1.\" $NetBSD: ftpusers.5,v 1.6 2000/05/30 23:53:37 lukem Exp $ 2.\" 3.\" Copyright (c) 1997-2000 The NetBSD Foundation, Inc. 4.\" All rights reserved. 5.\" 6.\" This code is derived from software contributed to The NetBSD Foundation 7.\" by Luke Mewburn. 8.\" 9.\" Redistribution and use in source and binary forms, with or without 10.\" modification, are permitted provided that the following conditions 11.\" are met: 12.\" 1. Redistributions of source code must retain the above copyright 13.\" notice, this list of conditions and the following disclaimer. 14.\" 2. Redistributions in binary form must reproduce the above copyright 15.\" notice, this list of conditions and the following disclaimer in the 16.\" documentation and/or other materials provided with the distribution. 17.\" 3. All advertising materials mentioning features or use of this software 18.\" must display the following acknowledgement: 19.\" This product includes software developed by the NetBSD 20.\" Foundation, Inc. and its contributors. 21.\" 4. Neither the name of The NetBSD Foundation nor the names of its 22.\" contributors may be used to endorse or promote products derived 23.\" from this software without specific prior written permission. 24.\" 25.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 26.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 27.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 28.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 29.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 30.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 31.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 32.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 33.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 34.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 35.\" POSSIBILITY OF SUCH DAMAGE. 36.\" 37.Dd May 31, 2000 38.Dt FTPUSERS 5 39.Os 40.Sh NAME 41.Nm ftpusers , 42.Nm ftpchroot 43.Nd 44.Xr ftpd 8 45access control file 46.Sh DESCRIPTION 47The 48.Nm 49file provides user access control for 50.Xr ftpd 8 51by defining which users may login. 52.Pp 53If the 54.Nm 55file does not exist, all users are denied access. 56.Pp 57A 58.Dq \e 59is the escape character; it can be used to escape the meaning of the 60comment character, or if it is the last character on a line, extends 61a configuration directive across multiple lines. 62A 63.Dq # 64is the comment character, and all characters from it to the end of 65line are ignored (unless it is escaped with the escape character). 66.Pp 67The syntax of each line is: 68.Pp 69.Dl userglob[:groupglob][@host] [directive [class]] 70.Pp 71These elements are: 72.Bl -tag -width "groupglob" -offset indent 73.It Sy userglob 74matched against the username, using 75.Xr fnmatch 3 76glob matching 77(e.g, 78.Sq f* ) . 79.It Sy groupglob 80matched against all the groups that the user is a member of, using 81.Xr fnmatch 3 82glob matching 83(e.g, 84.Sq *src ) . 85.It Sy host 86either a CIDR address (refer to 87.Xr inet_net_pton 3 ) 88to match against the remote address 89(e.g, 90.Sq 1.2.3.4/24 ) , 91or a glob to match against the remote hostname 92(e.g, 93.Sq *.netbsd.org ) . 94.It Sy directive 95If 96.Dq allow 97or 98.Dq yes 99the user is allowed access. 100If 101.Dq deny 102or 103.Dq no , 104or 105.Sy directive 106is not given, the user is denied access. 107.It Sy class 108defines the class to use in 109.Xr ftpd.conf 8 . 110.El 111.Pp 112If 113.Sy class 114is not given, it defaults to one of the following: 115.Bl -tag -width "chroot" -offset indent 116.It Sy chroot 117If there is a match in 118.Sx /etc/ftpchroot 119for the user. 120.It Sy guest 121If the username is 122.Dq anonymous 123or 124.Sq ftp . 125.It Sy real 126If neither of the above is true. 127.El 128.Pp 129No further comparisons are attempted after the first successful match. 130If no match is found, the user is granted access. 131This syntax is backward-compatable with the old syntax. 132.Pp 133If a user requests a guest login, the 134.Xr ftpd 8 135server checks to see that 136both 137.Dq anonymous 138and 139.Dq ftp 140have access, so if you deny all users by default, you will need to add both 141.Dq "anonymous allow" 142and 143.Dq "ftp allow" 144to 145.Pa /etc/ftpusers 146in order to allow guest logins. 147.Ss /etc/ftpchroot 148The file 149.Pa /etc/ftpchroot 150is used to determine which users will have their session's root changed 151to the user's home directory (using 152.Xr chroot 2 ) . 153If the file does not exist, the root change is not performed. 154.Pp 155The syntax is similar to 156.Nm "" , 157except that the 158.Sy class 159argument is ignored. 160If there's a positive match, the session's root directory is changed. 161No further comparisons are attempted after the first successful match. 162This syntax is backward-compatable with the old syntax. 163.Sh FILES 164.Bl -tag -width /etc/ftpchroot -compact 165.It Pa /etc/ftpchroot 166List of normal users who should be 167.Xr chroot 2 ed. 168.It Pa /etc/ftpusers 169This file. 170.It Pa /usr/share/examples/ftpd/ftpusers 171A sample 172.Nm 173file. 174.El 175.Sh SEE ALSO 176.Xr fnmatch 3 , 177.Xr inet_net_pton 3 , 178.Xr ftpd.conf 5 , 179.Xr ftpd 8 180