| ftpd.8 (15196) | ftpd.8 (17435) |
|---|---|
| 1.\" Copyright (c) 1985, 1988, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. --- 28 unchanged lines hidden (view full) --- 37.Sh NAME 38.Nm ftpd 39.Nd 40Internet File Transfer Protocol server 41.Sh SYNOPSIS 42.Nm ftpd 43.Op Fl dl 44.Op Fl D | 1.\" Copyright (c) 1985, 1988, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. --- 28 unchanged lines hidden (view full) --- 37.Sh NAME 38.Nm ftpd 39.Nd 40Internet File Transfer Protocol server 41.Sh SYNOPSIS 42.Nm ftpd 43.Op Fl dl 44.Op Fl D |
| 45.Op Fl R |
|
| 45.Op Fl S 46.Op Fl U 47.Op Fl T Ar maxtimeout 48.Op Fl t Ar timeout 49.Sh DESCRIPTION 50.Nm Ftpd 51is the 52Internet File Transfer Protocol --- 21 unchanged lines hidden (view full) --- 74.Nm ftpd 75will detach and become a daemon, accepting connections on the FTP port and 76forking children processes to handle them. This is lower overhead than 77starting 78.Nm ftpd 79from 80.Xr inetd 8 81and is thus useful on busy servers to reduce load. | 46.Op Fl S 47.Op Fl U 48.Op Fl T Ar maxtimeout 49.Op Fl t Ar timeout 50.Sh DESCRIPTION 51.Nm Ftpd 52is the 53Internet File Transfer Protocol --- 21 unchanged lines hidden (view full) --- 75.Nm ftpd 76will detach and become a daemon, accepting connections on the FTP port and 77forking children processes to handle them. This is lower overhead than 78starting 79.Nm ftpd 80from 81.Xr inetd 8 82and is thus useful on busy servers to reduce load. |
| 83.It Fl R 84With this option set, 85.Nm ftpd 86will revert to historical behavior with regard to security checks on 87user operations and restrictions on PORT requests. 88Currently, 89.Nm ftpd 90will only honor PORT commands directed to unprivileged ports on the 91remote user's host (which violates the FTP protocol specification but 92closes some security holes). 93. |
|
| 82.It Fl S 83With this option set, 84.Nm ftpd 85logs all anonymous transfers to the file 86.Pa /var/log/ftpd 87when this file exists. 88. 89.It Fl U --- 114 unchanged lines hidden (view full) --- 204interprets file names according to the 205.Dq globbing 206conventions used by 207.Xr csh 1 . 208This allows users to utilize the metacharacters 209.Dq Li \&*?[]{}~ . 210.Pp 211.Nm Ftpd | 94.It Fl S 95With this option set, 96.Nm ftpd 97logs all anonymous transfers to the file 98.Pa /var/log/ftpd 99when this file exists. 100. 101.It Fl U --- 114 unchanged lines hidden (view full) --- 216interprets file names according to the 217.Dq globbing 218conventions used by 219.Xr csh 1 . 220This allows users to utilize the metacharacters 221.Dq Li \&*?[]{}~ . 222.Pp 223.Nm Ftpd |
| 212authenticates users according to three rules. | 224authenticates users according to five rules. |
| 213.Pp 214.Bl -enum -offset indent 215.It 216The login name must be in the password data base, | 225.Pp 226.Bl -enum -offset indent 227.It 228The login name must be in the password data base, |
| 217.Pa /etc/passwd , | 229.Pa /etc/pwd.db , |
| 218and not have a null password. 219In this case a password must be provided by the client before any 220file operations may be performed. | 230and not have a null password. 231In this case a password must be provided by the client before any 232file operations may be performed. |
| 233If the user has an S/Key key, the response from a successful USER 234command will include an S/Key challenge. The client may choose to respond 235with a PASS command giving either a standard password or an S/Key 236one-time password. The server will automatically determine which type of 237password it has been given and attempt to authenticate accordingly. See 238.Xr key 1 239for more information on S/Key authentication. S/Key is a Trademark of 240Bellcore. |
|
| 221.It 222The login name must not appear in the file 223.Pa /etc/ftpusers . 224.It 225The user must have a standard shell returned by 226.Xr getusershell 3 . 227.It | 241.It 242The login name must not appear in the file 243.Pa /etc/ftpusers . 244.It 245The user must have a standard shell returned by 246.Xr getusershell 3 . 247.It |
| 248If the user name appears in the file 249.Pa /etc/ftpchroot 250the session's root will be changed to the user's login directory by 251.Xr chroot 2 252as for an 253.Dq anonymous 254or 255.Dq ftp 256account (see next item). However, the user must still supply a password. 257This feature is intended as a compromise between a fully anonymous account 258and a fully privileged account. The account should also be set up as for an 259anonymous account. 260.It |
