manpagez: man pages & more
man ftpaccess(5)
Home | html | info | man
ftpaccess(5)                                                      ftpaccess(5)




Name

       ftpaccess - xftpd configuration file


Description

       The ftpaccess file is used to configure the operation of xftpd(8).


Access Capabilities

       class <class> <typelist> <addrglob> [<addrglob> ...]
            Define <class> of users, with source addresses of the form  <addr-
            glob>.  Multiple members of <class> may be  defined.   There   may
            be   multiple  "class"  commands listing additional members of the
            class.  If multiple "class" commands can apply  to   the   current
            session,  the   first   one   listed  in  the access file is used.
            Failing to define a valid class for a host will cause access to be
            denied.   <typelist>  is a comma-separated list of any of the key-
            words "anonymous", "guest"  and "real".  If the "real" keyword  is
            included,  the  class  can  match users using FTP to  access  real
            accounts, and  if the "anonymous" keyword is  included  the  class
            can  match  users  using   anonymous   FTP.   The  "guest" keyword
            matches  guest  access accounts (see "guest group" for more infor-
            mation)

       <addrglob> may be a globbed domain name or a  globbed numeric  address.
       It may also be the name of a file, starting with a slash  ('/'),  which
       contains   additional  address   globs,   as   well   as  in  the  form
       address:netmask or address/cidr.  Placing  an  exclamation  (!)  before
       an  <addrglob> negates the test.


       deny <addrglob> <message_file>
            Always deny access to host(s) matching <addrglob>.  <message_file>
            is displayed.  <addrglob> may be "!nameserved" to deny  access  to
            sites  without a working nameserver.  It may also be the name of a
            file, starting with  a  slash  ('/'),  which  contains  additional
            address   globs,  as  well  as  in  the  form  address:netmask  or
            address/cidr.

       defumask <umask> [<class>]
            Set the umask applied to files created by daemon if the remote use
            is a member of the named class.  If <class> is not specified, then
            use the umask as the default for classes which  do  not  have  one
            specified.   limit-time  {*|anonymous}  <minutes>  Limit the total
            time a session can take.  By default, there  is  no  limit.   Real
            users are never limited.

       limit <class> <n> <times> <message_file>
            Limit  <class>  to  <n>  users  at times <times>, displaying <mes-
            sage_file> if user is denied access.  Limit check is performed  at
            login  time  only.   If multiple "limit" commands can apply to the
            current session, the first applicable one  is  used.   Failing  to
            define  a  valid  limit, or a limit of -1, is equivalent to unlim-
            ited. <times> is in same format as the times  in  the  UUCP  L.sys
            file.

       noretrieve  [absolute|relative]  [class=<classname>] ... [-] <filename>
       <filename> ...
            Always  deny  retrieve-ability of these files. If the files are an
            absolute path specification (i.e. begins with '/' character)  then
            only  those files are marked un-gettable, otherwise all files with
            matching the filename are refused transfer. Example:
                 noretrieve /etc/passwd core
            specifies no one will be able to get the file /etc/passwd  whereas
            they  will  be allowed to transfer a file `passwd' if it is not in
            /etc. On the other hand no one will be able  to  get  files  named
            `core' wherever it is.

       Absolute  path  specifications  ending  with a slash ('/') are taken to
       mean all files in the named directory are to marked un-gettable.

       The <filename> may be specified as a file glob, or regular  expression.

       The  optional  first  parameter selects whether names are intepreted as
       absolute or relative to the current chroot'd environment.  The  default
       is to intepret names beginning with a slash as absolute.

       The  noretrieve  restrictions  may be placed upon members of particular
       classes.  If any class= is specified the  named  files  are  only  non-
       retrievable  if  the  current  user  is  a  member  of any of the given
       classes.

       allow-retrieve [absolute|relative]  [class=<classname>]...  [-]  <file-
       name> ...
            Allows retrieval of files which would otherwise be denied by nore-
            trieve.

       krb5_principal <principal name>
            Sets  the  Kerberos V5 service principal name used for the server.
            Should be set to ftp/fqdn@REALM

       loginfails <number>
            After <number> login failures, log  a  "repeated  login  failures"
            message and terminate the FTP connection.  Default value is 5.


