[laoxia抄袭]SOLARIS 9 FTP server configuration

近期关于SOLARIS 9 的FTP 问题较多，俺老虾看在眼里，急在心上


Chapter 43 Administering the FTP Server (Tasks)
This chapter includes tasks that are described in the following table to set up and administer an FTP server.

Table 43–1 Task Map: Administering the FTP Server Task
Description
For Instructions

Configure access to the FTP server
Use the ftpaccess, ftpusers, and the ftphosts files in the /etc/ftpd directory to establish or restrict access to the FTP server.
How to Set User Login Limits

How to Control the Number of Invalid Login Attempts

How to Disallow FTP Server Access to Particular Users

How to Restrict Access to the Default FTP Server

How to Define FTP Server Classes

Set up FTP server logins
Establish login accounts for real, guest and anonymous users.
How to Set Up Real FTP Users

How to Set Up Guest FTP Users

How to Set Up Anonymous FTP Users

How to Create the /etc/shells file

Customize message files
Edit the /etc/ftpd/ftpaccess file to configure the FTP server to return messages to the FTP client related to specific events.
How to Customize Message Files

How to Create Messages to Be Sent to Users

How to Configure the README Option

Configure access to files on the FTP server
Use the /etc/ftpd/ftpaccess file to specify classes of users who are allowed to execute certain commands or to download and upload files to the FTP server.
How to Configure DA Discovery for Dial-up Networks

Controlling Uploads and Downloads on the FTP Server

Enable limited or complete virtual hosting
Use the /etc/ftpd/ftpaccess file to configure the FTP server to support multiple domains on the same machine.
How to Enable Limited Virtual Hosting

How to Enable Complete Virtual Hosting

Start the FTP server
Edit the /etc/inet/inetd.conf file to start the FTP server in nowait or standalone mode.
How to Start an FTP Server From inetd.conf

How to Start a Standalone FTP Server

Shut down the FTP server
Use the /etc/ftpd/ftpaccess file and run the ftpshut to shut down the FTP server.
Shutting Down the FTP Server

Troubleshoot some common FTP server problems
Check syslogd and use greeting text and log commands to debug problems on the FTP server. How to Check syslogd for FTP Server Messages

How to Use greeting text to Verify ftpaccess

How to Check the Commands Executed by FTP Users



Controlling FTP Server Access
You can use the following configuration files in the /etc/ftpd directory to control access to the FTP server.

ftpusers is used to list users who are denied access to the FTP server.

ftphosts is used to allow or deny login from various hosts to various accounts on the FTP server.

ftpaccess is the main FTP configuration file. The FTP server only reads the /etc/ftpd/ftpaccess file if called with the -a option. When the ftpaccess file is used, all users must be members of a class to be allowed access to the FTP server. You can specify many ftpaccess directives that apply only to a particular class.

For further information, see ftpusers(4), ftphosts(4), and ftpaccess(4)


--------------------------------------------------------------------------------
Note –
In all FTP server configuration files, lines beginning with # signs are treated as comments.


--------------------------------------------------------------------------------


How to Define FTP Server Classes
To log in to the FTP server, users must be members of a class when the ftpaccess file is used. To add the class directive to the ftpaccess file, you specify the class name, typelist of users who are permitted access from a particular host.

Become superuser.

Add entries for anonymous, guest, and real users in the ftpaccess file.



class class typelist addrglob[addrglob...]

class
Keyword that is used to define FTP users.

class
A name that is defined by the class keyword. Each login is compared against a list of defined classes. The logged in user is considered a member of the first class matched.

typelist
A comma-separated list of the keywords that match the three types of users: anonymous, guest, and real.

addrglob
A globbed domain name or a globbed numeric address. The addrglob can also be the name of a file, starting with a slash (`/`), which contains additional address globs: address:netmask or address/cidr.

Here are some examples of globbed addresses:

Numeric IPv4 address: 10.1.2.3

Globbed domain name *.provider.com

Globbed numeric IPv4 address 10.1.2.*

Numeric IPv4 address:netmask 10.1.2.0:255.255.255.0

Numeric IPv4 address/CIDR 10.1.2.0/24

Numeric IPv6 address: 2000::56:789:21ff:fe8f:ba98

Numeric IPv6 address/CIDR: 2000::56:789:21ff:fe8f:ba98/120





Example—Defining FTP Server Classes


class  local  real,guest,anonymous *.provider.com
class  remote real,guest,anonymous *


The previous example defines the local class as any user of the type real, guest, or anonymous who logs in from *.provider.com. The last line defines remote as any user who logs in from anywhere other than *.provider.com.

How to Set User Login Limits
You can limit the number of simultaneous logins by users of a certain class with directives that are set in the ftpaccess file. Each login limit contains the name of a class, a UUCP-style days-of-week list, and a message file to display if the limit is exceeded.

To set user login limits, follow the steps in the next procedure.

Become superuser.

Add the following entries to the ftpaccess file:



limit class n times [message_file]

limit
Keyword that is used to restrict simultaneous logins by the specified number of users of a defined class at certain connection times.

class
A name that is defined by the class keyword. Each login is compared against a list of defined classes. The logged-in user is considered a member of the first class matched.

n
Number of users.

times
Day-of-week and time-of-day when the class can connect. Use Any for any day.

message_file
Message file that is displayed if a user is denied access.




Example—Setting User Login Limits


limit   anon     50  Wk0800-1800                /etc/ftpd/ftpmsg.deny
limit   anon    100  Any                                /etc/ftpd/ftpmsg.deny
limit   guest   100  Any                                /etc/ftpd/ftpmsg.deny


The first line of the preceding example shows a limit of 50 simultaneous logins that are allowed to users of class anon during weekly work hours. The second line limits anon users to 100 simultaneous logins outside of working hours. The last line shows a limit of 100 guest logins that are allowed at any time. For information on how to specify day and time parameters, see ftpaccess(4).

The example further indicates that the content of the file /etc/ftpd/ftpmsg.deny is returned when a specified login limit is reached, assuming ftpmsg.deny exists. For information on using the /usr/sbin/ftpcount command to view the number and login limit for each class of user who is logged in at a particular time, see ftpcount(1).

Users are allowed login to the FTP server unless a specified limit is reached. Anonymous users are logged in as the user ftp. Real users are logged in as themselves, and guests are logged in as real users with a chroot environment to limit access privileges.

For information on using the /usr/sbin/ftpwho command to check the identities of the users logged into the FTP server, see ftpwho(1).

