.\"
.\" Copyright (c) 1999,2000 WU-FTPD Development Group.
.\" All rights reserved.
.\"
.\" Portions Copyright (c) 1980, 1985, 1988, 1989, 1990, 1991, 1993, 1994
.\" The Regents of the University of California. Portions Copyright (c)
.\" 1993, 1994 Washington University in Saint Louis. Portions Copyright
.\" (c) 1996, 1998 Berkeley Software Design, Inc. Portions Copyright (c)
.\" 1998 Sendmail, Inc. Portions Copyright (c) 1983, 1995, 1996, 1997 Eric
.\" P. Allman. Portions Copyright (c) 1989 Massachusetts Institute of
.\" Technology. Portions Copyright (c) 1997 Stan Barber. Portions
.\" Copyright (C) 1991, 1992, 1993, 1994, 1995, 1996, 1997 Free Software
.\" Foundation, Inc. Portions Copyright (c) 1997 Kent Landfield.
.\"
.\" Use and distribution of this software and its source code are governed
.\" by the terms and conditions of the WU-FTPD Software License ("LICENSE").
.\"
.\" $Id: ftpaccess.5,v 1.24 2000/07/01 17:49:09 wuftpd Exp $
.\"
.TH ftpaccess 5
.SH Name
ftpaccess \- ftpd configuration file
.SH Description
The ftpaccess file is used to configure the operation of
.BR ftpd(8) .
.SH Access Capabilities
.TP 0.5i
.B autogroup [ ...]
If an ANONYMOUS user is a member of any of , the ftp server will
perform a setegid() to . This allows access to
group-and-owner-read-only files and directories to a particular class of
anonymous users. is a valid group from /etc/group (or wherever
mechanism your
.IR getgrent(2)
library routine uses).
.TP 0.5i
.B class [ ...]
Define of users, with source addresses of the form .
Multiple members of may be defined. There may be multiple "class"
commands listing additional members of the class. If multiple "class"
commands can apply to the current session, the first one listed in the
access file is used. Failing to define a valid class for a host will cause
access to be denied. is a comma-separated list of any of the
keywords "anonymous", "guest" and "real". If the "real" keyword is
included, the class can match users using FTP to access real accounts, and
if the "anonymous" keyword is included the class can match users using
anonymous FTP. The "guest" keyword matches guest access accounts (see
"guestgroup" for more information)
may be a globbed domain name or a globbed numeric address. It
may also be the name of a file, starting with a slash ('/'), which contains
additional address globs, as well as in the form address:netmask or
address/cidr.
Placing an exclamation (!) before an negates the test. For
example:
.nf
class rmtuser real !*.example.com
.fi
will classify real users from outside the example.com domain as the class
rmtuser. Use care with this option. Remember, the result of each test is
OR'ed with other tests on the line.
.TP 0.5i
.B deny
Always deny access to host(s) matching . is
displayed. may be "!nameserved" to deny access to sites without
a working nameserver. It may also be the name of a file, starting with a
slash ('/'), which contains additional address globs, as well as in the
form address:netmask or address/cidr.
.TP 0.5i
.B guestgroup [ ...]
.TP 0.5i
.B guestuser [ ...]
.TP 0.5i
.B realgroup [ ...]
.TP 0.5i
.B realuser [ ...]
For guestgroup, if a REAL user is a member of any of , the
session is set up exactly as with anonymous FTP. In other words, a
chroot() is done, and the user is no longer permitted to issue the USER and
PASS commands. is a valid group from /etc/group (or whatever
mechanism your
.IR getgrent(3)
library routine uses).
The user's home directory must be properly set up, exactly as anonymous FTP
would be. The home directory field of the passwd entry is divided into two
directories. The first field is the root directory which will be the
argument to the
.IR chroot(2)
call. The second half is the user's home directory relative to the root
directory. The two halves are separated by a "/./".
For example, in /etc/passwd, the real entry:
.nf
guest1::100:92:Guest Account:/ftp/./incoming:/etc/ftponly
.fi
When guest1 successfully logs in, the ftp server will
.BR chroot("/ftp")
and then
.BR chdir("/incoming") .
