Commit | Line | Data |
---|---|---|
15637ed4 RG |
1 | .\" Copyright (c) 1985, 1988, 1991 The Regents of the University of California. |
2 | .\" All rights reserved. | |
3 | .\" | |
4 | .\" Redistribution and use in source and binary forms, with or without | |
5 | .\" modification, are permitted provided that the following conditions | |
6 | .\" are met: | |
7 | .\" 1. Redistributions of source code must retain the above copyright | |
8 | .\" notice, this list of conditions and the following disclaimer. | |
9 | .\" 2. Redistributions in binary form must reproduce the above copyright | |
10 | .\" notice, this list of conditions and the following disclaimer in the | |
11 | .\" documentation and/or other materials provided with the distribution. | |
12 | .\" 3. All advertising materials mentioning features or use of this software | |
13 | .\" must display the following acknowledgement: | |
14 | .\" This product includes software developed by the University of | |
15 | .\" California, Berkeley and its contributors. | |
16 | .\" 4. Neither the name of the University nor the names of its contributors | |
17 | .\" may be used to endorse or promote products derived from this software | |
18 | .\" without specific prior written permission. | |
19 | .\" | |
20 | .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND | |
21 | .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
22 | .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
23 | .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
24 | .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
25 | .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
26 | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
27 | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
28 | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
29 | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
30 | .\" SUCH DAMAGE. | |
31 | .\" | |
32 | .\" @(#)ftpd.8 6.9 (Berkeley) 3/16/91 | |
33 | .\" | |
34 | .Dd March 16, 1991 | |
35 | .Dt FTPD 8 | |
36 | .Os BSD 4.2 | |
37 | .Sh NAME | |
38 | .Nm ftpd | |
39 | .Nd | |
40 | .Tn DARPA | |
41 | Internet File Transfer Protocol server | |
42 | .Sh SYNOPSIS | |
43 | .Nm ftpd | |
44 | .Op Fl d | |
45 | .Op Fl l | |
46 | .Op Fl t Ar timeout | |
47 | .Op Fl T Ar maxtimeout | |
48 | .Sh DESCRIPTION | |
49 | .Nm Ftpd | |
50 | is the | |
51 | .Tn DARPA | |
52 | Internet File Transfer Protocol | |
53 | server process. The server uses the | |
54 | .Tn TCP | |
55 | protocol | |
56 | and listens at the port specified in the | |
57 | .Dq ftp | |
58 | service specification; see | |
59 | .Xr services 5 . | |
60 | .Pp | |
61 | Available options: | |
62 | .Bl -tag -width Ds | |
63 | .It Fl d | |
64 | Debugging information is written to the syslog. | |
65 | .It Fl l | |
66 | Each | |
67 | .Xr ftp 1 | |
68 | session is logged in the syslog. | |
69 | .It Fl t | |
70 | The inactivity timeout period is set to | |
71 | .Ar timeout | |
72 | seconds (the default is 15 minutes). | |
73 | .It Fl T | |
74 | A client may also request a different timeout period; | |
75 | the maximum period allowed may be set to | |
76 | .Ar timeout | |
77 | seconds with the | |
78 | .Fl T | |
79 | option. | |
80 | The default limit is 2 hours. | |
81 | .El | |
82 | .Pp | |
83 | The ftp server currently supports the following ftp | |
84 | requests; case is not distinguished. | |
85 | .Bl -column "Request" -offset indent | |
86 | .It Request Ta "Description" | |
87 | .It ABOR Ta "abort previous command" | |
88 | .It ACCT Ta "specify account (ignored)" | |
89 | .It ALLO Ta "allocate storage (vacuously)" | |
90 | .It APPE Ta "append to a file" | |
91 | .It CDUP Ta "change to parent of current working directory" | |
92 | .It CWD Ta "change working directory" | |
93 | .It DELE Ta "delete a file" | |
94 | .It HELP Ta "give help information" | |
95 | .It LIST Ta "give list files in a directory" Pq Dq Li "ls -lgA" | |
96 | .It MKD Ta "make a directory" | |
97 | .It MDTM Ta "show last modification time of file" | |
98 | .It MODE Ta "specify data transfer" Em mode | |
99 | .It NLST Ta "give name list of files in directory" | |
100 | .It NOOP Ta "do nothing" | |
101 | .It PASS Ta "specify password" | |
102 | .It PASV Ta "prepare for server-to-server transfer" | |
103 | .It PORT Ta "specify data connection port" | |
104 | .It PWD Ta "print the current working directory" | |
105 | .It QUIT Ta "terminate session" | |
106 | .It REST Ta "restart incomplete transfer" | |
107 | .It RETR Ta "retrieve a file" | |
108 | .It RMD Ta "remove a directory" | |
109 | .It RNFR Ta "specify rename-from file name" | |
110 | .It RNTO Ta "specify rename-to file name" | |
111 | .It SITE Ta "non-standard commands (see next section)" | |
112 | .It SIZE Ta "return size of file" | |
113 | .It STAT Ta "return status of server" | |
114 | .It STOR Ta "store a file" | |
115 | .It STOU Ta "store a file with a unique name" | |
116 | .It STRU Ta "specify data transfer" Em structure | |
117 | .It SYST Ta "show operating system type of server system" | |
118 | .It TYPE Ta "specify data transfer" Em type | |
119 | .It USER Ta "specify user name" | |
