1.\" $NetBSD: ftpd.8,v 1.74 2003-08-07 09:46:39 agc Exp $
2.\"
3.\" Copyright (c) 1997-2003 The NetBSD Foundation, Inc.
4.\" All rights reserved.
5.\"
6.\" This code is derived from software contributed to The NetBSD Foundation
7.\" by Luke Mewburn.
8.\"
9.\" Redistribution and use in source and binary forms, with or without
--- 48 unchanged lines hidden (view full) ---
58.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
59.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
60.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
61.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
62.\" SUCH DAMAGE.
63.\"
64.\" @(#)ftpd.8 8.2 (Berkeley) 4/19/94
65.\"
66.Dd February 26, 2003
67.Dt FTPD 8
68.Os
69.Sh NAME
70.Nm ftpd
71.Nd
72Internet File Transfer Protocol server
73.Sh SYNOPSIS
74.Nm
75.Op Fl dHlqQrsuUwWX
76.Op Fl a Ar anondir
77.Op Fl c Ar confdir
78.Op Fl C Ar user
79.Op Fl e Ar emailaddr
80.Op Fl h Ar hostname
81.Op Fl L Ar xferlogfile
82.Op Fl P Ar dataport
83.Op Fl V Ar version
84.Sh DESCRIPTION
85.Nm
86is the Internet File Transfer Protocol server process.
87The server uses the
88.Tn TCP
89protocol and listens at the port specified in the
90.Dq ftp
91service specification; see
92.Xr services 5 .
93.Pp
94Available options:
95.Bl -tag -width Ds
96.It Fl a Ar anondir
97Define
98.Ar anondir
99as the directory to
100.Xr chroot 2
101into for anonymous logins.
102Default is the home directory for the ftp user.
103This can also be specified with the
104.Xr ftpd.conf 5
105.Sy chroot
106directive.
107.It Fl c Ar confdir
108Change the root directory of the configuration files from
109.Dq Pa /etc
110to
111.Ar confdir .
112This changes the directory for the following files:
113.Pa /etc/ftpchroot ,
114.Pa /etc/ftpusers ,
115.Pa /etc/ftpwelcome ,
116.Pa /etc/motd ,
117and the file specified by the
118.Xr ftpd.conf 5
119.Sy limit
120directive.
121.It Fl C Ar user
122Check whether
123.Ar user
124would be granted access under
125the restrictions given in
126.Xr ftpusers 5
127and exit without attempting a connection.
128.Nm
129exits with an exit code of 0 if access would be granted, or 1 otherwise.
130This can be useful for testing configurations.
131.It Fl d
132Debugging information is written to the syslog using a facility of
133.Dv LOG_FTP .
134.It Fl e Ar emailaddr
135Use
136.Ar emailaddr
137for the
138.Dq "\&%E"
139escape sequence (see
140.Sx Display file escape sequences )
141.It Fl h Ar hostname
142Explicitly set the hostname to advertise as to
143.Ar hostname .
144The default is the hostname associated with the IP address that
145.Nm
146is listening on.
147This ability (with or without
148.Fl h ) ,
149in conjunction with
150.Fl c Ar confdir ,
151is useful when configuring
152.Sq virtual
153.Tn FTP
154servers, each listening on separate addresses as separate names.
155Refer to
156.Xr inetd.conf 5
157for more information on starting services to listen on specific IP addresses.
158.It Fl H
159Equivalent to
160.Do
161-h
162`hostname`
163.Dc .
164.It Fl l
165Each successful and failed
166.Tn FTP
167session is logged using syslog with a facility of
168.Dv LOG_FTP .
169If this option is specified more than once, the retrieve (get), store (put),
170append, delete, make directory, remove directory and rename operations and
171their file name arguments are also logged.
172.It Fl L Ar xferlogfile
173Log
174.Tn wu-ftpd
175style
176.Sq xferlog
177entries to
178.Ar xferlogfile .
