>>>>> "Curt" == Curt Sampson <cjs@portal.ca> writes:

Curt> Here's another thought. We could combine the allow and deny
Curt> functions into the single /etc/ftpusers file.

While we're in the process of redefining this file, why don't we make
a generic "privilege" file for all network access for all users.

It could look something like:

# defaults for the various services
:default:telnet allow
:default:ftp allow
:default:pop3 allow
:default:rsh deny
:default:rlogin deny

root:ftp deny
root:pop3 deny

# a user with a POP-only mail account
popuser:telnet deny
popuser:ftp deny

This file would then be indexed into a db(3) database, and a generic
lookup function would do the lookup. Hmmmm. Come to think of it, this
looks very similar to the USERDB database of sendmail... :-)

- S