illumos-gate Old usr/src/man/man4/ftpaccess.4

   1 '\" te
   2 .\" Copyright (C) 2003, Sun Microsystems, Inc. All Rights Reserved
   3 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
   4 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
   5 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
   6 .TH FTPACCESS 4 "Sep 10, 2003"
   7 .SH NAME
   8 ftpaccess \- FTP Server configuration file
   9 .SH SYNOPSIS
  10 .LP
  11 .nf
  12 \fB/etc/ftpd/ftpaccess\fR
  13 .fi
  14 
  15 .SH DESCRIPTION
  16 .sp
  17 .LP
  18 The \fBftpaccess\fR file is used to configure the operation of the FTP Server.
  19 .SS "Access Capabilities "
  20 .sp
  21 .LP
  22 The following access capabilities are supported:
  23 .sp
  24 .ne 2
  25 .na
  26 \fB\fBautogroup\fR \fIgroupname\fR \fIclass\fR \fIclass\fR...\fR
  27 .ad
  28 .sp .6
  29 .RS 4n
  30 If an \fIanonymous\fR user is a member of any of \fIclass\fR, the FTP Server
  31 will perform a \fBsetegid\fR(2) to \fIgroupname\fR. This allows access to group
  32 and owner read-only files and directories to a particular class of anonymous
  33 users. \fIgroupname\fR is a valid group returned by \fBgetgrnam\fR(3C).
  34 .RE
  35 
  36 .sp
  37 .ne 2
  38 .na
  39 \fB\fBclass\fR \fIclass\fR \fItypelist\fR \fIaddrglob\fR\fIaddrglob\fR...\fR
  40 .ad
  41 .sp .6
  42 .RS 4n
  43 Define \fIclass\fR of users, with source addresses of the form \fIaddrglob\fR.
  44 Multiple members of \fIclass\fR may be defined. There may be multiple
  45 \fBclass\fR commands listing additional members of the class. If multiple
  46 \fBclass\fR commands can apply to the current session, the first one listed in
  47 the access file is used. If a valid class for a host is not defined, access
  48 will be denied. \fItypelist\fR is a comma-separated list of any of the keywords
  49 \fBanonymous\fR, \fBguest\fR, and \fBreal\fR. If the \fBreal\fR keyword is
  50 included, the class can match users using FTP to access real accounts. If the
  51 \fBanonymous\fR keyword is included the class can match users using anonymous
  52 FTP. The \fBguest\fR keyword matches guest access accounts.
  53 .sp
  54 \fIaddrglob\fR may be a globbed domain name or a globbed numeric IPv4 address.
  55 It may also be the name of a file, starting with a slash ('/'), which contains
  56 additional address globs. IPv4 numeric addresses may also be specified in the
  57 form \fBaddress:netmask\fR or \fBaddress/CIDR\fR. IPv6 numeric addresses can
  58 only be specified with an optional \fBCIDR\fR, not using globs or netmasks.
  59 .sp
  60 Placing an exclamation (!) before an \fIaddrglob\fR negates the test. For
  61 example,
  62 .sp
  63 .in +2
  64 .nf
  65 class rmtuser real !*.example.com
  66 .fi
  67 .in -2
  68 
  69 will classify real users from outside the \fBexample.com\fR domain as the class
  70 \fBrmtuser\fR. Use care with this option. Remember, the result of each test is
  71 OR'ed with other tests on the line.
  72 .RE
  73 
  74 .sp
  75 .ne 2
  76 .na
  77 \fB\fBdeny\fR \fIaddrglob\fR [\fImessage_file\fR]\fR
  78 .ad
  79 .sp .6
  80 .RS 4n
  81 Deny access to host(s) that match \fIaddrglob\fR and display
  82 \fImessage_file\fR. If the value of \fIaddrglob\fR is \fB!nameserved\fR access
  83 to sites without a working nameservers is denied. \fImessage_file\fR may
  84 contain magic cookies. See \fBmessage\fR for more details.
  85 .RE
  86 
  87 .sp
  88 .ne 2
  89 .na
  90 \fB\fBguestgroup\fR \fIgroupname\fR \fIgroupname\fR...\fR
  91 .ad
  92 .br
  93 .na
  94 \fB\fBguestuser\fR \fIusername\fR \fIusername\fR...\fR
  95 .ad
  96 .br
  97 .na
  98 \fB\fBrealgroup\fR \fIgroupname\fR \fIgroupname\fR...\fR
  99 .ad
 100 .br
 101 .na
 102 \fB\fBrealuser\fR \fIusername\fR \fIusername\fR...\fR
 103 .ad
 104 .sp .6
 105 .RS 4n
 106 For \fBguestgroup\fR, if a \fIreal\fR user is a member of any \fIgroupname\fR,
 107 the session is set up like anonymous FTP. \fIgroupname\fR is a valid group
 108 returned by \fBgetgrnam\fR(3C). The user's home directory must be set up
 109 exactly as anonymous FTP would be. The home directory field of the passwd entry
 110 is divided into two directories. The first field is the root directory that
 111 will be the argument to the \fBchroot\fR(2) call. The second field is the
 112 user's home directory, relative to the root directory. Use a "\fB/./\fR" to
 113 separate the two fields. For example, the following is the real entry in
 114 \fB/etc/passwd\fR:
 115 .sp
 116 .in +2
 117 .nf
 118 guest1:x:100:92:Guest FTP:/export/home/guests/./guest1:/bin/true
 119 .fi
 120 .in -2
 121 
 122 When guest1 successfully logs in, the FTP Server will \fBchroot()\fR to
 123 \fB/export/home/guests\fR and then \fBchdir\fR(2) to \fB/guest1\fR. The guest
 124 user will only be able to access the directory structure under
 125 \fB/export/home/guests\fR, which will look and act as \fB/\fR to \fBguest1\fR,
 126 just as an anonymous FTP user would. The d option to \fBftpconfig\fR(1M) is
 127 useful when creating guest FTP user accounts. The group name may be specified
 128 by either name or numeric ID. To use a numeric group ID, place a percent sign
 129 (\fB%\fR) before the number. You can give ranges. Use an asterisk to indicate
 130 all groups. \fBguestuser\fR works like \fBguestgroup\fR, except that it uses
 131 the user name or numeric ID. \fBrealuser\fR and \fBrealgroup\fR have the same
 132 syntax, but they reverse the effect of \fBguestuser\fR and \fBguestgroup\fR.
 133 They allow real user access when the remote user would otherwise be determined
 134 a guest.
 135 .sp
 136 .in +2
 137 .nf
 138 guestuser *
 139 realgroup admin
 140 .fi
 141 .in -2
 142 
 143 causes all non-anonymous users to be treated as guest, with the sole exception
 144 of users in the \fBadmin\fR group, who are granted real user access.
 145 .RE
 146 
 147 .sp
 148 .ne 2
 149 .na
 150 \fB\fBnice\fR \fInice-delta\fR \fIclass\fR\fR
 151 .ad
 152 .sp .6
 153 .RS 4n
 154 Adjust the process \fBnice\fR value of the FTP server process by the indicated
 155 \fInice-delta\fR value if the remote user is a member of the named \fIclass\fR.
 156 If \fIclass\fR is not specified, then use \fInice-delta\fR as the default
 157 adjustment to the FTP server process \fBnice\fR value. This default \fBnice\fR
 158 value adjustment is used to adjust the \fBnice\fR value of the server process
 159 only for those users who do not belong to any class for which a class-specific
 160 \fBnice\fR directive exists in the \fBftpaccess\fR file.
 161 .RE
 162 
 163 .sp
 164 .ne 2
 165 .na
 166 \fB\fBdefumask\fR \fIumask\fR \fIclass\fR\fR
 167 .ad
 168 .sp .6
 169 .RS 4n
 170 Set the \fIumask\fR applied to files created by the FTP server if the remote
 171 user is a member of the named class. If \fIclass\fR is not specified, then use
 172 the \fIumask\fR as the default for classes that do not have one specified.. The
 173 mode of files created may be specified by using the \fBupload\fR directive.
 174 .RE
 175 
 176 .sp
 177 .ne 2
 178 .na
 179 \fB\fBtcpwindow\fR \fIsize\fR class\fR
 180 .ad
 181 .sp .6
 182 .RS 4n
 183 Set the TCP window size (socket buffer size) for the data connection. Use this
 184 to control network traffic. For instance, slow PPP dialin links may need
 185 smaller TCP windows to speed up throughput. If you do not know what this does,
 186 do not set it.
 187 .RE
 188 
 189 .sp
 190 .ne 2
 191 .na
 192 \fB\fBipcos\fR control|data \fIvalue\fR [\fItypelist\fR]\fR
 193 .ad
 194 .sp .6
 195 .RS 4n
 196 Set the IP Class of Service for either the control or data connection.
 197 .sp
 198 For connections using \fBAF_INET\fR type sockets, this sets the Type of Service
 199 field in the IP header to the value specified.
 200 .sp
 201 For connections using \fBAF_INET6\fR type sockets, this sets the Traffic Class
 202 field in the IP header to the value specified.
 203 .sp
 204 When configured through \fBinetd.conf\fR(4), the socket type is controlled by
 205 the protocol field of the \fBftp\fR service. When running in standalone mode
 206 the default socket type is \fBAF_INET6\fR. The \fBin.ftpd\fR(1M) 4 option
 207 selects \fBAF_INET\fR.
 208 .sp
 209 \fItypelist\fR is a comma-separated list of any of the keywords
 210 \fBanonymous\fR, \fBguest\fR, \fBreal\fR, and \fBclass=\fR. When \fBclass=\fR
 211 appears, it must be followed by a class name.
 212 .RE
 213 
 214 .sp
 215 .ne 2
 216 .na
 217 \fB\fBkeepalive\fR \fByes\fR|\fBno\fR\fR
 218 .ad
 219 .sp .6
 220 .RS 4n
 221 Set the TCP \fBSO_KEEPALIVE\fR option for control and data sockets. This can be
 222 used to control network disconnect. If \fByes\fR, then set it. If \fBno\fR,
 223 then use the system default (usually off). You probably want to set this.
 224 .RE
 225 
 226 .sp
 227 .ne 2
 228 .na
 229 \fB\fBtimeout accept\fR \fIseconds\fR\fR
 230 .ad
 231 .br
 232 .na
 233 \fB\fBtimeout connect\fR \fIseconds\fR\fR
 234 .ad
 235 .br
 236 .na
 237 \fB\fBtimeout data\fR \fIseconds\fR\fR
 238 .ad
 239 .br
 240 .na
 241 \fB\fBtimeout idle\fR \fIseconds\fR \fR
 242 .ad
 243 .br
 244 .na
 245 \fB\fBtimeout maxidle\fR \fIseconds\fR\fR
 246 .ad
 247 .br
 248 .na
 249 \fB\fBtimeout RFC931\fR \fIseconds\fR\fR
 250 .ad
 251 .sp .6
 252 .RS 4n
 253 Set various timeout conditions.
 254 .sp
 255 .ne 2
 256 .na
 257 \fB\fBaccept\fR\fR
 258 .ad
 259 .RS 11n
 260 How long the FTP Server will wait for an incoming (PASV) data connection. The
 261 default is 120 seconds.
 262 .RE
 263 
 264 .sp
 265 .ne 2
 266 .na
 267 \fB\fBconnect\fR\fR
 268 .ad
 269 .RS 11n
 270 How long the FTP Server will wait attempting to establish an outgoing (PORT)
 271 data connection. This effects the actual connection attempt. The daemon makes
 272 several attempts, sleeping between each attempt, before giving up. The default
 273 is 120 seconds.
 274 .RE
 275 
 276 .sp
 277 .ne 2
 278 .na
 279 \fB\fBdata\fR\fR
 280 .ad
 281 .RS 11n
 282 How long the FTP Server will wait for some activity on the data connection. You
 283 should keep this long because the remote client may have a slow link, and there
 284 can be quite a bit of data queued for the client. The default is 1200 seconds.
 285 .RE
 286 
 287 .sp
 288 .ne 2
 289 .na
 290 \fB\fBidle\fR\fR
 291 .ad
 292 .RS 11n
 293 How long the FTP Server will wait for the next command. The default is 900
 294 seconds. The default can also be overridden by using the t option at the
 295 command-line. This access clause overrides both.
 296 .RE
 297 
 298 .sp
 299 .ne 2
 300 .na
 301 \fB\fBmaxidle\fR\fR
 302 .ad
 303 .RS 11n
 304 The \fBSITE IDLE\fR command allows the remote client to establish a higher
 305 value for the idle timeout. The \fBmaxidle\fR clause sets the upper limit that
 306 the client may request. The default can also be overridden by using the T
 307 option at the command-line. This access clause overrides both. The default is
 308 7200 seconds.
 309 .RE
 310 
 311 .sp
 312 .ne 2
 313 .na
 314 \fB\fBRFC931\fR\fR
 315 .ad
 316 .RS 11n
 317 The maximum time the FTP server allows for the entire \fBRFC931\fR (AUTH/ident)
 318 conversation. Setting this to zero (0) disables the server's use of this
 319 protocol. The information obtained by means of \fBRFC931\fR is recorded in the
 320 system logs and is not actually used in any authentication. The default is 10
 321 seconds.
 322 .RE
 323 
 324 .RE
 325 
 326 .sp
 327 .ne 2
 328 .na
 329 \fB\fBfile-limit\fR \fIraw\fR \fIin\fR|\fIout\fR|\fItotal\fR \fIcount\fR
 330 \fIclass\fR\fR
 331 .ad
 332 .sp .6
 333 .RS 4n
 334 Limit the number of data files a user in the given class may transfer. The
 335 limit may be placed on files \fIin\fR, \fIout\fR, or \fItotal\fR. If no class
 336 is specified, the limit is the default for classes which do not have a limit
 337 specified. The optional parameter \fIraw\fR applies the limit to the total
 338 traffic rather than just data files.
 339 .RE
 340 
 341 .sp
 342 .ne 2
 343 .na
 344 \fB\fBdata-limit\fR [\fIraw\fR] \fIin\fR|\fIout\fR|\fItotal\fR \fIcount\fR
 345 [\fIclass\fR]\fR
 346 .ad
 347 .sp .6
 348 .RS 4n
 349 Limit the number of data bytes a user in the given class may transfer. The
 350 limit may be placed on bytes \fIin\fR, \fIout\fR, or \fItotal\fR. If no class
 351 is specified, the limit is the default for classes which do not have a limit
 352 specified. Note that once it has been exceeded, this limit will prevent
 353 transfers, but it will not terminate a transfer in progress. The optional
 354 parameter \fIraw\fR applies the limit to total traffic rather than just data
 355 files.
 356 .RE
 357 
 358 .sp
 359 .ne 2
 360 .na
 361 \fB\fBlimit-time\fR \fI*\fR|\fIanonymous\fR|\fIguest\fR \fIminutes\fR\fR
 362 .ad
 363 .sp .6
 364 .RS 4n
 365 Limit the total time a session can take. By default, there is no limit. Real
 366 users are never limited.
 367 .RE
 368 
 369 .sp
 370 .ne 2
 371 .na
 372 \fB\fBguestserver\fR [\fIhostname\fR...]\fR
 373 .ad
 374 .sp .6
 375 .RS 4n
 376 Control which hosts may be used for anonymous access. If used without
 377 \fIhostname\fR, all anonymous access is denied to this site. More than one
 378 \fIhostname\fR may be specified. Anonymous access will only be allowed on the
 379 named machines. If access is denied, the user will be asked to use the first
 380 \fIhostname\fR listed.
 381 .RE
 382 
 383 .sp
 384 .ne 2
 385 .na
 386 \fB\fBlimit\fR \fIclass\fR \fIn\fR \fItimes\fR [\fImessage_file\fR]\fR
 387 .ad
 388 .sp .6
 389 .RS 4n
 390 Limit \fIclass\fR to \fIn\fR users at times \fItimes\fR, displaying
 391 \fImessage_file\fR if the user is denied access. A \fBlimit\fR check is
 392 performed at login time only. If multiple \fBlimit\fR commands can apply to the
 393 current session, the first applicable one is used. Failing to define a valid
 394 limit, or a limit of -1, is equivalent to no limits. The format of \fItimes\fR
 395 is\(cd:
 396 .sp
 397 .in +2
 398 .nf
 399 \fIday\fR[\fIday\fR...][\fItime-range\fR][|\fIday\fR[\fIday\fR...][\fItime-range\fR]]...
 400 .fi
 401 .in -2
 402 
 403 The value of \fIday\fR can be \fBSu\fR, \fBMo\fR, \fBTu\fR, \fBWe\fR, \fBTh\fR,
 404 \fBFr\fR, \fBSa\fR, \fBWk\fR (for any weekday Monday through Friday), or
 405 \fBAny\fR. \fItime-range\fR is in 24-hour clock notation. If a time range is
 406 not specified, any time of the day is matched. Multiple \fIday\fR and
 407 \fItime-range\fR may be specified by the "|" symbol. For example,
 408 \fBWk1730-0900|Sa|Su\fR specifies 5:30 p.m. to 9:00 a.m., Monday through
 409 Friday, and anytime on weekends. \fImessage_file\fR may contain magic cookies.
 410 See \fBmessage\fR for more details.
 411 .RE
 412 
 413 .sp
 414 .ne 2
 415 .na
 416 \fB\fBnoretrieve\fR [\fBabsolute\fR|\fBrelative\fR]\fR
 417 .ad
 418 .br
 419 .na
 420 \fB[\fBclass=\fR\fIclassname\fR...][-] \fIfilename\fR [\fIfilename\fR...]\fR
 421 .ad
 422 .sp .6
 423 .RS 4n
 424 Always deny retrievability of these files. If \fIfilename\fR specifies a
 425 pathname that begins with '/' character, then only those files are marked no
 426 retrieve. Otherwise all files that match the \fIfilename\fR are refused
 427 transfer. For example, \fBnoretrieve /etc/passwd core \fR specifies no one will
 428 be able to retrieve the \fB/etc/passwd\fR file. You will be allowed to transfer
 429 any file named \fBpasswd\fR that is not in \fB/etc\fR.
 430 .sp
 431 On the other hand, no one will be able to get files named \fBcore\fR, wherever
 432 they are. Directory specifications mark all files and subdirectories in the
 433 named directory unretrievable. The \fIfilename\fR may be specified as a file
 434 glob. For example,
 435 .sp
 436 .in +2
 437 .nf
 438 noretrieve /etc /home/*/.htaccess
 439 .fi
 440 .in -2
 441 
 442 specifies that no files in \fB/etc\fR or any of its subdirectories may be
 443 retrieved. Also, no files named \fB\&.htaccess\fR anywhere under the
 444 \fB/home\fR directory may be retrieved. The optional first parameter selects
 445 whether names are interpreted as absolute or relative to the current chroot'd
 446 environment. The default is to interpret names beginning with a slash as
 447 absolute. The \fBnoretrieve\fR restrictions may be placed upon members of
 448 particular classes. If any \fBclass=\fR is specified, the named files cannot be
 449 retrieved only if the current user is a member of one of the given classes.
 450 .RE
 451 
 452 .sp
 453 .ne 2
 454 .na
 455 \fB\fBallow-retrieve\fR [\fBabsolute\fR|\fBrelative\fR]\fR
 456 .ad
 457 .br
 458 .na
 459 \fB[\fBclass=\fR\fIclassname\fR...][-] \fIfilename\fR [\fIfilename\fR...]\fR
 460 .ad
 461 .sp .6
 462 .RS 4n
 463 Allows retrieval of files which would otherwise be denied by noretrieve.
 464 .RE
 465 
 466 .sp
 467 .ne 2
 468 .na
 469 \fB\fBloginfails\fR \fInumber\fR\fR
 470 .ad
 471 .sp .6
 472 .RS 4n
 473 After \fInumber\fR login failures, log a "repeated login failures" message and
 474 terminate the FTP connection. The default value for \fInumber\fR is 5.
 475 .RE
 476 
 477 .sp
 478 .ne 2
 479 .na
 480 \fB\fBprivate\fR \fByes\fR | \fBno\fR\fR
 481 .ad
 482 .sp .6
 483 .RS 4n
 484 Allow or deny use of the \fBSITE GROUP\fR and \fBSITE GPASS\fR commands after
 485 the user logs in. The \fBSITE GROUP\fR and \fBSITE GPASS\fR commands specify an
 486 enhanced access group and associated password. If the group name and password
 487 are valid, the user becomes a member of the group specified in the group access
 488 file \fB/etc/ftpd/ftpgroups\fR by means of \fBsetegid\fR(2). See
 489 \fBftpgroups\fR(4) for the format of the file. For this option to work for
 490 anonymous FTP users, the  FTP Server must keep \fB/etc/group\fR permanently
 491 open and load the group access file into memory. This means that the FTP Server
 492 now has an additional file descriptor open, and the necessary passwords and
 493 access privileges granted to users by means of \fBSITE GROUP\fR will be static
 494 for the duration of an FTP session. If you have an urgent need to change the
 495 access groups or passwords now, you have to kill all of the running FTP
 496 Servers.
 497 .RE
 498 
 499 .SS "Informational Capabilities"
 500 .sp
 501 .LP
 502 The following informational capabilities are supported:
 503 .sp
 504 .ne 2
 505 .na
 506 \fB\fBgreeting\fR \fBfull\fR|\fBbrief\fR|\fBterse\fR\fR
 507 .ad
 508 .br
 509 .na
 510 \fB\fBgreeting\fR \fBtext\fR \fImessage\fR\fR
 511 .ad
 512 .sp .6
 513 .RS 4n
 514 The \fBgreeting\fR command allows you to control how much information is given
 515 out before the remote user logs in. \fBgreeting full\fR, which is the default
 516 greeting, shows the hostname and daemon version. \fBgreeting brief\fR shows the
 517 hostname. \fB greeting terse\fR simply says "FTP Server ready." Although
 518 \fBfull\fR is the default, \fBbrief\fR is suggested.
 519 .sp
 520 The \fBtext\fR form allows you to specify any greeting message. \fImessage\fR
 521 can be any string. Whitespace (spaces and tabs) is converted to a single space.
 522 .RE
 523 
 524 .sp
 525 .ne 2
 526 .na
 527 \fB\fBbanner\fR \fIpath\fR\fR
 528 .ad
 529 .sp .6
 530 .RS 4n
 531 The \fBbanner\fR command operates similarly to the \fBmessage\fR command,
 532 except that the banner is displayed before the user enters the username. The
 533 \fIpath\fR is relative to the real system root, not to the base of the
 534 anonymous \fBFTP\fR directory.
 535 .sp
 536 Use of the \fBbanner\fR command can completely prevent non-compliant \fBFTP\fR
 537 clients from making use of the \fBFTP\fR Server. Not all clients can handle
 538 multi-line responses, which is how the banner is displayed.
 539 .RE
 540 
 541 .sp
 542 .ne 2
 543 .na
 544 \fB\fBemail\fR \fIname\fR\fR
 545 .ad
 546 .sp .6
 547 .RS 4n
 548 Use this command to define the email address for the FTP Server administrator.
 549 This string will be printed every time the \fB%E\fR magic cookie is used in
 550 message files.
 551 .RE
 552 
 553 .sp
 554 .ne 2
 555 .na
 556 \fB\fBhostname\fR \fIsome.host.name\fR\fR
 557 .ad
 558 .sp .6
 559 .RS 4n
 560 Defines the default host name of the FTP Server. This string will be printed on
 561 the greeting message and every time the \fB%L\fR magic cookie is used. The host
 562 name for virtual servers overrides this value. If no host name is specified,
 563 the default host name for the local machine is used.
 564 .RE
 565 
 566 .sp
 567 .ne 2
 568 .na
 569 \fB\fBmessage\fR \fIpath\fR [\fIwhen\fR [\fIclass\fR...]]\fR
 570 .ad
 571 .sp .6
 572 .RS 4n
 573 Define a file with \fIpath\fR such that the FTP Server will display the
 574 contents of the file to the user at login time or upon using the change working
 575 directory command. The \fIwhen\fR parameter may be \fBLOGIN\fR or
 576 \fBCWD=\fIdirglob\fR\fR. If \fIwhen\fRis \fBCWD=\fIdirglob\fR\fR, \fIdirglob\fR
 577 specifies the new default directory that will trigger the notification. A
 578 \fIdirglob\fR of "\fB*\fR" matches all directories.
 579 .sp
 580 The optional \fIclass\fR specification allows the message to be displayed only
 581 to members of a particular class. More than one class may be specified.
 582 .sp
 583 "Magic cookies" can be present in \fIpath\fR that cause the FTP Server to
 584 replace the cookie with a specified text string:
 585 .sp
 586 .ne 2
 587 .na
 588 \fB\fB%T\fR\fR
 589 .ad
 590 .RS 6n
 591 Local time. For example, \fBThu Nov 15 17:12:42 1990\fR.
 592 .RE
 593 
 594 .sp
 595 .ne 2
 596 .na
 597 \fB\fB%F\fR\fR
 598 .ad
 599 .RS 6n
 600 Free space in partition of CWD, in Kbytes.
 601 .RE
 602 
 603 .sp
 604 .ne 2
 605 .na
 606 \fB\fB%C\fR\fR
 607 .ad
 608 .RS 6n
 609 Current working directory.
 610 .RE
 611 
 612 .sp
 613 .ne 2
 614 .na
 615 \fB\fB%E\fR\fR
 616 .ad
 617 .RS 6n
 618 The email address for the FTP Server administrator.
 619 .RE
 620 
 621 .sp
 622 .ne 2
 623 .na
 624 \fB\fB%R\fR\fR
 625 .ad
 626 .RS 6n
 627 Remote host name.
 628 .RE
 629 
 630 .sp
 631 .ne 2
 632 .na
 633 \fB\fB%L\fR\fR
 634 .ad
 635 .RS 6n
 636 Local host name.
 637 .RE
 638 
 639 .sp
 640 .ne 2
 641 .na
 642 \fB\fB%U\fR\fR
 643 .ad
 644 .RS 6n
 645 Username given at login time.
 646 .RE
 647 
 648 .sp
 649 .ne 2
 650 .na
 651 \fB\fB%u\fR\fR
 652 .ad
 653 .RS 6n
 654 Username as defined by means of \fIRFC 931\fR authentication.
 655 .RE
 656 
 657 .sp
 658 .ne 2
 659 .na
 660 \fB\fB%M\fR\fR
 661 .ad
 662 .RS 6n
 663 Maximum allowed number of users in this class.
 664 .RE
 665 
 666 .sp
 667 .ne 2
 668 .na
 669 \fB\fB%N\fR\fR
 670 .ad
 671 .RS 6n
 672 Current number of users in this class.
 673 .RE
 674 
 675 The following quota magic cookies are also supported but not always set (see
 676 the \fBquota-info\fR capability):
 677 .sp
 678 .ne 2
 679 .na
 680 \fB\fB%B\fR\fR
 681 .ad
 682 .RS 6n
 683 absolute limit on disk blocks allocated
 684 .RE
 685 
 686 .sp
 687 .ne 2
 688 .na
 689 \fB\fB%b\fR\fR
 690 .ad
 691 .RS 6n
 692 preferred limit on disk blocks
 693 .RE
 694 
 695 .sp
 696 .ne 2
 697 .na
 698 \fB\fB%Q\fR\fR
 699 .ad
 700 .RS 6n
 701 current block count
 702 .RE
 703 
 704 .sp
 705 .ne 2
 706 .na
 707 \fB\fB%I\fR\fR
 708 .ad
 709 .RS 6n
 710 maximum number of allocated inodes (+1)
 711 .RE
 712 
 713 .sp
 714 .ne 2
 715 .na
 716 \fB\fB%i\fR\fR
 717 .ad
 718 .RS 6n
 719 preferred inode limit
 720 .RE
 721 
 722 .sp
 723 .ne 2
 724 .na
 725 \fB\fB%q\fR\fR
 726 .ad
 727 .RS 6n
 728 current number of allocated inodes
 729 .RE
 730 
 731 .sp
 732 .ne 2
 733 .na
 734 \fB\fB%H\fR\fR
 735 .ad
 736 .RS 6n
 737 time limit for excessive disk use
 738 .RE
 739 
 740 .sp
 741 .ne 2
 742 .na
 743 \fB\fB%h\fR\fR
 744 .ad
 745 .RS 6n
 746 time limit for excessive files
 747 .RE
 748 
 749 The message is displayed only once to avoid annoying the user. Remember that
 750 when messages are triggered by an anonymous or guest FTP user, they must be
 751 relative to the base of the anonymous or guest FTP directory tree.
 752 .RE
 753 
 754 .sp
 755 .ne 2
 756 .na
 757 \fB\fBquota-info\fR \fIuid-range\fR [\fIuid-range\fR...] \fR
 758 .ad
 759 .sp .6
 760 .RS 4n
 761 Enable retrieval of quota information for users matching \fIuid-range\fR. This
 762 sets the quota magic cookies. Retrieving quota information might cause a
 763 significant delay when logging into the server.
 764 .sp
 765 \fIuid-range\fR can be a username, single UID, or a UID range. Place a percent
 766 sign(\fB%\fR) before a number. An asterisk means "all users."
 767 .RE
 768 
 769 .sp
 770 .ne 2
 771 .na
 772 \fB\fBreadme\fR \fIpathglob\fR [\fIwhen\fR [\fIclass\fR...]]\fR
 773 .ad
 774 .sp .6
 775 .RS 4n
 776 Define a file with \fIpathglob\fR such that the FTP Server will notify the user
 777 at login time or upon using the change working directory command that the file
 778 exists and the date that it was modified. The \fIwhen\fR parameter may be
 779 \fBLOGIN\fR or \fBCWD=\fIdirglob\fR\fR. If \fIwhen\fR is
 780 \fBCWD=\fIdirglob\fR\fR, \fIdirglob\fR specifies the new default directory that
 781 will trigger the notification. A \fIdirglob\fR of "\fB*\fR" matches all
 782 directories. The message will only be displayed once, to avoid bothering users.
