ftpd.deny(4M) TCP/IP 5.4R3.00 ftpd.deny(4M)
NAME
ftpd.allow, ftpd.deny - files to allow or disallow incoming FTP
sessions and to allow or disallow access from particular hosts
DESCRIPTION
The ftpd.allow and ftpd.deny files, located in the /etc directory,
give system administrators the ability to control File Transfer
Protocol (FTP) access to their systems.
These files list usernames (and alternatively hosts/networks) for FTP
server access control. If the file /etc/ftpd.allow exists, only
those usernames listed in it are allowed FTP access to this server.
If it does not exist, all usernames except those listed in
/etc/ftpd.deny will be allowed access. These configuration files may
also specify hosts/networks which are allowed to access the FTP
server. Access is validated by checking /etc/ftpd.allow first
followed by /etc/ftpd.deny. Note that it is possible to specify an
account in the allow file only to subsequently reject it in the deny
file. The file format is as follows:
username [ network [ netmask ]]
Username is a valid username as specified by /etc/passwd or NIS.
The '+' wildcard symbol may be used to specify all usernames.
Network is a dotted quad IP address which specifies networks (or
hosts) to which access is allowed or denied.
Netmask is a dotted quad IP address mask which is logically and'ed
with network to specify a range of addresses to allow or deny.
If an administrator wants to allow FTP access to a limited number of
users, those user's login names may be entered into the ftpd.allow
file. When that user attempts to ftp(1C) into the system, ftpd(1M)
scans the ftpd.allow file, finds the user's login name, and allows
access to that user. If ftpd(1M) is unable to find the user's login
name, FTP access is denied for that user.
If the ftpd.allow file does not exist, ftpd(1M) will assume that
access is allowed for all users except those listed in ftpd.deny.
FTP access may be denied to a particular user by entering that user's
login name into the ftpd.deny file. When that user attempts to
ftp(1C) into the system, ftpd(1M) scans the ftpd.deny file, finds the
user's login name, and denies access to that user.
EXAMPLES
All users on machines located on the 128.222.8 network may be granted
FTP access to the ftp server by specifying '+ 128.222.8.0
255.255.255.0' in the /etc/ftpd.allow file. Anonymous FTP access
from anywhere and normal user access from only the 128.222.0.0
network may be granted by specifying the records 'ftp' and '+
128.222.0.0 255.255.0.0' in the /etc/ftpd.allow file.
Licensed material--property of copyright holder(s) 1
ftpd.deny(4M) TCP/IP 5.4R3.00 ftpd.deny(4M)
FILES
/etc/ftpd.allow
/etc/ftpd.deny
SEE ALSO
ftp(1C), ftpd(1M), passwd(4).
Licensed material--property of copyright holder(s) 2