How to Control the Number of Invalid Login Attempts
If a login to the FTP server fails because of a problem such as misspelling required information, login is usually repeated. The user is allowed a specific number of consecutive login attempts before a message is logged to the syslog file. At that point, the user is disconnected. You can set a failure limit on the number of login attempts by following steps in the next procedure.

Become superuser.

Add the following entries to the ftpaccess file.



loginfails n

loginfails
Keyword that is used to assign the number of login failures that are permitted before the FTP connection is terminated

n
Number of times a login can fail




Example—Controlling the Number of Invalid Login Attempts


loginfails 10


The preceding example states that the user is disconnected from the FTP server after 10 failed login attempts.

How to Disallow FTP Server Access to Particular Users
The /etc/ftpd/ftpusers file lists names of users who are not allowed to log in to the FTP server. When login is attempted, the FTP server checks the /etc/ftpd/ftpusers file to determine whether the user should be denied access. If the user's name is not found in that file, the server then searches the /etc/ftpusers file.

If the user's name is matched in /etc/ftpusers, a syslogd message is written with a statement that the match was found in a deprecated file. The message also recommends the use of /etc/ftpd/ftpusers instead of /etc/ftpusers.


--------------------------------------------------------------------------------
Note –
Support for the /etc/ftpusers file has been deprecated in this release. If the /etc/ftpusers file exists when the FTP server is installed, the file is moved to /etc/ftpd/ftpusers.


--------------------------------------------------------------------------------

For additional information, see syslogd(1M), in.ftpd(1M), and ftpusers(4)

Become superuser.

Add entries to the /etc/ftpd/ftpusers file for users who are not allowed to log in to the FTP server.

Example—How to Disallow FTP Server Access


root
daemon
bin
sys
adm
lp
uccp
nuucp
listen
nobody
noaccess
nobody4


The previous example lists the typical entries in the ftpusers file. User names match entries in the /etc/passwd. The list generally includes the superuser root and other administrative and system application identities.

The root entry is included in the ftpusers file as a security measure. The default security policy is to disallow remote logins for root. The policy is also followed for the default value that is set as the CONSOLE entry in the /etc/default/loginfile. See login(1).

How to Restrict Access to the Default FTP Server
In addition to the controls mentioned previously, you can add explicit statements to the ftpaccess file to restrict access to the FTP server.

Become superuser.

Add the following entries to the ftpaccess file.

By default, all users are allowed access to the default (non-virtual) FTP server. To deny access for specific users (other than anonymous), add the following entry:



defaultserver deny username [username...]

defaultserver
Keyword that is used to identify the non-virtual server to which access can be denied or allowed

username
Login name of a user with restricted access to the defaultserver




To allow access for users who are not listed on the deny line, add the following line:



defaultserver allow username [username...]


To prevent access by anonymous users, add the entry:



defaultserver private


Example—Restricting Access to the Default FTP Server


defaultserver deny *
defaultserver allow username


The previous example states that the FTP server denies access to all users except anon users and those users who are listed on the allow line.

You can also use the ftphosts file to deny access to particular login accounts from various hosts. See ftphosts(4) for additional information.

How to Define FTP Server Classes
To log in to the FTP server, users must be members of a class when the ftpaccess file is used. To add the class directive to the ftpaccess file, you specify the class name, typelist of users who are permitted access from a particular host.

Become superuser.

Add entries for anonymous, guest, and real users in the ftpaccess file.



class class typelist addrglob[addrglob...]

class
Keyword that is used to define FTP users.

class
A name that is defined by the class keyword. Each login is compared against a list of defined classes. The logged in user is considered a member of the first class matched.

typelist
A comma-separated list of the keywords that match the three types of users: anonymous, guest, and real.

addrglob
A globbed domain name or a globbed numeric address. The addrglob can also be the name of a file, starting with a slash (`/`), which contains additional address globs: address:netmask or address/cidr.

Here are some examples of globbed addresses:

Numeric IPv4 address: 10.1.2.3

Globbed domain name *.provider.com

Globbed numeric IPv4 address 10.1.2.*

Numeric IPv4 address:netmask 10.1.2.0:255.255.255.0

Numeric IPv4 address/CIDR 10.1.2.0/24

Numeric IPv6 address: 2000::56:789:21ff:fe8f:ba98

Numeric IPv6 address/CIDR: 2000::56:789:21ff:fe8f:ba98/120





Example—Defining FTP Server Classes


class  local  real,guest,anonymous *.provider.com
class  remote real,guest,anonymous *


The previous example defines the local class as any user of the type real, guest, or anonymous who logs in from *.provider.com. The last line defines remote as any user who logs in from anywhere other than *.provider.com.

How to Set User Login Limits
You can limit the number of simultaneous logins by users of a certain class with directives that are set in the ftpaccess file. Each login limit contains the name of a class, a UUCP-style days-of-week list, and a message file to display if the limit is exceeded.

To set user login limits, follow the steps in the next procedure.

Become superuser.

Add the following entries to the ftpaccess file:



limit class n times [message_file]

limit
Keyword that is used to restrict simultaneous logins by the specified number of users of a defined class at certain connection times.

class
A name that is defined by the class keyword. Each login is compared against a list of defined classes. The logged-in user is considered a member of the first class matched.

n
Number of users.

times
Day-of-week and time-of-day when the class can connect. Use Any for any day.

message_file
Message file that is displayed if a user is denied access.




Example—Setting User Login Limits


limit   anon     50  Wk0800-1800                /etc/ftpd/ftpmsg.deny
limit   anon    100  Any                                /etc/ftpd/ftpmsg.deny
limit   guest   100  Any                                /etc/ftpd/ftpmsg.deny


The first line of the preceding example shows a limit of 50 simultaneous logins that are allowed to users of class anon during weekly work hours. The second line limits anon users to 100 simultaneous logins outside of working hours. The last line shows a limit of 100 guest logins that are allowed at any time. For information on how to specify day and time parameters, see ftpaccess(4).

The example further indicates that the content of the file /etc/ftpd/ftpmsg.deny is returned when a specified login limit is reached, assuming ftpmsg.deny exists. For information on using the /usr/sbin/ftpcount command to view the number and login limit for each class of user who is logged in at a particular time, see ftpcount(1).

Users are allowed login to the FTP server unless a specified limit is reached. Anonymous users are logged in as the user ftp. Real users are logged in as themselves, and guests are logged in as real users with a chroot environment to limit access privileges.

For information on using the /usr/sbin/ftpwho command to check the identities of the users logged into the FTP server, see ftpwho(1).

