1.\" Copyright (c) 1985, 1988, 1991, 1993
2.\" The Regents of the University of California. All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\" notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\" notice, this list of conditions and the following disclaimer in the
11.\" documentation and/or other materials provided with the distribution.
12.\" 3. All advertising materials mentioning features or use of this software
13.\" must display the following acknowledgement:
14.\" This product includes software developed by the University of
15.\" California, Berkeley and its contributors.
16.\" 4. Neither the name of the University nor the names of its contributors
17.\" may be used to endorse or promote products derived from this software
18.\" without specific prior written permission.
19.\"
20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30.\" SUCH DAMAGE.
31.\"
32.\" @(#)ftpd.8 8.2 (Berkeley) 4/19/94
| 1.\" Copyright (c) 1985, 1988, 1991, 1993
2.\" The Regents of the University of California. All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\" notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\" notice, this list of conditions and the following disclaimer in the
11.\" documentation and/or other materials provided with the distribution.
12.\" 3. All advertising materials mentioning features or use of this software
13.\" must display the following acknowledgement:
14.\" This product includes software developed by the University of
15.\" California, Berkeley and its contributors.
16.\" 4. Neither the name of the University nor the names of its contributors
17.\" may be used to endorse or promote products derived from this software
18.\" without specific prior written permission.
19.\"
20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30.\" SUCH DAMAGE.
31.\"
32.\" @(#)ftpd.8 8.2 (Berkeley) 4/19/94
|
33.\" $FreeBSD: head/libexec/ftpd/ftpd.8 99195 2002-07-01 02:30:11Z mdodd $
| 33.\" $FreeBSD: head/libexec/ftpd/ftpd.8 99500 2002-07-06 19:19:48Z charnier $
|
34.\"
35.Dd January 27, 2000
36.Dt FTPD 8
37.Os
38.Sh NAME
39.Nm ftpd
40.Nd Internet File Transfer Protocol server
41.Sh SYNOPSIS
42.Nm
43.Op Fl 46ADEMORSUdro
44.Op Fl l Op Fl l
45.Op Fl T Ar maxtimeout
46.Op Fl a Ar address
47.Op Fl p Ar file
48.Op Fl t Ar timeout
49.Sh DESCRIPTION
| 34.\"
35.Dd January 27, 2000
36.Dt FTPD 8
37.Os
38.Sh NAME
39.Nm ftpd
40.Nd Internet File Transfer Protocol server
41.Sh SYNOPSIS
42.Nm
43.Op Fl 46ADEMORSUdro
44.Op Fl l Op Fl l
45.Op Fl T Ar maxtimeout
46.Op Fl a Ar address
47.Op Fl p Ar file
48.Op Fl t Ar timeout
49.Sh DESCRIPTION
|
50.Nm Ftpd
51is the
| 50The
51.Nm
52utility is the
|
52Internet File Transfer Protocol
53server process. The server uses the
54.Tn TCP
55protocol
56and listens at the port specified in the
57.Dq ftp
58service specification; see
59.Xr services 5 .
60.Pp
61Available options:
62.Bl -tag -width indent
63.It Fl 4
64When
65.Fl D
66is specified, accept IPv4 connections.
67When
68.Fl 6
69is also specified, accept IPv4 connection via
70.Dv AF_INET6
71socket.
72When
73.Fl 6
74is not specified, accept IPv4 connection via
75.Dv AF_INET
76socket.
77.It Fl 6
78When
79.Fl D
80is specified, accept connections via
81.Dv AF_INET6
82socket.
83.It Fl A
84Allow only anonymous ftp access.
85.It Fl D
86With this option set,
87.Nm
88will detach and become a daemon, accepting connections on the FTP port and
89forking children processes to handle them.
90This is lower overhead than starting
91.Nm
92from
93.Xr inetd 8
94and is thus useful on busy servers to reduce load.
95.It Fl E
96Disable the EPSV command.
97This is useful for servers behind older firewalls.
98.It Fl M
99Prevent anonymous users from creating directories.
