Commit | Line | Data |
---|---|---|
917eb9fe KM |
1 | .\" Copyright (c) 1983 Regents of the University of California. |
2 | .\" All rights reserved. The Berkeley software License Agreement | |
3 | .\" specifies the terms and conditions for redistribution. | |
4 | .\" | |
d2e77476 | 5 | .\" @(#)ftpd.8 6.1 (Berkeley) %G% |
917eb9fe | 6 | .\" |
d2e77476 | 7 | .TH FTPD 8C "" |
917eb9fe KM |
8 | .UC 5 |
9 | .SH NAME | |
10 | ftpd \- DARPA Internet File Transfer Protocol server | |
11 | .SH SYNOPSIS | |
12 | .B /etc/ftpd | |
13 | [ | |
14 | .B \-d | |
15 | ] [ | |
16 | .B \-l | |
17 | ] [ | |
18 | .BR \-t timeout | |
19 | ] | |
20 | .SH DESCRIPTION | |
21 | .I Ftpd | |
22 | is the DARPA Internet File Transfer Prototocol | |
23 | server process. The server uses the TCP protocol | |
24 | and listens at the port specified in the ``ftp'' | |
25 | service specification; see | |
26 | .IR services (5). | |
27 | .PP | |
28 | If the | |
29 | .B \-d | |
30 | option is specified, | |
31 | each socket created will have debugging turned | |
32 | on (SO_DEBUG). With debugging enabled, the system | |
33 | will trace all TCP packets sent and received on a | |
34 | socket. The program | |
35 | .IR trpt (8C) | |
36 | may then be used to interpret the packet traces. | |
37 | .PP | |
38 | If the | |
39 | .B \-l | |
40 | option is specified, | |
41 | each ftp session is logged on the standard output. | |
42 | This allows a line of the form | |
43 | `/etc/ftpd -l > /tmp/ftplog'' | |
44 | to be used to conveniently maintain a log of ftp sessions. | |
45 | .PP | |
46 | The ftp server | |
47 | will timeout an inactive session after 60 seconds. | |
48 | If the | |
49 | .B \-t | |
50 | option is specified, | |
51 | the inactivity timeout period will be set to | |
52 | .IR timeout . | |
53 | .PP | |
54 | The ftp server currently supports the following ftp | |
55 | requests; case is not distinguished. | |
56 | .PP | |
57 | .nf | |
58 | .ta \w'Request 'u | |
59 | \fBRequest Description\fP | |
60 | ACCT specify account (ignored) | |
61 | ALLO allocate storage (vacuously) | |
62 | APPE append to a file | |
63 | CWD change working directory | |
64 | DELE delete a file | |
65 | HELP give help information | |
66 | LIST give list files in a directory (``ls -lg'') | |
67 | MODE specify data transfer \fImode\fP | |
68 | NLST give name list of files in directory (``ls'') | |
69 | NOOP do nothing | |
70 | PASS specify password | |
71 | PORT specify data connection port | |
72 | QUIT terminate session | |
73 | RETR retrieve a file | |
74 | RNFR specify rename-from file name | |
75 | RNTO specify rename-to file name | |
76 | STOR store a file | |
77 | STRU specify data transfer \fIstructure\fP | |
78 | TYPE specify data transfer \fItype\fP | |
79 | USER specify user name | |
80 | XCUP change to parent of current working directory | |
81 | XCWD change working directory | |
82 | XMKD make a directory | |
83 | XPWD print the current working directory | |
84 | XRMD remove a directory | |
85 | .fi | |
86 | .PP | |
87 | The remaining ftp requests specified in Internet RFC 765 are | |
88 | recognized, but not implemented. | |
89 | .PP | |
90 | .I Ftpd | |
91 | interprets file names according to the ``globbing'' | |
92 | conventions used by | |
93 | .IR csh (1). | |
94 | This allows users to utilize the metacharacters ``*?[]{}~''. | |
95 | .PP | |
96 | .I Ftpd | |
97 | authenticates users according to three rules. | |
98 | .IP 1) | |
99 | The user name must be in the password data base, | |
100 | .IR /etc/passwd , | |
101 | and not have a null password. In this case a password | |
102 | must be provided by the client before any file operations | |
103 | may be performed. | |
104 | .IP 2) | |
105 | The user name must not appear in the file | |
106 | .IR /etc/ftpusers . | |
107 | .IP 3) | |
108 | If the user name is ``anonymous'' or ``ftp'', an | |
109 | anonymous ftp account must be present in the password | |
110 | file (user ``ftp''). In this case the user is allowed | |
111 | to log in by specifying any password (by convention this | |
112 | is given as the client host's name). | |
113 | .PP | |
114 | In the last case, | |
115 | .I ftpd | |
116 | takes special measures to restrict the client's access privileges. | |
117 | The server performs a | |
118 | .IR chroot (2) | |
119 | command to the home directory of the ``ftp'' user. | |
120 | In order that system security is not breached, it is recommended | |
121 | that the ``ftp'' subtree be constructed with care; the following | |
122 | rules are recommended. | |
123 | .IP ~ftp) | |
124 | Make the home directory owned by ``ftp'' and unwritable by anyone. | |
125 | .IP ~ftp/bin) | |
126 | Make this directory owned by the super-user and unwritable by | |
127 | anyone. The program | |
128 | .IR ls (1) | |
129 | must be present to support the list commands. This | |
130 | program should have mode 111. | |
131 | .IP ~ftp/etc) | |
132 | Make this directory owned by the super-user and unwritable by | |
133 | anyone. The files | |
134 | .IR passwd (5) | |
135 | and | |
136 | .IR group (5) | |
137 | must be present for the | |
138 | .I ls | |
139 | command to work properly. These files should be mode 444. | |
140 | .IP ~ftp/pub) | |
141 | Make this directory mode 777 and owned by ``ftp''. Users | |
142 | should then place files which are to be accessible via the | |
143 | anonymous account in this directory. | |
144 | .SH "SEE ALSO" | |
145 | ftp(1C), | |
146 | .SH BUGS | |
147 | There is no support for aborting commands. | |
148 | .PP | |
149 | The anonymous account is inherently dangerous and should | |
150 | avoided when possible. | |
151 | .PP | |
152 | The server must run as the super-user | |
153 | to create sockets with privileged port numbers. It maintains | |
154 | an effective user id of the logged in user, reverting to | |
155 | the super-user only when binding addresses to sockets. The | |
156 | possible security holes have been extensively | |
157 | scrutinized, but are possibly incomplete. |