How to Control the Number of Invalid Login Attempts
If a login to the FTP server fails because of a problem such as misspelling required information, login is usually repeated. The user is allowed a specific number of consecutive login attempts before a message is logged to the syslog file. At that point, the user is disconnected. You can set a failure limit on the number of login attempts by following steps in the next procedure.

Become superuser.

Add the following entries to the ftpaccess file.



loginfails n

loginfails
Keyword that is used to assign the number of login failures that are permitted before the FTP connection is terminated

n
Number of times a login can fail




Example—Controlling the Number of Invalid Login Attempts


loginfails 10


The preceding example states that the user is disconnected from the FTP server after 10 failed login attempts.

How to Disallow FTP Server Access to Particular Users
The /etc/ftpd/ftpusers file lists names of users who are not allowed to log in to the FTP server. When login is attempted, the FTP server checks the /etc/ftpd/ftpusers file to determine whether the user should be denied access. If the user's name is not found in that file, the server then searches the /etc/ftpusers file.

If the user's name is matched in /etc/ftpusers, a syslogd message is written with a statement that the match was found in a deprecated file. The message also recommends the use of /etc/ftpd/ftpusers instead of /etc/ftpusers.


--------------------------------------------------------------------------------
Note –
Support for the /etc/ftpusers file has been deprecated in this release. If the /etc/ftpusers file exists when the FTP server is installed, the file is moved to /etc/ftpd/ftpusers.


--------------------------------------------------------------------------------

For additional information, see syslogd(1M), in.ftpd(1M), and ftpusers(4)

Become superuser.

Add entries to the /etc/ftpd/ftpusers file for users who are not allowed to log in to the FTP server.

Example—How to Disallow FTP Server Access


root
daemon
bin
sys
adm
lp
uccp
nuucp
listen
nobody
noaccess
nobody4


The previous example lists the typical entries in the ftpusers file. User names match entries in the /etc/passwd. The list generally includes the superuser root and other administrative and system application identities.

The root entry is included in the ftpusers file as a security measure. The default security policy is to disallow remote logins for root. The policy is also followed for the default value that is set as the CONSOLE entry in the /etc/default/loginfile. See login(1).

How to Restrict Access to the Default FTP Server
In addition to the controls mentioned previously, you can add explicit statements to the ftpaccess file to restrict access to the FTP server.

Become superuser.

Add the following entries to the ftpaccess file.

By default, all users are allowed access to the default (non-virtual) FTP server. To deny access for specific users (other than anonymous), add the following entry:



defaultserver deny username [username...]

defaultserver
Keyword that is used to identify the non-virtual server to which access can be denied or allowed

username
Login name of a user with restricted access to the defaultserver




To allow access for users who are not listed on the deny line, add the following line:



defaultserver allow username [username...]


To prevent access by anonymous users, add the entry:



defaultserver private


Example—Restricting Access to the Default FTP Server


defaultserver deny *
defaultserver allow username


The previous example states that the FTP server denies access to all users except anon users and those users who are listed on the allow line.

You can also use the ftphosts file to deny access to particular login accounts from various hosts. See ftphosts(4) for additional information.

Setting Up FTP Server Logins
To access an FTP server, you must first log in. The FTP server supports three types of user login accounts for real, guests, and anonymous users.

Real users have accounts that allow them to establish terminal sessions on systems that run the FTP server. Subject to directory and file access permissions, the entire disk structure is visible to real users.

Guest users also need accounts to log in to the FTP server. Each guest account is set up with a user name and password. Functioning login shells are not assigned to guests to prevent users from establishing terminal sessions. At login, the FTP server performs a chroot(2) operation to restrict a guest's view of the server's disk structure.


--------------------------------------------------------------------------------
Note –
Login shells for real and guest users must be listed in the /etc/shells file to allow access to the FTP server.


--------------------------------------------------------------------------------

Anonymous users log in to the FTP server by using the either ftp or anonymous as a user name. By convention, anonymous users supply an email address when prompted for a password.

At login, the FTP server performs a chroot(2) operation that restricts the anonymous user's view of the server's disk structure. A single file area is shared by all anonymous users, unlike the separate areas that can be created for each guest user.

Real and guest users log in by using individual accounts with passwords that are known only to one person. Anonymous users log in to a well-known account that is potentially available to anyone. Most large-scale file distribution is created by using the anonymous account.

How to Set Up Real FTP Users
To enable access for real users to the FTP server, follow these instructions:

Verify that the user has an account that is set up with a user name and password that can be used to establish a terminal session.

For more information, see “Managing Use Accounts and Groups (Overview)” in the System Administration Guide, Volume 1.

Confirm that the real user is a member of a class in the ftpaccess file.

For information on the user classes that are defined in the ftpaccess file, see How to Define FTP Server Classes.

Verify that the user's login shell is listed in the /etc/shells file.

How to Set Up Guest FTP Users
The ftpconfig script is used to copy all necessary system files to the home directory. When the guest user and the guest's home directory already exist, the ftpconfig script updates the area with the current system files.

For more information, see ftpconfig(1M)


--------------------------------------------------------------------------------
Note –
Unlike the user name (anonymous or ftp) that is set for anonymous users, user names for FTP guests are not fixed. Any name that would work as a real user name can be selected.


--------------------------------------------------------------------------------

To enable access by a guest user to the FTP server, do the following:

Use the useradd script to create a guest user account with a login shell of /bin/true and a home directory of /root_dir/./home_dir.

For more information, see useradd(1M) and “Managing Use Accounts and Groups (Overview)” in the System Administration Guide, Volume 1.


--------------------------------------------------------------------------------
Note –
In this procedure, /home/guests/./guest1 is used as the home directory name for a user who is called guest1.


--------------------------------------------------------------------------------




# /usr/sbin/useradd -m -c "Guest FTP" -d \
  /home/guests/./guest1 -s /bin/true guest1


Assign a password to the guest account.

Add a guestuser entry to the ftpaccess file.



guestuser guest1


--------------------------------------------------------------------------------
Note –
You can also use the guestgroup capability in the ftpaccess file to specify guest users. The guest-root capability in ftpaccess eliminates the need for the /./ in the guest user's home directory path.


--------------------------------------------------------------------------------

Confirm that the guest user is a member of a class in the ftpaccess file. See How to Define FTP Server Classes for further information.

Use the ftpconfig script to create the required files in the chroot area.



/usr/sbin/ftpconfig -d /home/guests


Confirm that /bin/true is listed in the /etc/shells file. See How to Create the /etc/shells file.

