ftpaccess.ctl File

Purpose

Specifies FTP host access parameters.

Description

The /etc/ftpaccess.ctl file is searched for lines that start with allow:, deny:, readonly:, writeonly:, readwrite:, useronly:, grouponly:, herald: and/or motd:. Other lines are ignored. If the file doesn't exist, then ftp access is allowed for all hosts. The allow: and deny: lines are for restricting host access. The readonly:, writeonly: and readwrite: lines are for restricting ftp reads (get) and writes (put). The useronly: and grouponly: lines are for defining anonymous users. The herald: and motd: lines are for multiline messages before and after login.

Syntax

The syntax for all lines in /etc/ftpaccess.ctl are in the form:

keyword: value, value, ...

where one can specify one or more values for every keyword. One can have multiple lines with the same keyword. The lines in /etc/ftpaccess.ctl are limited to 1024 characters and anything greater than 1024 characters will be ignored. The syntax for the allow: and deny: lines are:

allow: host, host, ... dent: host, host, ...

If an allow: line is specified, than only the hosts listed in all the allow: lines are allowed ftp access. All other hosts will be refused ftp access. If there are no allow: line(s), then all hosts will be given ftp access except those hosts specified in the deny: line(s). The host can be specified as either a hostname or IP address.

The syntax for the readonly:, writeonly: and readwrite: lines are:

readonly: dirname, dirname, ... writeonly: dirname, dirname, ... readwrite: dirname, dirname, ...

The readonly: lines list the readonly directories and the writeonly: lines list the writeonly directories. If one wants read access in a writeonly directory or if one wants write access in a readonly directory, then access is denied. All other directories are granted access except when a readwrite: line(s) is specified. If a readwrite: line(s) is specified, only directories listed in the readwrite: line and/or listed in the readonly: line are granted access for reading, and only directories listed in the readwrite: line and/or listed in the writeonly: line are granted access for writing. Also, these lines can have a value of ALL or NONE.

The syntax for the useronly: and grouponly: lines are:

useronly: username, username, ... grouponly: groupname, groupname, ...

The username is from /etc/passwd and the groupname is from /etc/group. The useronly: line defines an anonymous user. The grouponly: line defines a group of anonymous users. These anonymous users are similar to the user anonymous in that ftp activity is restricted to their home directories.

The syntax for the herald: and motd: lines are:

 herald: path motd: on|off

The path is the full path name of the file that contains the multiline herald that will be displayed before login. When the motd: line has a value of ON, then the $HOME/motd file contains the multiline message that will displayed after login. If the user is a defined anonymous user, then the /etc/motd file contains the multiline message that will displayed after login. (Note that /etc/motd is in the anonymous user's chroot'ed home directory). The default for the motd: line is OFF.