projects / unix-history / blame
| Commit | Line | Data |
|---|---|---|
| 1bd029de | 1 | .\" Copyright (c) 1985 Regents of the University of California. |
| 917eb9fe KM |
2 | .\" All rights reserved. The Berkeley software License Agreement |
| 3 | .\" specifies the terms and conditions for redistribution. | |
| 4 | .\" | |
| 06e77c11 | 5 | .\" @(#)ftpd.8 6.4 (Berkeley) %G% |
| 917eb9fe | 6 | .\" |
| 1bd029de | 7 | .TH FTPD 8C "April 27, 1985" |
| 917eb9fe KM |
8 | .UC 5 |
| 9 | .SH NAME | |
| 10 | ftpd \- DARPA Internet File Transfer Protocol server | |
| 11 | .SH SYNOPSIS | |
| 12 | .B /etc/ftpd | |
| 13 | [ | |
| 14 | .B \-d | |
| 15 | ] [ | |
| 16 | .B \-l | |
| 17 | ] [ | |
| 18 | .BR \-t timeout | |
| 19 | ] | |
| 20 | .SH DESCRIPTION | |
| 21 | .I Ftpd | |
| 22 | is the DARPA Internet File Transfer Prototocol | |
| 23 | server process. The server uses the TCP protocol | |
| 24 | and listens at the port specified in the ``ftp'' | |
| 25 | service specification; see | |
| 26 | .IR services (5). | |
| 27 | .PP | |
| 28 | If the | |
| 29 | .B \-d | |
| 30 | option is specified, | |
| 2c32d7db | 31 | debugging information is written to the syslog. |
| 917eb9fe KM |
32 | .PP |
| 33 | If the | |
| 34 | .B \-l | |
| 35 | option is specified, | |
| 2c32d7db | 36 | each ftp session is logged in the syslog. |
| 917eb9fe KM |
37 | .PP |
| 38 | The ftp server | |
| 2c32d7db | 39 | will timeout an inactive session after 15 minutes. |
| 917eb9fe KM |
40 | If the |
| 41 | .B \-t | |
| 42 | option is specified, | |
| 43 | the inactivity timeout period will be set to | |
| 44 | .IR timeout . | |
| 45 | .PP | |
| 46 | The ftp server currently supports the following ftp | |
| 47 | requests; case is not distinguished. | |
| 48 | .PP | |
| 49 | .nf | |
| 50 | .ta \w'Request 'u | |
| 51 | \fBRequest Description\fP | |
| 1bd029de | 52 | ABOR abort previous command |
| 917eb9fe KM |
53 | ACCT specify account (ignored) |
| 54 | ALLO allocate storage (vacuously) | |
| 55 | APPE append to a file | |
| 1bd029de | 56 | CDUP change to parent of current working directory |
| 917eb9fe KM |
57 | CWD change working directory |
| 58 | DELE delete a file | |
| 59 | HELP give help information | |
| 60 | LIST give list files in a directory (``ls -lg'') | |
| 1bd029de | 61 | MKD make a directory |
| 917eb9fe KM |
62 | MODE specify data transfer \fImode\fP |
| 63 | NLST give name list of files in directory (``ls'') | |
| 64 | NOOP do nothing | |
| 65 | PASS specify password | |
| 1bd029de | 66 | PASV prepare for server-to-server transfer |
| 917eb9fe | 67 | PORT specify data connection port |
| 1bd029de | 68 | PWD print the current working directory |
| 917eb9fe KM |
69 | QUIT terminate session |
| 70 | RETR retrieve a file | |
| 1bd029de | 71 | RMD remove a directory |
| 917eb9fe KM |
72 | RNFR specify rename-from file name |
| 73 | RNTO specify rename-to file name | |
| 74 | STOR store a file | |
| 1bd029de | 75 | STOU store a file with a unique name |
| 917eb9fe KM |
76 | STRU specify data transfer \fIstructure\fP |
| 77 | TYPE specify data transfer \fItype\fP | |
| 78 | USER specify user name | |
| 79 | XCUP change to parent of current working directory | |
| 80 | XCWD change working directory | |
| 81 | XMKD make a directory | |
| 82 | XPWD print the current working directory | |
| 83 | XRMD remove a directory | |
| 84 | .fi | |
| 85 | .PP | |
| 1bd029de | 86 | The remaining ftp requests specified in Internet RFC 959 are |
| 917eb9fe KM |