|
| 228If the user name is 229.Dq anonymous 230or 231.Dq ftp , 232an 233anonymous ftp account must be present in the password 234file (user 235.Dq ftp ) . 236In this case the user is allowed 237to log in by specifying any password (by convention an email address for | 261If the user name is 262.Dq anonymous 263or 264.Dq ftp , 265an 266anonymous ftp account must be present in the password 267file (user 268.Dq ftp ) . 269In this case the user is allowed 270to log in by specifying any password (by convention an email address for |
| 238the user should be used as the password). When the | 271the user should be used as the password). 272When the |
| 239.Fl S 240option is set, all transfers are logged as well. 241.El 242.Pp 243In the last case, 244.Nm ftpd 245takes special measures to restrict the client's access privileges. 246The server performs a --- 17 unchanged lines hidden (view full) --- 264The program 265.Xr ls 1 266must be present to support the list command. 267This program should be mode 111. 268.It Pa ~ftp/etc 269Make this directory owned by 270.Dq root 271and unwritable by anyone (mode 555). | 273.Fl S 274option is set, all transfers are logged as well. 275.El 276.Pp 277In the last case, 278.Nm ftpd 279takes special measures to restrict the client's access privileges. 280The server performs a --- 17 unchanged lines hidden (view full) --- 298The program 299.Xr ls 1 300must be present to support the list command. 301This program should be mode 111. 302.It Pa ~ftp/etc 303Make this directory owned by 304.Dq root 305and unwritable by anyone (mode 555). |
| 272The files 273.Xr passwd 5 | 306The files pwd.db (see 307.Xr passwd 5 ) |
| 274and 275.Xr group 5 276must be present for the 277.Xr ls 278command to be able to produce owner names rather than numbers. 279The password field in 280.Xr passwd 281is not used, and should not contain real passwords. --- 7 unchanged lines hidden (view full) --- 289Guests 290can then place files which are to be accessible via the anonymous 291account in this directory. 292.El 293.Sh FILES 294.Bl -tag -width /etc/ftpwelcome -compact 295.It Pa /etc/ftpusers 296List of unwelcome/restricted users. | 308and 309.Xr group 5 310must be present for the 311.Xr ls 312command to be able to produce owner names rather than numbers. 313The password field in 314.Xr passwd 315is not used, and should not contain real passwords. --- 7 unchanged lines hidden (view full) --- 323Guests 324can then place files which are to be accessible via the anonymous 325account in this directory. 326.El 327.Sh FILES 328.Bl -tag -width /etc/ftpwelcome -compact 329.It Pa /etc/ftpusers 330List of unwelcome/restricted users. |
| 331.It Pa /etc/ftpchroot 332List of normal users who should be chroot'd. |
|
| 297.It Pa /etc/ftpwelcome 298Welcome notice. 299.It Pa /etc/ftpmotd 300Welcome notice after login. 301.It Pa /etc/nologin 302Displayed and access refused. 303.It Pa /var/log/ftpd 304Log file for anonymous transfers. 305.El 306.Sh SEE ALSO 307.Xr ftp 1 , | 333.It Pa /etc/ftpwelcome 334Welcome notice. 335.It Pa /etc/ftpmotd 336Welcome notice after login. 337.It Pa /etc/nologin 338Displayed and access refused. 339.It Pa /var/log/ftpd 340Log file for anonymous transfers. 341.El 342.Sh SEE ALSO 343.Xr ftp 1 , |
| 344.Xr key 1 , |
|
| 308.Xr getusershell 3 , 309.Xr inetd 8 , 310.Xr syslogd 8 311.Sh BUGS 312The server must run as the super-user 313to create sockets with privileged port numbers. It maintains 314an effective user id of the logged in user, reverting to 315the super-user only when binding addresses to sockets. The 316possible security holes have been extensively 317scrutinized, but are possibly incomplete. 318.Sh HISTORY 319The 320.Nm 321command appeared in 322.Bx 4.2 . | 345.Xr getusershell 3 , 346.Xr inetd 8 , 347.Xr syslogd 8 348.Sh BUGS 349The server must run as the super-user 350to create sockets with privileged port numbers. It maintains 351an effective user id of the logged in user, reverting to 352the super-user only when binding addresses to sockets. The 353possible security holes have been extensively 354scrutinized, but are possibly incomplete. 355.Sh HISTORY 356The 357.Nm 358command appeared in 359.Bx 4.2 . |