100.It Fl O
101Put server in write-only mode for anonymous users only.
102RETR is disabled for anonymous users, preventing anonymous downloads.
103This has no effect if
104.Fl o
105is also specified.
106.It Fl R
107With this option set,
108.Nm
109will revert to historical behavior with regard to security checks on
110user operations and restrictions on PORT requests.
111Currently,
112.Nm
113will only honor PORT commands directed to unprivileged ports on the
114remote user's host (which violates the FTP protocol specification but
115closes some security holes).
116.It Fl S
117With this option set,
118.Nm
119logs all anonymous file downloads to the file
120.Pa /var/log/ftpd
121when this file exists.
122.It Fl U
123In previous versions of
124.Nm ,
125when a passive mode client requested a data connection to the server,
126the server would use data ports in the range 1024..4999. Now, by default,
127the server will use data ports in the range 49152..65535. Specifying this
128option will revert to the old behavior.
129.It Fl d
130Debugging information is written to the syslog using
131.Dv LOG_FTP .
132.It Fl r
133Put server in read-only mode.
134All commands which may modify the local filesystem are disabled.
135.It Fl o
136Put server in write-only mode.
137RETR is disabled, preventing downloads.
138.It Fl l
139Each successful and failed
140.Xr ftp 1
141session is logged using syslog with a facility of
142.Dv LOG_FTP .
143If this option is specified twice, the retrieve (get), store (put), append,
144delete, make directory, remove directory and rename operations and
145their filename arguments are also logged.
146Note:
147.Dv LOG_FTP
148messages
149are not displayed by
150.Xr syslogd 8
151by default, and may have to be enabled in
152.Xr syslogd 8 Ns 's
153configuration file.
154.It Fl T
155A client may also request a different timeout period;
156the maximum period allowed may be set to
157.Ar timeout
158seconds with the
159.Fl T
160option.
161The default limit is 2 hours.
162.It Fl a
163When
164.Fl D
165is specified, accept connections only on the specified
166.Ar address .
167.It Fl p
168When
169.Fl D
170is specified, write the daemon's process ID to
171.Ar file .
172.It Fl t
173The inactivity timeout period is set to
174.Ar timeout
175seconds (the default is 15 minutes).
176.El
177.Pp
178The file
179.Pa /var/run/nologin
180can be used to disable ftp access.
181If the file exists,
182.Nm
183displays it and exits.
184If the file
185.Pa /etc/ftpwelcome
186exists,
187.Nm
188prints it before issuing the
189.Dq ready
190message.
191If the file
192.Pa /etc/ftpmotd
193exists,
194.Nm
195prints it after a successful login. Note the motd file used is the one
196relative to the login environment. This means the one in
197.Pa ~ftp/etc
198in the anonymous user's case.
199.Pp
200The ftp server currently supports the following ftp requests.
201The case of the requests is ignored. Requests marked [RW] are
202disabled if
203.Fl r
204is specified.
