> I've had a proposal to add a file like /etc/ftpusers that does the
> inverse:  if it exists, only users listed in that file will be
> allowed to log in via ftp. This seems like a good idea to me, and
> to avoid confusion with the names, I've also had a suggestion that
> we should remove /etc/ftpusers entirely, and have /etc/ftp.deny
> and /etc/ftp.allow files instead.
> Has anyone any comments on this?

One comment:  don't needlessly frustrate people who buy network administration
texts at a bookstore.  Use /etc/ftpusers if it is present, otherwise use the
more flexible deny/allow files.  You can put a comment in the stock ftpusers
directing people to consider ftp.deny or ftp.allow instead.