Example—Setting Up a Guest FTP Server
In this example, the FTP area is set up in the /home/guests directory.



# /usr/sbin/ftpconfig -d /home/guests
Updating directory /home/guests


How to Set Up Anonymous FTP Users
The ftpconfig script creates the anonymous user account and populates the home directory with the required files.

For more information, see ftpconfig(1M).

To enable access by an anonymous user to the FTP server, follow these instructions:

Use the ftpconfig script to create the anonymous user account.

# /usr/sbin/ftpconfig anonymous-ftp-directory



Confirm that the anonymous user is assigned to a class in the ftpaccess file.

See How to Define FTP Server Classes for further information.

Example—Setting Up Anonymous FTP Users
In this example, the FTP area is set up in the /home/ftp directory.



# /usr/sbin/ftpconfig /home/ftp
Creating user ftp
Updating directory /home/ftp


How to Create the /etc/shells file
Become superuser.

Create the /etc/shells file.

Edit /etc/shells. Add the full path to each shell on a single line.

Example—Creating the /etc/shells file
The following is an example of an /etc/shells file with a /bin/true listed for FTP guest users:



/sbin/sh
/bin/csh
/bin/jsh
/bin/ksh
/bin/remsh
/bin/rksh
/bin/rsh
/bin/sh
/usr/bin/csh
/usr/bin/ksh
/usr/bin/bash
/usr/bin/tcsh
/usr/bin/zsh
/bin/true


How to Set Up Real FTP Users
To enable access for real users to the FTP server, follow these instructions:

Verify that the user has an account that is set up with a user name and password that can be used to establish a terminal session.

For more information, see “Managing Use Accounts and Groups (Overview)” in the System Administration Guide, Volume 1.

Confirm that the real user is a member of a class in the ftpaccess file.

For information on the user classes that are defined in the ftpaccess file, see How to Define FTP Server Classes.

Verify that the user's login shell is listed in the /etc/shells file.

How to Set Up Guest FTP Users
The ftpconfig script is used to copy all necessary system files to the home directory. When the guest user and the guest's home directory already exist, the ftpconfig script updates the area with the current system files.

For more information, see ftpconfig(1M)


--------------------------------------------------------------------------------
Note –
Unlike the user name (anonymous or ftp) that is set for anonymous users, user names for FTP guests are not fixed. Any name that would work as a real user name can be selected.


--------------------------------------------------------------------------------

To enable access by a guest user to the FTP server, do the following:

Use the useradd script to create a guest user account with a login shell of /bin/true and a home directory of /root_dir/./home_dir.

For more information, see useradd(1M) and “Managing Use Accounts and Groups (Overview)” in the System Administration Guide, Volume 1.


--------------------------------------------------------------------------------
Note –
In this procedure, /home/guests/./guest1 is used as the home directory name for a user who is called guest1.


--------------------------------------------------------------------------------




# /usr/sbin/useradd -m -c "Guest FTP" -d \
  /home/guests/./guest1 -s /bin/true guest1


Assign a password to the guest account.

Add a guestuser entry to the ftpaccess file.



guestuser guest1


--------------------------------------------------------------------------------
Note –
You can also use the guestgroup capability in the ftpaccess file to specify guest users. The guest-root capability in ftpaccess eliminates the need for the /./ in the guest user's home directory path.


--------------------------------------------------------------------------------

Confirm that the guest user is a member of a class in the ftpaccess file. See How to Define FTP Server Classes for further information.

Use the ftpconfig script to create the required files in the chroot area.



/usr/sbin/ftpconfig -d /home/guests


Confirm that /bin/true is listed in the /etc/shells file. See How to Create the /etc/shells file.

Example—Setting Up a Guest FTP Server
In this example, the FTP area is set up in the /home/guests directory.



# /usr/sbin/ftpconfig -d /home/guests
Updating directory /home/guests


How to Set Up Anonymous FTP Users
The ftpconfig script creates the anonymous user account and populates the home directory with the required files.

For more information, see ftpconfig(1M).

To enable access by an anonymous user to the FTP server, follow these instructions:

Use the ftpconfig script to create the anonymous user account.

# /usr/sbin/ftpconfig anonymous-ftp-directory



Confirm that the anonymous user is assigned to a class in the ftpaccess file.

See How to Define FTP Server Classes for further information.

Example—Setting Up Anonymous FTP Users
In this example, the FTP area is set up in the /home/ftp directory.



# /usr/sbin/ftpconfig /home/ftp
Creating user ftp
Updating directory /home/ftp


How to Create the /etc/shells file
Become superuser.

Create the /etc/shells file.

Edit /etc/shells. Add the full path to each shell on a single line.

Example—Creating the /etc/shells file
The following is an example of an /etc/shells file with a /bin/true listed for FTP guest users:



/sbin/sh
/bin/csh
/bin/jsh
/bin/ksh
/bin/remsh
/bin/rksh
/bin/rsh
/bin/sh
/usr/bin/csh
/usr/bin/ksh
/usr/bin/bash
/usr/bin/tcsh
/usr/bin/zsh
/bin/true


Customizing Message Files
You can configure the FTP server to return messages that are related to specific events to the FTP client. A welcome message might be set to display when a user logs in to the FTP server. Another message could appear when the user makes a directory change.

In addition to plain text, message files can contain one or more magic cookies. A magic cookie is composed of a % (percent sign), followed by a single character. When you embed a cookie in message text, information that is associated with the cookie appears on screen at the point the message file is called.

For example, message text might contain the cookie %L:



Welcome to %L!


When the message is displayed, the magic cookie %L is replaced with the name of the server as defined by the hostname statement in the ftpaccess file. For a complete list of supported message cookies, see ftpaccess(4).


--------------------------------------------------------------------------------
Note –
If the host name is not defined in the ftpaccess file, the default host name for the local machine is used.


--------------------------------------------------------------------------------

How to Customize Message Files
Become superuser.

Edit your message file to include magic cookies as appropriate.

See ftpaccess(4) for a list of cookies you can use.

Example—Customizing Message Files
The following is an example of a message file that includes magic cookies:



Welcome to %L -- local time is %T.

You are number %N out of a maximum of %M.
All transfers are logged.

If your FTP client crashes or hangs shortly after login
please try
using a dash (-) as the first character of your password.
This will
turn off the informational messages that may be confusing
your FTP
client.

Please send any comments to %E.


How to Create Messages to Be Sent to Users
After the user is logged in, system-related or application-related messages are displayed on screen. The ftpaccess file lists the events that trigger associated message statements.

