ftpshut

Zdenek Havelka zdenekh na bigfoot.com
Pondělí Červenec 7 18:57:26 CEST 1997


Jaroslav Brandis wrote:

> pozrel som obsah toho suboru a videl som nieco taketo:
>
> 1905 05 32 04 134217780 0010 0005
> System shutdown at %s

Nechapu ta cisla, melo by to byt
<year> <month> <day> <hour> <minute> <deny ofset> <disc ofset> text
<time system to going shutdown>

ale ty honoty tomu tedy moc neodpovidaji.

podivejte se na man ftpaccess (posilam /usr/man/man5/ftpaccess.5)


--
Zdenek Havelka
mail: zdenekh na bigfoot.com
"In a World Without Fences, Who Needs Gates?"

------------- další část ---------------
.\" SCCSID: @(#)$Id: ftpaccess.5,v 1.6 1996/04/15 05:50:02 sob Exp sob $

.\" 

.\" 

.TH ftpaccess 5 

.SH Name

ftpaccess \- ftpd configuration file

.SH Description

The ftpaccess file is used to configure the operation of 

.MS ftpd 1 .

.SH Access Capabilities

.TP 0.5i

.B autogroup <groupname> <class> [<class> ...]

If an ANONYMOUS user is a member of any of <class>, the ftp

server will perform a setegid() to <groupname>.  This allows

access to group-and-owner-read-only files and directories to

a particular class of anonymous users. <groupname> is a valid

group from /etc/group (or wherever mechanism your

.IR getgrent(2)

library routine uses).

.TP 0.5i

.B class <class> <typelist> <addrglob> [<addrglob> ...]

Define <class> of users, with source addresses of the form

<addrglob>.  Multiple members of <class> may be defined.  There

may be multiple "class" commands listing additional members of

the class.  If multiple "class" commands can apply to the

current session, the first one listed in the access file is

used.  Failing to define a valid class for a host will cause

access to be denied.  <typelist> is a comma-separated list of

any of the keywords "anonymous", "guest" and "real".  If the

"real" keyword is included, the class can match users using FTP

to access real accounts, and if the "anonymous" keyword is

included the class can match users using anonymous FTP.  The

"guest" keyword matches guest access accounts (see "guestgroup"

for more information)



<addrglob> may be a globbed domain name or a globbed numeric

address.

.TP 0.5i

.B deny <addrglob> <message_file>

Always deny access to host(s) matching <addrglob>.  <message_file>

is displayed.  <addrglob> may be "!nameserved" to deny access to

sites without a working nameserver.

.TP 0.5i

.B guestgroup <groupname> [<groupname> ...]

If a REAL user is a member of any of <groupname>, the session

is set up exactly as with anonymous FTP.  In other words, a

chroot() is done, and the user is no longer permitted to issue

the USER and PASS commands.  <groupname> is a valid group

from /etc/group (or whatever mechanism your 

.IR getgrent(3) 

library routine uses).



The user's home directory must be properly set up, exactly as

anonymous FTP would be.  The home directory field of the

passwd entry is divided into two directories.  The first

field is the root directory which will be the argument

to the 

.IR chroot(2) 

call.  The second half is the user's 

home directory relative to the root directory.  The

two halves are separated by a "/./".



Example:



in /etc/passwd, the real entry:



guest1:<passwd>:100:92:Guest Account:/ftp/./incoming:/etc/ftponly



When guest1 successfully logs in, the ftp server will

chroot("/ftp") and then chdir("/incoming").  The

guest user will only be able to access the directory structure

under /ftp (which will look and act as / to guest1), just as an

anonymous FTP user would.

.TP 0.5i

.B limit <class> <n> <times> <message_file>

Limit <class> to <n> users at times <times>, displaying

<message_file> if user is denied access.  Limit check is

performed at login time only.  If multiple "limit" commands can

apply to the current session, the first applicable one is

used.  Failing to define a valid limit, or a limit of -1, is

equivalent to unlimited. <times> is in same format as the times

in the UUCP L.sys file.

.TP 0.5i

.B noretrieve <filename> <filename> ....

Always deny retrieve-ability of these files. If the files are an

absolute path specification (i.e. begins with '/' character) then

only those files are marked un-gettable, otherwise all files with

matching the filename are refused transfer. Example:



	noretrieve /etc/passwd core



specifies no one will be able to get the file /etc/passwd whereas

they will be allowed to transfer a file `passwd' if it is not in 

/etc. On the other hand no one will be able to get files named

`core' wherever it is.



No globbing is done.

.TP 0.5i

.B loginfails <number>

After <number> login failures, log a "repeated login failures"

message and terminate the FTP connection.  Default value is 5.

.TP 0.5i

.B private <yes|no>

After user logs in, the SITE GROUP and SITE GPASS commands may

be used to specify an enhanced access group and associated

password.  If the group name and password are valid, the user

becomes (via setegid()) a member of the group specified in the

group access file /etc/ftpgroups.