120 | .It XCUP Ta "change to parent of current working directory (deprecated)" | |
121 | .It XCWD Ta "change working directory (deprecated)" | |
122 | .It XMKD Ta "make a directory (deprecated)" | |
123 | .It XPWD Ta "print the current working directory (deprecated)" | |
124 | .It XRMD Ta "remove a directory (deprecated)" | |
125 | .El | |
126 | .Pp | |
127 | The following non-standard or | |
128 | .Tn UNIX | |
129 | specific commands are supported | |
130 | by the | |
131 | SITE request. | |
132 | .Pp | |
133 | .Bl -column Request -offset indent | |
134 | .It Sy Request Ta Sy Description | |
135 | .It UMASK Ta change umask. Em E.g. SITE UMASK 002 | |
136 | .It IDLE Ta set idle-timer. Em E.g. SITE IDLE 60 | |
137 | .It CHMOD Ta change mode of a file. Em E.g. | |
138 | SITE CHMOD 755 filename | |
139 | .It HELP Ta give help information. Em E.g. SITE HELP | |
140 | .El | |
141 | .Pp | |
142 | The remaining ftp requests specified in Internet | |
143 | .%T "RFC 959" | |
144 | are | |
145 | recognized, but not implemented. | |
146 | MDTM and SIZE are not specified in | |
147 | .%T "RFC 959" , | |
148 | but will appear in the next updated FTP RFC. | |
149 | .Pp | |
150 | The ftp server will abort an active file transfer only when the | |
151 | ABOR | |
152 | command is preceded by a Telnet "Interrupt Process" (IP) | |
153 | signal and a Telnet "Synch" signal in the command Telnet stream, | |
154 | as described in Internet | |
155 | .%T "RFC 959" . | |
156 | If a | |
157 | STAT | |
158 | command is received during a data transfer, preceded by a Telnet IP | |
159 | and Synch, transfer status will be returned. | |
160 | .Pp | |
161 | .Nm Ftpd | |
162 | interprets file names according to the | |
163 | .Dq globbing | |
164 | conventions used by | |
165 | .Xr csh 1 . | |
166 | This allows users to utilize the metacharacters | |
167 | .Dq Li \&*?[]{}~ . | |
168 | .Pp | |
169 | .Nm Ftpd | |
170 | authenticates users according to three rules. | |
171 | .Pp | |
172 | .Bl -enum -offset indent | |
173 | .It | |
174 | The user name must be in the password data base, | |
175 | .Pa /etc/passwd , | |
176 | and not have a null password. In this case a password | |
177 | must be provided by the client before any file operations | |
178 | may be performed. | |
179 | .It | |
180 | The user name must not appear in the file | |
181 | .Pa /etc/ftpusers . | |
182 | .It | |
183 | The user must have a standard shell returned by | |
184 | .Xr getusershell 3 . | |
185 | .It | |
186 | If the user name is | |
187 | .Dq anonymous | |
188 | or | |
189 | .Dq ftp , | |
190 | an | |
191 | anonymous ftp account must be present in the password | |
192 | file (user | |
193 | .Dq ftp ) . | |
194 | In this case the user is allowed | |
195 | to log in by specifying any password (by convention this | |
196 | is given as the client host's name). | |
197 | .El | |
198 | .Pp | |
199 | In the last case, | |
200 | .Nm ftpd | |
201 | takes special measures to restrict the client's access privileges. | |
202 | The server performs a | |
203 | .Xr chroot 2 | |
204 | command to the home directory of the | |
205 | .Dq ftp | |
206 | user. | |
207 | In order that system security is not breached, it is recommended | |
208 | that the | |
209 | .Dq ftp | |
210 | subtree be constructed with care; the following | |
211 | rules are recommended. | |
212 | .Bl -tag -width "~ftp/pub" -offset indent | |
213 | .It Pa ~ftp | |
214 | Make the home directory owned by | |
215 | .Dq ftp | |
216 | and unwritable by anyone. | |
217 | .It Pa ~ftp/bin | |
218 | Make this directory owned by the super-user and unwritable by | |
219 | anyone. The program | |
220 | .Xr ls 1 | |
221 | must be present to support the list command. This | |
222 | program should have mode 111. | |
223 | .It Pa ~ftp/etc | |
224 | Make this directory owned by the super-user and unwritable by | |
225 | anyone. The files | |
226 | .Xr passwd 5 | |
227 | and | |
228 | .Xr group 5 | |
229 | must be present for the | |
230 | .Xr ls | |
231 | command to be able to produce owner names rather than numbers. | |
232 | The password field in | |
233 | .Xr passwd | |
234 | is not used, and should not contain real encrypted passwords. | |
235 | These files should be mode 444. | |
236 | .It Pa ~ftp/pub | |
237 | Make this directory mode 777 and owned by | |
238 | .Dq ftp . | |
239 | Users | |
240 | should then place files which are to be accessible via the | |
241 | anonymous account in this directory. | |
242 | .El | |
243 | .Sh SEE ALSO | |
244 | .Xr ftp 1 , | |
245 | .Xr getusershell 3 , | |
246 | .Xr syslogd 8 | |
247 | .Sh BUGS | |
248 | The anonymous account is inherently dangerous and should | |
249 | avoided when possible. | |
250 | .Pp | |
251 | The server must run as the super-user | |
252 | to create sockets with privileged port numbers. It maintains | |
253 | an effective user id of the logged in user, reverting to | |
254 | the super-user only when binding addresses to sockets. The | |
255 | possible security holes have been extensively | |
256 | scrutinized, but are possibly incomplete. | |
257 | .Sh HISTORY | |
258 | The | |
259 | .Nm | |
260 | command appeared in | |
261 | .Bx 4.2 . |