205.Bl -column "Request" -offset indent
206.It Sy Request Ta Sy "Description"
207.It ABOR Ta "abort previous command"
208.It ACCT Ta "specify account (ignored)"
209.It ALLO Ta "allocate storage (vacuously)"
210.It APPE Ta "append to a file [RW]"
211.It CDUP Ta "change to parent of current working directory"
212.It CWD Ta "change working directory"
213.It DELE Ta "delete a file [RW]"
214.It EPRT Ta "specify data connection port, multiprotocol"
215.It EPSV Ta "prepare for server-to-server transfer, multiprotocol"
216.It HELP Ta "give help information"
217.It LIST Ta "give list files in a directory" Pq Dq Li "ls -lgA"
218.It LPRT Ta "specify data connection port, multiprotocol"
219.It LPSV Ta "prepare for server-to-server transfer, multiprotocol"
220.It MDTM Ta "show last modification time of file"
221.It MKD Ta "make a directory [RW]"
222.It MODE Ta "specify data transfer" Em mode
223.It NLST Ta "give name list of files in directory"
224.It NOOP Ta "do nothing"
225.It PASS Ta "specify password"
226.It PASV Ta "prepare for server-to-server transfer"
227.It PORT Ta "specify data connection port"
228.It PWD Ta "print the current working directory"
229.It QUIT Ta "terminate session"
230.It REST Ta "restart incomplete transfer"
231.It RETR Ta "retrieve a file"
232.It RMD Ta "remove a directory [RW]"
233.It RNFR Ta "specify rename-from file name [RW]"
234.It RNTO Ta "specify rename-to file name [RW]"
235.It SITE Ta "non-standard commands (see next section)"
236.It SIZE Ta "return size of file"
237.It STAT Ta "return status of server"
238.It STOR Ta "store a file [RW]"
239.It STOU Ta "store a file with a unique name [RW]"
240.It STRU Ta "specify data transfer" Em structure
241.It SYST Ta "show operating system type of server system"
242.It TYPE Ta "specify data transfer" Em type
243.It USER Ta "specify user name"
244.It XCUP Ta "change to parent of current working directory (deprecated)"
245.It XCWD Ta "change working directory (deprecated)"
246.It XMKD Ta "make a directory (deprecated) [RW]"
247.It XPWD Ta "print the current working directory (deprecated)"
248.It XRMD Ta "remove a directory (deprecated) [RW]"
249.El
250.Pp
251The following non-standard or
252.Tn UNIX
253specific commands are supported
254by the
255SITE request.
256.Pp
257.Bl -column Request -offset indent
258.It Sy Request Ta Sy Description
259.It UMASK Ta change umask, e.g. ``SITE UMASK 002''
260.It IDLE Ta set idle-timer, e.g. ``SITE IDLE 60''
261.It CHMOD Ta "change mode of a file [RW], e.g. ``SITE CHMOD 755 filename''"
262.It MD5 Ta "report the files MD5 checksum, e.g. ``SITE MD5 filename''"
263.It HELP Ta give help information
264.El
265.Pp
266Note: SITE requests are disabled in case of anonymous logins.
267.Pp
268The remaining ftp requests specified in Internet RFC 959
269are
270recognized, but not implemented.
271MDTM and SIZE are not specified in RFC 959, but will appear in the
272next updated FTP RFC.
273.Pp
274The ftp server will abort an active file transfer only when the
275ABOR
276command is preceded by a Telnet "Interrupt Process" (IP)
277signal and a Telnet "Synch" signal in the command Telnet stream,
278as described in Internet RFC 959.
279If a
280STAT
281command is received during a data transfer, preceded by a Telnet IP
282and Synch, transfer status will be returned.
283.Pp
| 53Internet File Transfer Protocol
54server process. The server uses the
55.Tn TCP
56protocol
57and listens at the port specified in the
58.Dq ftp
59service specification; see
60.Xr services 5 .
61.Pp
62Available options:
63.Bl -tag -width indent
64.It Fl 4
65When
66.Fl D
67is specified, accept IPv4 connections.
68When
69.Fl 6
70is also specified, accept IPv4 connection via
71.Dv AF_INET6
72socket.
73When
74.Fl 6
75is not specified, accept IPv4 connection via
76.Dv AF_INET
77socket.
78.It Fl 6
79When
80.Fl D
81is specified, accept connections via
82.Dv AF_INET6
83socket.
84.It Fl A
85Allow only anonymous ftp access.
86.It Fl D
87With this option set,
88.Nm
89will detach and become a daemon, accepting connections on the FTP port and
90forking children processes to handle them.
91This is lower overhead than starting
92.Nm
93from
94.Xr inetd 8
95and is thus useful on busy servers to reduce load.
96.It Fl E
97Disable the EPSV command.
98This is useful for servers behind older firewalls.
99.It Fl M
100Prevent anonymous users from creating directories.
101.It Fl O
102Put server in write-only mode for anonymous users only.
103RETR is disabled for anonymous users, preventing anonymous downloads.
104This has no effect if
105.Fl o
106is also specified.
