1.\" Copyright (c) 1985, 1988, 1991, 1993
2.\" The Regents of the University of California. All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\" notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\" notice, this list of conditions and the following disclaimer in the
11.\" documentation and/or other materials provided with the distribution.
12.\" 3. All advertising materials mentioning features or use of this software
13.\" must display the following acknowledgement:
14.\" This product includes software developed by the University of
15.\" California, Berkeley and its contributors.
16.\" 4. Neither the name of the University nor the names of its contributors
17.\" may be used to endorse or promote products derived from this software
18.\" without specific prior written permission.
19.\"
20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30.\" SUCH DAMAGE.
31.\"
32.\" @(#)ftpd.8 8.2 (Berkeley) 4/19/94
| 1.\" Copyright (c) 1985, 1988, 1991, 1993
2.\" The Regents of the University of California. All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\" notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\" notice, this list of conditions and the following disclaimer in the
11.\" documentation and/or other materials provided with the distribution.
12.\" 3. All advertising materials mentioning features or use of this software
13.\" must display the following acknowledgement:
14.\" This product includes software developed by the University of
15.\" California, Berkeley and its contributors.
16.\" 4. Neither the name of the University nor the names of its contributors
17.\" may be used to endorse or promote products derived from this software
18.\" without specific prior written permission.
19.\"
20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30.\" SUCH DAMAGE.
31.\"
32.\" @(#)ftpd.8 8.2 (Berkeley) 4/19/94
|
33.\" $FreeBSD: head/libexec/ftpd/ftpd.8 82460 2001-08-28 11:59:21Z nik $
| 33.\" $FreeBSD: head/libexec/ftpd/ftpd.8 82796 2001-09-02 17:24:19Z sheldonh $
|
34.\"
35.Dd January 27, 2000
36.Dt FTPD 8
37.Os
38.Sh NAME
39.Nm ftpd
40.Nd Internet File Transfer Protocol server
41.Sh SYNOPSIS
42.Nm
43.Op Fl 4
44.Op Fl 6
45.Op Fl d
46.Op Fl l Op Fl l
47.Op Fl A
48.Op Fl D
49.Op Fl R
50.Op Fl S
51.Op Fl U
52.Op Fl r
53.Op Fl o
| 34.\"
35.Dd January 27, 2000
36.Dt FTPD 8
37.Os
38.Sh NAME
39.Nm ftpd
40.Nd Internet File Transfer Protocol server
41.Sh SYNOPSIS
42.Nm
43.Op Fl 4
44.Op Fl 6
45.Op Fl d
46.Op Fl l Op Fl l
47.Op Fl A
48.Op Fl D
49.Op Fl R
50.Op Fl S
51.Op Fl U
52.Op Fl r
53.Op Fl o
|
| 54.Op Fl O
|
54.Op Fl E
55.Op Fl T Ar maxtimeout
56.Op Fl t Ar timeout
57.Op Fl a Ar address
58.Op Fl p Ar file
59.Sh DESCRIPTION
60.Nm Ftpd
61is the
62Internet File Transfer Protocol
63server process. The server uses the
64.Tn TCP
65protocol
66and listens at the port specified in the
67.Dq ftp
68service specification; see
69.Xr services 5 .
70.Pp
71Available options:
72.Bl -tag -width indent
73.It Fl d
74Debugging information is written to the syslog using LOG_FTP.
75.It Fl l
76Each successful and failed
77.Xr ftp 1
78session is logged using syslog with a facility of LOG_FTP.
79If this option is specified twice, the retrieve (get), store (put), append,
80delete, make directory, remove directory and rename operations and
81their filename arguments are also logged. Note: LOG_FTP messages
82are not displayed by
83.Xr syslogd 8
84by default, and may have to be enabled in
85.Xr syslogd 8 Ns 's
86configuration file.
87.It Fl D
88With this option set,
89.Nm
90will detach and become a daemon, accepting connections on the FTP port and
91forking children processes to handle them.
