File Formats ftpaccess(4)
NAME
ftpaccess - FTP Server configuration file
SYNOPSIS
/etc/ftpd/ftpaccess
DESCRIPTION
The ftpaccess file is used to configure the operation of the
FTP Server. Access Capabilities The following access capabilities are supported: autogroup groupname class class... If an anonymous user is a member of any of class, the FTP Server performs a setegid(2) to groupname. Thisallows access to group and owner read-only files and
directories to a particular class of anonymous users. groupname is a valid group returned by getgrnam(3C). class class typelist addrglobaddrglob... Define class of users, with source addresses of the form addrglob. Multiple members of class can be defined. There can be multiple class commands listing additional members of the class. If multiple class commands can apply to the current session, the first one listed in the access file is used. If a valid class for a host isnot defined, access is denied. typelist is a comma-
separated list of any of the keywords anonymous, guest, and real. If the real keyword is included, the class can match users using FTP to access real accounts. If the anonymous keyword is included the class can match users using anonymous FTP. The guest keyword matches guest access accounts. addrglob can be a globbed domain name or a globbed numeric IPv4 address. It can also be the name of a file, starting with a slash ('/'), which contains additionaladdress globs. IPv4 numeric addresses can also be speci-
fied in the form address:netmask or address/CIDR. IPv6 numeric addresses can only be specified with an optional CIDR, not using globs or netmasks. Placing an exclamation (!) before an addrglob negates the test. For example, class rmtuser real !*.example.com
SunOS 5.11 Last change: 27 Sep 2010 1
File Formats ftpaccess(4)
classifies real users from outside the example.com domain as the class rmtuser. Use care with this option. Remember, the result of each test is OR'ed with other tests on the line.deny addrglob [message_file]
Deny access to host(s) that match addrglob and displaymessage_file. If the value of addrglob is !nameserved
access to sites without a working nameservers is denied.message_file can contain magic cookies. See message for
more details. guestgroup groupname groupname... guestuser username username... realgroup groupname groupname... realuser username username...For guestgroup, if a real user is a member of any group-
name, the session is set up like anonymous FTP. group-
name is a valid group returned by getgrnam(3C). The user's home directory must be set up exactly as anonymous FTP would be. The home directory field of the passwd entry is divided into two directories. The first field is the root directory that is the argument to the chroot(2) call. The second field is the user's home directory, relative to the root directory. Use a "/./" to separate the two fields. For example, the following is the real entry in /etc/passwd: guest1:x:100:92:Guest FTP:/export/home/guests/./guest1:/bin/trueWhen guest1 successfully logs in, the FTP Server per-
forms a chroot() to /export/home/guests and then chdir(2) to /guest1. The guest user is only able to access the directory structure under /export/home/guests, which looks and act as / to guest1, just as an anonymous FTP user would. The d option to ftpconfig(1M) is useful when creating guest FTP user accounts. The group name can be specified by either nameor numeric ID. To use a numeric group ID, place a per-
cent sign (%) before the number. You can give ranges.
Use an asterisk to indicate all groups. guestuser works like guestgroup, except that it uses the user name or numeric ID. realuser and realgroup have the same syntax, but they reverse the effect of guestuser and guestgroup. They allow real user access when the remote user would otherwise be determined a guest. guestuser *SunOS 5.11 Last change: 27 Sep 2010 2
File Formats ftpaccess(4)
realgroup admincauses all non-anonymous users to be treated as guest,
with the sole exception of users in the admin group, who are granted real user access.nice nice-delta class
Adjust the process nice value of the FTP server processby the indicated nice-delta value if the remote user is
a member of the named class. If class is not specified,then use nice-delta as the default adjustment to the FTP
server process nice value. This default nice value adjustment is used to adjust the nice value of the server process only for those users who do not belong toany class for which a class-specific nice directive
exists in the ftpaccess file.
defumask umask class Set the umask applied to files created by the FTP server if the remote user is a member of the named class. If class is not specified, then use the umask as the default for classes that do not have one specified.. The mode of files created can be specified by using the upload directive. tcpwindow size class Set the TCP window size (socket buffer size) for the data connection. Use this to control network traffic. For instance, slow PPP dialin links can need smaller TCP windows to speed up throughput. If you do not know what this does, do not set it. ipcos control|data value [typelist] Set the IP Class of Service for either the control or data connection.For connections using AF_INET type sockets, this sets
the Type of Service field in the IP header to the value specified.For connections using AF_INET6 type sockets, this sets
the Traffic Class field in the IP header to the value specified.SunOS 5.11 Last change: 27 Sep 2010 3
File Formats ftpaccess(4)
When configured through inetd.conf(4), the socket type is controlled by the protocol field of the ftp service. When running in standalone mode the default socket typeis AF_INET6. The in.ftpd(1M) 4 option selects AF_INET.
