Пишем в SYS:ETC/FTPSERV.CFG
RESTRICT_FILE = sys:/etc/ftprest.txt
Содержание ftprest.txt:
# This file contains the restrict ftile format for FTPserver.
# All comment lines should start with a '#'
# If a line continues in the next line, a '\' should be given
# in the end of the first line to indicated the continuation.
# The access rights permitted are
# DENY - Deny access to FTPserver for that client.
# READONLY - Gives Readonly Access to the Client.
# NOREMOTE - Restricts access to remote server navigation.
# GUEST - Gives only guest access to the user.
# ALLOW - Gives the user access to ftpserver.
#NOTE :
# Guest User cannot navigate to remote servers.
# Will be given acces only within his home directory and subdirectories.
# Access rights can be seperated by a comma(,).
# The Access rights are taken according to the order in which they
# appear in the restrict file.
#Key Words :
# "ADDRESS=" - Should be given to restrict a particular Node.
# IPAddress or Machine Name can be given.
# "ADDRESS_RANGE=" - Should be given to restrict a Range of Nodes based on the
# IPAddress. It applies the restriction to any node having
# the IP Address between the specified IP address Range.
# The Range is specified by two IP addresses separated by
# SPACE.
# "DOMAIN=" - Should be given to restrict a particular DOMAIN.
# "*" - Should be given for container level restrictions.
# "ACCESS=" - Mandatory for each line. Should be followed by access
# rights.
# "ALL" - Given for domain name, applies restrictions to all domains.
#Note :
# There should not be space between the word and '=' sign.
#File Format:
# Each line should have one of the Restricttion level keywords
# and access keyword
# For container and User level restrictions, fully distinguished name
# should be give.
# Container/User name can be Canonical or a Full DN name.
# It should start with a period(.) for user Restriction.
# For Container level Restrictions the line should start with a '*'.
# If container/user name contains spaces, enclose it in double quotes.
# For giving access restrictions to all domain,
# DOMAIN= ALL should be given.
# Examples:
#ADDRESS= 190.90.90.190 ACCESS= NOREMOTE, GUEST
#ADDRESS= testmachine.testdomain.com ACCESS= GUEST
#ADDRESS_RANGE= 164.99.154.1 164.99.155.255 ACCESS= GUEST
#DOMAIN= testdomain.blr.novell.com ACCESS= DENY
#*.testorgunit.testorg ACCESS= GUEST, READONLY
#*.OU=testorgunit.O=testorg ACCESS= GUEST, READONLY
#.testuser.testou.test0 ACCESS= NOREMOTE
#.CN=testuser.OU=testou.O=test0 ACCESS= ALLOW
#".testuser.ou with space.testorg" ACCESS= DENY
#DOMAIN= ALL ACCESS= NOREMOTE, READONLY
система достаточно гибкая....