ftpd.deny(4M) DG/UX R4.11MU05 ftpd.deny(4M)
NAME
ftpd.allow, ftpd.deny - FTP service access configuration files.
DESCRIPTION
The ftpd.allow and ftpd.deny files, located in the /etc directory,
allow system administrators to configure File Transfer Protocol (FTP)
access on their systems.
If the file /etc/ftpd.allow exists, only those usernames listed in it
are allowed access to this FTP server. If it does not exist, all
usernames except those listed in /etc/ftpd.deny will be allowed
access. Additionally, these files may contain configuration
information which grants (or denies) FTP service access for users on
specific hosts or networks. Access is validated by checking
/etc/ftpd.allow first followed by /etc/ftpd.deny. Note that it is
possible to grant service access to an account in the allow file only
to subsequently deny service access to it in the deny file.
/etc/ftpd.allow
This file lists usernames which are allowed FTP service.
Additionally, each record may contain network/netmask and
per-user configuration information. The /etc/ftpd.allow
file format is as follows:
username [network [netmask]] : maxsess timeout
maxtimeout umask
Where:
username is a valid username as specified by /etc/passwd
or NIS. The '+' wildcard symbol may be used to
specify all usernames.
network is a dotted quad IP address which specifies
networks (or hosts) to which access is allowed.
If unspecified, FTP service access is granted to
username from all hosts/networks.
netmask is a dotted quad IP address mask which is
logically and'ed with network to specify a range
of addresses which are allowed FTP service.
max_sess is the number of concurrent ftp connections
allowed for the username. If '-' is specified,
max concurrent sessions for the username is as
defined globally by the ftpd '-s' switch.
timeout is a number specifying the inactivity time-out
period (in secs) for the username. If '-' is
specified, the timeout value for username is as
defined globally by the ftpd '-t' switch.
maxtimeout
is a number specifying the maximum inactivity
time-out period (in secs) the user may specify
via the ftpd 'SITE IDLE' command. If '-' is
specified, the max-timeout value for the username
is as defined globally by the ftpd '-T' switch.
umask is an octal number specifying the default umask
for the username. If '-' is specified, the
default umask value for the username is as
defined globally by the ftpd '-u' (or '-U')
switch.
/etc/ftpd.deny
This file lists usernames (and alternatively
hosts/networks) which are denied FTP service. The
/etc/ftpd.deny file format is as follows:
username [network [netmask]]
Where:
username is a valid username as specified by /etc/passwd
or NIS. The '+' wildcard symbol may be used to
specify all usernames.
network is a dotted quad IP address which specifies
networks (or hosts) to which access is denied.
If unspecified, FTP service access is denied to
username from all hosts/networks.
netmask is a dotted quad IP address mask which is
logically and'ed with network to specify a range
of addresses which are denied FTP service.
If an administrator wants to allow FTP access to a limited number of
users, those user's login names may be entered into the ftpd.allow
file. When that user attempts to ftp(1C) into the system, ftpd(1M)
scans the ftpd.allow file, finds the user's login name, and allows
access to that user. If ftpd(1M) is unable to find the user's login
name, FTP access is denied for that user.
If the ftpd.allow file does not exist, ftpd(1M) will assume that
access is allowed for all users except those listed in ftpd.deny.
FTP access may be denied to a particular user by entering that user's
login name into the ftpd.deny file. When that user attempts to
ftp(1C) into the system, ftpd(1M) scans the ftpd.deny file, finds the
user's login name, and denies access to that user.
EXAMPLES
All users on machines located on the 128.222.8 network may be granted
FTP access to the ftp server by specifying '+ 128.222.8.0
255.255.255.0' in the /etc/ftpd.allow file. Anonymous FTP access
from anywhere and normal user access from only the 128.222.0.0
network may be granted by specifying the records 'ftp' and '+
128.222.0.0 255.255.0.0' in the /etc/ftpd.allow file.
FILES
/etc/ftpd.allow
/etc/ftpd.deny
SEE ALSO
ftp(1C), ftpd(1M), passwd(4).
Licensed material--property of copyright holder(s)