92This is lower overhead than starting
93.Nm
94from
95.Xr inetd 8
96and is thus useful on busy servers to reduce load.
97.It Fl R
98With this option set,
99.Nm
100will revert to historical behavior with regard to security checks on
101user operations and restrictions on PORT requests.
102Currently,
103.Nm
104will only honor PORT commands directed to unprivileged ports on the
105remote user's host (which violates the FTP protocol specification but
106closes some security holes).
107.It Fl S
108With this option set,
109.Nm
110logs all anonymous file downloads to the file
111.Pa /var/log/ftpd
112when this file exists.
113.It Fl U
114In previous versions of
115.Nm ,
116when a passive mode client requested a data connection to the server,
117the server would use data ports in the range 1024..4999. Now, by default,
118the server will use data ports in the range 49152..65535. Specifying this
119option will revert to the old behavior.
120.It Fl T
121A client may also request a different timeout period;
122the maximum period allowed may be set to
123.Ar timeout
124seconds with the
125.Fl T
126option.
127The default limit is 2 hours.
128.It Fl t
129The inactivity timeout period is set to
130.Ar timeout
131seconds (the default is 15 minutes).
132.It Fl a
133When
134.Fl D
135is specified, accept connections only on the specified
136.Ar address .
137.It Fl p
138When
139.Fl D
140is specified, write the daemon's process ID to
141.Ar file .
142.It Fl 6
143When
144.Fl D
145is specified, accept connections via AF_INET6 socket.
146.It Fl 4
147When
148.Fl D
149is specified, accept IPv4 connections.
150When
151.Fl 6
152is also specified, accept IPv4 connection via AF_INET6 socket.
153When
154.Fl 6
155is not specified, accept IPv4 connection via AF_INET socket.
156.It Fl A
157Allow only anonymous ftp access.
158.It Fl r
159Put server in read-only mode.
160All commands which may modify the local filesystem are disabled.
161.It Fl o
162Put server in write-only mode.
163RETR is disabled, preventing downloads.
| 55.Op Fl E
56.Op Fl T Ar maxtimeout
57.Op Fl t Ar timeout
58.Op Fl a Ar address
59.Op Fl p Ar file
60.Sh DESCRIPTION
61.Nm Ftpd
62is the
63Internet File Transfer Protocol
64server process. The server uses the
65.Tn TCP
66protocol
67and listens at the port specified in the
68.Dq ftp
69service specification; see
70.Xr services 5 .
71.Pp
72Available options:
73.Bl -tag -width indent
74.It Fl d
75Debugging information is written to the syslog using LOG_FTP.
76.It Fl l
77Each successful and failed
78.Xr ftp 1
79session is logged using syslog with a facility of LOG_FTP.
80If this option is specified twice, the retrieve (get), store (put), append,
81delete, make directory, remove directory and rename operations and
82their filename arguments are also logged. Note: LOG_FTP messages
83are not displayed by
84.Xr syslogd 8
85by default, and may have to be enabled in
86.Xr syslogd 8 Ns 's
87configuration file.
88.It Fl D
89With this option set,
90.Nm
91will detach and become a daemon, accepting connections on the FTP port and
92forking children processes to handle them.
93This is lower overhead than starting
94.Nm
95from
96.Xr inetd 8
97and is thus useful on busy servers to reduce load.
98.It Fl R
99With this option set,
100.Nm
101will revert to historical behavior with regard to security checks on
102user operations and restrictions on PORT requests.
103Currently,
104.Nm
105will only honor PORT commands directed to unprivileged ports on the
106remote user's host (which violates the FTP protocol specification but
107closes some security holes).
108.It Fl S
109With this option set,
110.Nm
111logs all anonymous file downloads to the file
112.Pa /var/log/ftpd
113when this file exists.
114.It Fl U
115In previous versions of
116.Nm ,
117when a passive mode client requested a data connection to the server,
118the server would use data ports in the range 1024..4999. Now, by default,
119the server will use data ports in the range 49152..65535. Specifying this
120option will revert to the old behavior.
