is read by
at the beginning of an FTP session, after having authenticated the user.
Each line in
corresponds to a user or group.
If a line in
matches the current user or a group he is a member of,
access restrictions will be applied to this
session by changing its root directory with
to that specified on the line or to the users login directory.
The order of records in
is important because the first match will be used.
Fields on each line are separated by tabs or spaces.
The first field specifies a user or group name.
If it is prefixed by an
it specifies a group name;
the line will match each user who is a member of this group.
As a special case, a single
in this field will match any user.
A username is specified otherwise.
The optional second field describes the directory for the user
or each member of the group to be locked up in using
Be it omitted, the users login directory will be used.
If it is not an absolute pathname, then it will be relative
to the users login directory.
If it contains the
will treat its left-hand side as the name of the directory to do
to, and its right-hand side to change the current directory to afterwards.
These lines in
will lock up the user
and each member of the group
in their respective login directories:
And this line will tell
to lock up the user
and then to change the current directory to
which is relative to the sessions new root:
And finally the following line will lock up every user connecting
through FTP in his respective
thus lowering possible impact on the system
from intrinsic insecurity of FTP: