1 .\" $NetBSD: ftpusers.5,v 1.17 2008/09/13 02:41:52 lukem Exp $
3 .\" Copyright (c) 1997-2008 The NetBSD Foundation, Inc.
4 .\" All rights reserved.
6 .\" This code is derived from software contributed to The NetBSD Foundation
9 .\" Redistribution and use in source and binary forms, with or without
10 .\" modification, are permitted provided that the following conditions
12 .\" 1. Redistributions of source code must retain the above copyright
13 .\" notice, this list of conditions and the following disclaimer.
14 .\" 2. Redistributions in binary form must reproduce the above copyright
15 .\" notice, this list of conditions and the following disclaimer in the
16 .\" documentation and/or other materials provided with the distribution.
18 .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
19 .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
20 .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
21 .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
22 .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23 .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24 .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25 .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26 .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28 .\" POSSIBILITY OF SUCH DAMAGE.
42 file provides user access control for
44 by defining which users may login.
48 file does not exist, all users are denied access.
52 is the escape character; it can be used to escape the meaning of the
53 comment character, or if it is the last character on a line, extends
54 a configuration directive across multiple lines.
57 is the comment character, and all characters from it to the end of
58 line are ignored (unless it is escaped with the escape character).
60 The syntax of each line is:
61 .Dl userglob[:groupglob][@host] [directive [class]]
64 .Bl -tag -width "groupglob" -offset indent
66 matched against the user name, using
72 matched against all the groups that the user is a member of, using
78 either a CIDR address (refer to
80 to match against the remote address
85 glob to match against the remote hostname
93 the user is allowed access.
100 is not given, the user is denied access.
102 defines the class to use in
108 is not given, it defaults to one of the following:
109 .Bl -tag -width "chroot" -offset indent
111 If there is a match in
120 If neither of the above is true.
123 No further comparisons are attempted after the first successful match.
124 If no match is found, the user is granted access.
125 This syntax is backward-compatible with the old syntax.
127 If a user requests a guest login, the
129 server checks to see that
134 have access, so if you deny all users by default, you will need to add both
135 .Dq "anonymous allow"
140 in order to allow guest logins.
144 is used to determine which users will have their session's root directory
147 either to the directory specified in the
151 or to the home directory of the user.
152 If the file does not exist, the root directory change is not performed.
154 The syntax is similar to
159 If there's a positive match, the session's root directory is changed.
160 No further comparisons are attempted after the first successful match.
161 This syntax is backward-compatible with the old syntax.
163 .Bl -tag -width /usr/share/examples/ftpd/ftpusers -compact
164 .It Pa /etc/ftpchroot
165 List of normal users who should have their ftp session's root directory
170 .It Pa /usr/share/examples/ftpd/ftpusers
177 .Xr inet_net_pton 3 ,