 783 Remember that when README messages are triggered by an anonymous or guest FTP
 784 user, the \fIpathglob\fR must be relative to the base of the anonymous or guest
 785 FTP directory tree.
 786 .sp
 787 The optional \fIclass\fR specification allows the message to be displayed only
 788 to members of a particular class. You can specify more than one class.
 789 .RE
 790 
 791 .SS "Logging Capabilities"
 792 .sp
 793 .LP
 794 The following logging capabilities are supported:
 795 .sp
 796 .ne 2
 797 .na
 798 \fB\fBlog commands\fR \fItypelist\fR\fR
 799 .ad
 800 .sp .6
 801 .RS 4n
 802 Enables logging of the individual FTP commands sent by users. \fItypelist\fR is
 803 a comma-separated list of any of the keywords \fBanonymous\fR, \fBguest\fR, and
 804 \fBreal\fR. Command logging information is written to the system log.
 805 .RE
 806 
 807 .sp
 808 .ne 2
 809 .na
 810 \fB\fBlog transfers\fR \fItypelist\fR \fIdirections\fR\fR
 811 .ad
 812 .sp .6
 813 .RS 4n
 814 Log file transfers made by FTP users to the \fBxferlog\fR(4) file. Logging of
 815 incoming transfers to the server can be enabled separately from outbound
 816 transfers from the server. \fIdirections\fR is a comma-separated list of any of
 817 the two keywords \fBinbound\fR and \fBoutbound\fR, and will respectively cause
 818 transfers to be logged for files sent to and from the server.
 819 .RE
 820 
 821 .sp
 822 .ne 2
 823 .na
 824 \fB\fBlog security\fR \fItypelist\fR\fR
 825 .ad
 826 .sp .6
 827 .RS 4n
 828 Enables logging of violations of security rules to the system log, including
 829 for example, \fBnoretrieve\fR and \fB\&.notar\fR.
 830 .RE
 831 
 832 .sp
 833 .ne 2
 834 .na
 835 \fB\fBlog syslog\fR\fR
 836 .ad
 837 .br
 838 .na
 839 \fB\fBlog syslog+xferlog\fR\fR
 840 .ad
 841 .sp .6
 842 .RS 4n
 843 Redirect the logging messages for incoming and outgoing transfers to
 844 \fBsyslog\fR. Without this option the messages are written to \fBxferlog\fR.
 845 When you specify \fBsyslog+xferlog\fR, the transfer log messages are sent to
 846 both the system log file and the \fBxferlog\fR file.
 847 .RE
 848 
 849 .sp
 850 .ne 2
 851 .na
 852 \fB\fBxferlog\fR format \fIformatstring\fR\fR
 853 .ad
 854 .sp .6
 855 .RS 4n
 856 Customize the format of the transfer log entry written. \fIformatstring\fR can
 857 be any string, which might include magic cookies. Strings of whitespace
 858 characters are converted into a single space.
 859 .sp
 860 The following transfer-specific magic cookies are recognized only immediately
 861 after a transfer has been completed:
 862 .sp
 863 .ne 2
 864 .na
 865 \fB\fB%Xt\fR\fR
 866 .ad
 867 .RS 7n
 868 transfer-time
 869 .RE
 870 
 871 .sp
 872 .ne 2
 873 .na
 874 \fB\fB%Xn\fR\fR
 875 .ad
 876 .RS 7n
 877 bytes-transferred
 878 .RE
 879 
 880 .sp
 881 .ne 2
 882 .na
 883 \fB\fB%XP\fR\fR
 884 .ad
 885 .RS 7n
 886 filename
 887 .RE
 888 
 889 .sp
 890 .ne 2
 891 .na
 892 \fB\fB%Xp\fR\fR
 893 .ad
 894 .RS 7n
 895 chroot-filename
 896 .RE
 897 
 898 .sp
 899 .ne 2
 900 .na
 901 \fB\fB%Xy\fR\fR
 902 .ad
 903 .RS 7n
 904 transfer-type
 905 .RE
 906 
 907 .sp
 908 .ne 2
 909 .na
 910 \fB\fB%Xf\fR\fR
 911 .ad
 912 .RS 7n
 913 special-action-flag
 914 .RE
 915 
 916 .sp
 917 .ne 2
 918 .na
 919 \fB\fB%Xd\fR\fR
 920 .ad
 921 .RS 7n
 922 direction
 923 .RE
 924 
 925 .sp
 926 .ne 2
 927 .na
 928 \fB\fB%Xm\fR\fR
 929 .ad
 930 .RS 7n
 931 access-mode
 932 .RE
 933 
 934 .sp
 935 .ne 2
 936 .na
 937 \fB\fB%Xa\fR\fR
 938 .ad
 939 .RS 7n
 940 authentication-method
 941 .RE
 942 
 943 .sp
 944 .ne 2
 945 .na
 946 \fB\fB%Xc\fR\fR
 947 .ad
 948 .RS 7n
 949 completion-status
 950 .RE
 951 
 952 .sp
 953 .ne 2
 954 .na
 955 \fB\fB%Xs\fR\fR
 956 .ad
 957 .RS 7n
 958 file-size
 959 .RE
 960 
 961 .sp
 962 .ne 2
 963 .na
 964 \fB\fB%Xr\fR\fR
 965 .ad
 966 .RS 7n
 967 restart-offset
 968 .RE
 969 
 970 \fBxferlog\fR(4) includes a description of these fields. If no \fBxferlog\fR
 971 format entry is present, the default is:
 972 .sp
 973 .in +2
 974 .nf
 975 xferlog format %T %Xt %R %Xn %XP %Xy %Xf %Xd %Xm %U ftp %Xa %u %Xc
 976 .fi
 977 .in -2
 978 .sp
 979 
 980 .RE
 981 
 982 .SS "Miscellaneous Capabilities"
 983 .sp
 984 .LP
 985 The following miscellaneous capabilities are supported:
 986 .sp
 987 .ne 2
 988 .na
 989 \fB\fBalias\fR\fI string\fR \fIdir\fR\fR
 990 .ad
 991 .sp .6
 992 .RS 4n
 993 Define an alias, \fI string\fR, for a directory. Use this command to add the
 994 concept of logical directories. For example: \fBalias rfc: /pub/doc/rfc\fR
 995 would allow the user to access \fB/pub/doc/rfc\fR from any directory by the
 996 command "\fBcd rfc:\fR". Aliases only apply to the \fBcd\fR command.
 997 .RE
 998 
 999 .sp
1000 .ne 2
1001 .na
1002 \fB\fBcdpath\fR \fIdir\fR\fR
1003 .ad
1004 .sp .6
1005 .RS 4n
1006 Define an entry in the \fBcdpath\fR. This command defines a search path that is
1007 used when changing directories. For example:
1008 .sp
1009 .in +2
1010 .nf
1011 cdpath /pub/packages
1012 cdpath /.aliases
1013 .fi
1014 .in -2
1015 .sp
1016 
1017 would allow the user to move into any directory directly under either the
1018 \fB/pub/packages\fR or the \fB/.aliases\fR directories. The search path is
1019 defined by the order in which the lines appear in the \fBftpaccess\fR file. If
1020 the user were to give the command \fBftp> cd foo\fR the directory will be
1021 searched for in the following order:
1022 .RS +4
1023 .TP
1024 .ie t \(bu
1025 .el o
1026 \fB\&./foo \fR
1027 .RE
1028 .RS +4
1029 .TP
1030 .ie t \(bu
1031 .el o
1032 an alias called foo
1033 .RE
1034 .RS +4
1035 .TP
1036 .ie t \(bu
1037 .el o
1038 \fB/pub/packages/foo\fR
1039 .RE
1040 .RS +4
1041 .TP
1042 .ie t \(bu
1043 .el o
1044 \fB/.aliases/foo\fR
1045 .RE
1046 The \fBcdpath\fR is only available with the \fBcd\fR command. If you have a
1047 large number of aliases, you might want to set up an aliases directory with
1048 links to all of the areas you wish to make available to users.
1049 .RE
1050 
1051 .sp
1052 .ne 2
1053 .na
1054 \fB\fBcompress\fR \fByes\fR|\fBno\fR \fIclassglob\fR [\fIclassglob\fR...]\fR
1055 .ad
1056 .br
1057 .na
1058 \fBtar \fByes\fR|\fBno\fR \fIclassglob\fR [\fIclassglob\fR...]\fR
1059 .ad
1060 .sp .6
1061 .RS 4n
1062 Enable the use of conversions marked with the \fBO_COMPRESS\fR,
1063 \fBO_UNCOMPRESS\fR, and \fBO_TAR\fR options in \fB/etc/ftpd/ftpconversions\fR.
1064 See \fBftpconversions\fR(4).
1065 .RE
1066 
1067 .sp
1068 .ne 2
1069 .na
1070 \fB\fBshutdown\fR \fIpath\fR\fR
1071 .ad
1072 .sp .6
1073 .RS 4n
1074 If the file pointed to by \fIpath\fR exists, the server will check the file
1075 regularly to see if the server is going to be shut down. If a shutdown is
1076 planned, the user is notified. New connections are denied after a specified
1077 time before shutdown. Current connections are dropped at a specified time
1078 before shutdown.
1079 .sp
1080 The format of the file specified by \fIpath\fR is:
1081 .sp
1082 .in +2
1083 .nf
1084 \fIyear\fR \fImonth\fR \fIday\fR \fIhour\fR \fIminute\fR \fIdeny_offset\fR \fIdisc_offset\fR \fItext\fR
1085 .fi
1086 .in -2
1087 
1088 .sp
1089 .ne 2
1090 .na
1091 \fB\fIyear\fR\fR
1092 .ad
1093 .RS 15n
1094 A value of 1970 or greater.
1095 .RE
1096 
1097 .sp
1098 .ne 2
1099 .na
1100 \fB\fImonth\fR\fR
1101 .ad
1102 .RS 15n
1103 A value of 0 to 11.
1104 .RE
1105 
1106 .sp
1107 .ne 2
1108 .na
1109 \fB\fIday\fR\fR
1110 .ad
1111 .RS 15n
1112 A value of 1 to 31.
1113 .RE
1114 
1115 .sp
1116 .ne 2
1117 .na
1118 \fB\fIhour\fR\fR
1119 .ad
1120 .RS 15n
1121 A value of 0 to 23.
1122 .RE
1123 
1124 .sp
1125 .ne 2
1126 .na
1127 \fB\fIminute\fR\fR
1128 .ad
1129 .RS 15n
1130 A value of 0 to 59.
1131 .RE
1132 
1133 .sp
1134 .ne 2
1135 .na
1136 \fB\fIdeny_offset\fR\fR
1137 .ad
1138 .br
1139 .na
1140 \fB\fIdisc_offset\fR\fR
1141 .ad
1142 .RS 15n
1143 The offsets in HHMM format that new connections will be denied and existing
1144 connections will be disconnected before the shutdown time.
