1.\" $NetBSD: ftpd.8,v 1.7 1995/04/11 02:44:53 cgd Exp $
2.\"
3.\" Copyright (c) 1985, 1988, 1991, 1993
4.\" The Regents of the University of California. All rights reserved.
5.\"
6.\" Redistribution and use in source and binary forms, with or without
7.\" modification, are permitted provided that the following conditions
8.\" are met:
9.\" 1. Redistributions of source code must retain the above copyright
10.\" notice, this list of conditions and the following disclaimer.
11.\" 2. Redistributions in binary form must reproduce the above copyright
12.\" notice, this list of conditions and the following disclaimer in the
13.\" documentation and/or other materials provided with the distribution.
14.\" 3. All advertising materials mentioning features or use of this software
15.\" must display the following acknowledgement:
16.\" This product includes software developed by the University of
17.\" California, Berkeley and its contributors.
18.\" 4. Neither the name of the University nor the names of its contributors
19.\" may be used to endorse or promote products derived from this software
20.\" without specific prior written permission.
21.\"
22.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32.\" SUCH DAMAGE.
33.\"
34.\" @(#)ftpd.8 8.2 (Berkeley) 4/19/94
35.\"
36.Dd April 19, 1997
37.Dt FTPD 8
38.Os BSD 4.2
39.Sh NAME
40.Nm ftpd
| 1.\" $NetBSD: ftpd.8,v 1.7 1995/04/11 02:44:53 cgd Exp $
2.\"
3.\" Copyright (c) 1985, 1988, 1991, 1993
4.\" The Regents of the University of California. All rights reserved.
5.\"
6.\" Redistribution and use in source and binary forms, with or without
7.\" modification, are permitted provided that the following conditions
8.\" are met:
9.\" 1. Redistributions of source code must retain the above copyright
10.\" notice, this list of conditions and the following disclaimer.
11.\" 2. Redistributions in binary form must reproduce the above copyright
12.\" notice, this list of conditions and the following disclaimer in the
13.\" documentation and/or other materials provided with the distribution.
14.\" 3. All advertising materials mentioning features or use of this software
15.\" must display the following acknowledgement:
16.\" This product includes software developed by the University of
17.\" California, Berkeley and its contributors.
18.\" 4. Neither the name of the University nor the names of its contributors
19.\" may be used to endorse or promote products derived from this software
20.\" without specific prior written permission.
21.\"
22.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32.\" SUCH DAMAGE.
33.\"
34.\" @(#)ftpd.8 8.2 (Berkeley) 4/19/94
35.\"
36.Dd April 19, 1997
37.Dt FTPD 8
38.Os BSD 4.2
39.Sh NAME
40.Nm ftpd
|
43.Sh SYNOPSIS
44.Nm ftpd
45.Op Fl a Ar authmode
46.Op Fl dilv
47.Op Fl g Ar umask
48.Op Fl p Ar port
49.Op Fl T Ar maxtimeout
50.Op Fl t Ar timeout
51.Op Fl u Ar default umask
52.Sh DESCRIPTION
53.Nm Ftpd
54is the
55Internet File Transfer Protocol
56server process. The server uses the
57.Tn TCP
58protocol
59and listens at the port specified in the
60.Dq ftp
61service specification; see
62.Xr services 5 .
63.Pp
64Available options:
65.Bl -tag -width Ds
66.It Fl a
67Select the level of authentication required. Kerberised login can not
68be turned off. The default is to only allow kerberised login. Other
69possibilities can be turned on by giving a string of comma separated
70flags as argument to
71.Fl a .
72Recognised flags are:
73.Bl -tag -width plain
74.It Ar plain
75Allow logging in with plaintext password. The password can be a(n) OTP
76or an ordinary password.
77.It Ar otp
78Same as
79.Ar plain ,
80but only OTP is allowed.
81.It Ar ftp
82Allow anonymous login.
83.El
84.Pp
85The following combination modes exists for backwards compatibility:
86.Bl -tag -width plain
87.It Ar none
88Same as
89.Ar plain,ftp .
90.It Ar safe
91Same as
92.Ar ftp .
93.It Ar user
94Ignored.
95.El
96.It Fl d
97Debugging information is written to the syslog using LOG_FTP.