typelist is a comma-separated list of any of the key-
words anonymous, guest, real, and class=. When class= appears, it must be followed by a class name. keepalive yes|noSet the TCP SO_KEEPALIVE option for control and data
sockets. This can be used to control network disconnect. If yes, then set it. If no, then use the system default (usually off). You probably want to set this. timeout accept seconds timeout connect seconds timeout data seconds timeout glob seconds timeout idle seconds timeout maxidle seconds timeout RFC931 seconds Set various timeout conditions. accept How long the FTP Server waits for an incoming (PASV) data connection. The default is 120 seconds. connect How long the FTP Server waits attempting to establish an outgoing (PORT) data connection. This effects the actual connection attempt. The daemon makes several attempts, sleeping between each attempt, before giving up. The default is 120 seconds. data How long the FTP Server waits for some activity on the data connection. You should keep this long because the remote client can have a slow link, and there can be quite a bit of data queued for the client. The default is 1200 seconds. glob How long the FTP server generates path names matching a pattern from wildcards. The default is 120 seconds.SunOS 5.11 Last change: 27 Sep 2010 4
File Formats ftpaccess(4)
idle How long the FTP Server waits for the next command. The default is 900 seconds. The default can also be overridden by using the toption at the command-line. This access
clause overrides both. maxidle The SITE IDLE command allows the remote client to establish a higher value for the idle timeout. The maxidle clause sets the upper limit that the client can request. The default can also be overridden by using the Toption at the command-line. This access
clause overrides both. The default is 7200 seconds. RFC931 The maximum time the FTP server allows for the entire RFC931 (AUTH/ident) conversation. Setting this to zero (0) disables theserver's use of this protocol. The informa-
tion obtained by means of RFC931 is recorded in the system logs and is not actually used in any authentication. The default is 10 seconds.file-limit raw in|out|total count class
Limit the number of data files a user in the given class can transfer. The limit can be placed on files in, out, or total. If no class is specified, the limit is the default for classes which do not have a limit specified. The optional parameter raw applies the limit to the total traffic rather than just data files.data-limit [raw] in|out|total count [class]
Limit the number of data bytes a user in the given class can transfer. The limit can be placed on bytes in, out, or total. If no class is specified, the limit is the default for classes which do not have a limit specified. Note that once it has been exceeded, this limit preventstransfers, but it does not terminate a transfer in pro-
gress. The optional parameter raw applies the limit to total traffic rather than just data files.limit-time *|anonymous|guest minutes
SunOS 5.11 Last change: 27 Sep 2010 5
File Formats ftpaccess(4)
Limit the total time a session can take. By default, there is no limit. Real users are never limited. guestserver [hostname...] Control which hosts can be used for anonymous access. If used without hostname, all anonymous access is denied to this site. More than one hostname can be specified. Anonymous access is only allowed on the named machines. If access is denied, the user is asked to use the first hostname listed.limit class n times [message_file]
Limit class to n users at times times, displayingmessage_file if the user is denied access. A limit check
is performed at login time only. If multiple limit com-
mands can apply to the current session, the first appli-
cable one is used. Failing to define a valid limit, or alimit of -1, is equivalent to no limits. The format of
times is:day[day...][time-range][|day[day...][time-range]]...
The value of day can be Su, Mo, Tu, We, Th, Fr, Sa, Wk(for any weekday Monday through Friday), or Any. time-
range is in 24-hour clock notation. If a time range is
not specified, any time of the day is matched. Multipleday and time-range can be specified by the "|" symbol.
For example, Wk1730-0900|Sa|Su specifies 5:30 p.m. to
9:00 a.m., Monday through Friday, and anytime on week-
ends. message_file can contain magic cookies. See mes-
sage for more details. noretrieve [absolute|relative][class=classname...][-] filename [filename...]
Always deny retrievability of these files. If filename specifies a pathname that begins with '/' character, then only those files are marked no retrieve. Otherwise all files that match the filename are refused transfer. For example, noretrieve /etc/passwd core specifies no one is able to retrieve the /etc/passwd file. You are allowed to transfer any file named passwd that is not in /etc. On the other hand, no one is able to get files named core, wherever they are. Directory specifications mark all files and subdirectories in the named directorySunOS 5.11 Last change: 27 Sep 2010 6
File Formats ftpaccess(4)
unretrievable. The filename can be specified as a file glob. For example, noretrieve /etc /home/*/.htaccessspecifies that no files in /etc or any of its subdirec-
tories can be retrieved. Also, no files named .htaccess anywhere under the /home directory can be retrieved. The optional first parameter selects whether names are interpreted as absolute or relative to the current chroot'd environment. The default is to interpret namesbeginning with a slash as absolute. The noretrieve res-
trictions can be placed upon members of particular classes. If any class= is specified, the named files cannot be retrieved only if the current user is a member of one of the given classes.allow-retrieve [absolute|relative]
[class=classname...][-] filename [filename...]
Allows retrieval of files which would otherwise be denied by noretrieve. loginfails number After number login failures, log a repeated login failures message and terminate the FTP connection. The default value for number is 5. private yes | noAllow or deny use of the SITE GROUP and SITE GPASS com-
mands after the user logs in. The SITE GROUP and SITE GPASS commands specify an enhanced access group and associated password. If the group name and password are valid, the user becomes a member of the group specified in the group access file /etc/ftpd/ftpgroups by means of setegid(2). See ftpgroups(4) for the format of the file. For this option to work for anonymous FTP users, the FTP Server must keep /etc/group permanently open and load the group access file into memory. This means that the FTP Server now has an additional file descriptor open, and the necessary passwords and access privileges granted to users by means of SITE GROUP is static for the duration of an FTP session. If you have an urgent need to change the access groups or passwords now, you have to kill all of the running FTP Servers.SunOS 5.11 Last change: 27 Sep 2010 7
File Formats ftpaccess(4)
Informational Capabilities The following informational capabilities are supported: greeting full|brief|terse greeting text message The greeting command allows you to control how much information is given out before the remote user logs in. greeting full, which is the default greeting, shows the hostname and daemon version. greeting brief shows the hostname. greeting terse simply says FTP Server ready. Although full is the default, brief is suggested.The text form allows you to specify any greeting mes-
sage. message can be any string. Whitespace (spaces and tabs) is converted to a single space. banner path The banner command operates similarly to the message command, except that the banner is displayed before the user enters the username. The path is relative to the real system root, not to the base of the anonymous FTP directory.Use of the banner command can completely prevent non-
compliant FTP clients from making use of the FTP Server.Not all clients can handle multi-line responses, which
is how the banner is displayed. email name Use this command to define the email address for the FTP Server administrator. This string is printed every timethe %E magic cookie is used in message files.
hostname some.host.name Defines the default host name of the FTP Server. This string is printed on the greeting message and every timethe %L magic cookie is used. The host name for virtual
servers overrides this value. If no host name is speci-
fied, the default host name for the local machine is used. message path [when [class...]] Define a file with path such that the FTP ServerSunOS 5.11 Last change: 27 Sep 2010 8
File Formats ftpaccess(4)
displays the contents of the file to the user at login time or upon using the change working directory command. The when parameter can be LOGIN or CWD=dirglob. If whenis CWD=dirglob, dirglob specifies the new default directory that triggers the notification. A dirglob of "*" matches all directories. The optional class specification allows the message to be displayed only to members of a particular class. More than one class can be specified. Magic cookies can be present in path that cause the FTP Server to replace the cookie with a specified text string:%T Local time. For example, Thu Nov 15 17:12:42 1990.
%F Free space in partition of CWD, in Kbytes.
%C Current working directory.
%E The email address for the FTP Server administra-
tor.%R Remote host name.
%L Local host name.
%U Username given at login time.
%u Username as defined by means of RFC 931 authenti-
cation.%M Maximum allowed number of users in this class.
%N Current number of users in this class.
The following quota magic cookies are also supported butnot always set (see the quota-info capability):
%B absolute limit on disk blocks allocated
SunOS 5.11 Last change: 27 Sep 2010 9
File Formats ftpaccess(4)
%b preferred limit on disk blocks
%Q current block count
%I maximum number of allocated inodes (+1)
%i preferred inode limit
%q current number of allocated inodes
%H time limit for excessive disk use
%h time limit for excessive files
The message is displayed only once to avoid annoying the user. Remember that when messages are triggered by an anonymous or guest FTP user, they must be relative to the base of the anonymous or guest FTP directory tree.quota-info uid-range [uid-range...]
Enable retrieval of quota information for users matchinguid-range. This sets the quota magic cookies. Retrieving
quota information might cause a significant delay when logging into the server.uid-range can be a username, single UID, or a UID range.
