# /etc/ftpusers as you've never seen it before! # (This is actually /etc/pam/ftp.conf or /etc/pam.ftp, by default) # A typical (complex) config file for use with pam_vars # # $Log$ # # Filestructure by Overkill Software. PVF Rev 1.00 # This star can go here or after the defaults. It doesn't really matter. :USER: * deny=true SHELL=/bin/false # Remnant of earlier policy # readonly=true # lc_filenames=true # dostrans=".txt .htm" :ANON: deny=true SHELL=/bin/true USER=anonymous # Checking the password remains the job of pam_ftp.so # uid, gid, chroot will presumably be handled by ftpd UID=anonymous GID=anonymous chroot=/home/ftp readonly=false # Vanilla anon users (could put ,s after first two, but no need) anonymous anon ftp # But we're letting guest in as read-only anon ftp at any time-of-day guest deny=false readonly=true pam_time=*;*;*;Al0000-2400 ::ANON # Most folk get to use it between 0600-1800 (enforced by a modified pam_time # which presumably notices the pam_time variable, although it should # really accept it in a split-up form, because that would be much more # readable) # But ftp presumably handles umask, map, and dostrans. :MOSTFOLK: deny=false pam_time=*;*;*;!Al0600-1800 umask=022 map=.htm:.html dostrans=.txt .htm # This guy is instead barred between 0800h and 2000h, and gets extra stuff # but can only look around in his $HOME or in .../docs/hacker hacker deny=false pam_time=*;*;*;!Al0800-2000 umask=002 lc_filenames=true map+=.JPG:.jpg .GIF:.gif restriction=/home/http/uk-/co-/some-/www-/docs/hacker $HOME # This guy is just MOSTFOLK joeuser ::MOSTFOLK :SAMBAUSERS: deny=false SHELL=/etc/passwd dave john russell ::SAMBAUSERS # Give root ftp access to these users and never keep them out. :) # Because deny isn't true or false, it's passed on as a variable for # something else to mess about with. Again, ftp handles uid, as with anon. :NICEFOLK: UID=0 deny=retinalscan|phonetap mi5 mi6 nsa fbi cia ::NICEFOLK ::USER