The ftphosts file is used to allow or deny access to accounts from specified hosts. The following access capabilities are supported:
allow username addrglob [addrglob...]
Only allow users to login as username from host(s) that match addrglob.
deny username addrglob [addrglob...]
Do not allow users to login as username from host(s) that match addrglob.
A username of * matches all users. A username of anonymous or ftp specifies the anonymous user.
addrglob is a regular expression that is matched against hostnames or IP addresses. addrglob may also be in the form address:netmask or address/CIDR, or be the name of a file that starts with a slash ('/') and contains additional address globs. An exclamation mark (`!') placed before the addrglob negates the test.
The first allow or deny entry in the ftphosts file that matches a username and host is used. If no entry exists for a username, then access is allowed. Otherwise, a matching allow entry is required to permit access.
You can use the following ftphosts file to allow anonymous access from any host except those on the class A network 10, with the exception of 10.0.0.* IP addresses, which are allowed access:
allow ftp 10.0.0.* deny ftp 10.*.*.* allow ftp *
10.0.0.* can be written as 10.0.0.0:255.255.255.0 or 10.0.0.0/24.
See attributes(5) for descriptions of the following attributes:
|ATTRIBUTE TYPE||ATTRIBUTE VALUE|
in.ftpd(1M), ftpaccess(4), attributes(5)