121.It Fl T
122A client may also request a different timeout period;
123the maximum period allowed may be set to
124.Ar timeout
125seconds with the
126.Fl T
127option.
128The default limit is 2 hours.
129.It Fl t
130The inactivity timeout period is set to
131.Ar timeout
132seconds (the default is 15 minutes).
133.It Fl a
134When
135.Fl D
136is specified, accept connections only on the specified
137.Ar address .
138.It Fl p
139When
140.Fl D
141is specified, write the daemon's process ID to
142.Ar file .
143.It Fl 6
144When
145.Fl D
146is specified, accept connections via AF_INET6 socket.
147.It Fl 4
148When
149.Fl D
150is specified, accept IPv4 connections.
151When
152.Fl 6
153is also specified, accept IPv4 connection via AF_INET6 socket.
154When
155.Fl 6
156is not specified, accept IPv4 connection via AF_INET socket.
157.It Fl A
158Allow only anonymous ftp access.
159.It Fl r
160Put server in read-only mode.
161All commands which may modify the local filesystem are disabled.
162.It Fl o
163Put server in write-only mode.
164RETR is disabled, preventing downloads.
|
| 165.It Fl O
166Put server in write-only mode for anonymous users only.
167RETR is disabled for anonymous users, preventing anonymous downloads.
168This has no effect if
169.Fl o
170is also specified.
|
164.It Fl E
165Disable the EPSV command.
166This is useful for servers behind older firewalls.
167.El
168.Pp
169The file
170.Pa /var/run/nologin
171can be used to disable ftp access.
172If the file exists,
173.Nm
174displays it and exits.
175If the file
176.Pa /etc/ftpwelcome
177exists,
178.Nm
179prints it before issuing the
180.Dq ready
181message.
182If the file
183.Pa /etc/ftpmotd
184exists,
185.Nm
186prints it after a successful login. Note the motd file used is the one
187relative to the login environment. This means the one in
188.Pa ~ftp/etc
189in the anonymous user's case.
190.Pp
191The ftp server currently supports the following ftp requests.
192The case of the requests is ignored. Requests marked [RW] are
193disabled if
194.Fl r
195is specified.
196.Bl -column "Request" -offset indent
197.It Sy Request Ta Sy "Description"
198.It ABOR Ta "abort previous command"
199.It ACCT Ta "specify account (ignored)"
200.It ALLO Ta "allocate storage (vacuously)"
201.It APPE Ta "append to a file [RW]"
202.It CDUP Ta "change to parent of current working directory"
203.It CWD Ta "change working directory"
204.It DELE Ta "delete a file [RW]"
205.It EPRT Ta "specify data connection port, multiprotocol"
206.It EPSV Ta "prepare for server-to-server transfer, multiprotocol"
207.It HELP Ta "give help information"
208.It LIST Ta "give list files in a directory" Pq Dq Li "ls -lgA"
209.It LPRT Ta "specify data connection port, multiprotocol"
210.It LPSV Ta "prepare for server-to-server transfer, multiprotocol"
211.It MDTM Ta "show last modification time of file"
212.It MKD Ta "make a directory [RW]"
213.It MODE Ta "specify data transfer" Em mode
214.It NLST Ta "give name list of files in directory"
215.It NOOP Ta "do nothing"
216.It PASS Ta "specify password"
217.It PASV Ta "prepare for server-to-server transfer"
218.It PORT Ta "specify data connection port"
219.It PWD Ta "print the current working directory"
220.It QUIT Ta "terminate session"
221.It REST Ta "restart incomplete transfer"
222.It RETR Ta "retrieve a file"
223.It RMD Ta "remove a directory [RW]"
224.It RNFR Ta "specify rename-from file name [RW]"
225.It RNTO Ta "specify rename-to file name [RW]"
226.It SITE Ta "non-standard commands (see next section)"
227.It SIZE Ta "return size of file"
228.It STAT Ta "return status of server"
229.It STOR Ta "store a file [RW]"
230.It STOU Ta "store a file with a unique name [RW]"
231.It STRU Ta "specify data transfer" Em structure
232.It SYST Ta "show operating system type of server system"
233.It TYPE Ta "specify data transfer" Em type
234.It USER Ta "specify user name"
235.It XCUP Ta "change to parent of current working directory (deprecated)"
236.It XCWD Ta "change working directory (deprecated)"
237.It XMKD Ta "make a directory (deprecated) [RW]"
238.It XPWD Ta "print the current working directory (deprecated)"
239.It XRMD Ta "remove a directory (deprecated) [RW]"
240.El
241.Pp
242The following non-standard or
243.Tn UNIX
244specific commands are supported
245by the
246SITE request.