Place a percent sign(%) before a number. An asterisk
means "all users." readme pathglob [when [class...]] Define a file with pathglob such that the FTP Server notifies the user at login time or upon using the change working directory command that the file exists and the date that it was modified. The when parameter can be LOGIN or CWD=dirglob. If when is CWD=dirglob, dirglob specifies the new default directory that triggers the notification. A dirglob of "*" matches all directories. The message is only displayed once, to avoid bothering users. Remember that when README messages are triggered by an anonymous or guest FTP user, the pathglob must be relative to the base of the anonymous or guest FTP directory tree.SunOS 5.11 Last change: 27 Sep 2010 10
File Formats ftpaccess(4)
The optional class specification allows the message to be displayed only to members of a particular class. You can specify more than one class. Logging Capabilities The following logging capabilities are supported: log commands typelist Enables logging of the individual FTP commands sent byusers. typelist is a comma-separated list of any of the
keywords anonymous, guest, and real. Command logging information is written to the system log. log transfers typelist directions Log file transfers made by FTP users to the xferlog(4) file. Logging of incoming transfers to the server can be enabled separately from outbound transfers from theserver. directions is a comma-separated list of any of
the two keywords inbound and outbound, and respectively causes transfers to be logged for files sent to and from the server. log security typelist Enables logging of violations of security rules to the system log, including for example, noretrieve and .notar. log syslog log syslog+xferlog Redirect the logging messages for incoming and outgoing transfers to syslog. Without this option the messages are written to xferlog. When you specify syslog+xferlog, the transfer log messages are sent to both the system log file and the xferlog file. xferlog format formatstring Customize the format of the transfer log entry written. formatstring can be any string, which might includemagic cookies. Strings of whitespace characters are con-
verted into a single space.The following transfer-specific magic cookies are
SunOS 5.11 Last change: 27 Sep 2010 11
File Formats ftpaccess(4)
recognized only immediately after a transfer has been completed:%Xt transfer-time
%Xn bytes-transferred
%XP filename
%Xp chroot-filename
%Xy transfer-type
%Xf special-action-flag
%Xd direction
%Xm access-mode
%Xa authentication-method
%Xc completion-status
%Xs file-size
%Xr restart-offset
xferlog(4) includes a description of these fields. If no xferlog format entry is present, the default is:xferlog format %T %Xt %R %Xn %XP %Xy %Xf %Xd %Xm %U ftp %Xa %u %Xc
Miscellaneous Capabilities The following miscellaneous capabilities are supported: alias string dir Define an alias, string, for a directory. Use thisSunOS 5.11 Last change: 27 Sep 2010 12
File Formats ftpaccess(4)
command to add the concept of logical directories. For example: alias rfc: /pub/doc/rfc would allow the user to access /pub/doc/rfc from any directory by the command cd rfc:. Aliases only apply to the cd command. cdpath dir Define an entry in the cdpath. This command defines a search path that is used when changing directories. For example: cdpath /pub/packages cdpath /.aliases would allow the user to move into any directory directlyunder either the /pub/packages or the /.aliases direc-
tories. The search path is defined by the order in whichthe lines appear in the ftpaccess file. If the user were
to give the command ftp> cd foo the directory is searched for in the following order: o ./foo o an alias called foo o /pub/packages/foo o /.aliases/foo The cdpath is only available with the cd command. If you have a large number of aliases, you might want to set up an aliases directory with links to all of the areas you wish to make available to users. compress yes|no classglob [classglob...] tar yes|no classglob [classglob...] Enable the use of conversions marked with theO_COMPRESS, O_UNCOMPRESS, and O_TAR options in
/etc/ftpd/ftpconversions. See ftpconversions(4). shutdown path If the file pointed to by path exists, the server checks the file regularly to see if the server is going to beshut down. If a shutdown is planned, the user is noti-
fied. New connections are denied after a specified time before shutdown. Current connections are dropped at a specified time before shutdown.SunOS 5.11 Last change: 27 Sep 2010 13
File Formats ftpaccess(4)
The format of the file specified by path is:year month day hour minute deny_offset disc_offset text
year A value of 1970 or greater. month A value of 0 to 11. day A value of 1 to 31. hour A value of 0 to 23. minute A value of 0 to 59.deny_offset The offsets in HHMM format that new con-
disc_offset nections is denied and existing connec-
tions is disconnected before the shutdown time. text Follows the normal rules for any message. The following additional magic cookies are available:%s The time at which the system is
going to shut down.%r The time at which new connections
is denied.%d The time at which current connec-
tions is dropped. All times are in the form: ddd MMM DD hh:mm:ss YYYY.Only one shutdown command can be present in the confi-
guration file. You can use the external program ftpshut(1M) to automate generation of this file. daemonaddress address Listen only on the IP address specified. If the value is not set, then the FTP Server listens for connections onSunOS 5.11 Last change: 27 Sep 2010 14
File Formats ftpaccess(4)
every IP address. This applies only when the FTP Server is run in standalone mode. virtual address root|banner|logfile pathEnable the FTP Server limited virtual hosting capabili-
ties. The address is the IP address of the virtual server. The second argument specifies that the path is either the path to the root of the filesystem for this virtual server, the banner presented to the user when connecting to this virtual server, or the logfile where transfers are recorded for this virtual server. If the logfile is not specified the default log file is used. All other message files and permissions as well as any other settings in this file apply to all virtual servers. The address can also be specified as a hostname rather than as an IP number. This is strongly discouraged since, if DNS is not available at the time the FTP session begins, the hostname is not matched. root|logfile path In contrast to limited virtual hosting, complete virtualhosting allows separate configuration files to be vir-
tual host specific. See ftpservers(4). The only addi-
tions that are necessary in a virtual host's ftpaccess
file is the root directive that ensures the correct root directory is used for the virtual host. This only workswith complete virtual hosting, which in contrast to lim-
ited virtual hosting, allows separate configuration files to be specified for each virtual host.path is either the root of the filesystem for this vir-
tual server or the logfile where transfers for this vir-
tual server are recorded. root and logfile can only bespecified when not preceded by virtual address in a vir-
tual hosts's ftpaccess file.
