xref: /netbsd-src/libexec/ftpd/ftpusers.5 (revision 3b01aba77a7a698587faaae455bbfe740923c1f5) 
1.\"	$NetBSD: ftpusers.5,v 1.11 2001/06/11 01:50:52 wiz Exp $
2.\"
3.\" Copyright (c) 1997-2001 The NetBSD Foundation, Inc.
4.\" All rights reserved.
5.\"
6.\" This code is derived from software contributed to The NetBSD Foundation
7.\" by Luke Mewburn.
8.\"
9.\" Redistribution and use in source and binary forms, with or without
10.\" modification, are permitted provided that the following conditions
11.\" are met:
12.\" 1. Redistributions of source code must retain the above copyright
13.\"    notice, this list of conditions and the following disclaimer.
14.\" 2. Redistributions in binary form must reproduce the above copyright
15.\"    notice, this list of conditions and the following disclaimer in the
16.\"    documentation and/or other materials provided with the distribution.
17.\" 3. All advertising materials mentioning features or use of this software
18.\"    must display the following acknowledgement:
19.\"        This product includes software developed by the NetBSD
20.\"        Foundation, Inc. and its contributors.
21.\" 4. Neither the name of The NetBSD Foundation nor the names of its
22.\"    contributors may be used to endorse or promote products derived
23.\"    from this software without specific prior written permission.
24.\"
25.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
26.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
27.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
28.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
29.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
30.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
31.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
32.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
33.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
34.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
35.\" POSSIBILITY OF SUCH DAMAGE.
36.\"
37.Dd July 17, 2000
38.Dt FTPUSERS 5
39.Os
40.Sh NAME
41.Nm ftpusers ,
42.Nm ftpchroot
43.Nd
44.Xr ftpd 8
45access control file
46.Sh DESCRIPTION
47The
48.Nm
49file provides user access control for
50.Xr ftpd 8
51by defining which users may login.
52.Pp
53If the
54.Nm
55file does not exist, all users are denied access.
56.Pp
57A
58.Dq \e
59is the escape character; it can be used to escape the meaning of the
60comment character, or if it is the last character on a line, extends
61a configuration directive across multiple lines.
62A
63.Dq #
64is the comment character, and all characters from it to the end of
65line are ignored (unless it is escaped with the escape character).
66.Pp
67The syntax of each line is:
68.Dl userglob[:groupglob][@host] [directive [class]]
69.Pp
70These elements are:
71.Bl -tag -width "groupglob" -offset indent
72.It Sy userglob
73matched against the user name, using
74.Xr fnmatch 3
75glob matching
76(e.g,
77.Sq f* ) .
78.It Sy groupglob
79matched against all the groups that the user is a member of, using
80.Xr fnmatch 3
81glob matching
82(e.g,
83.Sq *src ) .
84.It Sy host
85either a CIDR address (refer to
86.Xr inet_net_pton 3 )
87to match against the remote address
88(e.g,
89.Sq 1.2.3.4/24 ) ,
90or a glob to match against the remote hostname
91(e.g,
92.Sq *.netbsd.org ) .
93.It Sy directive
94If
95.Dq allow
96or
97.Dq yes
98the user is allowed access.
99If
100.Dq deny
101or
102.Dq no ,
103or
104.Sy directive
105is not given, the user is denied access.
106.It Sy class
107defines the class to use in
108.Xr ftpd.conf 5 .
109.El
110.Pp
111If
112.Sy class
113is not given, it defaults to one of the following:
114.Bl -tag -width "chroot" -offset indent
115.It Sy chroot
116If there is a match in
117.Sx /etc/ftpchroot
118for the user.
119.It Sy guest
120If the user name is
121.Dq anonymous
122or
123.Sq ftp .
124.It Sy real
125If neither of the above is true.
126.El
127.Pp
128No further comparisons are attempted after the first successful match.
129If no match is found, the user is granted access.
130This syntax is backward-compatible with the old syntax.
131.Pp
132If a user requests a guest login, the
133.Xr ftpd 8
134server checks to see that
135both
136.Dq anonymous
137and
138.Dq ftp
139have access, so if you deny all users by default, you will need to add both
140.Dq "anonymous allow"
141and
142.Dq "ftp allow"
143to
144.Pa /etc/ftpusers
145in order to allow guest logins.
146.Ss /etc/ftpchroot
147The file
148.Pa /etc/ftpchroot
149is used to determine which users will have their session's root directory
150changed (using
151.Xr chroot 2 ) ,
152either to the directory specified in the
153.Xr ftpd.conf 5
154.Sy chroot
155directive (if set),
156or to the home directory of the user.
157If the file does not exist, the root directory change is not performed.
158.Pp
159The syntax is similar to
160.Nm "" ,
161except that the
162.Sy class
163argument is ignored.
164If there's a positive match, the session's root directory is changed.
165No further comparisons are attempted after the first successful match.
166This syntax is backward-compatible with the old syntax.
167.Sh FILES
168.Bl -tag -width /etc/ftpchroot -compact
169.It Pa /etc/ftpchroot
170List of normal users who should be
171.Xr chroot 2 ed.
172.It Pa /etc/ftpusers
173This file.
174.It Pa /usr/share/examples/ftpd/ftpusers
175A sample
176.Nm
177file.
178.El
179.Sh SEE ALSO
180.Xr fnmatch 3 ,
181.Xr inet_net_pton 3 ,
182.Xr ftpd.conf 5 ,
183.Xr ftpd 8
184