In addition to the controls mentioned previously, you can add explicit statements to the ftpaccess file to restrict access to the FTP server.
Become superuser.
Add the following entries to the ftpaccess file.
By default, all users are allowed access to the default (non-virtual) FTP server. To deny access for specific users (other than anonymous), add the following entry:
defaultserver deny username [username...] |
defaultserver |
Keyword that is used to identify the non-virtual server to which access can be denied or allowed |
username |
Login name of a user with restricted access to the defaultserver |
To allow access for users who are not listed on the deny line, add the following line:
defaultserver allow username [username...] |
To prevent access by anonymous users, add the entry:
defaultserver private |
defaultserver deny * defaultserver allow username |
The previous example states that the FTP server denies access to all users except anon users and those users who are listed on the allow line.
You can also use the ftphosts file to deny access to particular login accounts from various hosts. See ftphosts(4) for additional information.