Controlling Access to Files on the FTP Server

The FTP server access controls in this section supplement the standard file and directory access controls available with the Solaris release. Use the standard Solaris commands to restrict who can access, change, or upload files. See chmod(1), chown(1), and chgrp(1).

How to Control File Access Commands

To use the permission capabilities in ftpaccess to specify what type of user is allowed to perform which commands, do the following:

1. Become superuser or assume an equivalent role.

   Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

2. Add the following entries to the ftpaccess:

   command yes|no typelist

   command

   The commands chmod, delete, overwrite, rename, or umask

   yes|no

   Allows or disallows a user to issue a command

   typelist

   A comma-separated list of any of the keywords anonymous, guest, and real

Example 28–12 How to Control File Access Commands

The following are examples of permissions that are set for file access functions on FTP server.

chmod no anonymous, guest
delete    no anonymous
overwrite no anonymous
rename    no anonymous
umask     no guest, anonymous

The preceding example states the following:

• Anonymous users are not allowed to delete, overwrite, or rename files.

• Guests and anonymous users are both prevented from changing access modes and resetting the umask.