The guest user will only be able to access the directory structure under
.BR /ftp
(which will look and act as / to guest1), just as an anonymous FTP user would.
The group name may be specified by either name or numeric ID. To use a
numeric group ID, place a '%' before the number. Ranges may be given. Use
an asterisk to mean all groups.
guestuser works like guestgroup, except uses the user name (or numeric ID).
realuser and realgroup have the same syntax, but reverse the effect of
guestuser and guestgroup. They allow real user access when the remote user
would otherwise be determined a guest.
For example:
.nf
guestuser *
realgroup admin
.fi
causes all non-anonymous users to be treated as guest, with the sole
exception of users in the admin group who are granted real user access.
.TP 0.5i
.B nice []
Adjust the process nice value of the ftpd server process by the indicated
value if the remote user is a member of the named . If
is not specified, then use as the default adjustment
to the ftpd server process nice value. This default nice value adjustment
is used to adjust the nice value of the server process only for those users
who do not belong to any class for which a class-specific `nice' directive
exists in the ftpaccess file.
.TP 0.5i
.B defumask []
Set the umask applied to files created by daemon if the remote use is a
member of the named class. If is not specified, then use the umask
as the default for classes which do not have one specified.
.TP 0.5i
.B tcpwindow []
Set the TCP window size for the data connection. This can be used to
control network traffic. For instance, slow PPP dialin links may need
smaller TCP windows to speed up throughput. If you don't know what this
does, don't play with it.
.TP 0.5i
.B keepalive
Set the TCP SO_KEEPALIVE option for data sockets. This can be used to control
network disconnect. Yes: set it. No: use system default (usually off). You
probably want to set this.
.TP 0.5i
.B timeout accept
.TP 0.5i
.B timeout connect
.TP 0.5i
.B timeout data
.TP 0.5i
.B timeout idle
.TP 0.5i
.B timeout maxidle
.TP 0.5i
.B timeout RFC931
Set various timeouts.
Accept (default 120 seconds): how long the daemon will wait for an incoming
(PASV) data connection.
Connect (default 120 seconds): how long the daemon will wait attempting to
establish an outgoing (PORT) data connection. This effects the actual
connetion attempt. The daemon makes several attempts, sleeping a while
between each, before completely giving up.
Data (default 1200 seconds): how long the daemon will wait for some
activity on the data connection. You should keep this long because the
remote client may have a slow link and there can be quite a bit of data
queued for the client.
Idle (default 900 seconds): how long the daemon will wait for the next
command. The default can also be overridden by the command line -a option.
This access clause overrides both.
MaxIdle (default 1200 seconds): the SITE IDLE command allows the remote
client to establish a higher value for the idle timeout. This sets the
upper limit the client may request. The default can also be overridden by
the command line -A option. This access clause overrides both.
RFC931 (default 10 seconds): the maximum time the daemon allows for the
entire RFC931 (AUTH/ident) conversation. Setting this to zero (0)
completely disables the daemon's use of this protocol. The information
obtained via RFC931 is recorded in the system logs and not actually used in
any authentication.
.TP 0.5i
.B file-limit [] []
Limit the number of data files a user in the given class may transfer. The
limit may be placed on files in, out or total. If no class is specified,
the limit is the default for classes which do not have a limit specified.
The optional
.B raw
parameter applies the limit to the total traffic rather than just data
files.
.TP 0.5i
.B data-limit [] []
Limit the number of data bytes a user in the given class may transfer. The
limit may be place on bytes in, out or total. If no class is specified,
the limit is the default for classes which do not have a limit specified.
The optional
.B raw
parameter applies the limit to total traffic rather than just data files.
.TP 0.5i
.B limit-time {*|anonymous|guest}
Limit the total time a session can take. By default, there is no limit.
Real users are never limited.
.TP 0.5i
.B guestserver []
Controls which hosts may be used for anonymous or guest access. If used
without , denies all guest or anonymous access to this site.
More than one may be specified. Guest and anonymous access will
only be allowed on the named machines. If access is denied, the user will
be asked to use the first listed.