1145 .RE
1146 
1147 .sp
1148 .ne 2
1149 .na
1150 \fB\fItext\fR \fR
1151 .ad
1152 .RS 15n
1153 Follows the normal rules for any \fImessage\fR. The following additional magic
1154 cookies are available:
1155 .sp
1156 .ne 2
1157 .na
1158 \fB\fB%s\fR\fR
1159 .ad
1160 .RS 6n
1161 The time at which the system is going to shut down.
1162 .RE
1163 
1164 .sp
1165 .ne 2
1166 .na
1167 \fB\fB%r\fR\fR
1168 .ad
1169 .RS 6n
1170 The time at which new connections will be denied.
1171 .RE
1172 
1173 .sp
1174 .ne 2
1175 .na
1176 \fB\fB%d\fR\fR
1177 .ad
1178 .RS 6n
1179 The time at which current connections will be dropped.
1180 .RE
1181 
1182 .RE
1183 
1184 All times are in the form: \fBddd MMM DD hh:mm:ss YYYY\fR. Only one
1185 \fBshutdown\fR command can be present in the configuration file. You can use
1186 the external program \fBftpshut\fR(1M) to automate generation of this file.
1187 .RE
1188 
1189 .sp
1190 .ne 2
1191 .na
1192 \fB\fBdaemonaddress\fR \fIaddress\fR\fR
1193 .ad
1194 .sp .6
1195 .RS 4n
1196 Listen only on the IP address specified. If the value is not set, then the FTP
1197 Server will listen for connections on every IP address. This applies only when
1198 the FTP Server is run in standalone mode.
1199 .RE
1200 
1201 .sp
1202 .ne 2
1203 .na
1204 \fB\fBvirtual\fR \fIaddress\fR \fBroot\fR|\fBbanner\fR|\fBlogfile\fR
1205 \fIpath\fR\fR
1206 .ad
1207 .sp .6
1208 .RS 4n
1209 Enable the FTP Server limited virtual hosting capabilities. The \fIaddress\fR
1210 is the IP address of the virtual server. The second argument specifies that the
1211 \fIpath\fR is either the path to the \fBroot\fR of the filesystem for this
1212 virtual server, the \fBbanner\fR presented to the user when connecting to this
1213 virtual server, or the \fBlogfile\fR where transfers are recorded for this
1214 virtual server. If the \fBlogfile\fR is not specified the default log file will
1215 be used. All other message files and permissions as well as any other settings
1216 in this file apply to all virtual servers. The \fIaddress\fR may also be
1217 specified as a hostname rather than as an IP number. This is strongly
1218 discouraged since, if DNS is not available at the time the FTP session begins,
1219 the hostname will not be matched.
1220 .RE
1221 
1222 .sp
1223 .ne 2
1224 .na
1225 \fB\fBroot\fR|\fBlogfile\fR \fIpath\fR\fR
1226 .ad
1227 .sp .6
1228 .RS 4n
1229 In contrast to limited virtual hosting, complete virtual hosting allows
1230 separate configuration files to be virtual host specific. See
1231 \fBftpservers\fR(4). The only additions that are necessary in a virtual host's
1232 \fBftpaccess\fR file is the \fBroot\fR directive that ensures the correct root
1233 directory is used for the virtual host. This only works with complete virtual
1234 hosting, which in contrast to limited virtual hosting, allows separate
1235 configuration files to be specified for each virtual host.
1236 .sp
1237 \fIpath\fR is either the root of the filesystem for this virtual server or the
1238 logfile where transfers for this virtual server are recorded. root and logfile
1239 may only be specified when not preceded by \fBvirtual\fR \fIaddress\fR in a
1240 virtual hosts's \fBftpaccess\fR file.
1241 .RE
1242 
1243 .sp
1244 .ne 2
1245 .na
1246 \fB\fBvirtual\fR \fIaddress\fR \fBhostname\fR|\fBemail\fR \fIstring\fR\fR
1247 .ad
1248 .sp .6
1249 .RS 4n
1250 Set the hostname shown in the greeting message and status command, or the email
1251 address used in message files and on the HELP command, to the given
1252 \fIstring\fR.
1253 .RE
1254 
1255 .sp
1256 .ne 2
1257 .na
1258 \fB\fBvirtual\fR \fIaddress\fR \fBallow\fR \fIusername\fR
1259 [\fIusername\fR...]\fR
1260 .ad
1261 .br
1262 .na
1263 \fB\fBvirtual\fR \fIaddress\fR \fBdeny\fR \fIusername\fR [\fIusername\fR...]\fR
1264 .ad
1265 .sp .6
1266 .RS 4n
1267 By default, real and guest users are not allowed to log in on the virtual
1268 server, unless they are guests that are chroot'd to the virtual root. The users
1269 listed on the \fBvirtual allow\fR line(s) are granted access. You can grant
1270 access to all users by giving '*' as the \fIusername\fR. The \fBvirtual deny\fR
1271 clauses are processed after the \fBvirtual allow\fR clauses. Thus specific
1272 users can be denied access although all users were allowed in an earlier
1273 clause.
1274 .RE
1275 
1276 .sp
1277 .ne 2
1278 .na
1279 \fB\fBvirtual\fR \fIaddress\fR \fBprivate\fR\fR
1280 .ad
1281 .sp .6
1282 .RS 4n
1283 Deny log in access to anonymous users on the virtual server. Anonymous users
1284 are generally allowed to log in on the virtual server if this option is not
1285 specified.
1286 .RE
1287 
1288 .sp
1289 .ne 2
1290 .na
1291 \fB\fBvirtual\fR \fIaddress\fR \fBpasswd\fR \fIfile\fR\fR
1292 .ad
1293 .sp .6
1294 .RS 4n
1295 Use a different \fBpasswd\fR file for the virtual host.
1296 .RE
1297 
1298 .sp
1299 .ne 2
1300 .na
1301 \fB\fBvirtual\fR \fIaddress\fR \fBshadow\fR \fIfile\fR\fR
1302 .ad
1303 .sp .6
1304 .RS 4n
1305 Use a different \fBshadow\fR file for the virtual host.
1306 .RE
1307 
1308 .sp
1309 .ne 2
1310 .na
1311 \fB\fBdefaultserver\fR \fBdeny\fR \fIusername\fR [\fIusername\fR...]\fR
1312 .ad
1313 .br
1314 .na
1315 \fB\fBdefaultserver\fR \fBallow\fR \fIusername\fR [\fIusername\fR...]  \fR
1316 .ad
1317 .sp .6
1318 .RS 4n
1319 By default, all users are allowed access to the non-virtual FTP Server. Use
1320 \fBdefaultserver\fR \fBdeny\fR to revoke access for specific real and guest
1321 users. Specify '*' to deny access to all users, except anonymous users.
1322 Specific real and guest users can then be allowed access by using
1323 \fBdefaultserver\fR \fBallow\fR.
1324 .RE
1325 
1326 .sp
1327 .ne 2
1328 .na
1329 \fB\fBdefaultserver\fR \fBprivate\fR\fR
1330 .ad
1331 .sp .6
1332 .RS 4n
1333 By default, all users are allowed access to the non-virtual FTP Server. Use
1334 \fBdefaultserver\fR \fBprivate\fR to revoke access for anonymous users.
1335 .sp
1336 The \fBvirtual\fR and \fBdefaultserver\fR \fBallow\fR, \fBdeny\fR and
1337 \fBprivate\fR clauses provide a means to control which users are allowed access
1338 to which FTP Servers.
1339 .RE
1340 
1341 .sp
1342 .ne 2
1343 .na
1344 \fB\fBpassive\fR \fBaddress\fR \fIexternalip\fR \fIcidr\fR\fR
1345 .ad
1346 .sp .6
1347 .RS 4n
1348 Allow control of the address reported in response to a \fBpassive\fR command.
1349 When any control connection matching \fIcidr\fR requests a passive data
1350 connection (PASV), the \fIexternalip\fR address is reported. This does not
1351 change the address that the daemon actually listens on, only the address
1352 reported to the client. This feature allows the daemon to operate correctly
1353 behind IP renumbering firewalls. For example:
1354 .sp
1355 .in +2
1356 .nf
1357 passive address 10.0.1.15   10.0.0.0/8
1358 passive address 192.168.1.5 0.0.0.0/0
1359 .fi
1360 .in -2
1361 
1362 Clients connecting from the class-A network 10 will be told the passive
1363 connection is listening on IP address 10.0.1.15 while all others will be told
1364 the connection is listening on 192.168.1.5. Multiple passive addresses may be
1365 specified to handle complex, or multi-gatewayed, networks.
1366 .RE
1367 
1368 .sp
1369 .ne 2
1370 .na
1371 \fB\fBpassive\fR \fBports\fR \fIcidr\fR \fImin\fR \fImax\fR\fR
1372 .ad
1373 .sp .6
1374 .RS 4n
1375 Allows control of the TCP port numbers which may be used for a passive data
1376 connection. If the control connection matches the \fIcidr\fR, a port in the
1377 range \fImin\fR to \fImax\fR will be randomly selected for the daemon to listen
1378 on. This feature allows firewalls to limit the ports that remote clients may
1379 use to connect into the protected network.
1380 .sp
1381 \fIcidr\fR is shorthand for an IP address followed by a slash and the number of
1382 left-most bits that represent the network address, as opposed to the machine
1383 address. For example, if you are using the reserved class-A network 10, instead
1384 of a netmask of 255.0.0.0, use a CIDR of /8, as in 10.0.0.0/8, to represent
1385 your network.
