Controlling Access to Files on the FTP Server
The FTP server access controls in this section supplement the standard file and directory access controls available with the Solaris 9 operating environment. Use the standard Solaris commands to restrict who can access, change, or upload files. See chmod(1), chown(1), and chgrp(1).
How to Control File Access Commands
To use the permission capabilities in ftpaccess to specify what type of user is allowed to perform which commands, do the following:
Become superuser.
Add the following entries to the ftpaccess :
command yes|no typelist
command
The commands chmod, delete, overwrite, rename, or umask
yes|no
Allows or disallows a user to issue a command
typelist
A comma-separated list of any of the keywords "anonymous," "guest," and "real"
Example--How to Control File Access Commands
The following are examples of permissions that are set for file access functions on FTP server.
chmod no anonymous, guest delete no anonymous overwrite no anonymous rename no anonymous umask no guest, anonymous |
The preceding example states the following:
Anonymous users are not allowed to delete, overwrite, or rename files.
Guests and anonymous users are both prevented from changing access modes and resetting the umask.
Controlling Uploads and Downloads on the FTP Server
You can control uploads and downloads that are started to and from the FTP server by setting permissions on directories on the server. By default, uploads are not allowed for anonymous users. Be very careful when enabling anonymous uploads.
How to Control Uploads to the FTP Server
Add the directives to the ftpaccess file to specify upload permissions and error messages for upload failures.
Become superuser.
Add the following entries to the ftpaccess file.
To enable users to upload files, add the following entry:
upload [absolute|relative] [class=<classname>]... [-] root-dir \ dirglob yes|no owner group mode [dirs|nodirs] [<d_mode>] path-filter typelist mesg allowed_charset {disallowed regexp...}upload
Keyword that is applied to users who have a home directory (the argument to chroot()) of the root-dir . The root-dir can be specified as "*" to match any home directory.
absolute|relative
Parameter that specifies whether the root-dir directory paths are interpreted as absolute or relative to the current chroot directory.
class
Keyword that is used to specify any number of class=<classname> restrictions. If restrictions are specified, the upload clause only becomes effective if the current user is a member of one of the specified classes.
root-dir
User's root directory and the home directory for anonymous users.
dirglob
A pattern to match a directory name. An asterisk can be used in any place or alone to signify any directory.
yes|no
Variable that allows or disallows upload to the FTP server.
owner
Owner of files that are uploaded into dirnames.
group
Group that is associated with files that are uploaded into dirnames.
mode
Parameter that is used to specify access permissions for uploaded files. The default mode 0440 prevents the anonymous account from reading uploaded files.
dirs|nodirs
Keyword that allows or disallows users to create subdirectories in a directory that is listed in dirnames.
d_mode
Optional mode that determines the permissions for a newly created directory.
path-filter
Keyword that controls the names of uploaded files.
typelist
A comma-separated list of any of the keywords "anonymous," "guest," and "real."
mesg
Message file that is displayed fails to match the regexp criteria.
allowed_charset {disallowed regexp...}
Alphanumeric characters allowed or disallowed in file names.
Example--Controlling Uploads to the FTP Server
upload /export/home/ftp /incoming yes ftpadm ftpadmin 0440 nodirs path-filter anonymous /etc/ftpd/filename.msg ^[-A-Za-z0-9._]*$ ^[.-] |
The preceding example states the following:
FTP user accounts that use chroot to /export/home/ftp can upload to the /incoming directory. Uploaded files are owned by user ftpadm and the group ftpadmin. The mode is set to 0440 with the nodirs keyword to prevent anonymous users from creating subdirectories.
For anonymous users, a file name is any sequence of A-Z, a-z, 0-9, . (dot), - (dash), or _ (underline). File names cannot start with a . (dot) or - (dash). If a file name fails this filter, the /etc/ftpd/filename.msg message is displayed if the FTP Administrator has created the message file. This message is followed by an FTP server error message.
Note - Ownership and permissions on a directory into which anonymous uploads are allowed should be tightly controlled. The FTP Administrator should be the owner of all files uploaded to the FTP server. You need to create an FTP Administrator when anonymous users are allowed to upload files. The directory should be owned by the user ftpadm and group ftpadm with permissions set to 3773.
The access mode for files uploaded to the FTP server should be 0440. The 0440 mode prevents the anonymous account from reading uploaded files. This restriction protects your server from becoming a staging area for third-party file distribution.
To make uploaded files available for distribution, the FTP Administrator can move files to a public directory.
How to Control Downloads to the FTP Server
Become superuser.
Add the following entries to the ftpaccess file to prevent users from retrieving files.
noretrieve [absolute|relative] [class=classname]... [-] filename ...
noretrieve
Keyword that is used to deny retrieval of a particular file or files
absolute|relative
Parameter that specifies whether the root-dir directory paths are interpreted as absolute or relative to the current chroot directory
class
Keyword that is used to specify class=<classname> of users to which noretrieve restrictions apply
filename
Name of file the user is not permitted to retrieve
Example--Controlling Downloads to the FTP Server
noretrieve /etc/passwd |
The preceding example states that all users are prevented from retrieving the /etc/passwd file.
Virtual Hosting
Virtual hosting allows the FTP server to support multiple domains on the same machine. Each virtual host requires a separate logical interface and IP address.
The FTP server supports two types of virtual hosting: limited and complete. With limited virtual hosting, the same configuration files are used for all virtual hosts. With complete virtual hosting, separate configuration files can be used for each virtual host.
Note - By default, real and guest users are not allowed to log in to virtual hosts. You can set the following ftpaccess directives to override the default.
To allow access to specific users: virtual address allow username To deny access to anonymous users: virtual address private username |
See ftpaccess(4) for further information.