247.Pp
248.Bl -column Request -offset indent
249.It Sy Request Ta Sy Description
250.It UMASK Ta change umask, e.g. ``SITE UMASK 002''
251.It IDLE Ta set idle-timer, e.g. ``SITE IDLE 60''
252.It CHMOD Ta "change mode of a file [RW], e.g. ``SITE CHMOD 755 filename''"
253.It MD5 Ta "report the files MD5 checksum, e.g. ``SITE MD5 filename''"
254.It HELP Ta give help information
255.El
256.Pp
257Note: SITE requests are disabled in case of anonymous logins.
258.Pp
259The remaining ftp requests specified in Internet RFC 959
260are
261recognized, but not implemented.
262MDTM and SIZE are not specified in RFC 959, but will appear in the
263next updated FTP RFC.
264.Pp
265The ftp server will abort an active file transfer only when the
266ABOR
267command is preceded by a Telnet "Interrupt Process" (IP)
268signal and a Telnet "Synch" signal in the command Telnet stream,
269as described in Internet RFC 959.
270If a
271STAT
272command is received during a data transfer, preceded by a Telnet IP
273and Synch, transfer status will be returned.
274.Pp
275.Nm Ftpd
276interprets file names according to the
277.Dq globbing
278conventions used by
279.Xr csh 1 .
280This allows users to utilize the metacharacters
281.Dq Li \&*?[]{}~ .
282.Pp
283.Nm Ftpd
284authenticates users according to six rules.
285.Pp
286.Bl -enum -offset indent
287.It
288The login name must be in the password data base
289and not have a null password.
290In this case a password must be provided by the client before any
291file operations may be performed.
292If the user has an S/Key key, the response from a successful USER
293command will include an S/Key challenge.
294The client may choose to respond with a PASS command giving either
295a standard password or an S/Key one-time password.
296The server will automatically determine which type of
297password it has been given and attempt to authenticate accordingly.
298See
299.Xr key 1
300for more information on S/Key authentication.
301S/Key is a Trademark of Bellcore.
302.It
303The login name must not appear in the file
304.Pa /etc/ftpusers .
305.It
306The login name must not be a member of a group specified in the file
307.Pa /etc/ftpusers .
308Entries in this file interpreted as group names are prefixed by an "at"
309.Ql \&@
310sign.
311.It
312The user must have a standard shell returned by
313.Xr getusershell 3 .
314.It
315If the user name appears in the file
316.Pa /etc/ftpchroot ,
317or the user is a member of a group with a group entry in this file,
318i.e. one prefixed with
319.Ql \&@ ,
320the session's root will be changed to the user's login directory by
321.Xr chroot 2
322as for an
323.Dq anonymous
324or
325.Dq ftp
326account (see next item).
327This facility may also be triggered by enabling the boolean "ftp-chroot"
328capability in
329.Xr login.conf 5 .
330However, the user must still supply a password.
331This feature is intended as a compromise between a fully anonymous
332account and a fully privileged account.
333The account should also be set up as for an anonymous account.
334.It
335If the user name is
336.Dq anonymous
337or
338.Dq ftp ,
339an
340anonymous ftp account must be present in the password
341file (user
342.Dq ftp ) .