107.It Fl R
108With this option set,
109.Nm
110will revert to historical behavior with regard to security checks on
111user operations and restrictions on PORT requests.
112Currently,
113.Nm
114will only honor PORT commands directed to unprivileged ports on the
115remote user's host (which violates the FTP protocol specification but
116closes some security holes).
117.It Fl S
118With this option set,
119.Nm
120logs all anonymous file downloads to the file
121.Pa /var/log/ftpd
122when this file exists.
123.It Fl U
124In previous versions of
125.Nm ,
126when a passive mode client requested a data connection to the server,
127the server would use data ports in the range 1024..4999. Now, by default,
128the server will use data ports in the range 49152..65535. Specifying this
129option will revert to the old behavior.
130.It Fl d
131Debugging information is written to the syslog using
132.Dv LOG_FTP .
133.It Fl r
134Put server in read-only mode.
135All commands which may modify the local filesystem are disabled.
136.It Fl o
137Put server in write-only mode.
138RETR is disabled, preventing downloads.
139.It Fl l
140Each successful and failed
141.Xr ftp 1
142session is logged using syslog with a facility of
143.Dv LOG_FTP .
144If this option is specified twice, the retrieve (get), store (put), append,
145delete, make directory, remove directory and rename operations and
146their filename arguments are also logged.
147Note:
148.Dv LOG_FTP
149messages
150are not displayed by
151.Xr syslogd 8
152by default, and may have to be enabled in
153.Xr syslogd 8 Ns 's
154configuration file.
155.It Fl T
156A client may also request a different timeout period;
157the maximum period allowed may be set to
158.Ar timeout
159seconds with the
160.Fl T
161option.
162The default limit is 2 hours.
163.It Fl a
164When
165.Fl D
166is specified, accept connections only on the specified
167.Ar address .
168.It Fl p
169When
170.Fl D
171is specified, write the daemon's process ID to
172.Ar file .
173.It Fl t
174The inactivity timeout period is set to
175.Ar timeout
176seconds (the default is 15 minutes).
177.El
178.Pp
179The file
180.Pa /var/run/nologin
181can be used to disable ftp access.
182If the file exists,
183.Nm
184displays it and exits.
185If the file
186.Pa /etc/ftpwelcome
187exists,
188.Nm
189prints it before issuing the
190.Dq ready
191message.
192If the file
193.Pa /etc/ftpmotd
194exists,
195.Nm
196prints it after a successful login. Note the motd file used is the one
197relative to the login environment. This means the one in
198.Pa ~ftp/etc
199in the anonymous user's case.
200.Pp
201The ftp server currently supports the following ftp requests.
202The case of the requests is ignored. Requests marked [RW] are
203disabled if
204.Fl r
205is specified.
206.Bl -column "Request" -offset indent
207.It Sy Request Ta Sy "Description"
208.It ABOR Ta "abort previous command"
209.It ACCT Ta "specify account (ignored)"
210.It ALLO Ta "allocate storage (vacuously)"
211.It APPE Ta "append to a file [RW]"
212.It CDUP Ta "change to parent of current working directory"
213.It CWD Ta "change working directory"
214.It DELE Ta "delete a file [RW]"
215.It EPRT Ta "specify data connection port, multiprotocol"
216.It EPSV Ta "prepare for server-to-server transfer, multiprotocol"
217.It HELP Ta "give help information"
218.It LIST Ta "give list files in a directory" Pq Dq Li "ls -lgA"
219.It LPRT Ta "specify data connection port, multiprotocol"
220.It LPSV Ta "prepare for server-to-server transfer, multiprotocol"
221.It MDTM Ta "show last modification time of file"
222.It MKD Ta "make a directory [RW]"
223.It MODE Ta "specify data transfer" Em mode
224.It NLST Ta "give name list of files in directory"
225.It NOOP Ta "do nothing"
226.It PASS Ta "specify password"
227.It PASV Ta "prepare for server-to-server transfer"
228.It PORT Ta "specify data connection port"
229.It PWD Ta "print the current working directory"
230.It QUIT Ta "terminate session"
231.It REST Ta "restart incomplete transfer"
232.It RETR Ta "retrieve a file"
233.It RMD Ta "remove a directory [RW]"
234.It RNFR Ta "specify rename-from file name [RW]"
235.It RNTO Ta "specify rename-to file name [RW]"
236.It SITE Ta "non-standard commands (see next section)"
237.It SIZE Ta "return size of file"
238.It STAT Ta "return status of server"
239.It STOR Ta "store a file [RW]"
240.It STOU Ta "store a file with a unique name [RW]"
241.It STRU Ta "specify data transfer" Em structure
242.It SYST Ta "show operating system type of server system"
243.It TYPE Ta "specify data transfer" Em type
244.It USER Ta "specify user name"
245.It XCUP Ta "change to parent of current working directory (deprecated)"
246.It XCWD Ta "change working directory (deprecated)"
247.It XMKD Ta "make a directory (deprecated) [RW]"
248.It XPWD Ta "print the current working directory (deprecated)"
249.It XRMD Ta "remove a directory (deprecated) [RW]"
250.El
251.Pp
252The following non-standard or
253.Tn UNIX
254specific commands are supported
255by the
256SITE request.
