Controlling Access to Files on the FTP Server
The FTP server access controls in this section supplement the standard file and
directory access controls available with the Solaris release. Use the standard Solaris commands
to restrict who can access, change, or upload files. See chmod(1), chown(1), and
chgrp(1).
How to Control File Access Commands
To use the permission capabilities in ftpaccess to specify what type of user
is allowed to perform which commands, do the following:
- Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
To configure a role with the Primary Administrator profile, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.
- Add the following entries to the ftpaccess:
command yes|no typelist
- command
The commands chmod, delete, overwrite, rename, or umask
- yes|no
Allows or disallows a user to issue a command
- typelist
A comma-separated list of any of the keywords anonymous, guest, and real
Example 28-12 How to Control File Access Commands
The following are examples of permissions that are set for file access functions
on FTP server.
chmod no anonymous, guest
delete no anonymous
overwrite no anonymous
rename no anonymous
umask no guest, anonymous
The preceding example states the following:
Anonymous users are not allowed to delete, overwrite, or rename files.
Guests and anonymous users are both prevented from changing access modes and resetting the umask.