Become superuser.

Add the following entries to the ftpaccess file:



message message_file [when [class ...]]

message
Keyword that is used to specify the message file to be displayed when a user logs in or executes the command to change the working directory.

message_file
Name of the message file to be displayed.

when
Parameter that is set as login or cwd=dir. See the following example.

class
The class specification allows the message to be displayed only to members of a particular class.




Example: How to Create Messages to Be Sent to Users


message        /etc/ftpd/Welcome        login   anon guest
message        .message        cwd=*  


The preceding example states that the file /etc/ftpd/Welcome is displayed at login for users of the class anon or guest. The second line states that the .message file in the current working directory is displayed for all users.

Message files are created relative to the chroot directory for guest and anonymous users.

How to Configure the README Option
The first time a directory is visited, README files can be listed. To configure the README option, add the following entries to the ftpaccess file.

Become superuser.

Add the following entries to the ftpaccess file.



readme message_file [when [class...]]

readme
Keyword that is used to specify a message file to be checked when a user logs in or changes the working directory. If the message file exists, the user is notified and is given the date the file was modified.

message_file
Name of the message file to be checked.

when
Parameter that is set as login or cwd=dir. See the following example.

class
The class specification allows the message to be displayed only to members of a particular class.





--------------------------------------------------------------------------------
Note –
The greeting and banner keywords can also be used to send messages to users. See ftpaccess(4).


--------------------------------------------------------------------------------

Example—Configuring the README Option


readme  README*     login
readme  README*     cwd=*  


The previous example states that any files that match README* are listed at login or when a directory is changed. Here is a sample login that is based on the settings that are used in that example.



% ftp earth
Connected to earth.
220 earth FTP server ready.
Name (earth:rimmer): ftp
331 Guest login ok, send your complete e-mail address as password.
Password:
230-
230-Welcome to earth -- local time is Thu Jul 15 16:13:24
1999.
230-
230-You are number 1 out of a maximum of 10.
230-All transfers are logged.
230-
230-If your FTP client crashes or hangs shortly after login
please try
230-using a dash (-) as the first character of your
password.  This will
230-turn off the informational messages that may be
confusing your FTP
230-client.
230-
230-Please send any comments to ftpadmin@earth.
230-
230 Guest login ok, access restrictions apply.
ftp>; cd pub
250-Please read the file README
250-  it was last modified on Thu Jul 15 16:12:25 1999 - 0
days ago
250 CWD command successful.
ftp>; get README /tmp/README
200 PORT command successful.
150 Opening ASCII mode data connection for README (0
bytes).
226 ASCII Transfer complete.
ftp>; quit
221 Goodbye.



How to Customize Message Files
Become superuser.

Edit your message file to include magic cookies as appropriate.

See ftpaccess(4) for a list of cookies you can use.

Example—Customizing Message Files
The following is an example of a message file that includes magic cookies:



Welcome to %L -- local time is %T.

You are number %N out of a maximum of %M.
All transfers are logged.

If your FTP client crashes or hangs shortly after login
please try
using a dash (-) as the first character of your password.
This will
turn off the informational messages that may be confusing
your FTP
client.

Please send any comments to %E.


How to Create Messages to Be Sent to Users
After the user is logged in, system-related or application-related messages are displayed on screen. The ftpaccess file lists the events that trigger associated message statements.

Become superuser.

Add the following entries to the ftpaccess file:



message message_file [when [class ...]]

message
Keyword that is used to specify the message file to be displayed when a user logs in or executes the command to change the working directory.

message_file
Name of the message file to be displayed.

when
Parameter that is set as login or cwd=dir. See the following example.

class
The class specification allows the message to be displayed only to members of a particular class.




Example: How to Create Messages to Be Sent to Users


message        /etc/ftpd/Welcome        login   anon guest
message        .message        cwd=*  


The preceding example states that the file /etc/ftpd/Welcome is displayed at login for users of the class anon or guest. The second line states that the .message file in the current working directory is displayed for all users.

Message files are created relative to the chroot directory for guest and anonymous users.

How to Configure the README Option
The first time a directory is visited, README files can be listed. To configure the README option, add the following entries to the ftpaccess file.

Become superuser.

Add the following entries to the ftpaccess file.



readme message_file [when [class...]]

readme
Keyword that is used to specify a message file to be checked when a user logs in or changes the working directory. If the message file exists, the user is notified and is given the date the file was modified.

message_file
Name of the message file to be checked.

when
Parameter that is set as login or cwd=dir. See the following example.

class
The class specification allows the message to be displayed only to members of a particular class.





--------------------------------------------------------------------------------
Note –
The greeting and banner keywords can also be used to send messages to users. See ftpaccess(4).


--------------------------------------------------------------------------------

Example—Configuring the README Option


readme  README*     login
readme  README*     cwd=*  


The previous example states that any files that match README* are listed at login or when a directory is changed. Here is a sample login that is based on the settings that are used in that example.



% ftp earth
Connected to earth.
220 earth FTP server ready.
Name (earth:rimmer): ftp
331 Guest login ok, send your complete e-mail address as password.
Password:
230-
230-Welcome to earth -- local time is Thu Jul 15 16:13:24
1999.
230-
230-You are number 1 out of a maximum of 10.
230-All transfers are logged.
230-
230-If your FTP client crashes or hangs shortly after login
please try
230-using a dash (-) as the first character of your
password.  This will
230-turn off the informational messages that may be
confusing your FTP
230-client.
230-
230-Please send any comments to ftpadmin@earth.
230-
230 Guest login ok, access restrictions apply.
ftp>; cd pub
250-Please read the file README
250-  it was last modified on Thu Jul 15 16:12:25 1999 - 0
days ago
250 CWD command successful.
ftp>; get README /tmp/README
200 PORT command successful.
150 Opening ASCII mode data connection for README (0
bytes).
226 ASCII Transfer complete.
ftp>; quit
221 Goodbye.



Controlling Access to Files on the FTP Server
The FTP server access controls in this section supplement the standard file and directory access controls available with the Solaris 9 operating environment. Use the standard Solaris commands to restrict who can access, change, or upload files. See chmod(1), chown(1), and chgrp(1).

How to Control File Access Commands
To use the permission capabilities in ftpaccess to specify what type of user is allowed to perform which commands, do the following:

Become superuser.

