loginfails 2

# <class> is the name you give it.  <type> is real, anonymous, or guest.
#
# allow access for the ftpguys accounts from any address
#
# class	<classname>	<type>[,type...]	address [address...]
# class	remote		real		207.122.37.23
# class	remote		real		204.149.86.21
class	anonymouses	anonymous	*
class	authorized	guest		*
class	local		real		inch.com *.inch.com foo.com 207.240.140.100

# Deny access if bad IP address-to-name mapping
# Create a separate line for each domain.
# Example of denying by name:
# deny	*.domain.com	/usr/local/etc/ftpd/ftpmsgs/msg.denied.just.because
# deny	192.168.0.*	/usr/local/etc/ftpd/ftpmsgs/msg.denied.just.because
#
# This makes sure that domain-to-IP and IP-to-domain mapping are correct
# in DNS.
deny	!nameserved	/usr/local/etc/ftpmsgs/msg.denied.badipmap

# limit number of concurrent authorized class logins
# limit	<class>		<num>	<times>	<message>
# Examples:
# limit   local   20  Any                 /etc/msgs/msg.toomany
# limit   remote  100 SaSu|Any1800-0600   /etc/msgs/msg.toomany
# limit   remote  60  Any                 /etc/msgs/msg.toomany
limit	authorized	30	Any	/usr/local/etc/ftpmsgs/msg.toomany

# tar/compress	yes|no		<class>[ <class>...]
# compress        yes             local remote
# tar             yes             local remote
compress        yes             anonymouses authorized local
tar             yes             anonymouses authorized local

# all the following default to "yes" for everybody
# i.e. guest can do all this
# <command>	yes|no	type [type...]
delete          no      anonymous               # delete permission?
overwrite       no      anonymous               # overwrite permission?
rename		no	anonymous		# rename permission?
chmod           no      anonymous               # chmod permission?
umask           no      anonymous               # umask permission?

# passwd-check  <none|trivial|rfc822>  [<enforce|warn>]
passwd-check    rfc822  warn

# Specify which group of users will be treated as "guests".
# The group must be in /etc/groups.
# And, damnit, you *must* make one entry per line or else the chroot
# environment won't work.
guestgroup ftpguys
guestgroup grouptwo

# autogroup stuff, for future reference:
# 1. Create a class of anonymous users to be given special access:
#	class	corp-anon	anonymous	*.hp.com
# 2. Add to /etc/group:
#	hp::22:
# 3. Instruct ftpd to put anonymous users who are part of the class
#    corp-anon into the group hp:
#	autogroup	<groupname>	<class> [<class> ...]
# e.g.
#	autogroup	hp	corp-anon
# 4. Make the directories readable by grup hp (not ftp).
#

# allow use of private file for SITE GROUP and SITE GPASS?  (default was yes)
private         no

# banner, message, readme, shutdown
#
# banner - displayed before the user logs in.
#
# banner	/usr/local/etc/ftpd/msgs/banner
#
# message - displayed when you specify
#
# message	<pathname>	login|cwd=<x>	[<class>]
# message	<pathname>	login		# prints on login
# message	<pathname>	cwd=dir		# prints when user cd's
# message	.contents	cwd=*		# prints .contents every cd
# message	/dir/msg.anon	login		anonymouses
message		/welcome.msg	login
message	 	message		cwd=*
#
# readme - same syntax as message.  Notifies user of changes to README files
readme  README*    login
readme  README*    cwd=*

# shutdown <pathname>
# if <pathname> exists, ftpd reads the contents.  Content syntax:
# year month day hour minute deny disconnect
# text of message
#
# hour, minute - military time
# month - 0-11
# deny,disconnect - how long before denying access and booting off in HHMM
shutdown /etc/shutmsg

# log commands <type> [<type> ...]
log commands real

# Transfer log doesn't use syslog and is specified in pathnames.h .
# log transfer(s?) <type> [<type> ...] <direction>[,<direction>]
log transfers anonymous,real inbound,outbound

# directory aliases...  [note, the ":" is not required]
alias   inc:    /incoming

# cdpath - a list of directories that will be searched when a cd command is
# issued.
cdpath  /incoming
cdpath  /pub
cdpath  /

# specify the upload directory information
# upload <heir>   <directory>	yes|no	<owner>	<group>	<mode> [dirs|nodirs]
upload  /home/ftp  	*	no
upload	/home/ftp	/incoming	yes	root	daemon	0600	dirs
upload  /home/ftp  /bin          no
upload  /home/ftp  /etc          no
# The virtual ftp servers
upload	/home/virtguy	/incoming	yes	virtguy	virtguy	0600	dirs

# path-filter	<types>	<pathname>	<allowed-regexp> [<disallowed-regexp>]
path-filter  anonymous  /etc/pathmsg  ^[-A-Za-z0-9_\.]*$  ^\.  ^-
# need to allow filenames starting with . for .htaccess
path-filter  guest      /etc/pathmsg  ^[-A-Za-z0-9_\.]*$  ^-

email ftpmanager@inch.com

# Virtual Server at 10.10.10.10
# virtual 10.10.10.10 root    /var/ftp/virtual/ftp-serv 
# virtual 10.10.10.10 banner  /var/ftp/virtual/ftp-serv/banner.msg
# virtual 10.10.10.10 logfile /var/log/ftp/virtual/ftp-serv/xferlog
#
#
# The first arg is the ip address of the virtual server.
# The second arg is either "root", "banner" or "logfile" (without the quotes)
# for that virtual server.
# The third arg is the file system location for the item specified in the 
# second arg.
#
# Note: all the other message files, etc, and permissions and other settings
# in the ftpaccess file apply to all virtual servers.

# ftp.virtguy.com
virtual 192.168.100.100 root	/home/virtguy
virtual 192.168.100.100 banner	/home/virtguy/ftpwelcome
virtual 192.168.100.100 logfile	/var/log/ftp/xferlog.virtguy