.TP 0.5i
.B limit
Limit to users at times , displaying if
the user is denied access. Limit check is performed at login time only.
If multiple "limit" commands can apply to the current session, the first
applicable one is used. Failing to define a valid limit, or a limit of -1,
is equivalent to unlimited. is in same format as the times in the
UUCP L.sys file.
.TP 0.5i
.B noretrieve [absolute|relative] [class=] ... [-] ...
Always deny retrieve-ability of these files. If the files are a path
specification (i.e. begins with '/' character) then only those files are marked
un-gettable, otherwise all files with matching the filename are refused
transfer. For example:
.nf
noretrieve /etc/passwd core
.fi
specifies no one will be able to get the file /etc/passwd whereas they will
be allowed to transfer a file `passwd' if it is not in /etc. On the other
hand no one will be able to get files named `core' wherever they are.
Directory specifications mark all files and sub-directories in the named
directory un-gettable. The may be specified as a file glob. For
example:
.nf
noretrieve /etc /home/*/.htaccess
.fi
specified no files in /etc or any of its sub-directories may be retrieved.
Also, no files named '.htaccess' anywhere under the /home directory may be
retrieved.
The optional first parameter selects whether names are intepreted as
absolute or relative to the current chroot'd environment. The default is
to intepret names beginning with a slash as absolute.
The noretrieve restrictions may be placed upon members of particular
classes. If any class= is specified the named files are only
non-retrievable if the current user is a member of any of the given
classes.
.TP 0.5i
.B allow-retrieve [absolute|relative] [class=]... [-] ...
Allows retrieval of files which would otherwise be denied by noretrieve.
.TP 0.5i
.B loginfails
After login failures, log a "repeated login failures" message and
terminate the FTP connection. Default value is 5.
.TP 0.5i
.B private
After user logs in, the SITE GROUP and SITE GPASS commands may be used to
specify an enhanced access group and associated password. If the group
name and password are valid, the user becomes (via setegid()) a member of
the group specified in the group access file /etc/ftpgroups.
The format of the group access file is:
.nf
access_group_name:encrypted_password:real_group_name
.fi
where access_group_name is an arbitrary (alphanumeric + punctuation)
string. encrypted_password is the password encrypted via
.IR crypt(3) ,
exactly like in
.BR /etc/passwd .
.B real_group_name
is the name of a valid group listed in
.BR /etc/group .
NOTE: For this option to work for anonymous FTP users, the ftp server must
keep
.B /etc/group
permanently open and the group access file is loaded into memory. This
means that (1) the ftp server now has an additional file descriptor open,
and (2) the necessary passwords and access privileges granted to users via
SITE GROUP will be static for the duration of an FTP session. If you have
an urgent need to change the access groups and/or passwords *NOW*, you just
kill all of the running FTP servers.
.SH Informational Capabilities
.TP 0.5i
.B greeting full|brief|terse
.TP 0.5i
.B greeting text
Allows you to control how much information is given out before the remote
user logs in. 'greeting full' is the default and shows the hostname and
daemon version. 'greeting brief' whose shows the hostname. 'greeting
terse' simply says "FTP server ready." Although full is the default, brief
is recommended.
The 'text' form allows you to specify any greeting message you desire.
can be any string; whitespace (spaces and tabs) is converted to a
single space.
.TP 0.5i
.B banner
Works similarly to the message command, except that the banner is displayed
before the user enters the username/password. The is relative to
the real system root, not the base of the anonymous FTP directory.
.B WARNING:
use of this command can completely prevent non-compliant FTP clients from
making use of the FTP server. Not all clients can handle multi-line
responses (which is how the banner is displayed).
.TP 0.5i
.B hostname
Defines the default host name of the ftp server. This string will be
printed on the greeting message and every time the %L magic cookie is used.
The host name for virtual servers overrides this value. If not specified,
the default host name for the local machine is used.
.TP 0.5i
.B email
Defines the email address of the ftp archive maintainer. This string will
be printed every time the %E magic cookie is used.