1386 .sp
1387 When \fImin\fR and \fImax\fR are both 0, the kernel rather than the FTP server
1388 selects the TCP port to listen on. Kernel port selection is usually not
1389 desirable if the kernel allocates TCP ports sequentially. If in doubt, let the
1390 FTP server do the port selection.
1391 .RE
1392 
1393 .sp
1394 .ne 2
1395 .na
1396 \fB\fBpasv-allow\fR \fIclass\fR [\fIaddrglob\fR...]\fR
1397 .ad
1398 .br
1399 .na
1400 \fB\fBport-allow\fR \fIclass\fR [\fIaddrglob\fR...]\fR
1401 .ad
1402 .sp .6
1403 .RS 4n
1404 Normally, the FTP Server does not allow a \fBPORT\fR command to specify an
1405 address different than that of the control connection. Nor does it allow a
1406 \fBPASV\fR connection from another address.
1407 .sp
1408 The \fBport-allow\fR clause provides a list of addresses that the specified
1409 class of user may give on a \fBPORT\fR command. These addresses will be allowed
1410 even if they do not match the IP address of the client-side of the control
1411 connection.
1412 .sp
1413 The \fBpasv-allow\fR clause provides a list of addresses that the specified
1414 class of user may make data connections from. These addresses will be allowed
1415 even if they do not match the IP address of the client-side of the control
1416 connection.
1417 .RE
1418 
1419 .sp
1420 .ne 2
1421 .na
1422 \fB\fBlslong\fR\fI command\fR [\fIoptions\fR...] \fR
1423 .ad
1424 .br
1425 .na
1426 \fB\fBlsshort\fR\fI command\fR [\fIoptions\fR...] \fR
1427 .ad
1428 .br
1429 .na
1430 \fB\fBlsplain\fR\fI command\fR [\fIoptions\fR...] \fR
1431 .ad
1432 .sp .6
1433 .RS 4n
1434 Use the \fBlslong\fR, \fBlsshort\fR, and \fBlsplain\fR clauses to specify the
1435 commands and options to use to generate directory listings. The options cannot
1436 contain spaces, and the default values for these clauses are generally correct.
1437 Use \fBlslong\fR, \fBlsshort\fR, or \fBlsplain\fR only if absolutely necessary.
1438 .RE
1439 
1440 .sp
1441 .ne 2
1442 .na
1443 \fB\fBmailserver\fR \fIhostname\fR\fR
1444 .ad
1445 .sp .6
1446 .RS 4n
1447 Specify the name of a mail server that will accept upload notifications for the
1448 FTP Server. Multiple mail servers may be listed. The FTP Server will attempt to
1449 deliver the upload notification to each, in order, until one accepts the
1450 message. If no mail servers are specified, \fBlocalhost\fR is used. This option
1451 is only meaningful if anyone is to be notified of anonymous uploads. See
1452 \fBincmail\fR.
1453 .RE
1454 
1455 .sp
1456 .ne 2
1457 .na
1458 \fB\fBincmail\fR \fIemailaddress\fR\fR
1459 .ad
1460 .br
1461 .na
1462 \fB\fBvirtual\fR \fIaddress\fR \fBincmail\fR \fIemailaddress\fR\fR
1463 .ad
1464 .br
1465 .na
1466 \fB\fBdefaultserver\fR \fBincmail\fR \fIemailaddress\fR\fR
1467 .ad
1468 .sp .6
1469 .RS 4n
1470 Specify email addresses to be notified of anonymous uploads. Multiple addresses
1471 can be specified. Each will receive a notification. If no addresses are
1472 specified, no notifications are sent.
1473 .sp
1474 If addresses are specified for a virtual host, only those addresses will be
1475 sent notification of anonymous uploads on that host. Otherwise, notifications
1476 will be sent to the global addresses.
1477 .sp
1478 \fBdefaultserver\fR addresses only apply when the FTP session is not using one
1479 of the virtual hosts. In this way, you can receive notifications for your
1480 default anonymous area, but not see notifications to virtual hosts that do not
1481 have their own notifications.
1482 .RE
1483 
1484 .sp
1485 .ne 2
1486 .na
1487 \fB\fBmailfrom\fR \fIemailaddress\fR\fR
1488 .ad
1489 .br
1490 .na
1491 \fB\fBvirtual\fR \fIaddress\fR \fBmailfrom\fR \fIemailaddress\fR\fR
1492 .ad
1493 .br
1494 .na
1495 \fB\fBdefaultserver\fR \fBmailfrom\fR \fIemailaddress\fR\fR
1496 .ad
1497 .sp .6
1498 .RS 4n
1499 Specify the sender's email address for anonymous upload notifications. Only one
1500 address may be specified. If no \fBmailfrom\fR applies, email is sent from the
1501 default mailbox name \fBwu-ftpd\fR. To avoid problems if the recipient attempts
1502 to reply to a notification, or if downstream mail problems generate bounces,
1503 you should ensure the \fBmailfrom\fR address is deliverable.
1504 .RE
1505 
1506 .sp
1507 .ne 2
1508 .na
1509 \fB\fBsendbuf\fR \fIsize\fR [\fItypelist\fR]\fR
1510 .ad
1511 .br
1512 .na
1513 \fB\fBrecvbuf\fR \fIsize\fR [\fItypelist\fR]\fR
1514 .ad
1515 .sp .6
1516 .RS 4n
1517 Set the send or receive buffer sizes used for binary transfers. They have no
1518 effect on ASCII transfers.
1519 .RE
1520 
1521 .sp
1522 .ne 2
1523 .na
1524 \fB\fBrhostlookup\fR yes|no [\fIaddrglob\fR ...]\fR
1525 .ad
1526 .sp .6
1527 .RS 4n
1528 Allows or disallows the lookup of the remote host's name. Name lookups can be
1529 slow, but skipping them means that places where an \fIaddrglob\fR is matched
1530 (for example, in the class capability) will match only an IP address, not a
1531 name. Also \fBdeny !nameserved\fR and \fBdns refuse_no_reverse\fR or
1532 \fBrefuse_mismatch\fR will deny access when a name lookup is not done. The
1533 default is to lookup the remote host's name.
1534 .sp
1535 Only IP addresses, not names, are matched in \fIaddrglob\fR.
1536 .RE
1537 
1538 .sp
1539 .ne 2
1540 .na
1541 \fB\fBflush-wait\fR yes|no [\fItypelist\fR]\fR
1542 .ad
1543 .sp .6
1544 .RS 4n
1545 Controls the behavior at the end of a download or directory listing. If
1546 \fByes\fR, shutdown the data connection for sending and wait for the client to
1547 close its end before sending a transfer complete reply on the control
1548 connection. This is the default behavior. If \fBno\fR, close the data
1549 connection and send the transfer complete reply without waiting for the client.
1550 With this behavior, data loss can go undetected.
1551 .sp
1552 If a client hangs at the end of a directory listing, or the system has many
1553 sockets in the \fBFIN_WAIT_2\fR state, try setting to \fBno\fR as a workaround
1554 for broken client behavior.
1555 .RE
1556 
1557 .SS "Permission Capabilities"
1558 .sp
1559 .LP
1560 The following permission capabilities are supported:
1561 .sp
1562 .ne 2
1563 .na
1564 \fB\fBchmod\fR \fByes\fR|\fBno\fR \fItypelist\fR\fR
1565 .ad
1566 .br
1567 .na
1568 \fB\fBdelete\fR \fByes\fR|\fBno\fR \fItypelist\fR\fR
1569 .ad
1570 .br
1571 .na
1572 \fB\fBoverwrite\fR \fByes\fR|\fBno\fR \fItypelist\fR\fR
1573 .ad
1574 .br
1575 .na
1576 \fB\fBrename\fR \fByes\fR|\fBno\fR \fItypelist\fR\fR
1577 .ad
1578 .br
1579 .na
1580 \fB\fBumask\fR \fByes\fR|\fBno\fR \fItypelist\fR\fR
1581 .ad
1582 .sp .6
1583 .RS 4n
1584 Allows or disallows the ability to perform the specified function. By default,
1585 all real and guest users are allowed. Anonymous users are only allowed
1586 \fBoverwrite\fR and \fBumask\fR.
1587 .sp
1588 \fItypelist\fR is a comma-separated list of any of the keywords
1589 \fBanonymous\fR, \fBguest\fR, \fBreal\fR and \fBclass=\fR. When \fBclass=\fR
1590 appears, it must be followed by a classname. If any \fBclass=\fR appears, the
1591 \fItypelist\fR restriction applies only to users in that class.
1592 .RE
1593 
1594 .sp
1595 .ne 2
1596 .na
1597 \fB\fBpasswd-check\fR \fBnone\fR|\fBtrivial\fR|\fBrfc822\fR
1598 [\fBenforce\fR|\fBwarn\fR]\fR
1599 .ad
1600 .sp .6
1601 .RS 4n
1602 Define the level and enforcement of password checking done by the FTP Server
1603 for anonymous FTP.
1604 .sp
1605 .ne 2
1606 .na
1607 \fB\fBnone\fR\fR
1608 .ad
1609 .RS 11n
1610 No password checking is performed.
1611 .RE
1612 
1613 .sp
1614 .ne 2
1615 .na
1616 \fB\fBtrivial\fR\fR
1617 .ad
1618 .RS 11n
1619 The password must contain an '@'.
1620 .RE
1621 
1622 .sp
1623 .ne 2
1624 .na
1625 \fB\fBrfc822\fR\fR
1626 .ad
1627 .RS 11n
1628 The password must be \fIRFC 822\fR compliant.
1629 .RE
1630 
1631 .sp
1632 .ne 2
1633 .na
1634 \fB\fBwarn\fR\fR
1635 .ad
1636 .RS 11n
1637 Warn, but permit the login.
1638 .RE
1639 
1640 .sp
1641 .ne 2
1642 .na
1643 \fB\fBenforce\fR\fR
1644 .ad
1645 .RS 11n
1646 Notify and deny the login.
1647 .RE
1648 
1649 .RE
1650 
1651 .sp
1652 .ne 2
1653 .na
1654 \fB\fBdeny-email\fR \fIcase-insensitive-emailaddress\fR\fR
1655 .ad
1656 .sp .6
1657 .RS 4n
1658 Consider the email address given as an argument as invalid. If
1659 \fBpasswd-check\fR is set to \fBenforce\fR, anonymous users giving this address
1660 as a password cannot log in. That way, you can stop users from having stupid
1661 WWW browsers use fake addresses like IE?0User@ or mozilla@. (by using this, you
1662 are not shutting out users using a WWW browser for ftp - you just make them
1663 configure their browser correctly.) Only one address is allowed per line, but
1664 you can have as many \fBdeny-email\fR addresses as you like.