98.It Fl g
99Anonymous users will get a umask of
100.Ar umask .
101.It Fl i
102Open a socket and wait for a connection. This is mainly used for
103debugging when ftpd isn't started by inetd.
104.It Fl l
105Each successful and failed
106.Xr ftp 1
107session is logged using syslog with a facility of LOG_FTP.
108If this option is specified twice, the retrieve (get), store (put), append,
109delete, make directory, remove directory and rename operations and
110their filename arguments are also logged.
111.It Fl p
112Use
113.Ar port
114(a service name or number) instead of the default
115.Ar ftp/tcp .
116.It Fl T
117A client may also request a different timeout period;
118the maximum period allowed may be set to
119.Ar timeout
120seconds with the
121.Fl T
122option.
123The default limit is 2 hours.
124.It Fl t
125The inactivity timeout period is set to
126.Ar timeout
127seconds (the default is 15 minutes).
128.It Fl u
129Set the initial umask to something else than the default 027.
130.It Fl v
131Verbose mode.
132.El
133.Pp
134The file
135.Pa /etc/nologin
136can be used to disable ftp access.
137If the file exists,
138.Nm
139displays it and exits.
140If the file
141.Pa /etc/ftpwelcome
142exists,
143.Nm
144prints it before issuing the
145.Dq ready
146message.
147If the file
148.Pa /etc/motd
149exists,
150.Nm
151prints it after a successful login.
152.Pp
153The ftp server currently supports the following ftp requests.
154The case of the requests is ignored.
155.Bl -column "Request" -offset indent
156.It Request Ta "Description"
157.It ABOR Ta "abort previous command"
158.It ACCT Ta "specify account (ignored)"
159.It ALLO Ta "allocate storage (vacuously)"
160.It APPE Ta "append to a file"
161.It CDUP Ta "change to parent of current working directory"
162.It CWD Ta "change working directory"
163.It DELE Ta "delete a file"
164.It HELP Ta "give help information"
165.It LIST Ta "give list files in a directory" Pq Dq Li "ls -lgA"
166.It MKD Ta "make a directory"
167.It MDTM Ta "show last modification time of file"
168.It MODE Ta "specify data transfer" Em mode
169.It NLST Ta "give name list of files in directory"
170.It NOOP Ta "do nothing"
171.It PASS Ta "specify password"
172.It PASV Ta "prepare for server-to-server transfer"
173.It PORT Ta "specify data connection port"
174.It PWD Ta "print the current working directory"
175.It QUIT Ta "terminate session"
176.It REST Ta "restart incomplete transfer"
177.It RETR Ta "retrieve a file"
178.It RMD Ta "remove a directory"
179.It RNFR Ta "specify rename-from file name"
180.It RNTO Ta "specify rename-to file name"
181.It SITE Ta "non-standard commands (see next section)"
182.It SIZE Ta "return size of file"
183.It STAT Ta "return status of server"
184.It STOR Ta "store a file"
185.It STOU Ta "store a file with a unique name"
186.It STRU Ta "specify data transfer" Em structure
187.It SYST Ta "show operating system type of server system"
188.It TYPE Ta "specify data transfer" Em type
189.It USER Ta "specify user name"
190.It XCUP Ta "change to parent of current working directory (deprecated)"
191.It XCWD Ta "change working directory (deprecated)"
192.It XMKD Ta "make a directory (deprecated)"
193.It XPWD Ta "print the current working directory (deprecated)"
194.It XRMD Ta "remove a directory (deprecated)"
195.El
196.Pp
197The following commands are specified by RFC2228.
198.Bl -column Request -offset indent
199.It AUTH Ta "authentication/security mechanism"
200.It ADAT Ta "authentication/security data"
201.It PROT Ta "data channel protection level"
202.It PBSZ Ta "protection buffer size"
203.It MIC Ta "integrity protected command"
204.It CONF Ta "confidentiality protected command"
205.It ENC Ta "privacy protected command"
206.It CCC Ta "clear command channel"
207.El
208.Pp
209The following non-standard or
210.Tn UNIX
211specific commands are supported
212by the
213SITE request.
214.Pp
215.Bl -column Request -offset indent
216.It UMASK Ta change umask, (e.g.