Add the following entries to the ftpaccess :

command yes|no typelist

command
The commands chmod, delete, overwrite, rename, or umask

yes|no
Allows or disallows a user to issue a command

typelist
A comma-separated list of any of the keywords "anonymous," "guest," and "real"






Example—How to Control File Access Commands
The following are examples of permissions that are set for file access functions on FTP server.



chmod no anonymous, guest
delete    no anonymous
overwrite no anonymous
rename    no anonymous
umask     no guest, anonymous


The preceding example states the following:

Anonymous users are not allowed to delete, overwrite, or rename files.

Guests and anonymous users are both prevented from changing access modes and resetting the umask.


How to Control File Access Commands
To use the permission capabilities in ftpaccess to specify what type of user is allowed to perform which commands, do the following:

Become superuser.

Add the following entries to the ftpaccess :

command yes|no typelist

command
The commands chmod, delete, overwrite, rename, or umask

yes|no
Allows or disallows a user to issue a command

typelist
A comma-separated list of any of the keywords "anonymous," "guest," and "real"






Example—How to Control File Access Commands
The following are examples of permissions that are set for file access functions on FTP server.



chmod no anonymous, guest
delete    no anonymous
overwrite no anonymous
rename    no anonymous
umask     no guest, anonymous


The preceding example states the following:

Anonymous users are not allowed to delete, overwrite, or rename files.

Guests and anonymous users are both prevented from changing access modes and resetting the umask.


Controlling Uploads and Downloads on the FTP Server
You can control uploads and downloads that are started to and from the FTP server by setting permissions on directories on the server. By default, uploads are not allowed for anonymous users. Be very careful when enabling anonymous uploads.

How to Control Uploads to the FTP Server
Add the directives to the ftpaccess file to specify upload permissions and error messages for upload failures.

Become superuser.

Add the following entries to the ftpaccess file.

To enable users to upload files, add the following entry:



upload [absolute|relative] [class=<classname>;]... [-] root-dir \
dirglob yes|no owner group mode [dirs|nodirs] [<d_mode>;]

path-filter typelist mesg allowed_charset {disallowed regexp...}



upload
Keyword that is applied to users who have a home directory (the argument to chroot()) of the root-dir . The root-dir can be specified as "*" to match any home directory.

absolute|relative
Parameter that specifies whether the root-dir directory paths are interpreted as absolute or relative to the current chroot directory.

class
Keyword that is used to specify any number of class=<classname>; restrictions. If restrictions are specified, the upload clause only becomes effective if the current user is a member of one of the specified classes.

root-dir
User's root directory and the home directory for anonymous users.

dirglob
A pattern to match a directory name. An asterisk can be used in any place or alone to signify any directory.  

yes|no
Variable that allows or disallows upload to the FTP server.

owner
Owner of files that are uploaded into dirnames.

group
Group that is associated with files that are uploaded into dirnames.

mode
Parameter that is used to specify access permissions for uploaded files. The default mode 0440 prevents the anonymous account from reading uploaded files.

dirs|nodirs
Keyword that allows or disallows users to create subdirectories in a directory that is listed in dirnames.

d_mode
Optional mode that determines the permissions for a newly created directory.

path-filter
Keyword that controls the names of uploaded files.

typelist
A comma-separated list of any of the keywords "anonymous," "guest," and "real."

mesg
Message file that is displayed fails to match the regexp criteria.

allowed_charset {disallowed regexp...}
Alphanumeric characters allowed or disallowed in file names.




Example—Controlling Uploads to the FTP Server


upload /export/home/ftp /incoming yes ftpadm ftpadmin 0440 nodirs
path-filter anonymous /etc/ftpd/filename.msg ^[-A-Za-z0-9._]*$ ^[.-]


The preceding example states the following:


FTP user accounts that use chroot to /export/home/ftp can upload to the /incoming directory. Uploaded files are owned by user ftpadm and the group ftpadmin. The mode is set to 0440 with the nodirs keyword to prevent anonymous users from creating subdirectories.

For anonymous users, a file name is any sequence of A-Z, a-z, 0-9, . (dot), - (dash), or _ (underline). File names cannot start with a . (dot) or - (dash). If a file name fails this filter, the /etc/ftpd/filename.msg message is displayed if the FTP Administrator has created the message file. This message is followed by an FTP server error message.



--------------------------------------------------------------------------------
Note –
Ownership and permissions on a directory into which anonymous uploads are allowed should be tightly controlled. The FTP Administrator should be the owner of all files uploaded to the FTP server. You need to create an FTP Administrator when anonymous users are allowed to upload files. The directory should be owned by the user ftpadm and group ftpadm with permissions set to 3773.

The access mode for files uploaded to the FTP server should be 0440. The 0440 mode prevents the anonymous account from reading uploaded files. This restriction protects your server from becoming a staging area for third-party file distribution.

To make uploaded files available for distribution, the FTP Administrator can move files to a public directory.


--------------------------------------------------------------------------------

How to Control Downloads to the FTP Server
Become superuser.

Add the following entries to the ftpaccess file to prevent users from retrieving files.



noretrieve [absolute|relative] [class=classname]... [-] filename ...

noretrieve
Keyword that is used to deny retrieval of a particular file or files

absolute|relative
Parameter that specifies whether the root-dir directory paths are interpreted as absolute or relative to the current chroot directory

class
Keyword that is used to specify class=<classname>; of users to which noretrieve restrictions apply

filename
Name of file the user is not permitted to retrieve




Example—Controlling Downloads to the FTP Server


noretrieve /etc/passwd


The preceding example states that all users are prevented from retrieving the /etc/passwd file.

How to Control Uploads to the FTP Server
Add the directives to the ftpaccess file to specify upload permissions and error messages for upload failures.

Become superuser.

Add the following entries to the ftpaccess file.

To enable users to upload files, add the following entry:



upload [absolute|relative] [class=<classname>;]... [-] root-dir \
dirglob yes|no owner group mode [dirs|nodirs] [<d_mode>;]

path-filter typelist mesg allowed_charset {disallowed regexp...}



upload
Keyword that is applied to users who have a home directory (the argument to chroot()) of the root-dir . The root-dir can be specified as "*" to match any home directory.

absolute|relative
Parameter that specifies whether the root-dir directory paths are interpreted as absolute or relative to the current chroot directory.

class
Keyword that is used to specify any number of class=<classname>; restrictions. If restrictions are specified, the upload clause only becomes effective if the current user is a member of one of the specified classes.

root-dir
User's root directory and the home directory for anonymous users.

dirglob
A pattern to match a directory name. An asterisk can be used in any place or alone to signify any directory.  

yes|no
Variable that allows or disallows upload to the FTP server.

owner
Owner of files that are uploaded into dirnames.

group
Group that is associated with files that are uploaded into dirnames.

mode
Parameter that is used to specify access permissions for uploaded files. The default mode 0440 prevents the anonymous account from reading uploaded files.

dirs|nodirs
Keyword that allows or disallows users to create subdirectories in a directory that is listed in dirnames.

d_mode
Optional mode that determines the permissions for a newly created directory.

path-filter
Keyword that controls the names of uploaded files.

typelist
A comma-separated list of any of the keywords "anonymous," "guest," and "real."

mesg
Message file that is displayed fails to match the regexp criteria.

allowed_charset {disallowed regexp...}
Alphanumeric characters allowed or disallowed in file names.