1665 .RE
1666 
1667 .sp
1668 .ne 2
1669 .na
1670 \fB\fBpath-filter\fR \fItypelist\fR \fImessage\fR \fIallowed_regexp\fR \fR
1671 .ad
1672 .br
1673 .na
1674 \fB[\fIdisallowed_regexp\fR...]\fR
1675 .ad
1676 .sp .6
1677 .RS 4n
1678 For users in \fItypelist\fR, \fBpath-filter\fR defines regular expressions that
1679 control what characters can be used in the filename of an uploaded file or
1680 created directory. There may be multiple disallowed regular expressions. If a
1681 filename is invalid due to failure to match the regular expression criteria,
1682 \fImessage\fR will be displayed to the user. For example:
1683 .sp
1684 .in +2
1685 .nf
1686 path-filter anonymous /etc/pathmsg ^[-A-Za-z0-9._]*$ ^\. ^-
1687 .fi
1688 .in -2
1689 
1690 specifies that all upload filenames for anonymous users must be made of only
1691 the characters A-Z, a-z, 0-9, and "._-" and may not begin with a "." or a "-".
1692 If the filename is invalid, \fB/etc/pathmsg\fR will be displayed to the user.
1693 .RE
1694 
1695 .sp
1696 .ne 2
1697 .na
1698 \fB\fBupload\fR [\fBabsolute\fR|\fBrelative\fR]
1699 [\fBclass=\fR\fIclassname\fR]... [\fB-\fR] \fR
1700 .ad
1701 .br
1702 .na
1703 \fB\fIroot-dir\fR \fIdirglob\fR \fByes\fR|\fBno\fR \fIowner\fR \fIgroup\fR
1704 \fImode\fR\fR
1705 .ad
1706 .br
1707 .na
1708 \fB[\fBdirs\fR|\fBnodirs\fR] [\fId_mode\fR]\fR
1709 .ad
1710 .sp .6
1711 .RS 4n
1712 Define a directory with \fIdirglob\fR that permits or denies uploads. If it
1713 does permit uploads, all newly created files will be owned by \fIowner\fR and
1714 \fIgroup\fR and will have their permissions set according to \fImode\fR.
1715 Existing files that are overwritten will retain their original ownership and
1716 permissions. Directories are matched on a best-match basis. For example:
1717 .sp
1718 .in +2
1719 .nf
1720 upload /var/ftp  *  no
1721 upload /var/ftp /incoming yes ftp daemon 0666
1722 upload /var/ftp /incoming/gifs yes jlc guest 0600 nodirs
1723 .fi
1724 .in -2
1725 
1726 would only allow uploads into \fB/incoming\fR and \fB/incoming/gifs\fR. Files
1727 that were uploaded to \fB/incoming\fR are owned by \fBftp/daemon\fR and have
1728 permissions of 0666. Files uploaded to \fB/incoming/gifs\fR are owned by
1729 \fBjlc/guest\fR and have permissions of 0600. The optional "\fBdirs\fR" and
1730 "\fBnodirs\fR" keywords can be specified to allow or disallow the creation of
1731 new subdirectories using the \fBmkdir\fR command. If the \fBupload\fR command
1732 is used, directory creation is allowed by default. To turn it off by default,
1733 you must specify a user, group and mode followed by the "nodirs" keyword as the
1734 first line where the \fBupload\fR command is used in this file. If directories
1735 are permitted, the optional \fId_mode\fR determines the permissions for a newly
1736 created directory. If \fId_mode\fR is omitted, the permissions are inferred
1737 from \fImode\fR. The permissions are 0777 if \fImode\fR is also omitted. The
1738 \fBupload\fR keyword only applies to users who have a home directory of
1739 \fIroot-dir\fR. \fIroot-dir\fR may be specified as "*" to match any home
1740 directory. The \fIowner\fR or \fIgroup\fR may each be specified as "*", in
1741 which case any uploaded files or directories will be created with the ownership
1742 of the directory in which they are created. The optional first parameter
1743 selects whether \fIroot-dir\fR names are interpreted as absolute or relative to
1744 the current \fBchroot'd\fR environment. The default is to interpret
1745 \fB<root-dir>\fR names as absolute. You can specify any number of
1746 \fBclass=\fIclassname\fR\fR restrictions. If any are specified, this upload
1747 clause only takes effect if the current user is a member of one of the classes.
1748 .sp
1749 In the absence of any matching \fBupload\fR clause, real and guest users can
1750 upload files and make directories, but anonymous users cannot. The mode of
1751 uploaded files is 0666. For created directories, the mode is 0777. Both modes
1752 are modified by the current umask setting.
1753 .RE
1754 
1755 .sp
1756 .ne 2
1757 .na
1758 \fB\fBthroughput\fR \fIroot-dir\fR \fIsubdir-glob\fR \fIfile-glob-list\fR \fR
1759 .ad
1760 .br
1761 .na
1762 \fB\fIbytes-per-second\fR \fIbytes-per-second-multiply\fR \fIremote-glob-list
1763 \fR\fR
1764 .ad
1765 .sp .6
1766 .RS 4n
1767 Define files by means of a comma-separated \fIfile-glob-list\fR in \fBsubdir\fR
1768 matched by \fIsubdir-glob\fR under \fIroot-dir\fR that have restricted transfer
1769 throughput of \fIbytes-per-second\fR on download when the remote hostname or
1770 remote IP address matches the comma-separated \fIremote-glob-list\fR. Entries
1771 are matched on a best-match basis. For example:
1772 .sp
1773 .in +2
1774 .nf
1775 throughput /e/ftp *    *      oo   -   *
1776 throughput /e/ftp /sw* *      1024 0.5 *
1777 throughput /e/ftp /sw* README oo   -   *
1778 throughput /e/ftp /sw* *      oo   -   *.foo.com
1779 .fi
1780 .in -2
1781 
1782 would set maximum throughput per default, but restrict download to 1024 bytes
1783 per second for any files under \fB/e/ftp/sw/\fR that are not named README. The
1784 only exceptions are remote hosts from within the domain \fBfoo.com\fR which
1785 always get maximum throughput. Every time a remote client has retrieved a file
1786 under \fB/e/ftp/sw/\fR the bytes per seconds of the matched entry line are
1787 internally multiplied by a factor, here 0.5. When the remote client retrieves
1788 its second file, it is served with 512 bytes per second, the third time with
1789 only 256 bytes per second, the fourth time with only 128 bytes per second, and
1790 so on. The string "oo" for the bytes per second field means no throughput
1791 restriction. A multiply factor of 1.0 or "-" means no change of the throughput
1792 after every successful transfer. The \fIroot-dir\fR here must match the home
1793 directory specified in the password database . The \fBthroughput\fR keyword
1794 only applies to users who have a home directory of \fIroot-dir\fR.
1795 .RE
1796 
1797 .sp
1798 .ne 2
1799 .na
1800 \fB\fBanonymous-root\fR \fIroot-dir\fR [\fIclass\fR...]\fR
1801 .ad
1802 .sp .6
1803 .RS 4n
1804 \fIroot-dir\fR specifies the \fBchroot()\fR path for anonymous users. If no
1805 anonymous-root is matched, the old method of parsing the home directory for the
1806 FTP user is used. If no \fIclass\fR is specified, this is the root directory
1807 for anonymous users who do not match any other anonymous-root specification.
1808 Multiple classes may be specified on this line. If an anonymous-root is chosen
1809 for the user, the FTP user's home directory in the
1810 \fB\fIroot-dir\fR/etc/passwd\fR file is used to determine the initial directory
1811 and the FTP user's home directory in the system-wide \fB/etc/passwd\fR is not
1812 used. For example:
1813 .sp
1814 .in +2
1815 .nf
1816 anonymous-root /home/ftp
1817 anonymous-root /home/localftp localnet
1818 .fi
1819 .in -2
1820 
1821 causes all anonymous users to be \fBchroot'd\fR to the directory
1822 \fB/home/ftp\fR. If the FTP user exists in \fB/home/ftp/etc/passwd\fR, their
1823 initial \fBCWD\fR is that home directory. Anonymous users in the class
1824 \fBlocalnet\fR, however, are \fBchroot'd\fR to the directory
1825 \fB/home/localftp\fR and their initial \fBCWD\fR is taken from the FTP user's
1826 home directory in \fB/home/localftp/etc/passwd\fR.
1827 .RE
1828 
1829 .sp
1830 .ne 2
1831 .na
1832 \fB\fBguest-root\fR \fIroot-dir\fR [\fIuid-range\fR...]\fR
1833 .ad
1834 .sp .6
1835 .RS 4n
1836 \fIroot-dir\fR specifies the \fBchroot()\fR path for guest users. If no
1837 guest-root is matched, the old method of parsing the user's home directory is
1838 used. If no \fIuid-range\fR is specified, this is the root directory for
1839 guestusers who do not match any other guest-root specification. Multiple UID
1840 ranges may be given on this line. If a guest-root is chosen for the user, the
1841 user's home directory in the \fB\fIroot-dir\fR/etc/passwd\fR file is used to
1842 determine the initial directory and the home directory in the system-wide
1843 \fB/etc/passwd\fR is not used. \fIuid-range\fR specifies names or numeric UID
1844 values. To use numbers, put a percent sign (\fB%\fR) symbol before it or before
1845 the range. Ranges are specified by giving the lower and upper bounds
1846 (inclusive), separated by a dash. If the lower bound is omitted, it means
1847 \fBall up to\fR. If the upper bound is omitted, it means \fBall starting
1848 from\fR. For example:
1849 .sp
1850 .in +2
1851 .nf
1852 guest-root /home/users
1853 guest-root /home/staff %100-999 sally
1854 guest-root /home/users/owner/ftp frank
1855 .fi
1856 .in -2
1857 
1858 causes all guest users to \fBchroot()\fR to \fB/home/users\fR then starts each
1859 user in the user's home directory, as specifiedin \fB/home/users/etc/passwd\fR.