217.Ic "SITE UMASK 002" )
218.It IDLE Ta set idle-timer, (e.g.
219.Ic "SITE IDLE 60" )
220.It CHMOD Ta change mode of a file (e.g.
221.Ic "SITE CHMOD 755 filename" )
222.It FIND Ta quickly find a specific file with GNU
223.Xr locate 1 .
224.It HELP Ta give help information.
225.El
226.Pp
227The following Kerberos related site commands are understood.
228.Bl -column Request -offset indent
229.It KAUTH Ta obtain remote tickets.
230.It KLIST Ta show remote tickets
231.El
232.Pp
233The remaining ftp requests specified in Internet RFC 959
234are
235recognized, but not implemented.
236MDTM and SIZE are not specified in RFC 959, but will appear in the
237next updated FTP RFC.
238.Pp
239The ftp server will abort an active file transfer only when the
240ABOR
241command is preceded by a Telnet "Interrupt Process" (IP)
242signal and a Telnet "Synch" signal in the command Telnet stream,
243as described in Internet RFC 959.
244If a
245STAT
246command is received during a data transfer, preceded by a Telnet IP
247and Synch, transfer status will be returned.
248.Pp
249.Nm Ftpd
250interprets file names according to the
251.Dq globbing
252conventions used by
253.Xr csh 1 .
254This allows users to utilize the metacharacters
255.Dq Li \&*?[]{}~ .
256.Pp
257.Nm Ftpd
258authenticates users according to these rules.
259.Pp
260.Bl -enum -offset indent
261.It
262If Kerberos authentication is used, the user must pass valid tickets
263and the principal must be allowed to login as the remote user.
264.It
265The login name must be in the password data base, and not have a null
266password (if kerberos is used the password field is not checked). In
267this case a password must be provided by the client before any file
268operations may be performed. If the user has an OTP key, the response
269from a successful USER command will include an OTP challenge. The
270client may choose to respond with a PASS command giving either a
271standard password or an OTP one-time password. The server will
272automatically determine which type of password it has been given and
273attempt to authenticate accordingly. See
274.Xr otp 1
275for more information on OTP authentication.
276.It
277The login name must not appear in the file
278.Pa /etc/ftpusers .
279.It
280The user must have a standard shell returned by
281.Xr getusershell 3 .
282.It
283If the user name appears in the file
284.Pa /etc/ftpchroot
285the session's root will be changed to the user's login directory by
286.Xr chroot 2
287as for an
288.Dq anonymous
289or
290.Dq ftp
291account (see next item). However, the user must still supply a password.
292This feature is intended as a compromise between a fully anonymous account
293and a fully privileged account. The account should also be set up as for an
294anonymous account.
295.It
296If the user name is
297.Dq anonymous
298or
299.Dq ftp ,
300an
301anonymous ftp account must be present in the password
302file (user
303.Dq ftp ) .
304In this case the user is allowed
305to log in by specifying any password (by convention an email address for
306the user should be used as the password).
307.El
308.Pp
309In the last case,
310.Nm ftpd
311takes special measures to restrict the client's access privileges.
312The server performs a
313.Xr chroot 2
314to the home directory of the
315.Dq ftp
316user.
317In order that system security is not breached, it is recommended
318that the
319.Dq ftp
320subtree be constructed with care, consider following these guidelines
321for anonymous ftp.
322.Pp
323In general all files should be owned by
324.Dq root ,
325and have non-write permissions (644 or 755 depending on the kind of
326file). No files should be owned or writable by
327.Dq ftp
328(possibly with exception for the
329.Pa ~ftp/incoming ,
330as specified below).
331.Bl -tag -width "~ftp/pub" -offset indent
332.It Pa ~ftp
333The
334.Dq ftp
335homedirectory should be owned by root.
336.It Pa ~ftp/bin
337The directory for external programs (such as
338.Xr ls 1 ) .
339These programs must either be statically linked, or you must setup an
340environment for dynamic linking when running chrooted.
341These programs will be used if present:
342.Bl -tag -width "locate" -offset indent
343.It ls
344Used when listing files.
345.It compress
346When retrieving a filename that ends in
347.Pa .Z ,
348and that file isn't present,
349.Nm
350will try to find the filename without
351.Pa .Z
352and compress it on the fly.