343In this case the user is allowed
344to log in by specifying any password (by convention an email address for
345the user should be used as the password).
346When the
347.Fl S
348option is set, all transfers are logged as well.
349.El
350.Pp
351In the last case,
352.Nm
353takes special measures to restrict the client's access privileges.
354The server performs a
355.Xr chroot 2
356to the home directory of the
357.Dq ftp
358user.
359In order that system security is not breached, it is recommended
360that the
361.Dq ftp
362subtree be constructed with care, following these rules:
363.Bl -tag -width "~ftp/pub" -offset indent
364.It Pa ~ftp
365Make the home directory owned by
366.Dq root
367and unwritable by anyone.
368.It Pa ~ftp/etc
369Make this directory owned by
370.Dq root
371and unwritable by anyone (mode 555).
372The files pwd.db (see
373.Xr passwd 5 )
374and
375.Xr group 5
376must be present for the
377.Xr ls
378command to be able to produce owner names rather than numbers.
379The password field in
380.Xr passwd
381is not used, and should not contain real passwords.
382The file
383.Pa ftpmotd ,
384if present, will be printed after a successful login.
385These files should be mode 444.
386.It Pa ~ftp/pub
387Make this directory mode 777 and owned by
388.Dq ftp .
389Guests
390can then place files which are to be accessible via the anonymous
391account in this directory.
392.El
393.Pp
394If the system has multiple IP addresses,
395.Nm
396supports the idea of virtual hosts, which provides the ability to
397define multiple anonymous ftp areas, each one allocated to a different
398internet address.
399The file
400.Pa /etc/ftphosts
401contains information pertaining to each of the virtual hosts.
402Each host is defined on its own line which contains a number of
403fields separated by whitespace:
404.Bl -tag -offset indent -width hostname
405.It hostname
406Contains the hostname or IP address of the virtual host.
407.It user
408Contains a user record in the system password file.
409As with normal anonymous ftp, this user's access uid, gid and group
410memberships determine file access to the anonymous ftp area.
411The anonymous ftp area (to which any user is chrooted on login)
412is determined by the home directory defined for the account.
413User id and group for any ftp account may be the same as for the
414standard ftp user.
415.It statfile
416File to which all file transfers are logged, which
417defaults to
418.Pa /var/log/ftpd .
419.It welcome
420This file is the welcome message displayed before the server ready
421prompt.
422It defaults to
423.Pa /etc/ftpwelcome .
424.It motd
425This file is displayed after the user logs in.
426It defaults to
427.Pa /etc/ftpmotd .
428.El
429.Pp
430Lines beginning with a '#' are ignored and can be used to include
431comments.
432.Pp
433Defining a virtual host for the primary IP address or hostname
434changes the default for ftp logins to that address.
435The 'user', 'statfile', 'welcome' and 'motd' fields may be left
436blank, or a single hypen '-' used to indicate that the default
437value is to be used.
438.Pp
439As with any anonymous login configuration, due care must be given
440to setup and maintenance to guard against security related problems.
441.Pp
442.Nm
443has internal support for handling remote requests to list
444files, and will not execute
445.Pa /bin/ls
446in either a chrooted or non-chrooted environment. The
447.Pa ~/bin/ls
448executable need not be placed into the chrooted tree, nor need the
449.Pa ~/bin
450directory exist.
451.Sh FILES
452.Bl -tag -width /etc/ftpwelcome -compact
453.It Pa /etc/ftpusers
454List of unwelcome/restricted users.
455.It Pa /etc/ftpchroot
456List of normal users who should be chroot'd.
457.It Pa /etc/ftphosts
458Virtual hosting configuration file.
459.It Pa /etc/ftpwelcome
460Welcome notice.
461.It Pa /etc/ftpmotd
462Welcome notice after login.
463.It Pa /var/run/nologin
464Displayed and access refused.
465.It Pa /var/log/ftpd
466Log file for anonymous transfers.