       Informational Capabilities

       greeting full|brief|terse
            Allows you to control how much information is given out before the
            remote user logs in.  'greeting full' is the default and shows the
            hostname  and  daemon  version.   'greeting brief' whose shows the
            hostname.   'greeting  terse'  simply  says  "FTP  server  ready."
            Although full is the default, brief is recommended.

       banner <path>
            Works  similarly to the message command, except that the banner is
            displayed before  the  user  enters  the  username/password.   The
            <path>  is  relative  to the real system root, not the base of the
            anonymous FTP directory.

       WARNING: use of this command can completely prevent  non-compliant  FTP
       clients  from making use of the FTP server.  Not all clients can handle
       multi-line responses (which is how the banner is displayed).

       email <name>
            Defines the email address of the  ftp  archive  maintainer.   This
            string will be printed every time the %E magic cookie is used.

       message <path> {<when> {<class> ...}}
            Define  a  file  with <path> such that xftpd will display the con-
            tents of the file to the user login time or upon using the  change
            working directory command.  The <when> parameter may be "LOGIN" or
            "CWD=<dir>".  If <when> is "CWD=<dir>", <dir>  specifies  the  new
            default directory which will trigger the notification.

       The  optional  <class> specification allows the message to be displayed
       only to members of a particular class.  More  than  one  class  may  be
       specified.

       There  can  be  "magic  cookies" in the readme file which cause the ftp
       server to replace the cookie with a specified text string:
             %T      local time (form Thu Nov 15 17:12:42 1990)
             %F      free space in partition of CWD (kbytes)
                     [not supported on all systems]
             %C      current working directory
             %E      the maintainer's email address as defined in ftpaccess
             %R      remote host name
             %L      local host name
             %u      username as determined via RFC931 authentication
             %U      username given at login time
             %M      maximum allowed number of users in this class
             %N      current number of users in this class
             %B      absolute limit on disk blocks allocated
             %b      preferred limit on disk blocks
             %Q      current block count
             %I      maximum number of allocated inodes (+1)
             %i      preferred inode limit
             %q      current number of allocated inodes
             %H      time limit for excessive disk use
             %h      time limit for excessive files

       The message will only be displayed once to  avoid  annoying  the  user.
       Remember that when MESSAGEs are triggered by an anonymous FTP user, the
       <path> must be relative to the base  of  the  anonymous  FTP  directory
       tree.

       readme <path> {<when> {<class>}}
            Define  a  file  with  <path>  such that xftpd will notify user at
            login time or upon using the change working directory command that
            the  file  exists  and  was  modified  on such-and-such date.  The
            <when> parameter may be "LOGIN"  or  "CWD=<dir>".   If  <when>  is
            "CWD=<dir>",  <dir> specifies the new default directory which will
            trigger the notification.  The  message  will  only  be  displayed
            once,  to  avoid  bothering users.  Remember that when README mes-
            sages are triggered by an anonymous FTP user, the <path>  must  be
            relative to the base of the anonymous FTP directory tree.

       The  optional  <class> specification allows the message to be displayed
       only to members of a particular class.  More  than  one  class  may  be
       specified.


Logging Capabilities

       log commands <typelist>
            Enables  logging of individual commands by users.  <typelist> is a
            comma-separated list  of  any  of  the  keywords  "anonymous"  and
            "real".   If  the "real" keyword is included, logging will be done
            for users using FTP to access real accounts, and  if  the  "anony-
            mous" keyword is included logging will done for users using anony-
            mous FTP.

       log transfers <typelist> <directions>
            Enables logging of file transfers for either real or anonymous FTP
            users.   Logging  of  transfers  TO  the  server (incoming) can be
            enabled separately from  transfers  FROM  the  server  (outbound).
            <typelist>  is  a  comma-separated  list  of  any  of the keywords
            "anonymous" and "real".  If the "real" keyword is  included,  log-
            ging will be done for users using FTP to access real accounts, and
            if the "anonymous" keyword is included logging will done for users
            using  anonymous  FTP.   <directions> is a comma-separated list of
            any of the two keywords "inbound" and "outbound", and will respec-
            tively  cause  transfers to be logged for files sent to the server
            and sent from the server.

       log security <typelist>
            Enables logging  of  violations  of  security  rules  (noretrieve,
            .notar,  ...)   for  real and/or anonymous users.  <typelist> is a
            comma-separated list  of  any  of  the  keywords  "anonymous"  and
            "real".   If  the "real" keyword is included, logging will be done
            for users using FTP to access real accounts, and  if  the  "anony-
            mous" keyword is included logging will done for users using anony-
            mous FTP.

       log syslog
            Redirects the logging messages for incoming and outgoing transfers
            to  syslog.  Without this option the messages are written to xfer-
            log.