353.It gzip
354Same as compress, just with files ending in
355.Pa .gz .
356.It gtar
357Enables retrieval of whole directories as files ending in
358.Pa .tar .
359Can also be combined with compression. You must use GNU Tar (or some
360other that supports the
361.Fl z
362and
363.Fl Z
364flags).
365.It locate
366Will enable ``fast find'' with the
367.Ic SITE FIND
368command. You must also create a
369.Pa locatedb
370file in
371.Pa ~ftp/etc .
372.El
373.It Pa ~ftp/etc
374If you put copies of the
375.Xr passwd 5
376and
377.Xr group 5
378files here, ls will be able to produce owner names rather than
379numbers. Remember to remove any passwords from these files.
380.Pp
381The file
382.Pa motd ,
383if present, will be printed after a successful login.
384.It Pa ~ftp/dev
385Put a copy of
386.Xr /dev/null 7
387here.
388.It Pa ~ftp/pub
389Traditional place to put whatever you want to make public.
390.El
391.Pp
392If you want guests to be able to upload files, create a
393.Pa ~ftp/incoming
394directory owned by
395.Dq root ,
396and group
397.Dq ftp
398with mode 730 (make sure
399.Dq ftp
400is member of group
401.Dq ftp ) .
402The following restrictions apply to anonymous users:
403.Bl -bullet
404.It
405Directories created will have mode 700.
406.It
407Uploaded files will be created with an umask of 777, if not changed
408with the
409.Fl g
410option.
411.It
412These command are not accessible:
413.Ic DELE , RMD , RNTO , RNFR ,
414.Ic SITE UMASK ,
415and
416.Ic SITE CHMOD .
417.It
418Filenames must start with an alpha-numeric character, and consist of
419alpha-numeric characters or any of the following:
420.Li \&+
421(plus),
422.Li \&-
423(minus),
424.Li \&=
425(equal),
426.Li \&_
427(underscore),
428.Li \&.
429(period), and
430.Li \&,
431(comma).
432.El
433.Sh FILES
434.Bl -tag -width /etc/ftpwelcome -compact
435.It Pa /etc/ftpusers
436Access list for users.
437.It Pa /etc/ftpchroot
438List of normal users who should be chroot'd.
439.It Pa /etc/ftpwelcome
440Welcome notice.
441.It Pa /etc/motd
442Welcome notice after login.
443.It Pa /etc/nologin
444Displayed and access refused.
445.It Pa ~/.klogin
446Login access for Kerberos.
447.El
448.Sh SEE ALSO
449.Xr ftp 1 ,
450.Xr otp 1 ,
451.Xr getusershell 3 ,
452.Xr ftpusers 5 ,
453.Xr syslogd 8 ,
454.Sh STANDARDS
455.Bl -tag -compact -width "RFC 1938"
456.It Cm RFC 959
457FTP PROTOCOL SPECIFICATION
458.It Cm RFC 1938
459OTP Specification
460.It Cm RFC 2228
461FTP Security Extensions.
462.El
463.Sh BUGS
464The server must run as the super-user
465to create sockets with privileged port numbers. It maintains
466an effective user id of the logged in user, reverting to
467the super-user only when binding addresses to sockets. The
468possible security holes have been extensively
469scrutinized, but are possibly incomplete.
470.Sh HISTORY
471The
472.Nm
473command appeared in
474.Bx 4.2 .
| 42.Sh SYNOPSIS
43.Nm ftpd
44.Op Fl a Ar authmode
45.Op Fl dilv
46.Op Fl g Ar umask
47.Op Fl p Ar port
48.Op Fl T Ar maxtimeout
49.Op Fl t Ar timeout
50.Op Fl u Ar default umask
51.Sh DESCRIPTION
52.Nm Ftpd
53is the
54Internet File Transfer Protocol
55server process. The server uses the
56.Tn TCP
57protocol
58and listens at the port specified in the
59.Dq ftp
60service specification; see
61.Xr services 5 .
62.Pp
63Available options:
64.Bl -tag -width Ds
65.It Fl a
66Select the level of authentication required. Kerberised login can not
67be turned off. The default is to only allow kerberised login. Other
68possibilities can be turned on by giving a string of comma separated
69flags as argument to
70.Fl a .
