1.\" $NetBSD: ftpusers.5,v 1.13 2001/12/01 16:24:24 wiz Exp $ 2.\" 3.\" Copyright (c) 1997-2001 The NetBSD Foundation, Inc. 4.\" All rights reserved. 5.\" 6.\" This code is derived from software contributed to The NetBSD Foundation 7.\" by Luke Mewburn. 8.\" 9.\" Redistribution and use in source and binary forms, with or without 10.\" modification, are permitted provided that the following conditions 11.\" are met: 12.\" 1. Redistributions of source code must retain the above copyright 13.\" notice, this list of conditions and the following disclaimer. 14.\" 2. Redistributions in binary form must reproduce the above copyright 15.\" notice, this list of conditions and the following disclaimer in the 16.\" documentation and/or other materials provided with the distribution. 17.\" 3. All advertising materials mentioning features or use of this software 18.\" must display the following acknowledgement: 19.\" This product includes software developed by the NetBSD 20.\" Foundation, Inc. and its contributors. 21.\" 4. Neither the name of The NetBSD Foundation nor the names of its 22.\" contributors may be used to endorse or promote products derived 23.\" from this software without specific prior written permission. 24.\" 25.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 26.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 27.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 28.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 29.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 30.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 31.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 32.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 33.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 34.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 35.\" POSSIBILITY OF SUCH DAMAGE. 36.\" 37.Dd July 17, 2000 38.Dt FTPUSERS 5 39.Os 40.Sh NAME 41.Nm ftpusers , 42.Nm ftpchroot 43.Nd 44.Xr ftpd 8 45access control file 46.Sh DESCRIPTION 47The 48.Nm 49file provides user access control for 50.Xr ftpd 8 51by defining which users may login. 52.Pp 53If the 54.Nm 55file does not exist, all users are denied access. 56.Pp 57A 58.Dq \e 59is the escape character; it can be used to escape the meaning of the 60comment character, or if it is the last character on a line, extends 61a configuration directive across multiple lines. 62A 63.Dq # 64is the comment character, and all characters from it to the end of 65line are ignored (unless it is escaped with the escape character). 66.Pp 67The syntax of each line is: 68.Dl userglob[:groupglob][@host] [directive [class]] 69.Pp 70These elements are: 71.Bl -tag -width "groupglob" -offset indent 72.It Sy userglob 73matched against the user name, using 74.Xr fnmatch 3 75glob matching 76(e.g, 77.Sq f* ) . 78.It Sy groupglob 79matched against all the groups that the user is a member of, using 80.Xr fnmatch 3 81glob matching 82(e.g, 83.Sq *src ) . 84.It Sy host 85either a CIDR address (refer to 86.Xr inet_net_pton 3 ) 87to match against the remote address 88(e.g, 89.Sq 1.2.3.4/24 ) , 90or an 91.Xr fnmatch 3 92glob to match against the remote hostname 93(e.g, 94.Sq *.netbsd.org ) . 95.It Sy directive 96If 97.Dq allow 98or 99.Dq yes 100the user is allowed access. 101If 102.Dq deny 103or 104.Dq no , 105or 106.Sy directive 107is not given, the user is denied access. 108.It Sy class 109defines the class to use in 110.Xr ftpd.conf 5 . 111.El 112.Pp 113If 114.Sy class 115is not given, it defaults to one of the following: 116.Bl -tag -width "chroot" -offset indent 117.It Sy chroot 118If there is a match in 119.Sx /etc/ftpchroot 120for the user. 121.It Sy guest 122If the user name is 123.Dq anonymous 124or 125.Sq ftp . 126.It Sy real 127If neither of the above is true. 128.El 129.Pp 130No further comparisons are attempted after the first successful match. 131If no match is found, the user is granted access. 132This syntax is backward-compatible with the old syntax. 133.Pp 134If a user requests a guest login, the 135.Xr ftpd 8 136server checks to see that 137both 138.Dq anonymous 139and 140.Dq ftp 141have access, so if you deny all users by default, you will need to add both 142.Dq "anonymous allow" 143and 144.Dq "ftp allow" 145to 146.Pa /etc/ftpusers 147in order to allow guest logins. 148.Ss /etc/ftpchroot 149The file 150.Pa /etc/ftpchroot 151is used to determine which users will have their session's root directory 152changed (using 153.Xr chroot 2 ) , 154either to the directory specified in the 155.Xr ftpd.conf 5 156.Sy chroot 157directive (if set), 158or to the home directory of the user. 159If the file does not exist, the root directory change is not performed. 160.Pp 161The syntax is similar to 162.Nm "" , 163except that the 164.Sy class 165argument is ignored. 166If there's a positive match, the session's root directory is changed. 167No further comparisons are attempted after the first successful match. 168This syntax is backward-compatible with the old syntax. 169.Sh FILES 170.Bl -tag -width /usr/share/examples/ftpd/ftpusers -compact 171.It Pa /etc/ftpchroot 172List of normal users who should have their ftp session's root directory 173changed by using 174.Xr chroot 2 . 175.It Pa /etc/ftpusers 176This file. 177.It Pa /usr/share/examples/ftpd/ftpusers 178A sample 179.Nm 180file. 181.El 182.Sh SEE ALSO 183.Xr fnmatch 3 , 184.Xr inet_net_pton 3 , 185.Xr ftpd.conf 5 , 186.Xr ftpd 8 187