.TP 0.5i
.B message { { ...}}
Define a file with such that ftpd will display the contents of the
file to the user login time or upon using the change working directory
command. The parameter may be "LOGIN" or "CWD=". If is
"CWD=", specifies the new default directory which will trigger
the notification.
The optional specification allows the message to be displayed only
to members of a particular class. More than one class may be specified.
There can be "magic cookies" in the readme file which cause the ftp server
to replace the cookie with a specified text string:
.nf
%T local time (form Thu Nov 15 17:12:42 1990)
%F free space in partition of CWD (kbytes)
[not supported on all systems]
%C current working directory
%E the maintainer's email address as defined in ftpaccess
%R remote host name
%L local host name
%u username as determined via RFC931 authentication
%U username given at login time
%M maximum allowed number of users in this class
%N current number of users in this class
%B absolute limit on disk blocks allocated
%b preferred limit on disk blocks
%Q current block count
%I maximum number of allocated inodes (+1)
%i preferred inode limit
%q current number of allocated inodes
%H time limit for excessive disk use
%h time limit for excessive files
ratios:
%xu Uploaded bytes
%xd Downloaded bytes
%xR Upload/Download ratio (1:n)
%xc Credit bytes
%xT Time limit (minutes)
%xE Elapsed time since login (minutes)
%xL Time left
%xU Upload limit
%xD Download limit
.fi
The message will only be displayed once to avoid annoying the user.
Remember that when MESSAGEs are triggered by an anonymous FTP user, the
must be relative to the base of the anonymous FTP directory tree.
.TP 0.5i
.B readme { {}}
Define a file with such that ftpd will notify user at login time or
upon using the change working directory command that the file exists and
was modified on such-and-such date. The parameter may be "LOGIN" or
"CWD=". If is "CWD=", specifies the new default
directory which will trigger the notification. The message will only be
displayed once, to avoid bothering users. Remember that when README
messages are triggered by an anonymous FTP user, the must be
relative to the base of the anonymous FTP directory tree.
The optional specification allows the message to be displayed only
to members of a particular class. More than one class may be specified.
.SH Logging Capabilities
.TP 0.5i
.B log commands
Enables logging of individual commands by users. is a
comma-separated list of any of the keywords "anonymous", "guest" and
"real". If the "real" keyword is included, logging will be done for users
using FTP to access real accounts, and if the "anonymous" keyword is
included logging will done for users using anonymous FTP. The "guest"
keyword matches guest access accounts (see "guestgroup" for more
information).
.TP 0.5i
.B log transfers
Enables logging of file transfers for either real or anonymous FTP users.
Logging of transfers TO the server (incoming) can be enabled separately
from transfers FROM the server (outbound). is a comma-separated
list of any of the keywords "anonymous", "guest" and "real". If the "real"
keyword is included, logging will be done for users using FTP to access
real accounts, and if the "anonymous" keyword is included logging will done
for users using anonymous FTP. The "guest" keyword matches guest access
accounts (see "guestgroup" for more information). is a
comma-separated list of any of the two keywords "inbound" and "outbound",
and will respectively cause transfers to be logged for files sent to the
server and sent from the server.
.TP 0.5i
.B log security
Enables logging of violations of security rules (noretrieve, .notar, ...)
for real, guest and/or anonymous users. is a comma-separated
list of any of the keywords "anonymous", "guest" and "real". If the "real"
keyword is included, logging will be done for users using FTP to access
real accounts, and if the "anonymous" keyword is included logging will done
for users using anonymous FTP. The "guest" keyword matches guest access
accounts (see "guestgroup" for more information).
.TP 0.5i
.B log syslog
.TP 0.5i
.B log syslog+xferlog
Redirects the logging messages for incoming and outgoing transfers to
syslog. Without this option the messages are written to xferlog.
syslog+xferlog sends the transfer log messages to both the system log and
the xferlog.
.SH Upload/Download ratios
In order for any of these commands to work, you must compile WU-FTPD with
--enable-ratios.
.TP 0.5i
.B ul-dl-rate [ ...]
Specify Upload/Download ratio (1:rate).