87 | recognized, but not implemented. |
| 88 | .PP | |
| 1bd029de GM |
89 | The ftp server will abort an active file transfer only when the |
| 90 | ABOR command is preceded by a Telnet "Interrupt Process" (IP) | |
| 91 | signal and a Telnet "Synch" signal in the command Telnet stream, | |
| 92 | as described in Internet RFC 959. | |
| 93 | .PP | |
| 917eb9fe KM |
94 | .I Ftpd |
| 95 | interprets file names according to the ``globbing'' | |
| 96 | conventions used by | |
| 97 | .IR csh (1). | |
| 98 | This allows users to utilize the metacharacters ``*?[]{}~''. | |
| 99 | .PP | |
| 100 | .I Ftpd | |
| 101 | authenticates users according to three rules. | |
| 102 | .IP 1) | |
| 103 | The user name must be in the password data base, | |
| 104 | .IR /etc/passwd , | |
| 105 | and not have a null password. In this case a password | |
| 106 | must be provided by the client before any file operations | |
| 107 | may be performed. | |
| 108 | .IP 2) | |
| 109 | The user name must not appear in the file | |
| 110 | .IR /etc/ftpusers . | |
| 111 | .IP 3) | |
| 06e77c11 KM |
112 | The user must have a standard shell returned by |
| 113 | .IR getusershell (3). | |
| 114 | .IP 4) | |
| 917eb9fe KM |
115 | If the user name is ``anonymous'' or ``ftp'', an |
| 116 | anonymous ftp account must be present in the password | |
| 117 | file (user ``ftp''). In this case the user is allowed | |
| 118 | to log in by specifying any password (by convention this | |
| 119 | is given as the client host's name). | |
| 120 | .PP | |
| 121 | In the last case, | |
| 122 | .I ftpd | |
| 123 | takes special measures to restrict the client's access privileges. | |
| 124 | The server performs a | |
| 125 | .IR chroot (2) | |
| 126 | command to the home directory of the ``ftp'' user. | |
| 127 | In order that system security is not breached, it is recommended | |
| 128 | that the ``ftp'' subtree be constructed with care; the following | |
| 129 | rules are recommended. | |
| 130 | .IP ~ftp) | |
| 131 | Make the home directory owned by ``ftp'' and unwritable by anyone. | |
| 132 | .IP ~ftp/bin) | |
| 133 | Make this directory owned by the super-user and unwritable by | |
| 134 | anyone. The program | |
| 135 | .IR ls (1) | |
| 136 | must be present to support the list commands. This | |
| 137 | program should have mode 111. | |
| 138 | .IP ~ftp/etc) | |
| 139 | Make this directory owned by the super-user and unwritable by | |
| 140 | anyone. The files | |
| 141 | .IR passwd (5) | |
| 142 | and | |
| 143 | .IR group (5) | |
| 144 | must be present for the | |
| 145 | .I ls | |
| 146 | command to work properly. These files should be mode 444. | |
| 147 | .IP ~ftp/pub) | |
| 148 | Make this directory mode 777 and owned by ``ftp''. Users | |
| 149 | should then place files which are to be accessible via the | |
| 150 | anonymous account in this directory. | |
| 151 | .SH "SEE ALSO" | |
| 06e77c11 | 152 | ftp(1C), getusershell(3), syslogd(8) |
| 917eb9fe | 153 | .SH BUGS |
| 917eb9fe KM |
154 | The anonymous account is inherently dangerous and should |
| 155 | avoided when possible. | |
| 156 | .PP | |
| 157 | The server must run as the super-user | |
| 158 | to create sockets with privileged port numbers. It maintains | |
| 159 | an effective user id of the logged in user, reverting to | |
| 160 | the super-user only when binding addresses to sockets. The | |
| 161 | possible security holes have been extensively | |
| 162 | scrutinized, but are possibly incomplete. |