Example—Controlling Uploads to the FTP Server


upload /export/home/ftp /incoming yes ftpadm ftpadmin 0440 nodirs
path-filter anonymous /etc/ftpd/filename.msg ^[-A-Za-z0-9._]*$ ^[.-]


The preceding example states the following:


FTP user accounts that use chroot to /export/home/ftp can upload to the /incoming directory. Uploaded files are owned by user ftpadm and the group ftpadmin. The mode is set to 0440 with the nodirs keyword to prevent anonymous users from creating subdirectories.

For anonymous users, a file name is any sequence of A-Z, a-z, 0-9, . (dot), - (dash), or _ (underline). File names cannot start with a . (dot) or - (dash). If a file name fails this filter, the /etc/ftpd/filename.msg message is displayed if the FTP Administrator has created the message file. This message is followed by an FTP server error message.



--------------------------------------------------------------------------------
Note –
Ownership and permissions on a directory into which anonymous uploads are allowed should be tightly controlled. The FTP Administrator should be the owner of all files uploaded to the FTP server. You need to create an FTP Administrator when anonymous users are allowed to upload files. The directory should be owned by the user ftpadm and group ftpadm with permissions set to 3773.

The access mode for files uploaded to the FTP server should be 0440. The 0440 mode prevents the anonymous account from reading uploaded files. This restriction protects your server from becoming a staging area for third-party file distribution.

To make uploaded files available for distribution, the FTP Administrator can move files to a public directory.


--------------------------------------------------------------------------------

How to Control Downloads to the FTP Server
Become superuser.

Add the following entries to the ftpaccess file to prevent users from retrieving files.



noretrieve [absolute|relative] [class=classname]... [-] filename ...

noretrieve
Keyword that is used to deny retrieval of a particular file or files

absolute|relative
Parameter that specifies whether the root-dir directory paths are interpreted as absolute or relative to the current chroot directory

class
Keyword that is used to specify class=<classname>; of users to which noretrieve restrictions apply

filename
Name of file the user is not permitted to retrieve




Example—Controlling Downloads to the FTP Server


noretrieve /etc/passwd


The preceding example states that all users are prevented from retrieving the /etc/passwd file.

Virtual Hosting
Virtual hosting allows the FTP server to support multiple domains on the same machine. Each virtual host requires a separate logical interface and IP address.

The FTP server supports two types of virtual hosting: limited and complete. With limited virtual hosting, the same configuration files are used for all virtual hosts. With complete virtual hosting, separate configuration files can be used for each virtual host.


--------------------------------------------------------------------------------
Note –
By default, real and guest users are not allowed to log in to virtual hosts. You can set the following ftpaccess directives to override the default.

To allow access to specific users:
virtual address allow username
To deny access to anonymous users:
virtual address private username




--------------------------------------------------------------------------------

See ftpaccess(4) for further information.

How to Enable Limited Virtual Hosting
Limited virtual hosting provides partial support for virtual FTP servers. You can enable support for limited virtual hosting by specifying the virtual root directory. If required, you can also set the following parameters for the virtual host in the ftpaccess file:

banner

logfile

email

hostname

All directives in the ftpaccess file are shared globally across all virtual servers.

Become superuser.

Add the following entries to the ftpaccess file.



virtual address root|banner|logfile path
virtual address hostname|email string

virtual
Keyword that is used to enable virtual server capabilities

address
IP address of the virtual server

root
The root directory of the virtual server

banner
Banner file that is displayed when a connection is made to the virtual server

logfile
Record of file transfers that are made to and from the virtual server

path
Variable that is used to specify the location of directories and files on the virtual server

email
Email address that is used in message files and in the HELP command

hostname
Name of the host that is shown in the greeting message or status command

string
Variable that is used to specify email or hostname parameters





--------------------------------------------------------------------------------
Note –
While it is possible to use hostname as the address of the virtual server, you are strongly encouraged to use the IPv4 address instead. DNS must be available when the FTP connection is received in order for hostname to be matched. For an IPv6 host, use the host name rather than the IPv6 address.


--------------------------------------------------------------------------------

Example—Enabling Limited Virtual Hosting


virtual 10.1.2.3 root    /var/ftp/virtual/ftp-serv
virtual 10.1.2.3 banner  /var/ftp/virtual/ftp-serv/banner.msg
virtual 10.1.2.3 logfile /var/log/ftp/virtual/ftp-serv/xferlog


The preceding example sets the location of the root directory, banner, and logfile on a virtual FTP server.


--------------------------------------------------------------------------------
Note –
The ftpaddhost(1M) script with the -l option is provided to configure limited virtual hosts.

In the following example, ftpaddhost is run with -l -b -x options to configure limited virtual hosting with a test banner and the logfile /var/ftp/virtual/10.1.2.3/xferlog under a virtual root /var/ftp/virtual/10.1.2.3.



ftpaddhost -l -b -x /var/ftp/virtual/10.1.2.3/xferlog \
/var/ftp/virtual/10.1.2.3


--------------------------------------------------------------------------------

How to Enable Complete Virtual Hosting
Complete virtual hosting allows separate configuration files for each virtual domain. To enable complete support for virtual hosting on the FTP server, you can create or modify the following FTP configuration files for specific domains:

ftpaccess

ftpusers

ftpgroups

ftphosts

ftpconversions


For further information, see ftpaccess(4), ftpusers(4), ftpgroups(4), ftphosts(4), and ftpconversions(4).


--------------------------------------------------------------------------------
Note –
If separate versions of the configuration files are unavailable, master versions of the files in the /etc/ftpd directory are used.


--------------------------------------------------------------------------------

Become superuser.