When ftp user uploaded 1 bytes, (s)he can take bytes.
By default, there is no ratio.
.TP 0.5i
.B dl-free [ ...]
The file can be downloaded freely (=ignoring the ratio)
.TP 0.5i
.B dl-free-dir [ ...]
All files in the directory and its subdirectories can be
downloaded freely (=ignoring the ratio)
Note that both dl-free and dl-free-dir are relative to the system's
root, not the chroot environment.
.SH Miscellaneous Capabilities
.TP 0.5i
.B alias
Defines an alias, , for a directory. Can be used to add the
concept of logical directories.
For example:
.nf
alias rfc: /pub/doc/rfc
.fi
would allow the user to access /pub/doc/rfc from any directory by the
command "cd rfc:". Aliases only apply to the cd command.
.TP 0.5i
.B cdpath
Defines an entry in the cdpath. This defines a search path that is used
when changing directories.
For example:
.nf
cdpath /pub/packages
cdpath /.aliases
.fi
would allow the user to cd into any directory directly under /pub/packages
or /.aliases directories. The search path is defined by the order the lines
appear in the ftpaccess file.
If the user were to give the command:
.nf
cd foo
.fi
the directory will be searched for in the following order:
.nf
./foo
an alias called "foo"
/pub/packages/foo
/.aliases/foo
.fi
The cd path is only available with the cd command. If you have a large
number of aliases you might want to set up an aliases directory with links
to all of the areas you wish to make available to users.
.TP 0.5i
.B compress [ ...]
.TP 0.5i
.B tar [ ...]
Enables compress or tar capabilities for any class matching any of
. The actual conversions are defined in the external file
FTPLIB/ftpconversions.
.TP 0.5i
.B shutdown
If the file pointed to by exists, the server will check the file
regularly to see if the server is going to be shut down. If a shutdown is
planned, the user is notified, new connections are denied after a specified
time before shutdown and current connections are dropped at a specified
time before shutdown. points to a file structured as follows:
.nf
.fi
where
.nf
is any year > 1970
0-11 <---- LOOK!
0-23
0-59
.fi
and are the offsets in HHMM format
before the shutdown time that new connections will be denied and existing
connections will be disconnected.
follows the normal rules for any message (see "message"), with the
following additional magic cookies available:
.nf
%s time system is going to shut down
%r time new connections will be denied
%d time current connections will be dropped
.fi
all times are in the form: ddd MMM DD hh:mm:ss YYYY. There can be only one
"shutdown" command in the configuration file.
The external program ftpshut(8) can be used to automate the process of
generating this file.
.TP 0.5i
.B daemonaddress
If the value is not set, then the server will listen for connections on
every IP addresses, otherwise it will only listen on the IP address
specified.
Use of this clause is discouraged. It was added to support a single site's
needs. It will completely break virtual hosting and the syntax is likely
to change in a future version of the daemon.
.TP 0.5i
.B virtual
Enables the virtual ftp server capabilities. The is the ip
address of the virtual server. The second argument specifies that the
is either the path to the
.B root
of the filesystem for this virtual server, the
.B banner
presented to the user when connecting to this virtual server, or the
.B logfile
where transfers are recorded for this virtual server. If the
.B logfile
is not specified the default logfile will be used. All other message
files and permissions as well as any other settings in this file apply to
all virtual servers.
NOTE: Your operating system may not support this feature. It has been
tested on BSD/OS, Solaris 2.X and Linux.
The may also be specified as the hostname rather than the IP
number. This is strongly discouraged since, if DNS is not available at the
time the FTP session begins, the hostname will not be matched.
.TP 0.5i
.B virtual
Sets the hostname shown in the greeting message and STATus command, or the
email address used in message files and on the HELP command, to the given
.
.TP 0.5i
.B virtual allow [ ...]
.TP 0.5i
.B virtual deny [ ...]
Normally, real and guest users are not allowed to log in on the vitual
server unless they are guests and chroot'd to the virtual root. The users
listed on the virtual allow line(s) will be granted access. All users can
be granted access by giving '*' as the username. The virtual deny clauses
are processed after the virtual allow clauses and are used to deny access
to specific users when all users were allowed.