virtual address hostname|email string Set the hostname shown in the greeting message and status command, or the email address used in message files and on the HELP command, to the given string. virtual address allow username [username...] virtual address deny username [username...] By default, real and guest users are not allowed to logSunOS 5.11 Last change: 27 Sep 2010 15
File Formats ftpaccess(4)
in on the virtual server, unless they are guests that are chroot'd to the virtual root. The users listed on the virtual allow line(s) are granted access. You can grant access to all users by giving '*' as the username. The virtual deny clauses are processed after the virtual allow clauses. Thus specific users can be denied access although all users were allowed in an earlier clause. virtual address private Deny log in access to anonymous users on the virtual server. Anonymous users are generally allowed to log in on the virtual server if this option is not specified. virtual address passwd file Use a different passwd file for the virtual host. virtual address shadow file Use a different shadow file for the virtual host. defaultserver deny username [username...] defaultserver allow username [username...]By default, all users are allowed access to the non-
virtual FTP Server. Use defaultserver deny to revoke access for specific real and guest users. Specify '*' to deny access to all users, except anonymous users. Specific real and guest users can then be allowed access by using defaultserver allow. defaultserver privateBy default, all users are allowed access to the non-
virtual FTP Server. Use defaultserver private to revoke access for anonymous users. The virtual and defaultserver allow, deny and private clauses provide a means to control which users are allowed access to which FTP Servers. passive address externalip cidr Allow control of the address reported in response to a passive command. When any control connection matchingSunOS 5.11 Last change: 27 Sep 2010 16
File Formats ftpaccess(4)
cidr requests a passive data connection (PASV), the externalip address is reported. This does not change the address that the daemon actually listens on, only the address reported to the client. This feature allows the daemon to operate correctly behind IP renumbering firewalls. For example: passive address 10.0.1.15 10.0.0.0/8 passive address 192.168.1.5 0.0.0.0/0Clients connecting from the class-A network 10 is told
the passive connection is listening on IP address 10.0.1.15 while all others are told the connection is listening on 192.168.1.5. Multiple passive addresses canbe specified to handle complex, or multi-gatewayed, net-
works. passive ports cidr min max Allows control of the TCP port numbers which can be used for a passive data connection. If the control connectionmatches the cidr, a port in the range min to max is ran-
domly selected for the daemon to listen on. This feature allows firewalls to limit the ports that remote clients can use to connect into the protected network. cidr is shorthand for an IP address followed by a slashand the number of left-most bits that represent the net-
work address, as opposed to the machine address. Forexample, if you are using the reserved class-A network
10, instead of a netmask of 255.0.0.0, use a CIDR of /8, as in 10.0.0.0/8, to represent your network. When min and max are both 0, the kernel rather than the FTP server selects the TCP port to listen on. Kernel port selection is usually not desirable if the kernel allocates TCP ports sequentially. If in doubt, let the FTP server do the port selection.pasv-allow class [addrglob...]
port-allow class [addrglob...]
Normally, the FTP Server does not allow a PORT command to specify an address different than that of the control connection. Nor does it allow a PASV connection from another address.The port-allow clause provides a list of addresses that
the specified class of user can give on a PORT command. These addresses are allowed even if they do not matchSunOS 5.11 Last change: 27 Sep 2010 17
File Formats ftpaccess(4)
the IP address of the client-side of the control connec-
tion.The pasv-allow clause provides a list of addresses that
the specified class of user can make data connections from. These addresses are allowed even if they do notmatch the IP address of the client-side of the control
connection. lslong command [options...] lsshort command [options...] lsplain command [options...] Use the lslong, lsshort, and lsplain clauses to specify the commands and options to use to generate directory listings. The options cannot contain spaces, and the default values for these clauses are generally correct. Use lslong, lsshort, or lsplain only if absolutely necessary. mailserver hostname Specify the name of a mail server that accepts upload notifications for the FTP Server. Multiple mail servers can be listed. The FTP Server attempts to deliver the upload notification to each, in order, until one accepts the message. If no mail servers are specified, localhost is used. This option is only meaningful if anyone is to be notified of anonymous uploads. See incmail. incmail emailaddress virtual address incmail emailaddress defaultserver incmail emailaddress Specify email addresses to be notified of anonymous uploads. Multiple addresses can be specified. Each receives a notification. If no addresses are specified, no notifications are sent. If addresses are specified for a virtual host, only those addresses are sent notification of anonymous uploads on that host. Otherwise, notifications are sent to the global addresses. defaultserver addresses only apply when the FTP session is not using one of the virtual hosts. In this way, you can receive notifications for your default anonymous area, but not see notifications to virtual hosts that do not have their own notifications.SunOS 5.11 Last change: 27 Sep 2010 18