257.Pp
258.Bl -column Request -offset indent
259.It Sy Request Ta Sy Description
260.It UMASK Ta change umask, e.g. ``SITE UMASK 002''
261.It IDLE Ta set idle-timer, e.g. ``SITE IDLE 60''
262.It CHMOD Ta "change mode of a file [RW], e.g. ``SITE CHMOD 755 filename''"
263.It MD5 Ta "report the files MD5 checksum, e.g. ``SITE MD5 filename''"
264.It HELP Ta give help information
265.El
266.Pp
267Note: SITE requests are disabled in case of anonymous logins.
268.Pp
269The remaining ftp requests specified in Internet RFC 959
270are
271recognized, but not implemented.
272MDTM and SIZE are not specified in RFC 959, but will appear in the
273next updated FTP RFC.
274.Pp
275The ftp server will abort an active file transfer only when the
276ABOR
277command is preceded by a Telnet "Interrupt Process" (IP)
278signal and a Telnet "Synch" signal in the command Telnet stream,
279as described in Internet RFC 959.
280If a
281STAT
282command is received during a data transfer, preceded by a Telnet IP
283and Synch, transfer status will be returned.
284.Pp
|
284.Nm Ftpd
285interprets file names according to the
| 285The
286.Nm
287utility interprets file names according to the
|
286.Dq globbing
287conventions used by
288.Xr csh 1 .
289This allows users to utilize the metacharacters
290.Dq Li \&*?[]{}~ .
291.Pp
| 288.Dq globbing
289conventions used by
290.Xr csh 1 .
291This allows users to utilize the metacharacters
292.Dq Li \&*?[]{}~ .
293.Pp
|
292.Nm Ftpd
293authenticates users according to six rules.
| 294The
295.Nm
296utility authenticates users according to six rules.
|
294.Pp
295.Bl -enum -offset indent
296.It
297The login name must be in the password data base
298and not have a null password.
299In this case a password must be provided by the client before any
300file operations may be performed.
301If the user has an S/Key key, the response from a successful USER
302command will include an S/Key challenge.
303The client may choose to respond with a PASS command giving either
304a standard password or an S/Key one-time password.
305The server will automatically determine which type of
306password it has been given and attempt to authenticate accordingly.
307See
308.Xr key 1
309for more information on S/Key authentication.
310S/Key is a Trademark of Bellcore.
311.It
312The login name must not appear in the file
313.Pa /etc/ftpusers .
314.It
315The login name must not be a member of a group specified in the file
316.Pa /etc/ftpusers .
317Entries in this file interpreted as group names are prefixed by an "at"
318.Ql \&@
319sign.
320.It
321The user must have a standard shell returned by
322.Xr getusershell 3 .