Miscellaneous Capabilities

       do_rfc931 no
            When specified, the xftpd(8)  server  will  suppress  the  use  of
            RFC931  (AUTH/ident)  to  attempt to determine the username on the
            client.  This behavior may also be  suppressed  by  providing  the
            command line argument '-I' to xftpd(8).


       sjis <yes|no>
            Sets  the  Shift-JIS  mode.  When  sjis is set to yes the xftpd(8)
            server expects all user command and filename input to  be  encoded
            in Shift-JIS.  All file output and banners will be sent encoded in
            Shift-JIS.


       keepalive yes | no
            Directs the server to set the "KeepAlive" TCP/IP mode for all con-
            nections.

       alias <string> <dir>
            Defines  an  alias, <string>, for a directory.  Can be used to add
            the concept of logical directories.

       For example:
         alias   rfc:    /pub/doc/rfc
       would allow the user to access /pub/doc/rfc from any directory  by  the
       command "cd rfc:".  Aliases only apply to the cd command.

       cdpath <dir>
            Defines an entry in the cdpath. This defines a search path that is
            used when changing directories.

       For example:
         cdpath /pub/packages
         cdpath /.aliases
       would allow the user to cd into any directory directly under /pub/pack-
       ages  or /.aliases directories. The search path is defined by the order
       the lines appear in the ftpaccess file.

       If the user were to give the command:
         cd foo
       The directory will be searched for in the following order:
         ./foo
         an alias called "foo"
         /pub/packages/foo
         /.aliases/foo

       The cd path is only available with the cd command. If you have a  large
       number  of  aliases  you might want to set up an aliases directory with
       links to all of the areas you wish to make available to users.

       compress <yes|no> <classglob> [<classglob> ...]

       tar <yes|no> <classglob> [<classglob> ...]
            Enables compress or tar capabilities for any class matching any of
            <classglob>.   The  actual conversions are defined in the external
            file FTPLIB/ftpconversions.

       shutdown <path>
            If the file pointed to by <path> exists, the server will check the
            file  regularly to see if the server is going to be shut down.  If
            a shutdown is planned, the user is notified, new  connections  are
            denied  after a specified time before shutdown and current connec-
            tions are dropped at a specified  time  before  shutdown.   <path>
            points to a file structured as follows:
             <year> <month> <day> <hour> <minute> <deny_offset> <disc_offset>
             <text>

             <year> any year > 1970
             <month> 0-11 <---- LOOK!
             <hour> 0-23
             <minute> 0-59
            <deny_offset>  and  <disc_offset>  are  the offsets in HHMM format
            before the shutdown time that new connections will be  denied  and
            existing connections will be disconnected.

       <text>  follows  the normal rules for any message (see "message"), with
       the following additional magic cookies available:
            %s      time system is going to shut down
            %r      time new connections will be denied
            %d      time current connections will be dropped
       all times are in the form: ddd MMM DD hh:mm:ss YYYY.  There can be only
       one "shutdown" command in the configuration file.

       The  external program ftpshut(8) can be used to automate the process of
       generating this file.

       passive address <externalip> <cidr>
            Allows control of the address reported in response to a PASV  com-
            mand.   When any control connection matching the <cidr> requests a
            passive  data  connection  (PASV),  the  <externalip>  address  is
            reported.   NOTE:  this  does  not  change the address the daemone
            actually listens on, only the  address  reported  to  the  client.
            This  feature  allows  the  daemon to operate correctly behind IP-
            renumbering firewalls.

       For example:
               passive address 10.0.1.15   10.0.0.0/8
               passive address 192.168.1.5 0.0.0.0/0
       Clients connecting from the class-A network 10 will be told the passive
       connection  is  listening on IP-address 10.0.1.15 while all others will
       be told the connection is listening on 192.168.1.5

       Multiple passive addresses may  be  specified  to  handle  complex,  or
       multi-gatewayed, networks.

       passive ports <cidr> <min> <max>
            Allows  control  of  the  TCP port numbers which may be used for a
            passive data connection.  If the control  connection  matches  the
            <cidr>  a  port  in  the  range  <min>  to  <max> will be randomly
            selected for the daemon to listen on.  This feature  allows  fire-
            walls  to  limit the ports which remote clients may use to connect
            into the protected network.

