1.\" $NetBSD: ftpusers.5,v 1.4 1999/12/21 12:56:15 lukem Exp $ 2.\" 3.\" Copyright (c) 1997-1999 The NetBSD Foundation, Inc. 4.\" All rights reserved. 5.\" 6.\" This code is derived from software contributed to The NetBSD Foundation 7.\" by Luke Mewburn. 8.\" 9.\" Redistribution and use in source and binary forms, with or without 10.\" modification, are permitted provided that the following conditions 11.\" are met: 12.\" 1. Redistributions of source code must retain the above copyright 13.\" notice, this list of conditions and the following disclaimer. 14.\" 2. Redistributions in binary form must reproduce the above copyright 15.\" notice, this list of conditions and the following disclaimer in the 16.\" documentation and/or other materials provided with the distribution. 17.\" 3. All advertising materials mentioning features or use of this software 18.\" must display the following acknowledgement: 19.\" This product includes software developed by the NetBSD 20.\" Foundation, Inc. and its contributors. 21.\" 4. Neither the name of The NetBSD Foundation nor the names of its 22.\" contributors may be used to endorse or promote products derived 23.\" from this software without specific prior written permission. 24.\" 25.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 26.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 27.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 28.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 29.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 30.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 31.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 32.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 33.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 34.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 35.\" POSSIBILITY OF SUCH DAMAGE. 36.\" 37.Dd December 21, 1999 38.Dt FTPUSERS 5 39.Os 40.Sh NAME 41.Nm ftpusers , 42.Nm ftpchroot 43.Nd 44.Xr ftpd 8 45access control file 46.Sh DESCRIPTION 47The 48.Nm 49file provides user access control for 50.Xr ftpd 8 51by defining which users may login. 52.Pp 53If the 54.Nm 55file does not exist, all users are denied access. 56.Pp 57A 58.Dq \e 59is the escape character; it can be used to escape the meaning of the 60comment character, or if it is the last character on a line, extends 61a configuration directive across multiple lines. 62A 63.Dq # 64is the comment character, and all characters from it to the end of 65line are ignored (unless it is escaped with the escape character). 66.Pp 67The syntax of each line is: 68.Pp 69.Dl userglob[:groupglob][@host] [directive [class]] 70.Pp 71These elements are: 72.Bl -tag -width "groupglob" -offset indent 73.It Sy userglob 74matched against the username, using 75.Xr fnmatch 3 76glob matching 77(e.g, 78.Sq f* ) . 79.It Sy groupglob 80matched against all the groups that the user is a member of, using 81.Xr fnmatch 3 82glob matching 83(e.g, 84.Sq *src ) . 85.It Sy host 86either a CIDR address (refer to 87.Xr inet_net_pton 3 ) 88to match against the remote address 89(e.g, 90.Sq 1.2.3.4/24 ) , 91or a glob to match against the remote hostname 92(e.g, 93.Sq *.netbsd.org ) . 94.It Sy directive 95one of 96.Dq allow , 97.Dq yes , 98.Dq deny , 99or 100.Dq no . 101If 102.Sy directive 103is not given, the user is denied access. 104.It Sy class 105defines the class to use in 106.Xr ftpd.conf 8 . 107.El 108.Pp 109If 110.Sy class 111is not given, it defaults to one of the following: 112.Bl -tag -width "chroot" -offset indent 113.It Sy chroot 114If there is a match in 115.Sx /etc/ftpchroot 116for the user. 117.It Sy guest 118If the username is 119.Dq anonymous 120or 121.Sq ftp . 122.It Sy real 123If neither of the above is true. 124.El 125.Pp 126No further comparisons are attempted after the first successful match. 127If no match is found, the user is granted access. 128This syntax is backward-compatable with the old syntax. 129.Pp 130If a user requests a guest login, the 131.Xr ftpd 8 132server checks to see that 133both 134.Dq anonymous 135and 136.Dq ftp 137have access, so if you deny all users by default, you will need to add both 138.Dq "anonymous allow" 139and 140.Dq "ftp allow" 141to 142.Pa /etc/ftpusers 143in order to allow guest logins. 144.Ss /etc/ftpchroot 145The file 146.Pa /etc/ftpchroot 147is used to determine which users will have their session's root changed 148to the user's home directory (using 149.Xr chroot 2 ) . 150If the file does not exist, the root change is not performed. 151.Pp 152The syntax is similar to 153.Nm "" , 154except that the 155.Sy class 156argument is ignored. 157If there's a positive match, the root is changed. 158No further comparisons are attempted after the first successful match. 159This syntax is backward-compatable with the old syntax. 160.Sh FILES 161.Bl -tag -width /etc/ftpchroot -compact 162.It Pa /etc/ftpchroot 163List of normal users who should be 164.Xr chroot 2 ed. 165.It Pa /etc/ftpusers 166This file. 167.El 168.Sh SEE ALSO 169.Xr fnmatch 3 , 170.Xr inet_net_pton 3 , 171.Xr ftpd.conf 5 , 172.Xr ftpd 8 173