71Recognised flags are:
72.Bl -tag -width plain
73.It Ar plain
74Allow logging in with plaintext password. The password can be a(n) OTP
75or an ordinary password.
76.It Ar otp
77Same as
78.Ar plain ,
79but only OTP is allowed.
80.It Ar ftp
81Allow anonymous login.
82.El
83.Pp
84The following combination modes exists for backwards compatibility:
85.Bl -tag -width plain
86.It Ar none
87Same as
88.Ar plain,ftp .
89.It Ar safe
90Same as
91.Ar ftp .
92.It Ar user
93Ignored.
94.El
95.It Fl d
96Debugging information is written to the syslog using LOG_FTP.
97.It Fl g
98Anonymous users will get a umask of
99.Ar umask .
100.It Fl i
101Open a socket and wait for a connection. This is mainly used for
102debugging when ftpd isn't started by inetd.
103.It Fl l
104Each successful and failed
105.Xr ftp 1
106session is logged using syslog with a facility of LOG_FTP.
107If this option is specified twice, the retrieve (get), store (put), append,
108delete, make directory, remove directory and rename operations and
109their filename arguments are also logged.
110.It Fl p
111Use
112.Ar port
113(a service name or number) instead of the default
114.Ar ftp/tcp .
115.It Fl T
116A client may also request a different timeout period;
117the maximum period allowed may be set to
118.Ar timeout
119seconds with the
120.Fl T
121option.
122The default limit is 2 hours.
123.It Fl t
124The inactivity timeout period is set to
125.Ar timeout
126seconds (the default is 15 minutes).
127.It Fl u
128Set the initial umask to something else than the default 027.
129.It Fl v
130Verbose mode.
131.El
132.Pp
133The file
134.Pa /etc/nologin
135can be used to disable ftp access.
136If the file exists,
137.Nm
138displays it and exits.
139If the file
140.Pa /etc/ftpwelcome
141exists,
142.Nm
143prints it before issuing the
144.Dq ready
145message.
146If the file
147.Pa /etc/motd
148exists,
149.Nm
150prints it after a successful login.
151.Pp
152The ftp server currently supports the following ftp requests.
153The case of the requests is ignored.
154.Bl -column "Request" -offset indent
155.It Request Ta "Description"
156.It ABOR Ta "abort previous command"
157.It ACCT Ta "specify account (ignored)"
158.It ALLO Ta "allocate storage (vacuously)"
159.It APPE Ta "append to a file"
160.It CDUP Ta "change to parent of current working directory"
161.It CWD Ta "change working directory"
162.It DELE Ta "delete a file"
163.It HELP Ta "give help information"
164.It LIST Ta "give list files in a directory" Pq Dq Li "ls -lgA"
165.It MKD Ta "make a directory"
166.It MDTM Ta "show last modification time of file"
167.It MODE Ta "specify data transfer" Em mode
168.It NLST Ta "give name list of files in directory"
169.It NOOP Ta "do nothing"
170.It PASS Ta "specify password"
171.It PASV Ta "prepare for server-to-server transfer"
172.It PORT Ta "specify data connection port"
173.It PWD Ta "print the current working directory"
174.It QUIT Ta "terminate session"
175.It REST Ta "restart incomplete transfer"
176.It RETR Ta "retrieve a file"
177.It RMD Ta "remove a directory"
178.It RNFR Ta "specify rename-from file name"
179.It RNTO Ta "specify rename-to file name"
180.It SITE Ta "non-standard commands (see next section)"
181.It SIZE Ta "return size of file"
182.It STAT Ta "return status of server"
183.It STOR Ta "store a file"
184.It STOU Ta "store a file with a unique name"
185.It STRU Ta "specify data transfer" Em structure
186.It SYST Ta "show operating system type of server system"
187.It TYPE Ta "specify data transfer" Em type
188.It USER Ta "specify user name"
189.It XCUP Ta "change to parent of current working directory (deprecated)"
190.It XCWD Ta "change working directory (deprecated)"
191.It XMKD Ta "make a directory (deprecated)"
192.It XPWD Ta "print the current working directory (deprecated)"
193.It XRMD Ta "remove a directory (deprecated)"
194.El
195.Pp
196The following commands are specified by RFC2228.