The format of the group access file is:



access_group_name:encrypted_password:real_group_name



where access_group_name is an arbitrary (alphanumeric +

punctuation) string.  encrypted_password is the password

encrypted via 

.IR crypt(3), 

exactly like in /etc/passwd.

real_group_name is the name of a valid group listed in

/etc/group.



NOTE: For this option to work for anonymous FTP users, the ftp

server must keep /etc/group permanently open and the group

access file is loaded into memory.  This means that (1) the ftp

server now has an additional file descriptor open, and (2) the

necessary passwords and access privileges granted to users via

SITE GROUP will be static for the duration of an FTP session.

If you have an urgent need to change the access groups and/or

passwords *NOW*, you just kill all of the running FTP servers.

.SH Informational Capabilities

.TP 0.5i

.B banner <path>

Works similarly to the message command, except that the banner

is displayed before the user enters the username/password.  The

<path> is relative to the real system root, not the base of the

anonymous FTP directory.



WARNING: use of this command can completely prevent non-compliant

FTP clients from making use of the FTP server.  Not all clients

can handle multi-line responses (which is how the banner is

displayed).

.TP 0.5i

.B email <name>

Defines the email address of the ftp archive maintainer.  This string

will be printed every time the %E magic cookie is used.

.TP 0.5i

.B message <path> {<when> {<class> ...}}

Define a file with <path> such that ftpd will display the

contents of the file to the user login time or upon using the

change working directory command.  The <when> parameter may be

"LOGIN" or "CWD=<dir>".  If <when> is "CWD=<dir>", <dir>

specifies the new default directory which will trigger the

notification.



The optional <class> specification allows the message to be

displayed only to members of a particular class.  More than one

class may be specified.



There can be "magic cookies" in the readme file which cause the

ftp server to replace the cookie with a specified text string:



      %T      local time (form Thu Nov 15 17:12:42 1990)

      %F      free space in partition of CWD (kbytes)

              [not supported on all systems]

      %C      current working directory

      %E      the maintainer's email address as defined in ftpaccess

      %R      remote host name

      %L      local host name

      %u      username as determined via RFC931 authentification

      %U      username given at login time

      %M      maximum allowed number of users in this class

      %N      current number of users in this class



The message will only be displayed once to avoid annoying the

user.  Remember that when MESSAGEs are triggered by an

anonymous FTP user, the <path> must be relative to the base of

the anonymous FTP directory tree.

.TP 0.5i

.B readme <path> {<when> {<class>}}

Define a file with <path> such that ftpd will notify user at

login time or upon using the change working directory command

that the file exists and was modified on such-and-such date.

The <when> parameter may be "LOGIN" or "CWD=<dir>".  If <when>

is "CWD=<dir>", <dir> specifies the new default directory which

will trigger the notification.  The message will only be

displayed once, to avoid bothering users.  Remember that when

README messages are triggered by an anonymous FTP user, the

<path> must be relative to the base of the anonymous FTP

directory tree.



The optional <class> specification allows the message to be

displayed only to members of a particular class.  More than one

class may be specified.

.SH Logging Capabilities

.TP 0.5i

.B log commands <typelist>

Enables logging of individual commands by users.  <typelist> is

a comma-separated list of any of the keywords "anonymous",

"guest" and "real".  If the "real" keyword is included, logging

will be done for users using FTP to access real accounts, and

if the "anonymous" keyword is included logging will done for

users using anonymous FTP.  The "guest" keyword matches guest

access accounts (see "guestgroup" for more information).

.TP 0.5i

.B log transfers <typelist> <directions>

Enables logging of file transfers for either real or anonymous

FTP users.  Logging of transfers TO the server (incoming) can

be enabled separately from transfers FROM the server

(outbound).  <typelist> is a comma-separated list of any of the

keywords "anonymous", "guest" and "real".  If the "real"

keyword is included, logging will be done for users using FTP

to access real accounts, and if the "anonymous" keyword is

included logging will done for users using anonymous FTP. The

"guest" keyword matches guest access accounts (see "guestgroup"

for more information).  <directions> is a comma-separated list

of any of the two keywords "inbound" and "outbound", and will

respectively cause transfers to be logged for files sent to the

server and sent from the server.

.SH Miscellaneous Capabilities

.TP 0.5i

.B alias <string> <dir>

Defines an alias, <string>, for a directory.  Can be

used to add the concept of logical directories.



For example:

  alias   rfc:    /pub/doc/rfc



would allow the user to access /pub/doc/rfc from any

directory by the command "cd rfc:".  Aliases only

apply to the cd command.

.TP 0.5i

.B cdpath <dir>

Defines an entry in the cdpath. This defines a search path that is used

when changing directories.



For example:



  cdpath /pub/packages

  cdpath /.aliases



would allow the user to cd into any directory directly under

/pub/packages or /.aliases directories. The search path is defined by

the order the lines appear in the ftpaccess file.



If the user were to give the command:



  cd foo



The directory will be searched for in the following order:



  ./foo

  an alias called "foo"

  /pub/packages/foo

  /.aliases/foo



The cd path is only available with the cd command. If you have a large

number of aliases you might want to set up an aliases directory with

links to all of the areas you wish to make available to users.

