Original Question:
**************
According to ftp and ftpd man pages:
"/etc/ftpusers contains a list of users who cannot access the
system; the format of the file is one user name per line."
This means that any new user, if it is not included in this
file, will automatically have ftp access.
How can I do, to specify somewhere the list of users
ALLOWED to run ftp, so any new user, by default will
not have access, unless specially granted?
Answers
********
1- There is no /etc/ftp.allow file as someone suggested, or at least, I
wasn't able to
find any reference to it in the man pages.
2- Some people suggested using TCP Wrappers. Since I am not too familiar
with
them, I chose option number three.
3- I created a file /etc/ftp.allow, where I listed all the users I
wanted to enable for ftp.
After that, I wrote a script, to create from the system users lists, a
list of all the users
not included in /etc/ftp.allow, and place this list new in /etc/ftpusers
for them to be
denied access.
The idea is to run this script every time I create a user, but just in
case someone
forgets, this script is also run once a day from root's crontab.
********************
#!/bin/ksh
#This script reads the users defined in the system,and includes
#all the names that do not appear in /etc/ftp.allow, in /etc/ftpusers
#which is the file that includes the users to whom ftp access is
#denied.
getent passwd | cut -d':' -f1 | egrep -v -f /etc/ftp.allow | sort >
/etc/ftpusers
********************
Thanks to all the people who shared their knowledge with me, which I
list below.
Ron Kelley <rkelly@InfoAve.Net>
David Thorburn-Gundlach <david@bae.uga.edu>
"Robert G. Ferrell" <rferrell@usgs.gov>
"Jesse Whyte" <jwhyte@mail.state.tn.us
azhang@ect.enron.com
"James Ford" <James.Ford@seebeck.ua.edu>
takahk@jgbdev.fi.gs.com (Kumi Takahashi)
Analyn.Buduso@analog.com
and to all of you whose replies are on their way.
Mariel
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:12:36 CDT