197.Bl -column Request -offset indent
198.It AUTH Ta "authentication/security mechanism"
199.It ADAT Ta "authentication/security data"
200.It PROT Ta "data channel protection level"
201.It PBSZ Ta "protection buffer size"
202.It MIC Ta "integrity protected command"
203.It CONF Ta "confidentiality protected command"
204.It ENC Ta "privacy protected command"
205.It CCC Ta "clear command channel"
206.El
207.Pp
208The following non-standard or
209.Tn UNIX
210specific commands are supported
211by the
212SITE request.
213.Pp
214.Bl -column Request -offset indent
215.It UMASK Ta change umask, (e.g.
216.Ic "SITE UMASK 002" )
217.It IDLE Ta set idle-timer, (e.g.
218.Ic "SITE IDLE 60" )
219.It CHMOD Ta change mode of a file (e.g.
220.Ic "SITE CHMOD 755 filename" )
221.It FIND Ta quickly find a specific file with GNU
222.Xr locate 1 .
223.It HELP Ta give help information.
224.El
225.Pp
226The following Kerberos related site commands are understood.
227.Bl -column Request -offset indent
228.It KAUTH Ta obtain remote tickets.
229.It KLIST Ta show remote tickets
230.El
231.Pp
232The remaining ftp requests specified in Internet RFC 959
233are
234recognized, but not implemented.
235MDTM and SIZE are not specified in RFC 959, but will appear in the
236next updated FTP RFC.
237.Pp
238The ftp server will abort an active file transfer only when the
239ABOR
240command is preceded by a Telnet "Interrupt Process" (IP)
241signal and a Telnet "Synch" signal in the command Telnet stream,
242as described in Internet RFC 959.
243If a
244STAT
245command is received during a data transfer, preceded by a Telnet IP
246and Synch, transfer status will be returned.
247.Pp
248.Nm Ftpd
249interprets file names according to the
250.Dq globbing
251conventions used by
252.Xr csh 1 .
253This allows users to utilize the metacharacters
254.Dq Li \&*?[]{}~ .
255.Pp
256.Nm Ftpd
257authenticates users according to these rules.
258.Pp
259.Bl -enum -offset indent
260.It
261If Kerberos authentication is used, the user must pass valid tickets
262and the principal must be allowed to login as the remote user.
263.It
264The login name must be in the password data base, and not have a null
265password (if kerberos is used the password field is not checked). In
266this case a password must be provided by the client before any file
267operations may be performed. If the user has an OTP key, the response
268from a successful USER command will include an OTP challenge. The
269client may choose to respond with a PASS command giving either a
270standard password or an OTP one-time password. The server will
271automatically determine which type of password it has been given and
272attempt to authenticate accordingly. See
273.Xr otp 1
274for more information on OTP authentication.
275.It
276The login name must not appear in the file
277.Pa /etc/ftpusers .
278.It
279The user must have a standard shell returned by
280.Xr getusershell 3 .
281.It
282If the user name appears in the file
283.Pa /etc/ftpchroot
284the session's root will be changed to the user's login directory by
285.Xr chroot 2
286as for an
287.Dq anonymous
288or
289.Dq ftp
290account (see next item). However, the user must still supply a password.
291This feature is intended as a compromise between a fully anonymous account
292and a fully privileged account. The account should also be set up as for an
293anonymous account.
294.It
295If the user name is
296.Dq anonymous
297or
298.Dq ftp ,
299an
300anonymous ftp account must be present in the password
301file (user
302.Dq ftp ) .
303In this case the user is allowed
304to log in by specifying any password (by convention an email address for
305the user should be used as the password).
306.El
307.Pp
308In the last case,
309.Nm ftpd
310takes special measures to restrict the client's access privileges.
311The server performs a
312.Xr chroot 2
313to the home directory of the
314.Dq ftp
315user.
316In order that system security is not breached, it is recommended
317that the
318.Dq ftp
319subtree be constructed with care, consider following these guidelines
320for anonymous ftp.