467.El
468.Sh SEE ALSO
469.Xr ftp 1 ,
470.Xr key 1 ,
471.Xr getusershell 3 ,
472.Xr login.conf 5 ,
473.Xr inetd 8 ,
474.Xr syslogd 8
475.Sh BUGS
476The server must run as the super-user
477to create sockets with privileged port numbers. It maintains
478an effective user id of the logged in user, reverting to
479the super-user only when binding addresses to sockets. The
480possible security holes have been extensively
481scrutinized, but are possibly incomplete.
482.Sh HISTORY
483The
484.Nm
485command appeared in
486.Bx 4.2 .
487IPv6 support was added in WIDE Hydrangea IPv6 stack kit.
| 171.It Fl E
172Disable the EPSV command.
173This is useful for servers behind older firewalls.
174.El
175.Pp
176The file
177.Pa /var/run/nologin
178can be used to disable ftp access.
179If the file exists,
180.Nm
181displays it and exits.
182If the file
183.Pa /etc/ftpwelcome
184exists,
185.Nm
186prints it before issuing the
187.Dq ready
188message.
189If the file
190.Pa /etc/ftpmotd
191exists,
192.Nm
193prints it after a successful login. Note the motd file used is the one
194relative to the login environment. This means the one in
195.Pa ~ftp/etc
196in the anonymous user's case.
197.Pp
198The ftp server currently supports the following ftp requests.
199The case of the requests is ignored. Requests marked [RW] are
200disabled if
201.Fl r
202is specified.
203.Bl -column "Request" -offset indent
204.It Sy Request Ta Sy "Description"
205.It ABOR Ta "abort previous command"
206.It ACCT Ta "specify account (ignored)"
207.It ALLO Ta "allocate storage (vacuously)"
208.It APPE Ta "append to a file [RW]"
209.It CDUP Ta "change to parent of current working directory"
210.It CWD Ta "change working directory"
211.It DELE Ta "delete a file [RW]"
212.It EPRT Ta "specify data connection port, multiprotocol"
213.It EPSV Ta "prepare for server-to-server transfer, multiprotocol"
214.It HELP Ta "give help information"
215.It LIST Ta "give list files in a directory" Pq Dq Li "ls -lgA"
216.It LPRT Ta "specify data connection port, multiprotocol"
217.It LPSV Ta "prepare for server-to-server transfer, multiprotocol"
218.It MDTM Ta "show last modification time of file"
219.It MKD Ta "make a directory [RW]"
220.It MODE Ta "specify data transfer" Em mode
221.It NLST Ta "give name list of files in directory"
222.It NOOP Ta "do nothing"
223.It PASS Ta "specify password"
224.It PASV Ta "prepare for server-to-server transfer"
225.It PORT Ta "specify data connection port"
226.It PWD Ta "print the current working directory"
227.It QUIT Ta "terminate session"
228.It REST Ta "restart incomplete transfer"
229.It RETR Ta "retrieve a file"
230.It RMD Ta "remove a directory [RW]"
231.It RNFR Ta "specify rename-from file name [RW]"
232.It RNTO Ta "specify rename-to file name [RW]"
233.It SITE Ta "non-standard commands (see next section)"
234.It SIZE Ta "return size of file"
235.It STAT Ta "return status of server"
236.It STOR Ta "store a file [RW]"
237.It STOU Ta "store a file with a unique name [RW]"
238.It STRU Ta "specify data transfer" Em structure
239.It SYST Ta "show operating system type of server system"
240.It TYPE Ta "specify data transfer" Em type
241.It USER Ta "specify user name"
242.It XCUP Ta "change to parent of current working directory (deprecated)"
243.It XCWD Ta "change working directory (deprecated)"
244.It XMKD Ta "make a directory (deprecated) [RW]"
245.It XPWD Ta "print the current working directory (deprecated)"
246.It XRMD Ta "remove a directory (deprecated) [RW]"
247.El
248.Pp
249The following non-standard or
250.Tn UNIX
251specific commands are supported
252by the
253SITE request.
