test

System Administration Guide: Network Services

ProcedureHow to Set User Login Limits

You can limit the number of simultaneous logins by users of a certain class with directives that are set in the ftpaccess file. Each login limit contains the name of a class, a UUCP-style days-of-week list, and a message file to display if the limit is exceeded.

To set user login limits, follow the steps in the next procedure.

  1. Become superuser or assume an equivalent role.

    Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services. To configure a role with the Primary Administrator profile, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.

  2. Add the following entries to the ftpaccess file:


    limit class n times [message-file]
    limit

    Keyword that is used to restrict simultaneous logins by the specified number of users of a defined class at certain connection times.

    class

    A name that is defined by the class keyword. Each login is compared against a list of defined classes. The logged-in user is considered a member of the first class matched.

    n

    Number of users.

    times

    Day-of-week and time-of-day when the class can connect. Use Any for any day.

    message-file

    Message file that is displayed if a user is denied access.

Example 28–2 Setting User Login Limits


limit   anon     50  Wk0800-1800		/etc/ftpd/ftpmsg.deny
limit   anon    100  Any				/etc/ftpd/ftpmsg.deny
limit   guest   100  Any				/etc/ftpd/ftpmsg.deny

The first line of the preceding example shows a limit of 50 simultaneous logins that are allowed to users of class anon during weekly work hours. The second line limits anon users to 100 simultaneous logins outside of working hours. The last line shows a limit of 100 guest logins that are allowed at any time. For information on how to specify day and time parameters, see ftpaccess(4).

The example further indicates that the content of the file /etc/ftpd/ftpmsg.deny is returned when a specified login limit is reached, assuming ftpmsg.deny exists. For information on using the /usr/sbin/ftpcount command to view the number and login limit for each class of user who is logged in at a particular time, see ftpcount(1).

Users are allowed login to the FTP server unless a specified limit is reached. Anonymous users are logged in as the user ftp. Real users are logged in as themselves, and guests are logged in as real users with a chroot environment to limit access privileges.

For information on using the /usr/sbin/ftpwho command to check the identities of the users logged into the FTP server, see ftpwho(1).