JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
System Administration Guide: Network Services     Oracle Solaris 11 Express 11/10
search filter icon
search icon

Document Information

Preface

Part I Network Services Topics

1.  Network Service (Overview)

2.  Managing Web Cache Servers

3.  Time-Related Services

Part II Accessing Network File Systems Topics

4.  Managing Network File Systems (Overview)

5.  Network File System Administration (Tasks)

6.  Accessing Network File Systems (Reference)

Part III SLP Topics

7.  SLP (Overview)

8.  Planning and Enabling SLP (Tasks)

9.  Administering SLP (Tasks)

10.  Incorporating Legacy Services

11.  SLP (Reference)

Part IV Mail Services Topics

12.  Mail Services (Overview)

13.  Mail Services (Tasks)

14.  Mail Services (Reference)

Part V Serial Networking Topics

15.  Solaris PPP 4.0 (Overview)

16.  Planning for the PPP Link (Tasks)

17.  Setting Up a Dial-up PPP Link (Tasks)

18.  Setting Up a Leased-Line PPP Link (Tasks)

19.  Setting Up PPP Authentication (Tasks)

20.  Setting Up a PPPoE Tunnel (Tasks)

21.  Fixing Common PPP Problems (Tasks)

22.  Solaris PPP 4.0 (Reference)

23.  Migrating From Asynchronous Solaris PPP to Solaris PPP 4.0 (Tasks)

24.  UUCP (Overview)

25.  Administering UUCP (Tasks)

26.  UUCP (Reference)

Part VI Working With Remote Systems Topics

27.  Working With Remote Systems (Overview)

28.  Administering the FTP Server (Tasks)

Administering the FTP Server (Task Map)

Controlling FTP Server Access

How to Define FTP Server Classes

How to Set User Login Limits

How to Control the Number of Invalid Login Attempts

How to Disallow FTP Server Access to Particular Users

How to Restrict Access to the Default FTP Server

Setting Up FTP Server Logins

How to Set Up Real FTP Users

How to Set Up Guest FTP Users

How to Set Up Anonymous FTP Users

How to Create the /etc/shells file

Customizing Message Files

How to Customize Message Files

How to Create Messages to Be Sent to Users

How to Configure the README Option

Controlling Access to Files on the FTP Server

How to Control File Access Commands

Controlling Uploads and Downloads on the FTP Server

How to Control Uploads to the FTP Server

How to Control Downloads to the FTP Server

Virtual Hosting

How to Enable Limited Virtual Hosting

How to Enable Complete Virtual Hosting

Starting the FTP Server Automatically

How to Start an FTP Server Using SMF

How to Start a Standalone FTP Server in the Background

How to Start a Standalone FTP Server in the Foreground

Shutting Down the FTP Server

How to Shut Down the FTP Server

Debugging the FTP Server

How to Check syslogd for FTP Server Messages

How to Use greeting text to Verify ftpaccess

How to Check the Commands Executed by FTP Users

Configuration Help for Busy Sites

29.  Accessing Remote Systems (Tasks)

Part VII Monitoring Network Services Topics

30.  Monitoring Network Performance (Tasks)

Glossary

Index

Controlling Uploads and Downloads on the FTP Server

You can control uploads and downloads that are started to and from the FTP server by setting permissions on directories on the server. By default, uploads are not allowed for anonymous users. Be very careful when enabling anonymous uploads.

How to Control Uploads to the FTP Server

Add the directives to the ftpaccess file to specify upload permissions and error messages for upload failures.

  1. Become an administrator.

    For more information, see How to Obtain Administrative Rights in System Administration Guide: Security Services.

  2. Add the following entries to the ftpaccess file.

    To enable users to upload files, add the following entry:

    upload [absolute|relative] [class=<classname>]... [-] root-dir \
    dirglob yes|no owner group mode [dirs|nodirs] [<d_mode>]
    
    path-filter typelist mesg allowed-charset {disallowed regexp...}
    upload

    Keyword that is applied to users who have a home directory (the argument to chroot()) of the root-dir. The root-dir can be specified as “*” to match any home directory.

    absolute|relative

    Parameter that specifies whether the root-dir directory paths are interpreted as absolute or relative to the current chroot directory.

    class

    Keyword that is used to specify any number of class=<classname> restrictions. If restrictions are specified, the upload clause only becomes effective if the current user is a member of one of the specified classes.

    root-dir

    User's root directory and the home directory for anonymous users.

    dirglob

    A pattern to match a directory name. An asterisk can be used in any place or alone to signify any directory.

    yes|no

    Variable that allows or disallows upload to the FTP server.

    owner

    Owner of files that are uploaded into dirnames.

    group

    Group that is associated with files that are uploaded into dirnames.

    mode

    Parameter that is used to specify access permissions for uploaded files. The default mode 0440 prevents the anonymous account from reading uploaded files.

    dirs|nodirs

    Keyword that allows or disallows users to create subdirectories in a directory that is listed in dirnames.

    d_mode

    Optional mode that determines the permissions for a newly created directory.

    path-filter

    Keyword that controls the names of uploaded files.

    typelist

    A comma-separated list of any of the keywords anonymous, guest, and real.

    mesg

    Message file that is displayed fails to match the regexp criteria.

    allowed-charset {disallowed regexp...}

    Alphanumeric characters allowed or disallowed in file names.

Example 28-13 Controlling Uploads to the FTP Server

upload /export/home/ftp /incoming yes ftpadm ftpadmin 0440 nodirs
path-filter anonymous /etc/ftpd/filename.msg ^[-A-Za-z0-9._]*$ ^[.-]

The preceding example states the following:

Ownership and permissions on a directory into which anonymous uploads are allowed should be tightly controlled. The FTP Administrator should be the owner of all files uploaded to the FTP server. You need to create an FTP Administrator when anonymous users are allowed to upload files. The directory should be owned by the user ftpadm and group ftpadm with permissions set to 3773.

The access mode for files uploaded to the FTP server should be 0440. The 0440 mode prevents the anonymous account from reading uploaded files. This restriction protects your server from becoming a staging area for third-party file distribution.

To make uploaded files available for distribution, the FTP Administrator can move files to a public directory.

How to Control Downloads to the FTP Server

  1. Become an administrator.

    For more information, see How to Obtain Administrative Rights in System Administration Guide: Security Services.

  2. Add the following entries to the ftpaccess file to prevent users from retrieving files.
    noretrieve [absolute|relative] [class=classname]... [-] filename ...
    noretrieve

    Keyword that is used to deny retrieval of a particular file or files

    absolute|relative

    Parameter that specifies whether the root-dir directory paths are interpreted as absolute or relative to the current chroot directory

    class

    Keyword that is used to specify class=<classname> of users to which noretrieve restrictions apply

    filename

    Name of file the user is not permitted to retrieve

Example 28-14 Controlling Downloads to the FTP Server

noretrieve /etc/passwd

The preceding example states that all users are prevented from retrieving the /etc/passwd file.