Add the following entry to the /etc/ftpd/ftpservers file.



address /config-file-dir

address
IP address of the virtual server

config-file-dir
Directory that contains the configuration files that are customized for the virtual host





--------------------------------------------------------------------------------
Note –
While it is possible to use hostname as the address of the virtual server, you are strongly encouraged to use the IPv4 address instead. DNS must be available when the FTP connection is received in order for hostname to be matched. For an IPv6 host, use the host name rather than the IPv6 address.


--------------------------------------------------------------------------------

To create a customized version of an FTP server configuration file for the virtual host, copy the master version of the file from /etc/ftpd to the /config-file-dir directory.

For further information, see ftpservers(4).

Example—Enabling Complete Virtual Hosting


#
# FTP Server virtual hosting configuration file
#

10.1.2.3 /net/inet/virtual/somedomain/
10.1.2.4 /net/inet/virtual/anotherdomain/


The preceding example specifies the IP addresses for two different domains on the virtual server.


--------------------------------------------------------------------------------
Note –
The ftpaddhost(1M) script with the -c option is provided to configure complete virtual hosts.

In the following example, ftpaddhost is run with -l -b -x options to configure limited virtual hosting with a test banner and the logfile /var/ftp/virtual/10.1.2.3/xferlog under a virtual root /var/ftp/virtual/10.1.2.3.



ftpaddhost -l -b -x /var/ftp/virtual/10.1.2.3/xferlog \
/var/ftp/virtual/10.1.2.3


--------------------------------------------------------------------------------

How to Enable Limited Virtual Hosting
Limited virtual hosting provides partial support for virtual FTP servers. You can enable support for limited virtual hosting by specifying the virtual root directory. If required, you can also set the following parameters for the virtual host in the ftpaccess file:

banner

logfile

email

hostname

All directives in the ftpaccess file are shared globally across all virtual servers.

Become superuser.

Add the following entries to the ftpaccess file.



virtual address root|banner|logfile path
virtual address hostname|email string

virtual
Keyword that is used to enable virtual server capabilities

address
IP address of the virtual server

root
The root directory of the virtual server

banner
Banner file that is displayed when a connection is made to the virtual server

logfile
Record of file transfers that are made to and from the virtual server

path
Variable that is used to specify the location of directories and files on the virtual server

email
Email address that is used in message files and in the HELP command

hostname
Name of the host that is shown in the greeting message or status command

string
Variable that is used to specify email or hostname parameters





--------------------------------------------------------------------------------
Note –
While it is possible to use hostname as the address of the virtual server, you are strongly encouraged to use the IPv4 address instead. DNS must be available when the FTP connection is received in order for hostname to be matched. For an IPv6 host, use the host name rather than the IPv6 address.


--------------------------------------------------------------------------------

Example—Enabling Limited Virtual Hosting


virtual 10.1.2.3 root    /var/ftp/virtual/ftp-serv
virtual 10.1.2.3 banner  /var/ftp/virtual/ftp-serv/banner.msg
virtual 10.1.2.3 logfile /var/log/ftp/virtual/ftp-serv/xferlog


The preceding example sets the location of the root directory, banner, and logfile on a virtual FTP server.


--------------------------------------------------------------------------------
Note –
The ftpaddhost(1M) script with the -l option is provided to configure limited virtual hosts.

In the following example, ftpaddhost is run with -l -b -x options to configure limited virtual hosting with a test banner and the logfile /var/ftp/virtual/10.1.2.3/xferlog under a virtual root /var/ftp/virtual/10.1.2.3.



ftpaddhost -l -b -x /var/ftp/virtual/10.1.2.3/xferlog \
/var/ftp/virtual/10.1.2.3


--------------------------------------------------------------------------------

How to Enable Complete Virtual Hosting
Complete virtual hosting allows separate configuration files for each virtual domain. To enable complete support for virtual hosting on the FTP server, you can create or modify the following FTP configuration files for specific domains:

ftpaccess

ftpusers

ftpgroups

ftphosts

ftpconversions


For further information, see ftpaccess(4), ftpusers(4), ftpgroups(4), ftphosts(4), and ftpconversions(4).


--------------------------------------------------------------------------------
Note –
If separate versions of the configuration files are unavailable, master versions of the files in the /etc/ftpd directory are used.


--------------------------------------------------------------------------------

Become superuser.

Add the following entry to the /etc/ftpd/ftpservers file.



address /config-file-dir

address
IP address of the virtual server

config-file-dir
Directory that contains the configuration files that are customized for the virtual host





--------------------------------------------------------------------------------
Note –
While it is possible to use hostname as the address of the virtual server, you are strongly encouraged to use the IPv4 address instead. DNS must be available when the FTP connection is received in order for hostname to be matched. For an IPv6 host, use the host name rather than the IPv6 address.


--------------------------------------------------------------------------------

To create a customized version of an FTP server configuration file for the virtual host, copy the master version of the file from /etc/ftpd to the /config-file-dir directory.

For further information, see ftpservers(4).

Example—Enabling Complete Virtual Hosting


#
# FTP Server virtual hosting configuration file
#

10.1.2.3 /net/inet/virtual/somedomain/
10.1.2.4 /net/inet/virtual/anotherdomain/


The preceding example specifies the IP addresses for two different domains on the virtual server.


--------------------------------------------------------------------------------
Note –
The ftpaddhost(1M) script with the -c option is provided to configure complete virtual hosts.

In the following example, ftpaddhost is run with -l -b -x options to configure limited virtual hosting with a test banner and the logfile /var/ftp/virtual/10.1.2.3/xferlog under a virtual root /var/ftp/virtual/10.1.2.3.



ftpaddhost -l -b -x /var/ftp/virtual/10.1.2.3/xferlog \
/var/ftp/virtual/10.1.2.3


--------------------------------------------------------------------------------

Starting the FTP Server Automatically
The FTP server can be started in one of two ways:

As a nowait that is server started from the inetd.conf file

As a standalone server that is started from the command line or by a startup script

Starting an FTP Server From inetd.conf
You can add a nowait entry in inetd.conf file to start the FTP server. If the site handles many connections, the FTP daemon can also be run in standalone mode. For more information, see inetd.conf(4). See also in.ftpd(1M) for information on additional command-line options.

How to Start an FTP Server From inetd.conf
Become superuser.

Add a nowait entry to the inetd.conf file:



ftp  stream  tcp6  nowait  root  /usr/sbin/in.ftpd  in.ftpd -a


--------------------------------------------------------------------------------
Note –
The -a option is specified to enable the use of the ftpaccess file.


--------------------------------------------------------------------------------

Signal inetd to reread the inetd.conf file.



# pkill -HUP inetd



Starting a Standalone FTP Se