2001-06-11 05:50:48 +04:00
|
|
|
.\" $NetBSD: ftpusers.5,v 1.11 2001/06/11 01:50:52 wiz Exp $
|
1999-12-16 04:16:04 +03:00
|
|
|
.\"
|
2001-04-25 05:46:25 +04:00
|
|
|
.\" Copyright (c) 1997-2001 The NetBSD Foundation, Inc.
|
1999-12-16 04:16:04 +03:00
|
|
|
.\" All rights reserved.
|
|
|
|
.\"
|
|
|
|
.\" This code is derived from software contributed to The NetBSD Foundation
|
|
|
|
.\" by Luke Mewburn.
|
|
|
|
.\"
|
|
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
|
|
.\" modification, are permitted provided that the following conditions
|
|
|
|
.\" are met:
|
|
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
|
|
.\" 3. All advertising materials mentioning features or use of this software
|
|
|
|
.\" must display the following acknowledgement:
|
|
|
|
.\" This product includes software developed by the NetBSD
|
|
|
|
.\" Foundation, Inc. and its contributors.
|
|
|
|
.\" 4. Neither the name of The NetBSD Foundation nor the names of its
|
|
|
|
.\" contributors may be used to endorse or promote products derived
|
|
|
|
.\" from this software without specific prior written permission.
|
|
|
|
.\"
|
|
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
|
|
|
|
.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
|
|
|
.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
|
|
.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
|
|
|
|
.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
|
|
.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
|
|
.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
|
|
.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
|
|
.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
|
|
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
|
|
.\" POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
.\"
|
2000-07-17 06:30:52 +04:00
|
|
|
.Dd July 17, 2000
|
1999-12-16 04:16:04 +03:00
|
|
|
.Dt FTPUSERS 5
|
|
|
|
.Os
|
|
|
|
.Sh NAME
|
1999-12-16 10:05:18 +03:00
|
|
|
.Nm ftpusers ,
|
|
|
|
.Nm ftpchroot
|
1999-12-16 04:16:04 +03:00
|
|
|
.Nd
|
|
|
|
.Xr ftpd 8
|
1999-12-16 10:05:18 +03:00
|
|
|
access control file
|
1999-12-16 04:16:04 +03:00
|
|
|
.Sh DESCRIPTION
|
|
|
|
The
|
|
|
|
.Nm
|
|
|
|
file provides user access control for
|
|
|
|
.Xr ftpd 8
|
1999-12-16 10:05:18 +03:00
|
|
|
by defining which users may login.
|
1999-12-16 04:16:04 +03:00
|
|
|
.Pp
|
1999-12-16 10:05:18 +03:00
|
|
|
If the
|
|
|
|
.Nm
|
|
|
|
file does not exist, all users are denied access.
|
1999-12-16 04:16:04 +03:00
|
|
|
.Pp
|
|
|
|
A
|
|
|
|
.Dq \e
|
|
|
|
is the escape character; it can be used to escape the meaning of the
|
|
|
|
comment character, or if it is the last character on a line, extends
|
|
|
|
a configuration directive across multiple lines.
|
|
|
|
A
|
|
|
|
.Dq #
|
|
|
|
is the comment character, and all characters from it to the end of
|
|
|
|
line are ignored (unless it is escaped with the escape character).
|
|
|
|
.Pp
|
|
|
|
The syntax of each line is:
|
2000-11-07 10:01:54 +03:00
|
|
|
.Dl userglob[:groupglob][@host] [directive [class]]
|
1999-12-16 04:16:04 +03:00
|
|
|
.Pp
|
1999-12-21 15:56:15 +03:00
|
|
|
These elements are:
|
|
|
|
.Bl -tag -width "groupglob" -offset indent
|
|
|
|
.It Sy userglob
|
2000-07-17 06:30:52 +04:00
|
|
|
matched against the user name, using
|
1999-12-21 15:56:15 +03:00
|
|
|
.Xr fnmatch 3
|
|
|
|
glob matching
|
|
|
|
(e.g,
|
|
|
|
.Sq f* ) .
|
|
|
|
.It Sy groupglob
|
|
|
|
matched against all the groups that the user is a member of, using
|
|
|
|
.Xr fnmatch 3
|
|
|
|
glob matching
|
|
|
|
(e.g,
|
|
|
|
.Sq *src ) .
|
|
|
|
.It Sy host
|
|
|
|
either a CIDR address (refer to
|
1999-12-16 04:16:04 +03:00
|
|
|
.Xr inet_net_pton 3 )
|
1999-12-21 15:56:15 +03:00
|
|
|
to match against the remote address
|
|
|
|
(e.g,
|
|
|
|
.Sq 1.2.3.4/24 ) ,
|
|
|
|
or a glob to match against the remote hostname
|
|
|
|
(e.g,
|
|
|
|
.Sq *.netbsd.org ) .
|
|
|
|
.It Sy directive
|
2000-05-31 03:53:37 +04:00
|
|
|
If
|
|
|
|
.Dq allow
|
1999-12-16 04:16:04 +03:00
|
|
|
or
|
2001-04-04 13:55:26 +04:00
|
|
|
.Dq yes
|
2000-05-31 03:53:37 +04:00
|
|
|
the user is allowed access.
