────┴─────────────────────────────┘
1244
1246 compress(1), ls(1), tar(1), ftpaddhost(1M), ftpconfig(1M), ftpshut(1M),
1247 in.ftpd(1M), chroot(2), nice(2), umask(2), getgrnam(3C),
1248 resolver(3RESOLV), ftpconversions(4), ftpgroups(4), ftpservers(4),
1249 ftpusers(4), nsswitch.conf(4), resolv.conf(4), timezone(4), xferlog(4),
1250 attributes(5), fnmatch(5)
1251 Crocker, David H. RFC 822, Standard For The Format Of ARPA Internet
1254 Text Messages. Network Information Center. August 1982.
1255 St. Johns, Michael. RFC 931, Authentication Server. Network Working
1258 Group. January 1985.
1259SunOS 5.11 10 Sep 2003 ftpaccess(4)