       <cidr> is shorthand for an IP address in dotted-quad notation  followed
       by a slash and the number of left-most bits which represent the network
       address (as opposed to the machine address).  For  example,  if  you're
       using  the  reserved  class-A  network  10,  instead  of  a  netmask of
       255.0.0.0 use a CIDR of /8  as in 10.0.0.0/8 to represent your network.


       Permission Capabilities

       auth_level standard | gssapi | both
            Sets  the  level of authentication xftpd(8) will accept for login.
            standard will accept a cleartext password using the PASS  command.
            gssapi  will  accept  a Kerberos v5 (GSS) service ticket using the
            ADAT command.  both directs xftpd(8) to accept either  authentica-
            tion method.

       chroot_type standard | homedir | restricted
            Sets  the type of restricted environment the user is under when he
            logs on.  standard Allows users to  access  the  ftp  root,  their
            homedir,  and  sharepoints.   homedir  Allows  users to access the
            their homedir and  sharepoints.   restricted  restricts  users  to
            their own home directory.

       chmod <yes|no> <typelist>

       delete <yes|no> <typelist>

       overwrite <yes|no> <typelist>

       rename <yes|no> <typelist>

       umask <yes|no> <typelist>
            Allows or disallows the ability to perform the specified function.
            By default, all users are allowed.

       <typelist> is a comma-separated list of any  of  the  keywords  "anony-
       mous", "real" and "class=".  When "class=" appears, it must be followed
       by a classname.  If any  class=  appears,  the  <typelist>  restriction
       applies only to users in that class.

       anonFTP yes | no
            Enables/Disables anonymous ftp.

       passwd-check <none|trivial|rfc822> (<enforce|warn>)
            Define  the level and enforcement of password checking done by the
            server for anonymous ftp.
              none      no password checking performed.
              trivial   password must contain an '@'.
              rfc822    password must be an rfc822 compliant address.

              warn      warn the user, but allow them to log in.
              enforce   warn the user, and then log them out.

       deny-email <case-insensitive-email-address>
            Consider the e-mail address given as an argument  as  invalid.  If
            passwd-check  is  set  to  enforce,  anonymous  users  giving this
            address as password cannot log in.  That way, you can  stop  users
            from  having stupid WWW browsers use fake addresses like IE?0User@
            or mozilla@. (by using this, you are not shutting out users  using
            a WWW browser for ftp - you just make them configure their browser
            correctly.)  Only one address per line, but you can have  as  many
            deny-email addresses as you like.

       defrootdir path
            Sets path as the root directory for the FTP server.

       path-filter  <typelist>  <mesg>  <allowed_charset> {<disallowed regexp>
       ...}
            For  users  in <typelist>, path-filter defines regular expressions
            that control what a filename can or can not be.  There may be mul-
            tiple disallowed regexps.  If a filename is invalid due to failure
            to match the regexp criteria, <mesg>  will  be  displayed  to  the
            user.  For example:
              path-filter anonymous /etc/pathmsg ^[-A-Za-z0-9._]*$ ^\. ^-
            specifies  that  all  upload filenames for anonymous users must be
            made of only the characters A-Z, a-z, 0-9, and "._-" and  may  not
            begin  with  a  "."  or  a  "-".   If  the  filename  is  invalid,
            /etc/pathmsg will be displayed to the user.

       upload [absolute|relative] [class=<classname>]... [-] <root-dir>  <dir-
       glob> <yes|no> <owner> <group> <mode> ["dirs"|"nodirs"] [<d_mode>]
            Define a directory with <dirglob> that permits or denies  uploads.

       If  it  does  permit  uploads,  all  files will be owned by <owner> and
       <group> and will have the permissions set according to <mode>.

       Directories are matched on a best-match basis.

       For example:
         upload  /var/ftp  *               no
         upload  /var/ftp  /incoming       yes  ftp  daemon  0666
         upload  /var/ftp  /incoming/gifs  yes  jlc  guest   0600  nodirs
       This would only allow uploads into /incoming and /incoming/gifs.  Files
       that  were uploaded to /incoming would be owned by ftp/daemon and would
       have permissions of 0666.  File uploaded  to  /incoming/gifs  would  be
       owned  by  jlc/guest and have permissions of 0600. Note that the <root-
       dir> here must match the home directory specified in the password data-
       base for the "ftp" user.