254.Pp
255.Bl -column Request -offset indent
256.It Sy Request Ta Sy Description
257.It UMASK Ta change umask, e.g. ``SITE UMASK 002''
258.It IDLE Ta set idle-timer, e.g. ``SITE IDLE 60''
259.It CHMOD Ta "change mode of a file [RW], e.g. ``SITE CHMOD 755 filename''"
260.It MD5 Ta "report the files MD5 checksum, e.g. ``SITE MD5 filename''"
261.It HELP Ta give help information
262.El
263.Pp
264Note: SITE requests are disabled in case of anonymous logins.
265.Pp
266The remaining ftp requests specified in Internet RFC 959
267are
268recognized, but not implemented.
269MDTM and SIZE are not specified in RFC 959, but will appear in the
270next updated FTP RFC.
271.Pp
272The ftp server will abort an active file transfer only when the
273ABOR
274command is preceded by a Telnet "Interrupt Process" (IP)
275signal and a Telnet "Synch" signal in the command Telnet stream,
276as described in Internet RFC 959.
277If a
278STAT
279command is received during a data transfer, preceded by a Telnet IP
280and Synch, transfer status will be returned.
281.Pp
282.Nm Ftpd
283interprets file names according to the
284.Dq globbing
285conventions used by
286.Xr csh 1 .
287This allows users to utilize the metacharacters
288.Dq Li \&*?[]{}~ .
289.Pp
290.Nm Ftpd
291authenticates users according to six rules.
292.Pp
293.Bl -enum -offset indent
294.It
295The login name must be in the password data base
296and not have a null password.
297In this case a password must be provided by the client before any
298file operations may be performed.
299If the user has an S/Key key, the response from a successful USER
300command will include an S/Key challenge.
301The client may choose to respond with a PASS command giving either
302a standard password or an S/Key one-time password.
303The server will automatically determine which type of
304password it has been given and attempt to authenticate accordingly.
305See
306.Xr key 1
307for more information on S/Key authentication.
308S/Key is a Trademark of Bellcore.
309.It
310The login name must not appear in the file
311.Pa /etc/ftpusers .
312.It
313The login name must not be a member of a group specified in the file
314.Pa /etc/ftpusers .
315Entries in this file interpreted as group names are prefixed by an "at"
316.Ql \&@
317sign.
318.It
319The user must have a standard shell returned by
320.Xr getusershell 3 .
321.It
322If the user name appears in the file
323.Pa /etc/ftpchroot ,
324or the user is a member of a group with a group entry in this file,
325i.e. one prefixed with
326.Ql \&@ ,
327the session's root will be changed to the user's login directory by
328.Xr chroot 2
329as for an
330.Dq anonymous
331or
332.Dq ftp
333account (see next item).
334This facility may also be triggered by enabling the boolean "ftp-chroot"
335capability in
336.Xr login.conf 5 .
337However, the user must still supply a password.
338This feature is intended as a compromise between a fully anonymous
339account and a fully privileged account.
340The account should also be set up as for an anonymous account.
341.It
342If the user name is
343.Dq anonymous
344or
345.Dq ftp ,
346an
347anonymous ftp account must be present in the password
348file (user
349.Dq ftp ) .
350In this case the user is allowed
351to log in by specifying any password (by convention an email address for
352the user should be used as the password).
353When the
354.Fl S
355option is set, all transfers are logged as well.
356.El
357.Pp
358In the last case,
359.Nm
360takes special measures to restrict the client's access privileges.
361The server performs a
362.Xr chroot 2
363to the home directory of the
364.Dq ftp
365user.
366In order that system security is not breached, it is recommended
367that the
368.Dq ftp
369subtree be constructed with care, following these rules:
370.Bl -tag -width "~ftp/pub" -offset indent
371.It Pa ~ftp
372Make the home directory owned by
373.Dq root
374and unwritable by anyone.
