|
|
The following access capabilities are defined:
The home directory field of a guest user's entry in /etc/passwd is divided into two parts separated by ``/./''. The first part is the pathname of the directory which will become the guest group's root directory via a chroot call. This directory must be set up in exactly the same way as the root directory for anonymous FTP. The second part is the pathname of the guest user's home directory relative to the guest group's root directory.
For example, in /etc/passwd, the real entry is:
guest1:x:100:92:Guest Account:/home/guests/./guest1:/bin/trueWhen guest1 successfully logs in, the FTP server will chroot to /home/guests and then chdir to /guest1. The guest user will only be able to access the directory structure under /guest1 (which will look and act as / to guest1), just as an anonymous FTP user would. Note that for a guest login to succeed, the user's shell (/bin/true in this example) must be listed in /etc/shells.
day is one of Su, Mo, Tu, We, Th, Fr, Sa, Wk for any weekday (Mo through Fr), or Any for any day.
times defines a range of allowed times in 24-hour clock notation. For example, 0800-1230 represents the times of day from 8:00 A.M. to 12:30 P.M. If the time is not specified, any time of day is matched. Note that a time range that spans 0000 hours is permitted. For example, 0800-0600 means any time other than between 6:00 A.M. and 8:00 A.M.
Multiple day and times may be specified if separated by ``|''. For example, the entry ``Wk1700-0800|Sa|Su'' specifies 5:00 P.M. to 8:00 A.M., Monday through Friday, and any time on Saturday and Sunday.
The message_file can contain magic cookies. See ``Magic cookies'' for more information.
noretrieve /etc/passwd corespecifies no one will be able to get the file /etc/passwd whereas they will be allowed to transfer a file passwd if it is not in /etc. On the other hand no one will be able to get files named core wherever they are.
No globbing is done.
NOTE: For this option to work for anonymous FTP users, the group access file is loaded into memory. This means that the necessary passwords and access privileges granted to users via SITE GROUP will be static for the duration of an FTP session.
There can be magic cookies in the file specified by path. See ``Magic cookies'' for more information.
WARNING: This command can completely prevent non-compliant FTP clients from making use of the FTP server. Not all clients can handle multi-line responses (which is how the banner is displayed).
The optional class specification allows the message to be displayed only to members of a particular class. More than one class may be specified.
There can be magic cookies in the file specified by path. See ``Magic cookies'' for more information.
The message will only be displayed once to avoid annoying the user. Remember that when messages are triggered by an anonymous FTP user, path must be relative to the base of the anonymous FTP directory tree. For guest users, path must be relative to their root directory.
The optional class specification allows the message to be displayed only to members of a particular class. More than one class may be specified.
alias rfc: /pub/doc/rfcwould allow the user to access /pub/doc/rfc from any directory with the command cd rfc:. Aliases only apply to the cd command.
For example:
cdpath /pub/packages cdpath /.aliaseswould allow the user to cd into any directory directly under /pub/packages or /.aliases directories. The search path is defined by the order the lines appear in the ftpaccess file.
If the user were to give the command:
cd fooThe directory will be searched for in the following order:
The cdpath is only available with the cd command. If you have a large number of aliases you might want to set up an aliases directory with links to all of the areas you wish to make available to users.
where
All times are in the form:
ddd MMM DD hh:mm:ss YYYY
There can be only one shutdown command in the configuration file.
The external program ftpshut(1Mtcp) can be used to automate the process of generating this file.
To configure shutdowns for anonymous users, the file specified by path must exist relative to the base of the anonymous FTP directory tree. For guest users, path must exist relative to their root directory.
typelist is a comma-separated list of any of the keywords anonymous, guest and real.
path-filter anonymous /var/ftp/pathmsg ^[[:alnum:]-._]*$ ^[.-]specifies that all upload filenames for anonymous users must be made of only alphanumeric characters and ``._-'', and may not begin with a ``.'' or a ``-''. If the filename is invalid, /var/ftp/pathmsg will be displayed to the user.
For anonymous users, message_file must be specified relative to the base of the anonymous FTP directory tree. For guest users, message_file must be specified relative to their root directory.
The message_file can contain magic cookies. See ``Magic cookies'' for more information.
If uploads are permitted, all uploaded files will be owned by owner and group and will have their permissions set according to mode.
Directories are matched on a best-match basis. For example:
upload /home/ftp * no nodirs upload /home/ftp /incoming yes ftp daemon 0666 upload /home/ftp /incoming/gifs yes jlc guest 0600 nodirsThis would only allow uploads into /incoming and /incoming/gifs. Files that were uploaded to /incoming would be owned by ftp:daemon and would have permissions of 0666. File uploaded to /incoming/gifs would be owned by jlc:guest and have permissions of 0600.
The dirs and nodirs keywords can be specified to allow or disallow the creation or removal of subdirectories. The dirs keyword is assumed by default if neither dirs nor nodirs is specified. In the above example, creation and removal of directories would only be allowed in /incoming.