|
1999-12-16 04:16:04 +03:00
|
|
|
If
|
2000-05-31 03:53:37 +04:00
|
|
|
.Dq deny
|
|
|
|
or
|
|
|
|
.Dq no ,
|
|
|
|
or
|
1999-12-16 04:16:04 +03:00
|
|
|
.Sy directive
|
|
|
|
is not given, the user is denied access.
|
1999-12-21 15:56:15 +03:00
|
|
|
.It Sy class
|
1999-12-16 04:16:04 +03:00
|
|
|
defines the class to use in
|
2001-04-04 13:55:26 +04:00
|
|
|
.Xr ftpd.conf 5 .
|
1999-12-21 15:56:15 +03:00
|
|
|
.El
|
|
|
|
.Pp
|
1999-12-16 04:16:04 +03:00
|
|
|
If
|
|
|
|
.Sy class
|
|
|
|
is not given, it defaults to one of the following:
|
|
|
|
.Bl -tag -width "chroot" -offset indent
|
|
|
|
.It Sy chroot
|
|
|
|
If there is a match in
|
|
|
|
.Sx /etc/ftpchroot
|
|
|
|
for the user.
|
|
|
|
.It Sy guest
|
2000-07-17 06:30:52 +04:00
|
|
|
If the user name is
|
1999-12-16 04:16:04 +03:00
|
|
|
.Dq anonymous
|
|
|
|
or
|
|
|
|
.Sq ftp .
|
|
|
|
.It Sy real
|
|
|
|
If neither of the above is true.
|
|
|
|
.El
|
|
|
|
.Pp
|
|
|
|
No further comparisons are attempted after the first successful match.
|
|
|
|
If no match is found, the user is granted access.
|
2001-06-11 05:50:48 +04:00
|
|
|
This syntax is backward-compatible with the old syntax.
|
1999-12-16 04:16:04 +03:00
|
|
|
.Pp
|
1999-12-18 08:51:34 +03:00
|
|
|
If a user requests a guest login, the
|
|
|
|
.Xr ftpd 8
|
|
|
|
server checks to see that
|
1999-12-16 04:16:04 +03:00
|
|
|
both
|
|
|
|
.Dq anonymous
|
|
|
|
and
|
|
|
|
.Dq ftp
|
|
|
|
have access, so if you deny all users by default, you will need to add both
|
|
|
|
.Dq "anonymous allow"
|
|
|
|
and
|
|
|
|
.Dq "ftp allow"
|
|
|
|
to
|
|
|
|
.Pa /etc/ftpusers
|
|
|
|
in order to allow guest logins.
|
|
|
|
.Ss /etc/ftpchroot
|
|
|
|
The file
|
|
|
|
.Pa /etc/ftpchroot
|
2000-07-17 06:30:52 +04:00
|
|
|
is used to determine which users will have their session's root directory
|
|
|
|
changed (using
|
|
|
|
.Xr chroot 2 ) ,
|
|
|
|
either to the directory specified in the
|
|
|
|
.Xr ftpd.conf 5
|
|
|
|
.Sy chroot
|
|
|
|
directive (if set),
|
|
|
|
or to the home directory of the user.
|
|
|
|
If the file does not exist, the root directory change is not performed.
|
1999-12-16 04:16:04 +03:00
|
|
|
.Pp
|
|
|
|
The syntax is similar to
|
|
|
|
.Nm "" ,
|
|
|
|
except that the
|
|
|
|
.Sy class
|
|
|
|
argument is ignored.
|
2000-05-31 03:53:37 +04:00
|
|
|
If there's a positive match, the session's root directory is changed.
|
1999-12-16 04:16:04 +03:00
|
|
|
No further comparisons are attempted after the first successful match.
|
2001-06-11 05:50:48 +04:00
|
|
|
This syntax is backward-compatible with the old syntax.
|
1999-12-16 04:16:04 +03:00
|
|
|
.Sh FILES
|
|
|
|
.Bl -tag -width /etc/ftpchroot -compact
|
|
|
|
.It Pa /etc/ftpchroot
|
|
|
|
List of normal users who should be
|
|
|
|
.Xr chroot 2 ed.
|
|
|
|
.It Pa /etc/ftpusers
|
|
|
|
This file.
|
2000-01-08 16:36:28 +03:00
|
|
|
.It Pa /usr/share/examples/ftpd/ftpusers
|
|
|
|
A sample
|
|
|
|
.Nm
|
|
|
|
file.
|
1999-12-16 04:16:04 +03:00
|
|
|
.El
|
|
|
|
.Sh SEE ALSO
|
|
|
|
.Xr fnmatch 3 ,
|
1999-12-16 10:05:18 +03:00
|
|
|
.Xr inet_net_pton 3 ,
|
1999-12-16 04:16:04 +03:00
|
|
|
.Xr ftpd.conf 5 ,
|
|
|
|
.Xr ftpd 8
|