The File Transfer Protocol is a light weight protocol for the transferring of files over a network. It is a client server protocol requiring an FTP server (like WU-FTPD) and a client (like ncftp). WU-FTPD is the most popular ftp server on the internet, and though it has had its problems (primarily security related) it is a very featureful, and functional ftp daemon. WU-FTPD has been in constant development for over 10 years, and has attracted a lot of users and developers in that time. This chapter covers all of the configuration files involved in running a WU-FTPD installation. However, the security of the server is beyond the scope of this document. It is highly recommended that you make sure your FTP server is running the latest version (2.6.1 is the version as of this writing) as all earlier versions have widely know security exploits.
Here you configure the various user and group features of the ftpaccess file. For more on this file and its structure, see the ftpaccess man page.
User classes - Here you define a class of users, and the networks from whence they are allowed to log in. Note that the default includes a class all for users of all types (real, guest, and anonymous) which matches all networks with the *. This option configures the class directive.
Unix users and UIDs to treat as guests and Unix groups and GIDs to treat as guests - Here, you can define users and groups who would ordinarily qualify as real users who will be treated as guests, or anonymous users. In other words, a chroot will be done, and the user will not be permitted to use the USER or PASS commands. The users home directory must be properly set up, as an anonymous FTP directory would be. These two options correspond to the guestuser and guestgroup directives.
Unix users and UIDs not to treat as guests and Unix groups and GIDs not to treat as guests - If your server is configured to treat all users as guests, then you can selectively allow a few users to be treated as real users (i.e. with access to the system directories, and without performing a chroot). These options configure the realuser and realgroup directives.
Unix users to deny (from /etc/ftpusers) - This is simply a list of users to deny access to the server to. This information is drawn from the /etc/ftpusers file. Adding to this list will add to the file. Note that if the next two sets of options are used to precisely control access to the FTP server (i.e. by blocking all access except for explicitly permitted users), then the ftpusers file becomes unnecessary.
Unix users and UIDs to deny and Unix groups and GIDs to deny - Here you can enter any users or groups you would like to deny access to. These options configure the deny-uid and deny-gid directives.
Unix users and UIDs not to deny and Unix groups and GIDs not to deny - These options can be used to negate the above options, if you chose to disallow all access from all users and groups. In this way, you could allow only explicitly configured users to access the server.