1860 Users in the range 100 through 999, inclusive, and user sally, will be
1861 \fBchroot'd\fR to \fB/home/staff\fR and the \fBCWD\fR will be taken from their
1862 entries in \fB/home/staff/etc/passwd\fR. The single user frank will be
1863 \fBchroot'd\fR to \fB/home/users/owner/ftp\fR and the \fBCWD\fR will be from
1864 his entry in \fB/home/users/owner/ftp/etc/passwd\fR.
1865 .sp
1866 The order is important for both anonymous-root and guest-root. If a user would
1867 match multiple clauses, only the first applies; with the exception of the
1868 clause which has no \fIclass\fR or \fIuid-range\fR, which applies only if no
1869 other clause matches.
1870 .RE
1871 
1872 .sp
1873 .ne 2
1874 .na
1875 \fB\fBdeny-uid\fR \fIuid-range\fR [\fIuid-range\fR...]\fR
1876 .ad
1877 .br
1878 .na
1879 \fB\fBdeny-gid\fR \fIgid-range\fR [\fIgid-range\fR...]\fR
1880 .ad
1881 .br
1882 .na
1883 \fB\fBallow-uid\fR \fIuid-range \fR [\fIuid-range\fR...]\fR
1884 .ad
1885 .br
1886 .na
1887 \fB\fBallow-gid\fR \fIgid-range\fR [\fIgid-range\fR...]\fR
1888 .ad
1889 .sp .6
1890 .RS 4n
1891 Use these clauses to specify UID and GID values that will be denied access to
1892 the FTP Server. The \fBallow-uid\fR and \fBallow-gid\fR clauses may be used to
1893 allow access for UID and GID values which would otherwise be denied. These
1894 checks occur before all others. \fBdeny\fR is checked before \fBallow\fR. The
1895 default is to allow access. These clauses do not apply to anonymous users. Use
1896 \fBdefaultserver\fR \fBprivate\fR to deny access to anonymous users. In most
1897 cases, these clauses obviate the need for an \fBftpusers\fR(4) file. For
1898 example, the following clauses deny FTP Server access to all privileged or
1899 special users and groups, except the guest1 user or group.
1900 .sp
1901 .in +2
1902 .nf
1903 deny-gid %-99 nobody noaccess nogroup
1904 deny-uid %-99 nobody noaccess nobody4
1905 allow-gid guest1
1906 allow-uid guest1
1907 .fi
1908 .in -2
1909 
1910 Support for the \fBftpusers\fR file still exists, so it may be used when
1911 changing the \fBftpaccess\fR file is not desired. In any place a single UID or
1912 GID is allowed throughout the \fBftpaccess\fR file, either names or numbers
1913 also may be used. To use a number, put a percent sign (\fB%\fR) symbol before
1914 it. In places where a range is allowed, put the percent sign before the range.
1915 A "\fB*\fR" matches all UIDs or GIDs.
1916 .RE
1917 
1918 .sp
1919 .ne 2
1920 .na
1921 \fB\fBrestricted-uid\fR \fIuid-range\fR [\fIuid-range\fR...]\fR
1922 .ad
1923 .br
1924 .na
1925 \fB\fBrestricted-gid\fR \fIgid-range\fR [\fIgid-range\fR...]\fR
1926 .ad
1927 .br
1928 .na
1929 \fB\fBunrestricted-uid\fR \fIuid-range\fR [\fIuid-range\fR...]\fR
1930 .ad
1931 .br
1932 .na
1933 \fB\fBunrestricted-gid\fR \fIgid-range\fR [\fIgid-range\fR...]\fR
1934 .ad
1935 .sp .6
1936 .RS 4n
1937 These clauses control whether or not real or guest users will be allowed access
1938 to areas on the FTP site outside their home directories. These clauses are not
1939 meant to replace the use of \fBguestgroup\fR and \fBguestuser\fR. Instead, use
1940 these clauses to supplement the operation of guests. The \fBunrestricted-uid\fR
1941 and \fBunrestricted-gid\fR clauses may be used to allow users outside their
1942 home directories who would otherwise be restricted.
1943 .sp
1944 The following example shows the intended use for these clauses. Assume user
1945 \fBdick\fR has a home directory \fB/home/dick\fR and \fBjane\fR has a home
1946 directory \fB/home/jane\fR:
1947 .sp
1948 .in +2
1949 .nf
1950 guest-root /home dick jane
1951 restricted-uid dick jane
1952 .fi
1953 .in -2
1954 
1955 While both \fBdick\fR and \fBjane\fR are \fBchroot'd\fR to \fB/home\fR, they
1956 cannot access each other's files because they are restricted to their home
1957 directories. However, you should not rely solely upon the FTP restrictions to
1958 control access. As with all other FTP access rules, you should also use
1959 directory and file permissions to support the operation of the \fBftpaccess\fR
1960 configuration.
1961 .RE
1962 
1963 .sp
1964 .ne 2
1965 .na
1966 \fB\fBsite-exec-max-lines\fR \fInumber\fR [\fIclass\fR...]\fR
1967 .ad
1968 .sp .6
1969 .RS 4n
1970 The \fBSITE EXEC\fR feature traditionally limits the number of lines of output
1971 that may be sent to the remote client. Use this clause to set this limit. If
1972 this clause is omitted, the limit is 20 lines. A limit of 0 (zero) implies no
1973 limit. Be very careful if you choose to remove the limit. If a clause is found
1974 matching the remote user's class, that limit is used. Otherwise, the clause
1975 with class '*', or no class given, is used. For example:
1976 .sp
1977 .in +2
1978 .nf
1979 site-exec-max-lines 200 remote
1980 site-exec-max-lines 0 local
1981 site-exec-max-lines 25
1982 .fi
1983 .in -2
1984 
1985 limits output from \fBSITE EXEC\fR (and therefore \fBSITE INDEX\fR) to 200
1986 lines for remote users, specifies there is no limit at all for local users, and
1987 sets a limit of 25 lines for all other users.
1988 .RE
1989 
1990 .sp
1991 .ne 2
1992 .na
1993 \fB\fBdns refuse_mismatch\fR \fIfilename\fR [\fBoverride\fR]\fR
1994 .ad
1995 .sp .6
1996 .RS 4n
1997 Refuse FTP sessions when the forward and reverse lookups for the remote site do
1998 not match. Lookups are done using the system's name service as configured in
1999 \fBnsswitch.conf\fR(4). Display the named file, like a message file,
2000 admonishing the user. If the optional override is specified, allow the
2001 connection after complaining.
2002 .RE
2003 
2004 .sp
2005 .ne 2
2006 .na
2007 \fB\fBdns refuse_no_reverse\fR \fIfilename\fR [\fBoverride\fR]\fR
2008 .ad
2009 .sp .6
2010 .RS 4n
2011 Refuse FTP sessions when the remote host's IP address has no associated name.
2012 Lookups are done using the system's name service as configured in
2013 \fBnsswitch.conf\fR(4). Display the named file, such as a message file,
2014 admonishing the user. If the optional override is specified, allow the
2015 connection after complaining.
2016 .RE
2017 
2018 .sp
2019 .ne 2
2020 .na
2021 \fB\fBdns resolveroptions\fR [\fBoptions\fR]\fR
2022 .ad
2023 .sp .6
2024 .RS 4n
2025 Modify certain internal resolver variables. This only has an effect when DNS is
2026 used as the system's name service. The line takes a series of options which are
2027 used to set the RES_OPTIONS environment variable, see resolv.conf(4) for
2028 details. For example:
2029 .sp
2030 .in +2
2031 .nf
2032 dns resolveroptions rotate attempts:1
2033 .fi
2034 .in -2
2035 
2036 turns on querying name servers round-robin and selects querying each name
2037 server only once.
2038 .RE
2039 
2040 .sp
2041 .LP
2042 Lines that begin with a \fB#\fR sign are treated as comment lines and are
2043 ignored.
2044 .SH FILES
2045 .sp
2046 .ne 2
2047 .na
2048 \fB \fB/etc/ftpd/ftpaccess\fR\fR
2049 .ad
2050 .RS 24n
2051 
2052 .RE
2053 
2054 .SH ATTRIBUTES
2055 .sp
2056 .LP
2057 See \fBattributes\fR(5) for descriptions of the following attributes:
2058 .sp
2059 
2060 .sp
2061 .TS
2062 box;
2063 c | c
2064 l | l .
2065 ATTRIBUTE TYPE  ATTRIBUTE VALUE
2066 _
2067 Interface Stability     External
2068 .TE
2069 
2070 .SH SEE ALSO
2071 .sp
2072 .LP
2073 \fBcompress\fR(1), \fBls\fR(1), \fBtar\fR(1), \fBftpaddhost\fR(1M),
2074 \fBftpconfig\fR(1M), \fBftpshut\fR(1M), \fBin.ftpd\fR(1M), \fBchroot\fR(2),
2075 \fBnice\fR(2), \fBumask\fR(2), \fBgetgrnam\fR(3C), \fBresolver\fR(3RESOLV),
2076 \fBftpconversions\fR(4), \fBftpgroups\fR(4), \fBftpservers\fR(4),
2077 \fBftpusers\fR(4), \fBnsswitch.conf\fR(4), \fBresolv.conf\fR(4),
2078 \fBtimezone\fR(4), \fBxferlog\fR(4), \fBattributes\fR(5), \fBfnmatch\fR(5)
2079 .sp
2080 .LP
2081 Crocker, David H. \fIRFC 822, Standard For The Format Of ARPA Internet Text
2082 Messages\fR. Network Information Center. August 1982.
2083 .sp
2084 .LP
2085 St. Johns, Michael. \fIRFC 931, Authentication Server\fR. Network Working
2086 Group. January 1985.