How to Restrict Access to the Default FTP Server

In addition to the controls mentioned previously, you can add explicit statements to the ftpaccess file to restrict access to the FTP server.

1. Become superuser or assume an equivalent role.

   Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services. To configure a role with the Primary Administrator profile, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.

2. Add the following entries to the ftpaccess file.

   1. By default, all users are allowed access to the default (non-virtual) FTP server. To deny access for specific users (other than anonymous), add the following entry:

      defaultserver deny username [username...]

      defaultserver

      Keyword that is used to identify the non-virtual server to which access can be denied or allowed

      username

      Login name of a user with restricted access to the defaultserver

   2. To allow access for users who are not listed on the deny line, add the following line:

      defaultserver allow username [username...]

   3. To prevent access by anonymous users, add the entry:

      defaultserver private

Example 28–5 Restricting Access to the Default FTP Server

defaultserver deny *
defaultserver allow username

The previous example states that the FTP server denies access to all users except anon users and those users who are listed on the allow line.

You can also use the ftphosts file to deny access to particular login accounts from various hosts. See ftphosts(4) for additional information.