System Administration Guide: Network Services

ProcedureHow to Restrict Access to the Default FTP Server

In addition to the controls mentioned previously, you can add explicit statements to the ftpaccess file to restrict access to the FTP server.

  1. Become superuser or assume an equivalent role.

    Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  2. Add the following entries to the ftpaccess file.

    1. By default, all users are allowed access to the default (non-virtual) FTP server. To deny access for specific users (other than anonymous), add the following entry:

      defaultserver deny username [username...]

      Keyword that is used to identify the non-virtual server to which access can be denied or allowed


      Login name of a user with restricted access to the defaultserver

    2. To allow access for users who are not listed on the deny line, add the following line:

      defaultserver allow username [username...]
    3. To prevent access by anonymous users, add the entry:

      defaultserver private

Example 28–5 Restricting Access to the Default FTP Server

defaultserver deny *
defaultserver allow username

The previous example states that the FTP server denies access to all users except anon users and those users who are listed on the allow line.

You can also use the ftphosts file to deny access to particular login accounts from various hosts. See ftphosts(4) for additional information.