.TP 0.5i
.B virtual private
Normally, anonymous users are allowed to log in on the virtual server.
This option denies them access.
.TP 0.5i
.B virtual passwd
Use a different passwd file for the virtual domain. The daemon needs to be
compiled with --enable-passwd (or OTHER_PASSWD) for this option to work.
.TP 0.5i
.B virtual shadow
Use a different shadow file for this virtual domain. The daemon needs to be
compiled with --enable-passwd (or OTHER_PASSWD) for this option to work.
.TP 0.5i
.B defaultserver deny [ ...]
.TP 0.5i
.B defaultserver allow [ ...]
Normally, all users are allowed access to the default (non-virtual) FTP
server. Use defaultserver deny to revoke access for specific users;
specify '*' to deny access to all users. Specific users can then be
allowed using defaultserver allow.
.TP 0.5i
.B defaultserver private
Normally, anonymous users are allowed on the default (non-virtual) FTP
server. This statement disallows anonymous access.
The virtual and defaultserver allow, deny and private clauses provide a
means to control which users are allowed access on which FTP servers.
.TP 0.5i
.B passive address
Allows control of the address reported in response to a PASV command. When
any control connection matching the
.B
requests a passive data connection (PASV), the
.B
address is reported. NOTE: this does not change the address the daemone
actually listens on, only the address reported to the client. This feature
allows the daemon to operate correctly behind IP-renumbering firewalls.
For example:
.nf
passive address 10.0.1.15 10.0.0.0/8
passive address 192.168.1.5 0.0.0.0/0
.fi
Clients connecting from the class-A network 10 will be told the passive
connection is listening on IP-address 10.0.1.15 while all others will be
told the connection is listening on 192.168.1.5
Multiple passive addresses may be specified to handle complex, or
multi-gatewayed, networks.
.TP 0.5i
.B passive ports
Allows control of the TCP port numbers which may be used for a passive data
connection. If the control connection matches the
.B
a port in the range
.B
to
.B
will be randomly selected for the daemon to listen on. This feature allows
firewalls to limit the ports which remote clients may use to connect into
the protected network.
.B
is shorthand for an IP address in dotted-quad notation followed by a slash
and the number of left-most bits which represent the network address (as
opposed to the machine address). For example, if you're using the reserved
class-A network 10, instead of a netmask of 255.0.0.0 use a CIDR of /8 as
in 10.0.0.0/8 to represent your network.
.TP 0.5i
.B pasv-allow [ ...]
.TP 0.5i
.B port-allow [ ...]
Normally, the daemon does not allow a PORT command to specify an address
different than that of the control connection. And it does not allow a
PASV connection from another address.
The port-allow clause provides a list of addresses which the specified
class of user may give on a PORT command. These addresses will be allowed
even if they do not match the IP-address of the client-side of the control
connection.
The pasv-allow clause provides a list of addresses which the specified
class of user may make data connections from. These addresses will be
allowed even if they do not match the IP-address of the client-side of the
control connection.
.TP 0.5i
.B lslong [ ...]
.TP 0.5i
.B lsshort [ ...]
.TP 0.5i
.B lsplain [ ...]
The lslong, lsshort and lsplain clauses allow specification of the command
and options used to generate directory listings. Note the options cannot
contain spaces and the defaults for these clauses are generally correct;
use lslong, lsshort or lsplain only if absolutely necessary.
.TP 0.5i
.B mailserver
Specify the name of a mail server which will accept upload notifications
for the FTP daemon. Multiple mail servers may be listed; the daemon will
attempt to deliver the upload notification to each, in order, until one
accepts the message. If no mail servers are specified, localhost is used.
This option is only meaningful if anyone is to be notified of anonymous
uploads (see incmail).
.TP 0.5i
.B incmail
.TP 0.5i
.B virtual incmail
.TP 0.5i
.B defaultserver incmail
Specify email addresses to be notified of anonymous uploads. Mutltiple
addresses can be specified; each will receive a notification. If none are
specified, no notifications are sent.