321.Pp
322In general all files should be owned by
323.Dq root ,
324and have non-write permissions (644 or 755 depending on the kind of
325file). No files should be owned or writable by
326.Dq ftp
327(possibly with exception for the
328.Pa ~ftp/incoming ,
329as specified below).
330.Bl -tag -width "~ftp/pub" -offset indent
331.It Pa ~ftp
332The
333.Dq ftp
334homedirectory should be owned by root.
335.It Pa ~ftp/bin
336The directory for external programs (such as
337.Xr ls 1 ) .
338These programs must either be statically linked, or you must setup an
339environment for dynamic linking when running chrooted.
340These programs will be used if present:
341.Bl -tag -width "locate" -offset indent
342.It ls
343Used when listing files.
344.It compress
345When retrieving a filename that ends in
346.Pa .Z ,
347and that file isn't present,
348.Nm
349will try to find the filename without
350.Pa .Z
351and compress it on the fly.
352.It gzip
353Same as compress, just with files ending in
354.Pa .gz .
355.It gtar
356Enables retrieval of whole directories as files ending in
357.Pa .tar .
358Can also be combined with compression. You must use GNU Tar (or some
359other that supports the
360.Fl z
361and
362.Fl Z
363flags).
364.It locate
365Will enable ``fast find'' with the
366.Ic SITE FIND
367command. You must also create a
368.Pa locatedb
369file in
370.Pa ~ftp/etc .
371.El
372.It Pa ~ftp/etc
373If you put copies of the
374.Xr passwd 5
375and
376.Xr group 5
377files here, ls will be able to produce owner names rather than
378numbers. Remember to remove any passwords from these files.
379.Pp
380The file
381.Pa motd ,
382if present, will be printed after a successful login.
383.It Pa ~ftp/dev
384Put a copy of
385.Xr /dev/null 7
386here.
387.It Pa ~ftp/pub
388Traditional place to put whatever you want to make public.
389.El
390.Pp
391If you want guests to be able to upload files, create a
392.Pa ~ftp/incoming
393directory owned by
394.Dq root ,
395and group
396.Dq ftp
397with mode 730 (make sure
398.Dq ftp
399is member of group
400.Dq ftp ) .
401The following restrictions apply to anonymous users:
402.Bl -bullet
403.It
404Directories created will have mode 700.
405.It
406Uploaded files will be created with an umask of 777, if not changed
407with the
408.Fl g
409option.
410.It
411These command are not accessible:
412.Ic DELE , RMD , RNTO , RNFR ,
413.Ic SITE UMASK ,
414and
415.Ic SITE CHMOD .
416.It
417Filenames must start with an alpha-numeric character, and consist of
418alpha-numeric characters or any of the following:
419.Li \&+
420(plus),
421.Li \&-
422(minus),
423.Li \&=
424(equal),
425.Li \&_
426(underscore),
427.Li \&.
428(period), and
429.Li \&,
430(comma).
431.El
432.Sh FILES
433.Bl -tag -width /etc/ftpwelcome -compact
434.It Pa /etc/ftpusers
435Access list for users.
436.It Pa /etc/ftpchroot
437List of normal users who should be chroot'd.
438.It Pa /etc/ftpwelcome
439Welcome notice.
440.It Pa /etc/motd
441Welcome notice after login.
442.It Pa /etc/nologin
443Displayed and access refused.
444.It Pa ~/.klogin
445Login access for Kerberos.
446.El
447.Sh SEE ALSO
448.Xr ftp 1 ,
449.Xr otp 1 ,
450.Xr getusershell 3 ,
451.Xr ftpusers 5 ,
452.Xr syslogd 8 ,
453.Sh STANDARDS
454.Bl -tag -compact -width "RFC 1938"
455.It Cm RFC 959
456FTP PROTOCOL SPECIFICATION
457.It Cm RFC 1938
458OTP Specification
459.It Cm RFC 2228
460FTP Security Extensions.
461.El
462.Sh BUGS
463The server must run as the super-user
464to create sockets with privileged port numbers. It maintains
465an effective user id of the logged in user, reverting to
466the super-user only when binding addresses to sockets. The
467possible security holes have been extensively
468scrutinized, but are possibly incomplete.
469.Sh HISTORY
470The
471.Nm
472command appeared in
473.Bx 4.2 .
|