How to Control File Access Commands
To use the permission capabilities in ftpaccess to specify what type of user is allowed to perform which commands, do the following:
-
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
-
Add the following entries to the ftpaccess:
command yes|no typelist
- command
-
The commands chmod, delete, overwrite, rename, or umask
- yes|no
-
Allows or disallows a user to issue a command
- typelist
-
A comma-separated list of any of the keywords anonymous, guest, and real
Example 28–12 How to Control File Access Commands
The following are examples of permissions that are set for file access functions on FTP server.
chmod no anonymous, guest delete no anonymous overwrite no anonymous rename no anonymous umask no guest, anonymous |
The preceding example states the following:
-
Anonymous users are not allowed to delete, overwrite, or rename files.
-
Guests and anonymous users are both prevented from changing access modes and resetting the umask.
- © 2010, Oracle Corporation and/or its affiliates