File Formats ftpaccess(4)
mailfrom emailaddress virtual address mailfrom emailaddress defaultserver mailfrom emailaddress Specify the sender's email address for anonymous upload notifications. Only one address can be specified. If no mailfrom applies, email is sent from the default mailboxname wu-ftpd. To avoid problems if the recipient
attempts to reply to a notification, or if downstream mail problems generate bounces, you should ensure the mailfrom address is deliverable. sendbuf size [typelist] recvbuf size [typelist] Set the send or receive buffer sizes used for binary transfers. They have no effect on ASCII transfers. rhostlookup yes|no [addrglob ...] Allows or disallows the lookup of the remote host's name. Name lookups can be slow, but skipping them means that places where an addrglob is matched (for example, in the class capability) match only an IP address, nota name. Also deny !nameserved and dns refuse_no_reverse
or refuse_mismatch deny access when a name lookup is not
done. The default is to lookup the remote host's name. Only IP addresses, not names, are matched in addrglob.flush-wait yes|no [typelist]
Controls the behavior at the end of a download or direc-
tory listing. If yes, shutdown the data connection for sending and wait for the client to close its end beforesending a transfer complete reply on the control connec-
tion. This is the default behavior. If no, close the data connection and send the transfer complete reply without waiting for the client. With this behavior, data loss can go undetected. If a client hangs at the end of a directory listing, orthe system has many sockets in the FIN_WAIT_2 state, try
setting to no as a workaround for broken client behavior. Permission CapabilitiesSunOS 5.11 Last change: 27 Sep 2010 19
File Formats ftpaccess(4)
The following permission capabilities are supported: chmod yes|no typelist delete yes|no typelist overwrite yes|no typelist rename yes|no typelist umask yes|no typelist Allows or disallows the ability to perform the specified function. By default, all real and guest users are allowed. Anonymous users are only allowed overwrite and umask.typelist is a comma-separated list of any of the key-
words anonymous, guest, real and class=. When class= appears, it must be followed by a classname. If any class= appears, the typelist restriction applies only to users in that class.passwd-check none|trivial|rfc822 [enforce|warn]
Define the level and enforcement of password checking done by the FTP Server for anonymous FTP. none No password checking is performed. trivial The password must contain an '@'. rfc822 The password must be RFC 822 compliant. warn Warn, but permit the login. enforce Notify and deny the login.deny-email case-insensitive-emailaddress
Consider the email address given as an argument asinvalid. If passwd-check is set to enforce, anonymous
users giving this address as a password cannot log in. That way, you can stop users from having stupid WWW browsers use fake addresses like IE?0User@ or mozilla@. (by using this, you are not shutting out users using aWWW browser for ftp - you just make them configure their
browser correctly.) Only one address is allowed perline, but you can have as many deny-email addresses as
SunOS 5.11 Last change: 27 Sep 2010 20
File Formats ftpaccess(4)
you like.path-filter typelist message allowed_regexp
[disallowed_regexp...]
For users in typelist, path-filter defines regular
expressions that control what characters can be used in the filename of an uploaded file or created directory. There can be multiple disallowed regular expressions. Ifa filename is invalid due to failure to match the regu-
lar expression criteria, message are displayed to the user. For example:path-filter anonymous /etc/pathmsg ^[-A-Za-z0-9._]*$ ^. ^-
specifies that all upload filenames for anonymous usersmust be made of only the characters A-Z, a-z, 0-9, and
period, underscore, or hyphen (._-), and can not begin
with a period or a dash (. or -). If the filename is
invalid, /etc/pathmsg is displayed to the user.upload [absolute|relative] [class=classname]... [-]
root-dir dirglob yes|no owner group mode
[dirs|nodirs] [d_mode]
Define a directory with dirglob that permits or denies uploads. If it does permit uploads, all newly createdfiles are owned by owner and group and have their per-
missions set according to mode. Existing files that areoverwritten retain their original ownership and permis-
sions. Directories are matched on a best-match basis.
For example: upload /var/ftp * no upload /var/ftp /incoming yes ftp daemon 0666 upload /var/ftp /incoming/gifs yes jlc guest 0600 nodirs would only allow uploads into /incoming and /incoming/gifs. Files that were uploaded to /incoming are owned by ftp/daemon and have permissions of 0666. Files uploaded to /incoming/gifs are owned by jlc/guest and have permissions of 0600. The optional dirs and nodirs keywords can be specified to allow or disallowthe creation of new subdirectories using the mkdir com-
mand. If the upload command is used, directory creation is allowed by default. To turn it off by default, you must specify a user, group and mode followed by thenodirs keyword as the first line where the upload com-
mand is used in this file. If directories are permitted,the optional d_mode determines the permissions for a
SunOS 5.11 Last change: 27 Sep 2010 21
File Formats ftpaccess(4)
newly created directory. If d_mode is omitted, the per-
missions are inferred from mode. The permissions are 0777 if mode is also omitted. The upload keyword onlyapplies to users who have a home directory of root-dir.