375.It Pa ~ftp/etc
376Make this directory owned by
377.Dq root
378and unwritable by anyone (mode 555).
379The files pwd.db (see
380.Xr passwd 5 )
381and
382.Xr group 5
383must be present for the
384.Xr ls
385command to be able to produce owner names rather than numbers.
386The password field in
387.Xr passwd
388is not used, and should not contain real passwords.
389The file
390.Pa ftpmotd ,
391if present, will be printed after a successful login.
392These files should be mode 444.
393.It Pa ~ftp/pub
394Make this directory mode 777 and owned by
395.Dq ftp .
396Guests
397can then place files which are to be accessible via the anonymous
398account in this directory.
399.El
400.Pp
401If the system has multiple IP addresses,
402.Nm
403supports the idea of virtual hosts, which provides the ability to
404define multiple anonymous ftp areas, each one allocated to a different
405internet address.
406The file
407.Pa /etc/ftphosts
408contains information pertaining to each of the virtual hosts.
409Each host is defined on its own line which contains a number of
410fields separated by whitespace:
411.Bl -tag -offset indent -width hostname
412.It hostname
413Contains the hostname or IP address of the virtual host.
414.It user
415Contains a user record in the system password file.
416As with normal anonymous ftp, this user's access uid, gid and group
417memberships determine file access to the anonymous ftp area.
418The anonymous ftp area (to which any user is chrooted on login)
419is determined by the home directory defined for the account.
420User id and group for any ftp account may be the same as for the
421standard ftp user.
422.It statfile
423File to which all file transfers are logged, which
424defaults to
425.Pa /var/log/ftpd .
426.It welcome
427This file is the welcome message displayed before the server ready
428prompt.
429It defaults to
430.Pa /etc/ftpwelcome .
431.It motd
432This file is displayed after the user logs in.
433It defaults to
434.Pa /etc/ftpmotd .
435.El
436.Pp
437Lines beginning with a '#' are ignored and can be used to include
438comments.
439.Pp
440Defining a virtual host for the primary IP address or hostname
441changes the default for ftp logins to that address.
442The 'user', 'statfile', 'welcome' and 'motd' fields may be left
443blank, or a single hypen '-' used to indicate that the default
444value is to be used.
445.Pp
446As with any anonymous login configuration, due care must be given
447to setup and maintenance to guard against security related problems.
448.Pp
449.Nm
450has internal support for handling remote requests to list
451files, and will not execute
452.Pa /bin/ls
453in either a chrooted or non-chrooted environment. The
454.Pa ~/bin/ls
455executable need not be placed into the chrooted tree, nor need the
456.Pa ~/bin
457directory exist.
458.Sh FILES
459.Bl -tag -width /etc/ftpwelcome -compact
460.It Pa /etc/ftpusers
461List of unwelcome/restricted users.
462.It Pa /etc/ftpchroot
463List of normal users who should be chroot'd.
464.It Pa /etc/ftphosts
465Virtual hosting configuration file.
466.It Pa /etc/ftpwelcome
467Welcome notice.
468.It Pa /etc/ftpmotd
469Welcome notice after login.
470.It Pa /var/run/nologin
471Displayed and access refused.
472.It Pa /var/log/ftpd
473Log file for anonymous transfers.
474.El
475.Sh SEE ALSO
476.Xr ftp 1 ,
477.Xr key 1 ,
478.Xr getusershell 3 ,
479.Xr login.conf 5 ,
480.Xr inetd 8 ,
481.Xr syslogd 8
482.Sh BUGS
483The server must run as the super-user
484to create sockets with privileged port numbers. It maintains
485an effective user id of the logged in user, reverting to
486the super-user only when binding addresses to sockets. The
487possible security holes have been extensively
488scrutinized, but are possibly incomplete.
489.Sh HISTORY
490The
491.Nm
492command appeared in
493.Bx 4.2 .
494IPv6 support was added in WIDE Hydrangea IPv6 stack kit.
|