Tom Simpson wrote:
Regarding the FAQ below – ftpconfig can be used from the global zone to setup
the device special files.  Ie.

Localzone% [b]ftpconfig /datadir  [/b] (sets up anon ftp user, but fails on
device special files)

Global% [b]ftpconfig /zone/testzone/datadir[/b] (completes the job by creating
the special files - also creates user in globalzone)

This violates the guideline "never operate on a non-global zone's files from the global zone." I'm not convinced that it is always dangerous in this situation (yet), but I'm not convinced it's safe, or could be made safe, either.

Also, the action of adding a device into a zone's filesystem directly, without using zonecfg(1M), is undocumented and the results may be unpredictable.

Global% [b]userdel ftp[/b] (deletes unrequired ftp user from global zone)

This way, you [i]can [/i]use ftpconfig to setup the zone to be an anonymous ftp
server. (Obviously, relies on /datadir being an lofs filesystem from the global

----- Original FAQ below Q: Can a zone be an ftp server? A: A zone can be an
ftp server, but it is not possible to use ftpconfig(1M) to set up a zone to be
an anonymous ftp server. This is because ftpconfig attempts to set up certain
device special files, and a zone does not have the necessary privileges.
[December 2005]

Jeff VICTOR              Sun Microsystems            jeff.victor @
OS Ambassador            Sr. Technical Specialist
Solaris 10 Zones FAQ:
zones-discuss mailing list

Reply via email to