root-dir can be specified as * to match any home direc-
tory. The owner or group can each be specified as *, in which case any uploaded files or directories are created with the ownership of the directory in which they are created. The optional first parameter selects whetherroot-dir names are interpreted as absolute or relative
to the current chroot'd environment. The default is tointerpret
any number of class=classname restrictions. If any are specified, this upload clause only takes effect if the current user is a member of one of the classes. In the absence of any matching upload clause, real and guest users can upload files and make directories, but anonymous users cannot. The mode of uploaded files is 0666. For created directories, the mode is 0777. Both modes are modified by the current umask setting.names as absolute. You can specify throughput root-dir subdir-glob file-glob-list
bytes-per-second bytes-per-second-multiply remote-glob-list
Define files by means of a comma-separated file-glob-
list in subdir matched by subdir-glob under root-dir
that have restricted transfer throughput of bytes-per-
second on download when the remote hostname or remote IPaddress matches the comma-separated remote-glob-list.
Entries are matched on a best-match basis. For example:
throughput /e/ftp * * oo - *
throughput /e/ftp /sw* * 1024 0.5 *throughput /e/ftp /sw* README oo - *
throughput /e/ftp /sw* * oo - *.foo.com
would set maximum throughput per default, but restrict download to 1024 bytes per second for any files under/e/ftp/sw/ that are not named README. The only excep-
tions are remote hosts from within the domain foo.com which always get maximum throughput. Every time a remote client has retrieved a file under /e/ftp/sw/ the bytes per seconds of the matched entry line are internally multiplied by a factor, here 0.5. When the remote client retrieves its second file, it is served with 512 bytes per second, the third time with only 256 bytes per second, the fourth time with only 128 bytes per second, and so on. The string oo for the bytes per second field means no throughput restriction. A multiply factor of1.0 or - means no change of the throughput after every
SunOS 5.11 Last change: 27 Sep 2010 22
File Formats ftpaccess(4)
successful transfer. The root-dir here must match the
home directory specified in the password database . The throughput keyword only applies to users who have a homedirectory of root-dir.
anonymous-root root-dir [class...]
root-dir specifies the chroot() path for anonymous
users. If no anonymous-root is matched, the old method
of parsing the home directory for the FTP user is used. If no class is specified, this is the root directory foranonymous users who do not match any other anonymous-
root specification. Multiple classes can be specified onthis line. If an anonymous-root is chosen for the user,
the FTP user's home directory in the root-dir/etc/passwd
file is used to determine the initial directory and theFTP user's home directory in the system-wide /etc/passwd
is not used. For example:anonymous-root /home/ftp
anonymous-root /home/localftp localnet
causes all anonymous users to be chroot'd to the direc-
tory /home/ftp. If the FTP user exists in /home/ftp/etc/passwd, their initial CWD is that homedirectory. Anonymous users in the class localnet, how-
ever, are chroot'd to the directory /home/localftp and their initial CWD is taken from the FTP user's home directory in /home/localftp/etc/passwd.guest-root root-dir [uid-range...]
root-dir specifies the chroot() path for guest users. If
no guest-root is matched, the old method of parsing the
user's home directory is used. If no uid-range is speci-
fied, this is the root directory for guestusers who donot match any other guest-root specification. Multiple
UID ranges can be given on this line. If a guest-root is
chosen for the user, the user's home directory in theroot-dir/etc/passwd file is used to determine the ini-
tial directory and the home directory in the system-wide
/etc/passwd is not used. uid-range specifies names or
numeric UID values. To use numbers, put a percent sign(%) symbol before it or before the range. Ranges are
specified by giving the lower and upper bounds (inclusive), separated by a dash. If the lower bound isomitted, it means all up to. If the upper bound is omit-
ted, it means all starting from. For example:guest-root /home/users
SunOS 5.11 Last change: 27 Sep 2010 23
File Formats ftpaccess(4)
guest-root /home/staff %100-999 sally
guest-root /home/users/owner/ftp frank
causes all guest users to chroot() to /home/users thenstarts each user in the user's home directory, as speci-
fiedin /home/users/etc/passwd. Users in the range 100 through 999, inclusive, and user sally, are chroot'd to /home/staff and the CWD are taken from their entries in /home/staff/etc/passwd. The single user frank are chroot'd to /home/users/owner/ftp and the CWD are from his entry in /home/users/owner/ftp/etc/passwd.The order is important for both anonymous-root and
guest-root. If a user would match multiple clauses, only
the first applies; with the exception of the clausewhich has no class or uid-range, which applies only if
no other clause matches.deny-uid uid-range [uid-range...]
deny-gid gid-range [gid-range...]
allow-uid uid-range [uid-range...]
allow-gid gid-range [gid-range...]
