ProFTPD module mod_auth_file



This module is contained in the mod_auth_file.c file for ProFTPD 1.2, and is compiled by default.

Directives


Syntax: AuthGroupFile path [id min-max] [name regex]
Default: None
Context: server config, <VirtualHost>, <Global>
Module: mod_auth_file
Compatibility: 1.2.7rc2

The AuthGroupFile configures an alternate group file for providing group membership information; the specified file must have the same format as the system /etc/group file, and if specified is used during authentication and group lookups for directory/access control operations. The path argument should be the full path to the specified file. This directive can be configured on a per-server basis, so that virtual FTP servers can each have their own authentication file, often in conjunction with an AuthUserFile.

Note that this file does not need to reside inside a chroot()ed directory structure for anonymous or DefaultRoot logins, as it is held open for the duration of a session.

The optional parameters are used to set restrictions on the contents of the specified file. The id restriction is used to specify a range of GIDs that may appear in the file; when doing a lookup, if a group entry has a GID that is less than the minimum or greater than the maximum is encountered, that entry is ignored. The name restriction is used to specify a regular expression that is applied to the name of a group entry. If the group name does not match the regular expression, the group entry is ignored. A leading ! in the regular expression can be used to negate the given expression.

Example:

  # This makes an AuthGroupFile that can only have GIDs 2000 to 4000, and
  # whose groups must start with 'cust'
  AuthGroupFile /etc/ftpd/group id 2000-4000 name ^cust


Syntax: AuthUserFile path [id min-max] [home regex] [name regex]
Default: None
Context: server config, <VirtualHost>, <Global>
Module: mod_auth_file
Compatibility: 1.2.7rc2

The AuthUserFile configures an alternate passwd file for providing user account information; the specified file must have the same format as the system /etc/passwd file, and if specified is used during authentication and user lookups for directory/access control operations. The path argument should be the full path to the specified file. This directive can be configured on a per-server basis, so that virtual FTP servers can each have their own authentication file, often in conjunction with an AuthGroupFile.

Note that this file does not need to reside inside a chroot()ed directory structure for anonymous or DefaultRoot logins, as it is held open for the duration of a session.

The optional parameters are used to set restrictions on the contents of the specified file. The id restriction is used to specify a range of UIDs that may appear in the file; when doing a lookup, if a user entry has a UID that is less than the minimum or greater than the maximum is encountered, that entry is ignored. The home restriction is used to specify a regular expression that is applied to the home directory of a user entry. If the home does not match the regular expression, the user entry is ignored. The name restriction is used to specify a regular expression that is applied to the name of a user entry. If the user name does not match the regular expression, the user entry is ignored. A leading ! in these regular expressions can be used to negate the given expression.

Example:

  # This makes an AuthUserFile whose user names must start with 'ftp', and
  # whose homes cannot start with /home.
  AuthUserFile /etc/ftpd/passwd name ^ftp home !^/home


Installation

The mod_auth_file module is compiled by default.



Author: $Author$
Last Updated: $Date$


© Copyright 2002
All Rights Reserved