179.It Fl P Ar dataport
180Use
181.Ar dataport
182as the data port, overriding the default of using the port one less
183that the port
184.Nm
185is listening on.
186.It Fl q
187Enable the use of pid files for keeping track of the number of logged-in
188users per class.
189This is the default.
190.It Fl Q
191Disable the use of pid files for keeping track of the number of logged-in
192users per class.
193This may reduce the load on heavily loaded
194.Tn FTP
195servers.
196.It Fl r
197Permanently drop root privileges once the user is logged in.
198The use of this option may result in the server using a port other
199than the (listening-port - 1) for
200.Sy PORT
201style commands, which is contrary to the
202.Cm RFC 959
203specification, but in practice very few clients rely upon this behaviour.
204See
205.Sx SECURITY CONSIDERATIONS
206below for more details.
207.It Fl s
208Require a secure authentication mechanism like Kerberos or S/Key to be used.
209.It Fl u
210Log each concurrent
211.Tn FTP
212session to
213.Pa /var/run/utmp ,
214making them visible to commands such as
215.Xr who 1 .
216.It Fl U
217Don't log each concurrent
218.Tn FTP
219session to
220.Pa /var/run/utmp .
221This is the default.
222.It Fl V Ar version
223Use
224.Ar version
225as the version to advertise in the login banner and in the output of
226.Sy STAT
227and
228.Sy SYST
229instead of the default version information.
230If
231.Ar version
232is empty or
233.Sq -
234then don't display any version information.
235.It Fl w
236Log each
237.Tn FTP
238session to
239.Pa /var/log/wtmp ,
240making them visible to commands such as
241.Xr last 1 .
242This is the default.
243.It Fl W
244Don't log each
245.Tn FTP
246session to
247.Pa /var/log/wtmp .
248.It Fl X
249Log
250.Tn wu-ftpd
251style
252.Sq xferlog
253entries to the syslog, prefixed with
254.Dq "xferlog:\ " ,
255using a facility of
--- 584 unchanged lines hidden ---
2.\"
3.\" Copyright (c) 1997-2003 The NetBSD Foundation, Inc.
4.\" All rights reserved.
5.\"
6.\" This code is derived from software contributed to The NetBSD Foundation
7.\" by Luke Mewburn.
8.\"
9.\" Redistribution and use in source and binary forms, with or without
--- 48 unchanged lines hidden (view full) ---
58.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
59.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
60.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
61.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
62.\" SUCH DAMAGE.
63.\"
64.\" @(#)ftpd.8 8.2 (Berkeley) 4/19/94
65.\"
66.Dd February 26, 2003
67.Dt FTPD 8
68.Os
69.Sh NAME
70.Nm ftpd
71.Nd
72Internet File Transfer Protocol server
73.Sh SYNOPSIS
74.Nm
75.Op Fl dHlqQrsuUwWX
76.Op Fl a Ar anondir
77.Op Fl c Ar confdir
78.Op Fl C Ar user
79.Op Fl e Ar emailaddr
80.Op Fl h Ar hostname
81.Op Fl L Ar xferlogfile
82.Op Fl P Ar dataport
83.Op Fl V Ar version
84.Sh DESCRIPTION
85.Nm
86is the Internet File Transfer Protocol server process.
87The server uses the
88.Tn TCP
89protocol and listens at the port specified in the
90.Dq ftp
91service specification; see
92.Xr services 5 .
93.Pp
94Available options:
95.Bl -tag -width Ds
96.It Fl a Ar anondir
97Define
98.Ar anondir
99as the directory to
100.Xr chroot 2
101into for anonymous logins.
102Default is the home directory for the ftp user.
103This can also be specified with the
104.Xr ftpd.conf 5
105.Sy chroot
106directive.
107.It Fl c Ar confdir
108Change the root directory of the configuration files from
109.Dq Pa /etc
110to
111.Ar confdir .