If addresses are specified for a virtual host, only those addresses will
receive notification up anonymous uploads on that host. Otherwise,
notifications will be sent to the global addresses.
Defaultserver addresses only apply when the FTP session is not using one of
the virtual hosts. In this way, you can receive notifications for your
default anonymous area, but not see notifications to virtual hosts which do
not have their own notifications.
.TP 0.5i
.B mailfrom
.TP 0.5i
.B virtual mailfrom
.TP 0.5i
.B defaultserver mailfrom
Specify the sender's email address for anonymous upload notifications.
One one address may be specified. If no mailfrom applies, email is sent
from the default mailbox name 'wu-ftpd'. To avoid problems if the
recipient attempts to reply to a notification, or if downstream mail
problems generate bounces, you should ensure the mailfrom address is
deliverable.
.SH Permission Capabilities
.TP 0.5i
.B chmod
.TP 0.5i
.B delete
.TP 0.5i
.B overwrite
.TP 0.5i
.B rename
.TP 0.5i
.B umask
Allows or disallows the ability to perform the specified function. By
default, all users are allowed.
is a comma-separated list of any of the keywords "anonymous",
"guest", "real" and "class=". When "class=" appears, it must be followed
by a classname. If any class= appears, the restriction applies
only to users in that class.
.TP 0.5i
.B passwd-check ()
Define the level and enforcement of password checking done by the server
for anonymous ftp.
.nf
none no password checking performed.
trivial password must contain an '@'.
rfc822 password must be an rfc822 compliant address.
warn warn the user, but allow them to log in.
enforce warn the user, and then log them out.
.fi
.TP 0.5i
.B deny-email
Consider the e-mail address given as an argument as invalid. If
passwd-check is set to enforce, anonymous users giving this address as
password cannot log in. That way, you can stop users from having stupid
WWW browsers use fake addresses like IE?0User@ or mozilla@. (by using this,
you are not shutting out users using a WWW browser for ftp - you just make
them configure their browser correctly.) Only one address per line, but you
can have as many deny-email addresses as you like.
.TP 0.5i
.B path-filter { ...}
For users in , path-filter defines regular expressions that
control what a filename can or can not be. There may be multiple
disallowed regexps. If a filename is invalid due to failure to match the
regexp criteria, will be displayed to the user. For example:
.nf
path-filter anonymous /etc/pathmsg ^[-A-Za-z0-9\._]*$ ^\\\. ^-
.fi
specifies that all upload filenames for anonymous users must be made of
only the characters A-Z, a-z, 0-9, and "._-" and may not begin with a "."
or a "-". If the filename is invalid, /etc/pathmsg will be displayed to
the user.
.TP 0.5i
.B upload [absolute|relative] [class=]... [-] ["dirs"|"nodirs"] []
Define a directory with that permits or denies uploads.
If it does permit uploads, all newly created files will be owned by
and and will have their permissions set according to ,
existing files which are overwritten will keep their original ownership and
permissions.
Directories are matched on a best-match basis.
For example:
.nf
upload /var/ftp * no
upload /var/ftp /incoming yes ftp daemon 0666
upload /var/ftp /incoming/gifs yes jlc guest 0600 nodirs
.fi
would only allow uploads into /incoming and /incoming/gifs. Files that
were uploaded to /incoming would be owned by ftp/daemon and would have
permissions of 0666. File uploaded to /incoming/gifs would be owned by
jlc/guest and have permissions of 0600. Note that the here must
match the home directory specified in the password database for the "ftp"
user.
The optional "dirs" and "nodirs" keywords can be specified to allow or
disallow the creation of new subdirectories using the mkdir command.
Note that if the upload command is used, directory creation is allowed by
default. To turn it off by default, you must specify a user, group and mode
followed by the "nodirs" keyword as the first line where the upload command
is used in this file.
If directories are permitted, the optional determines the
permissions for a newly created directory. If is omitted, the
permissions are inferred from or are 0777 if is also omitted.
The upload keyword only applies to users who have a home directory (the
argument to the chroot() ) of . may be specified as
"*" to match any home directory.
The and/or