FTPUSERS(5)               NetBSD File Formats Manual               FTPUSERS(5)

NNAAMMEE
     ffttppuusseerrss, ffttppcchhrroooott - tnftpd(8) access control file

DDEESSCCRRIIPPTTIIOONN
     The ffttppuusseerrss file provides user access control for tnftpd(8) by defining
     which users may login.

     If the ffttppuusseerrss file does not exist, all users are denied access.

     A ``\'' is the escape character; it can be used to escape the meaning of
     the comment character, or if it is the last character on a line, extends
     a configuration directive across multiple lines.  A ``#'' is the comment
     character, and all characters from it to the end of line are ignored
     (unless it is escaped with the escape character).

     The syntax of each line is:
           userglob[:groupglob][@host] [directive [class]]

     These elements are:

           uusseerrgglloobb   matched against the user name, using fnmatch(3) glob
                      matching (e.g, `f*').

           ggrroouuppgglloobb  matched against all the groups that the user is a member
                      of, using fnmatch(3) glob matching (e.g, `*src').

           hhoosstt       either a CIDR address (refer to inet_net_pton(3)) to
                      match against the remote address (e.g, `1.2.3.4/24'), or
                      an fnmatch(3) glob to match against the remote hostname
                      (e.g, `*.NetBSD.org').

           ddiirreeccttiivvee  If ``allow'' or ``yes'' the user is allowed access.  If
                      ``deny'' or ``no'', or ddiirreeccttiivvee is not given, the user
                      is denied access.

           ccllaassss      defines the class to use in ftpd.conf(5).

     If ccllaassss is not given, it defaults to one of the following:

           cchhrroooott  If there is a match in _/_e_t_c_/_f_t_p_c_h_r_o_o_t for the user.

           gguueesstt   If the user name is ``anonymous'' or `ftp'.

           rreeaall    If neither of the above is true.

     No further comparisons are attempted after the first successful match.
     If no match is found, the user is granted access.  This syntax is back-
     ward-compatible with the old syntax.

     If a user requests a guest login, the tnftpd(8) server checks to see that
     both ``anonymous'' and ``ftp'' have access, so if you deny all users by
     default, you will need to add both ``anonymous allow'' and ``ftp allow''
     to _/_e_t_c_/_f_t_p_u_s_e_r_s in order to allow guest logins.

   //eettcc//ffttppcchhrroooott
     The file _/_e_t_c_/_f_t_p_c_h_r_o_o_t is used to determine which users will have their
     session's root directory changed (using chroot(2)), either to the direc-
     tory specified in the ftpd.conf(5) cchhrroooott directive (if set), or to the
     home directory of the user.  If the file does not exist, the root direc-
     tory change is not performed.

     The syntax is similar to ffttppuusseerrss, except that the ccllaassss argument is
     ignored.  If there's a positive match, the session's root directory is
     changed.  No further comparisons are attempted after the first successful
     match.  This syntax is backward-compatible with the old syntax.

FFIILLEESS
     /etc/ftpchroot                     List of normal users who should have
                                        their ftp session's root directory
                                        changed by using chroot(2).
     /etc/ftpusers                      This file.
     /usr/share/examples/ftpd/ftpusers  A sample ffttppuusseerrss file.

SSEEEE AALLSSOO
     fnmatch(3), inet_net_pton(3), ftpd.conf(5), tnftpd(8)

NetBSD 1.6                     February 28, 2003                    NetBSD 1.6