323.It
324If the user name appears in the file
325.Pa /etc/ftpchroot ,
326or the user is a member of a group with a group entry in this file,
327i.e. one prefixed with
328.Ql \&@ ,
329the session's root will be changed to the user's login directory by
330.Xr chroot 2
331as for an
332.Dq anonymous
333or
334.Dq ftp
335account (see next item).
336This facility may also be triggered by enabling the boolean "ftp-chroot"
337capability in
338.Xr login.conf 5 .
339However, the user must still supply a password.
340This feature is intended as a compromise between a fully anonymous
341account and a fully privileged account.
342The account should also be set up as for an anonymous account.
343.It
344If the user name is
345.Dq anonymous
346or
347.Dq ftp ,
348an
349anonymous ftp account must be present in the password
350file (user
351.Dq ftp ) .
352In this case the user is allowed
353to log in by specifying any password (by convention an email address for
354the user should be used as the password).
355When the
356.Fl S
357option is set, all transfers are logged as well.
358.El
359.Pp
360In the last case,
361.Nm
362takes special measures to restrict the client's access privileges.
363The server performs a
364.Xr chroot 2
365to the home directory of the
366.Dq ftp
367user.
368In order that system security is not breached, it is recommended
369that the
370.Dq ftp
371subtree be constructed with care, following these rules:
372.Bl -tag -width "~ftp/pub" -offset indent
373.It Pa ~ftp
374Make the home directory owned by
375.Dq root
376and unwritable by anyone.
377.It Pa ~ftp/etc
378Make this directory owned by
379.Dq root
380and unwritable by anyone (mode 555).
381The files pwd.db (see
382.Xr passwd 5 )
383and
384.Xr group 5
385must be present for the
| 297.Pp
298.Bl -enum -offset indent
299.It
300The login name must be in the password data base
301and not have a null password.
302In this case a password must be provided by the client before any
303file operations may be performed.
304If the user has an S/Key key, the response from a successful USER
305command will include an S/Key challenge.
306The client may choose to respond with a PASS command giving either
307a standard password or an S/Key one-time password.
308The server will automatically determine which type of
309password it has been given and attempt to authenticate accordingly.
310See
311.Xr key 1
312for more information on S/Key authentication.
313S/Key is a Trademark of Bellcore.
314.It
315The login name must not appear in the file
316.Pa /etc/ftpusers .
317.It
318The login name must not be a member of a group specified in the file
319.Pa /etc/ftpusers .
320Entries in this file interpreted as group names are prefixed by an "at"
321.Ql \&@
322sign.
323.It
324The user must have a standard shell returned by
325.Xr getusershell 3 .
326.It
327If the user name appears in the file
328.Pa /etc/ftpchroot ,
329or the user is a member of a group with a group entry in this file,
330i.e. one prefixed with
331.Ql \&@ ,
332the session's root will be changed to the user's login directory by
333.Xr chroot 2
334as for an
335.Dq anonymous
336or
337.Dq ftp
338account (see next item).
339This facility may also be triggered by enabling the boolean "ftp-chroot"
340capability in
341.Xr login.conf 5 .
342However, the user must still supply a password.
343This feature is intended as a compromise between a fully anonymous
344account and a fully privileged account.
345The account should also be set up as for an anonymous account.
346.It
347If the user name is
348.Dq anonymous
349or
350.Dq ftp ,
351an
352anonymous ftp account must be present in the password
353file (user
354.Dq ftp ) .
355In this case the user is allowed
356to log in by specifying any password (by convention an email address for
357the user should be used as the password).
358When the
359.Fl S
360option is set, all transfers are logged as well.
361.El
362.Pp
363In the last case,
364.Nm
365takes special measures to restrict the client's access privileges.
366The server performs a
367.Xr chroot 2
368to the home directory of the
369.Dq ftp
370user.
371In order that system security is not breached, it is recommended
372that the
373.Dq ftp
374subtree be constructed with care, following these rules:
375.Bl -tag -width "~ftp/pub" -offset indent
376.It Pa ~ftp
377Make the home directory owned by
378.Dq root
379and unwritable by anyone.