112This changes the directory for the following files:
113.Pa /etc/ftpchroot ,
114.Pa /etc/ftpusers ,
115.Pa /etc/ftpwelcome ,
116.Pa /etc/motd ,
117and the file specified by the
118.Xr ftpd.conf 5
119.Sy limit
120directive.
121.It Fl C Ar user
122Check whether
123.Ar user
124would be granted access under
125the restrictions given in
126.Xr ftpusers 5
127and exit without attempting a connection.
128.Nm
129exits with an exit code of 0 if access would be granted, or 1 otherwise.
130This can be useful for testing configurations.
131.It Fl d
132Debugging information is written to the syslog using a facility of
133.Dv LOG_FTP .
134.It Fl e Ar emailaddr
135Use
136.Ar emailaddr
137for the
138.Dq "\&%E"
139escape sequence (see
140.Sx Display file escape sequences )
141.It Fl h Ar hostname
142Explicitly set the hostname to advertise as to
143.Ar hostname .
144The default is the hostname associated with the IP address that
145.Nm
146is listening on.
147This ability (with or without
148.Fl h ) ,
149in conjunction with
150.Fl c Ar confdir ,
151is useful when configuring
152.Sq virtual
153.Tn FTP
154servers, each listening on separate addresses as separate names.
155Refer to
156.Xr inetd.conf 5
157for more information on starting services to listen on specific IP addresses.
158.It Fl H
159Equivalent to
160.Do
161-h
162`hostname`
163.Dc .
164.It Fl l
165Each successful and failed
166.Tn FTP
167session is logged using syslog with a facility of
168.Dv LOG_FTP .
169If this option is specified more than once, the retrieve (get), store (put),
170append, delete, make directory, remove directory and rename operations and
171their file name arguments are also logged.
172.It Fl L Ar xferlogfile
173Log
174.Tn wu-ftpd
175style
176.Sq xferlog
177entries to
178.Ar xferlogfile .
179.It Fl P Ar dataport
180Use
181.Ar dataport
182as the data port, overriding the default of using the port one less
183that the port
184.Nm
185is listening on.
186.It Fl q
187Enable the use of pid files for keeping track of the number of logged-in
188users per class.
189This is the default.
190.It Fl Q
191Disable the use of pid files for keeping track of the number of logged-in
192users per class.
193This may reduce the load on heavily loaded
194.Tn FTP
195servers.
196.It Fl r
197Permanently drop root privileges once the user is logged in.
198The use of this option may result in the server using a port other
199than the (listening-port - 1) for
200.Sy PORT
201style commands, which is contrary to the
202.Cm RFC 959
203specification, but in practice very few clients rely upon this behaviour.
204See
205.Sx SECURITY CONSIDERATIONS
206below for more details.
207.It Fl s
208Require a secure authentication mechanism like Kerberos or S/Key to be used.
209.It Fl u
210Log each concurrent
211.Tn FTP
212session to
213.Pa /var/run/utmp ,
214making them visible to commands such as
215.Xr who 1 .
216.It Fl U
217Don't log each concurrent
218.Tn FTP
219session to
220.Pa /var/run/utmp .
221This is the default.
222.It Fl V Ar version
223Use
224.Ar version
225as the version to advertise in the login banner and in the output of
226.Sy STAT
227and
228.Sy SYST
229instead of the default version information.
230If
231.Ar version
232is empty or
233.Sq -
234then don't display any version information.
235.It Fl w
236Log each
237.Tn FTP
238session to
239.Pa /var/log/wtmp ,
240making them visible to commands such as
241.Xr last 1 .
242This is the default.
243.It Fl W
244Don't log each
245.Tn FTP
246session to
247.Pa /var/log/wtmp .
248.It Fl X
249Log
250.Tn wu-ftpd
251style
252.Sq xferlog
253entries to the syslog, prefixed with
254.Dq "xferlog:\ " ,
255using a facility of
--- 584 unchanged lines hidden ---