.TP 0.5i

.B compress <yes|no> <classglob> [<classglob> ...]

.TP 0.5i

.B tar <yes|no> <classglob> [<classglob> ...]

Enables compress or tar capabilities for any class matching any

of <classglob>.  The actual conversions are defined in the 

external file FTPLIB/ftpconversions.

.TP 0.5i

.B shutdown <path>

If the file pointed to by <path> exists, the server will check

the file regularly to see if the server is going to be shut

down.  If a shutdown is planned, the user is notified, new

connections are denied after a specified time before shutdown

and current connections are dropped at a specified time before

shutdown.  <path> points to a file structured as follows:



 <year> <month> <day> <hour> <minute> <deny_offset> <disc_offset>

 <text>



 <year> any year > 1970

 <month> 0-11 <---- LOOK!

 <hour> 0-23

 <minute> 0-59



<deny_offset> and <disc_offset> are the offsets in HHMM format

before the shutdown time that new connections will be denied and

existing connections will be disconnected.



<text> follows the normal rules for any message (see "message"),

with the following additional magic cookies available:



     %s      time system is going to shut down

     %r      time new connections will be denied

     %d      time current connections will be dropped



all times are in the form: ddd MMM DD hh:mm:ss YYYY.  There can

be only one "shutdown" command in the configuration file.



The external program ftpshut(8) can be used to automate the

process of generating this file.

.TP 0.5i

.B virtual <address> <root|banner|logfile> <path>

Enables the virtual ftp server capabilities. The <address> is the ip address

of the virtual server. The second arguement specifies that the <path> is either

the path to the 

.B root

of the filesystem for this virtual server, the

.B banner

presented to the user when connecting to this virtual server, or the

.B logfile 

where transfers are recorded for this virtual server. If the

.B logfile

is not specified the default logfile will be used. 

All  other message files and permissions as well as any

other settings in this file apply to all virtual servers. 



NOTE: Your operating system may not support this feature. It has been tested

on BSD/OS, Solaris 2.X and Linux.



.SH Permission Capabilities

.TP 0.5i

.B chmod <yes|no> <typelist>

.TP 0.5i

.B delete <yes|no> <typelist>

.TP 0.5i

.B overwrite <yes|no> <typelist>

.TP 0.5i

.B rename <yes|no> <typelist>

.TP 0.5i

.B umask <yes|no> <typelist>

Allows or disallows the ability to perform

the specified function.  By default, all users 

are allowed.



<typelist> is a comma-separated list of any of the

keywords "anonymous", "guest" and "real".

.TP 0.5i

.B passwd-check <none|trivial|rfc822> (<enforce|warn>)

Define the level and enforcement of password checking

done by the server for anonymous ftp.



  none      no password checking performed.

  trivial   password must contain an '@'.

  rfc822    password must be an rfc822 compliant address.



  warn      warn the user, but allow them to log in.

  enforce   warn the user, and then log them out.

.TP 0.5i

.B path-filter <typelist> <mesg> <allowed_charset> {<disallowed regexp> ...}

For users in <typelist>, path-filter defines regular expressions 

that control what a filename can or can not be.  There may be 

multiple disallowed regexps.  If a filename is invalid due to 

failure to match the regexp criteria, <mesg> will be displayed to

the user.  For example:



  path-filter anonymous /etc/pathmsg ^[-A-Za-z0-9\._]*$ ^\. ^-



specifies that all upload filenames for anonymous users must be

made of only the characters A-Z, a-z, 0-9, and "._-" and may not

begin with a "." or a "-".  If the filename is invalid, /etc/pathmsg

will be displayed to the user.

.TP 0.5i

.B upload <root-dir> <dirglob> <yes|no> <owner> <group> <mode> ["dirs"|"nodirs"]

Define a directory with <dirglob> that permits or

denies uploads.



If it does permit uploads, all files will be owned

by <owner> and <group> and will have the permissions

set according to <mode>.



Directories are matched on a best-match basis.



For example:

  upload  /var/ftp  *               no

  upload  /var/ftp  /incoming       yes  ftp  daemon  0666

  upload  /var/ftp  /incoming/gifs  yes  jlc  guest   0600  nodirs



This would only allow uploads into /incoming and 

/incoming/gifs.  Files that were uploaded to 

/incoming would be owned by ftp/daemon and would

have permissions of 0666.  File uploaded to 

/incoming/gifs would be owned by jlc/guest and

have permissions of 0600. Note that the <root-dir> here must 

match the home directory specified in the password database for the

"ftp" user.



The optional "dirs" and "nodirs" keywords can be

specified to allow or disallow the creation of

new subdirectories using the mkdir command.



The upload keyword only applies to users who

have a home directory (the argument to the chroot() )

of <root-dir>.

.SH Files

FTPLIB/ftpaccess

.SH See Also

.MS ftpd 1 ,

.MS umask 2 ,

.MS ftplog 5 ,

.MS ftpconversions 5 ,

.MS ftpshut 8





Další informace o konferenci Linux