380.It Pa ~ftp/etc
381Make this directory owned by
382.Dq root
383and unwritable by anyone (mode 555).
384The files pwd.db (see
385.Xr passwd 5 )
386and
387.Xr group 5
388must be present for the
|
386.Xr ls
| 389.Xr ls 1
|
387command to be able to produce owner names rather than numbers.
388The password field in
389.Xr passwd
390is not used, and should not contain real passwords.
391The file
392.Pa ftpmotd ,
393if present, will be printed after a successful login.
394These files should be mode 444.
395.It Pa ~ftp/pub
396This directory and the subdirectories beneath it should be owned
397by the users and groups responsible for placing files in them,
398and be writable only by them (mode 755 or 775).
399They should
400.Em not
401be owned or writable by
402.Dq ftp
403or its group, otherwise guest users
404can fill the drive with unwanted files.
405.El
406.Pp
407If the system has multiple IP addresses,
408.Nm
409supports the idea of virtual hosts, which provides the ability to
410define multiple anonymous ftp areas, each one allocated to a different
411internet address.
412The file
413.Pa /etc/ftphosts
414contains information pertaining to each of the virtual hosts.
415Each host is defined on its own line which contains a number of
416fields separated by whitespace:
417.Bl -tag -offset indent -width hostname
418.It hostname
419Contains the hostname or IP address of the virtual host.
420.It user
421Contains a user record in the system password file.
422As with normal anonymous ftp, this user's access uid, gid and group
423memberships determine file access to the anonymous ftp area.
424The anonymous ftp area (to which any user is chrooted on login)
425is determined by the home directory defined for the account.
426User id and group for any ftp account may be the same as for the
427standard ftp user.
428.It statfile
429File to which all file transfers are logged, which
430defaults to
431.Pa /var/log/ftpd .
432.It welcome
433This file is the welcome message displayed before the server ready
434prompt.
435It defaults to
436.Pa /etc/ftpwelcome .
437.It motd
438This file is displayed after the user logs in.
439It defaults to
440.Pa /etc/ftpmotd .
441.El
442.Pp
443Lines beginning with a '#' are ignored and can be used to include
444comments.
445.Pp
446Defining a virtual host for the primary IP address or hostname
447changes the default for ftp logins to that address.
448The 'user', 'statfile', 'welcome' and 'motd' fields may be left
449blank, or a single hypen '-' used to indicate that the default
450value is to be used.
451.Pp
452As with any anonymous login configuration, due care must be given
453to setup and maintenance to guard against security related problems.
454.Pp
| 390command to be able to produce owner names rather than numbers.
391The password field in
392.Xr passwd
393is not used, and should not contain real passwords.
394The file
395.Pa ftpmotd ,
396if present, will be printed after a successful login.
397These files should be mode 444.
398.It Pa ~ftp/pub
399This directory and the subdirectories beneath it should be owned
400by the users and groups responsible for placing files in them,
401and be writable only by them (mode 755 or 775).
402They should
403.Em not
404be owned or writable by
405.Dq ftp
406or its group, otherwise guest users
407can fill the drive with unwanted files.
408.El
409.Pp
410If the system has multiple IP addresses,
411.Nm
412supports the idea of virtual hosts, which provides the ability to
413define multiple anonymous ftp areas, each one allocated to a different
414internet address.
415The file
416.Pa /etc/ftphosts
417contains information pertaining to each of the virtual hosts.
418Each host is defined on its own line which contains a number of
419fields separated by whitespace:
420.Bl -tag -offset indent -width hostname
421.It hostname
422Contains the hostname or IP address of the virtual host.
423.It user
424Contains a user record in the system password file.
425As with normal anonymous ftp, this user's access uid, gid and group
426memberships determine file access to the anonymous ftp area.
427The anonymous ftp area (to which any user is chrooted on login)
428is determined by the home directory defined for the account.
429User id and group for any ftp account may be the same as for the
430standard ftp user.
431.It statfile
432File to which all file transfers are logged, which
433defaults to
434.Pa /var/log/ftpd .