       The  optional "dirs" and "nodirs" keywords can be specified to allow or
       disallow the creation of new subdirectories using the mkdir command.

       Note that if the upload command is used, directory creation is  allowed
       by  default.  To turn it off by default, you must specify a user, group
       and mode followed by the "nodirs" keyword as the first line  where  the
       upload command is used in this file.

       If directories are permitted, the optional <d_mode> determines the per-
       missions for a newly created directory.  If <d_mode>  is  omitted,  the
       permissions  are  inferred  from  <mode>  or are 0777 if <mode> is also
       omitted.

       The upload keyword only applies to users who have a home directory (the
       argument  to the chroot() ) of <root-dir>.  <root-dir> may be specified
       as "*" to match any home directory.

       The <owner> and/or <group> may each be specified as "*", in which  case
       any uploaded files or directories will be created with the ownership of
       the directory in which they are created.

       The optional first  parameter  selects  whether  <root-dir>  names  are
       intepreted as absolute or relative to the current chroot'd environment.
       The default is to intepret <root-dir> names as absolute.

       You can specify any number of 'class=<classname>' restrictions.  If any
       are specified, this upload clause only takes effect if the current user
       is a member of one of the classes.


       throughput <root-dir> <subdir-glob> <file-glob-list> <bytes-per-second>
       <bytes-per-second-multiply> <remote-glob-list>

            Define  files  via  comma-seperated  <file-glob-list>  in   subdir
            matched  by  <subdir-glob>  under  <root-dir> that have restricted
            transfer throughput of <bytes-per-second>  on  download  when  the
            remote  hostname  or remote IP address matches the comma-seperated
            <remote-glob-list>.

            Entries are matched on a best-match basis.

            For example:
             throughput /e/ftp *    *      oo   -   *
             throughput /e/ftp /sw* *      1024 0.5 *
             throughput /e/ftp /sw* README oo   -   *
             throughput /e/ftp /sw* *      oo   -   *.foo.com

            This would set maximum throughput per default, but restrict  down-
            load  to 1024 bytes/s for any files under /e/ftp/sw/ which are not
            named README. The only exceptions are remote hosts from within the
            domain  foo.com  which always get maximum throughput. Every time a
            remote client has retrieved a file under /e/ftp/sw/ the bytes  per
            seconds  of  the matched entry line are internally multiplied by a
            factor, here 0.5. So when the remote client retrieves  its  second
            file  it  is served with 512 bytes/s, the third time with only 254
            bytes/s, the fourth time with only 128 bytes/s and so on.

            The string "oo" for the bytes per second field means no throughput
            restriction.  A  multiply  factor of 1.0 or "-" means no change of
            the throughput after every successful transfer.

            Note that the <root-dir> here must match the home directory speci-
            fied  in the password database for the "ftp" user.  The throughput
            keyword only applies to users who have a home directory (the argu-
            ment to the chroot() ) of <root-dir>.


       deny-uid <uid-range> [...]

       deny-gid <gid-range> [...]

       allow-uid <uid-range> [...]

       allow-gid <gid-range> [...]

            These clauses allow specification of UID and GID values which will
            be denied access to the ftp server.  The allow-uid  and  allow-gid
            clauses may be used to allow access for uid/gid which would other-
            wise be denied.  These checks occur before all  others.   Deny  is
            checked  before allow.  The default is to allow access.  Note that
            in most cases, this can  remove  the  need  for  an  /etc/ftpusers
            files.  For example:

              deny-gid %-99 %65535
              deny-uid %-99 %65535
              allow-gid ftp
              allow-uid ftp

            denies  ftp  access  to all privileged or special users and groups
            box except the anonymous 'ftp' user/group.  In  many  cases,  this
            can  eliminate  the  need for the /etc/ftpusers file.  support for
            that file still exists so it may be used when changing /etc/ftpac-
            cess is not desired.

            Throughout  the  ftpaccess  file, any place a single UID or GID is
            allowed, either names or numbers may be used.  To use numbers, put
            a  '%' before it.  In places where a range is allowed, put the '%'
            before the range.



Files

       FTPLIB/ftpaccess


See Also

       xftpd(8), umask(2), ftplog(5), ftpconversions(5), ftpshut(8)




                                                                  ftpaccess(5)

Mac OS X 10.6Server - Generated Thu Apr 15 07:12:13 CDT 2010
© manpagez.com 2000-2024
Individual documents may contain additional copyright information.