Use these clauses to specify UID and GID values that aredenied access to the FTP Server. The allow-uid and
allow-gid clauses can be used to allow access for UID
and GID values which would otherwise be denied. These checks occur before all others. deny is checked before allow. The default is to allow access. These clauses do not apply to anonymous users. Use defaultserver private to deny access to anonymous users. In most cases, these clauses obviate the need for an ftpusers(4) file. For example, the following clauses deny FTP Server access to all privileged or special users and groups, except the guest1 user or group.deny-gid %-99 nobody noaccess nogroup
deny-uid %-99 nobody noaccess nobody4
allow-gid guest1
allow-uid guest1
Support for the ftpusers file still exists, so it can beused when changing the ftpaccess file is not desired. In
any place a single UID or GID is allowed throughout theftpaccess file, either names or numbers also can be
used. To use a number, put a percent sign (%) symbol
before it. In places where a range is allowed, put the percent sign before the range. A "*" matches all UIDs or GIDs.SunOS 5.11 Last change: 27 Sep 2010 24
File Formats ftpaccess(4)
restricted-uid uid-range [uid-range...]
restricted-gid gid-range [gid-range...]
unrestricted-uid uid-range [uid-range...]
unrestricted-gid gid-range [gid-range...]
These clauses control whether or not real or guest users are allowed access to areas on the FTP site outside their home directories. These clauses are not meant to replace the use of guestgroup and guestuser. Instead, use these clauses to supplement the operation of guests.The unrestricted-uid and unrestricted-gid clauses can be
used to allow users outside their home directories who would otherwise be restricted. The following example shows the intended use for these clauses. Assume user dick has a home directory /home/dick and jane has a home directory /home/jane:guest-root /home dick jane
restricted-uid dick jane
While both dick and jane are chroot'd to /home, theycannot access each other's files because they are res-
tricted to their home directories. However, you should not rely solely upon the FTP restrictions to control access. As with all other FTP access rules, you should also use directory and file permissions to support theoperation of the ftpaccess configuration.
site-exec-max-lines number [class...]
The SITE EXEC feature traditionally limits the number of lines of output that can be sent to the remote client. Use this clause to set this limit. If this clause is omitted, the limit is 20 lines. A limit of 0 (zero) implies no limit. Be very careful if you choose to remove the limit. If a clause is found matching the remote user's class, that limit is used. Otherwise, the clause with class '*', or no class given, is used. For example:site-exec-max-lines 200 remote
site-exec-max-lines 0 local
site-exec-max-lines 25
limits output from SITE EXEC (and therefore SITE INDEX) to 200 lines for remote users, specifies there is no limit at all for local users, and sets a limit of 25 lines for all other users.SunOS 5.11 Last change: 27 Sep 2010 25
File Formats ftpaccess(4)
dns refuse_mismatch filename [override]
Refuse FTP sessions when the forward and reverse lookups for the remote site do not match. Lookups are done using the system's name service as configured in nsswitch.conf(4). Display the named file, like a message file, admonishing the user. If the optional override is specified, allow the connection after complaining.dns refuse_no_reverse filename [override]
Refuse FTP sessions when the remote host's IP address has no associated name. Lookups are done using the system's name service as configured in nsswitch.conf(4).Display the named file, such as a message file, admon-
ishing the user. If the optional override is specified, allow the connection after complaining. dns resolveroptions [options] Modify certain internal resolver variables. This onlyhas an effect when DNS is used as the system's name ser-
vice. The line takes a series of options which are usedto set the RES_OPTIONS environment variable, see
resolv.conf(4) for details. For example: dns resolveroptions rotate attempts:1turns on querying name servers round-robin and selects
querying each name server only once.Lines that begin with a # sign are treated as comment lines
and are ignored. FILES/etc/ftpd/ftpaccess
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:SunOS 5.11 Last change: 27 Sep 2010 26
File Formats ftpaccess(4)
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | service/network/ftp ||_____________________________|_____________________________|
| Interface Stability | Volatile ||_____________________________|_____________________________|
SEE ALSO
compress(1), ls(1), tar(1), ftpaddhost(1M), ftpconfig(1M), ftpshut(1M), in.ftpd(1M), chroot(2), nice(2), umask(2), getgrnam(3C), resolver(3RESOLV), ftpconversions(4), ftpgroups(4), ftpservers(4), ftpusers(4), nsswitch.conf(4), resolv.conf(4), timezone(4), xferlog(4), attributes(5), fnmatch(5) Crocker, David H. RFC 822, Standard For The Format Of ARPA Internet Text Messages. Network Information Center. August 1982. St. Johns, Michael. RFC 931, Authentication Server. Network Working Group. January 1985.SunOS 5.11 Last change: 27 Sep 2010 27