435.It welcome
436This file is the welcome message displayed before the server ready
437prompt.
438It defaults to
439.Pa /etc/ftpwelcome .
440.It motd
441This file is displayed after the user logs in.
442It defaults to
443.Pa /etc/ftpmotd .
444.El
445.Pp
446Lines beginning with a '#' are ignored and can be used to include
447comments.
448.Pp
449Defining a virtual host for the primary IP address or hostname
450changes the default for ftp logins to that address.
451The 'user', 'statfile', 'welcome' and 'motd' fields may be left
452blank, or a single hypen '-' used to indicate that the default
453value is to be used.
454.Pp
455As with any anonymous login configuration, due care must be given
456to setup and maintenance to guard against security related problems.
457.Pp
|
| 458The
|
455.Nm
| 459.Nm
|
456has internal support for handling remote requests to list
| 460utility has internal support for handling remote requests to list
|
457files, and will not execute
458.Pa /bin/ls
459in either a chrooted or non-chrooted environment. The
460.Pa ~/bin/ls
461executable need not be placed into the chrooted tree, nor need the
462.Pa ~/bin
463directory exist.
464.Sh FILES
465.Bl -tag -width /etc/ftpwelcome -compact
466.It Pa /etc/ftpusers
467List of unwelcome/restricted users.
468.It Pa /etc/ftpchroot
469List of normal users who should be chroot'd.
470.It Pa /etc/ftphosts
471Virtual hosting configuration file.
472.It Pa /etc/ftpwelcome
473Welcome notice.
474.It Pa /etc/ftpmotd
475Welcome notice after login.
476.It Pa /var/run/nologin
477Displayed and access refused.
478.It Pa /var/log/ftpd
479Log file for anonymous transfers.
480.El
481.Sh SEE ALSO
482.Xr ftp 1 ,
483.Xr key 1 ,
484.Xr getusershell 3 ,
485.Xr login.conf 5 ,
486.Xr inetd 8 ,
487.Xr syslogd 8
488.Sh BUGS
489The server must run as the super-user
490to create sockets with privileged port numbers. It maintains
491an effective user id of the logged in user, reverting to
492the super-user only when binding addresses to sockets. The
493possible security holes have been extensively
494scrutinized, but are possibly incomplete.
495.Sh HISTORY
496The
497.Nm
| 461files, and will not execute
462.Pa /bin/ls
463in either a chrooted or non-chrooted environment. The
464.Pa ~/bin/ls
465executable need not be placed into the chrooted tree, nor need the
466.Pa ~/bin
467directory exist.
468.Sh FILES
469.Bl -tag -width /etc/ftpwelcome -compact
470.It Pa /etc/ftpusers
471List of unwelcome/restricted users.
472.It Pa /etc/ftpchroot
473List of normal users who should be chroot'd.
474.It Pa /etc/ftphosts
475Virtual hosting configuration file.
476.It Pa /etc/ftpwelcome
477Welcome notice.
478.It Pa /etc/ftpmotd
479Welcome notice after login.
480.It Pa /var/run/nologin
481Displayed and access refused.
482.It Pa /var/log/ftpd
483Log file for anonymous transfers.
484.El
485.Sh SEE ALSO
486.Xr ftp 1 ,
487.Xr key 1 ,
488.Xr getusershell 3 ,
489.Xr login.conf 5 ,
490.Xr inetd 8 ,
491.Xr syslogd 8
492.Sh BUGS
493The server must run as the super-user
494to create sockets with privileged port numbers. It maintains
495an effective user id of the logged in user, reverting to
496the super-user only when binding addresses to sockets. The
497possible security holes have been extensively
498scrutinized, but are possibly incomplete.
499.Sh HISTORY
500The
501.Nm
|
498command appeared in
| 502utility appeared in
|
499.Bx 4.2 .
500IPv6 support was added in WIDE Hydrangea IPv6 stack kit.
| 503.Bx 4.2 .
504IPv6 support was added in WIDE Hydrangea IPv6 stack kit.
|