[unix-history] / usr / src / libexec / ftpd / ftpd.8

.\" Copyright (c) 1985, 1988 The Regents of the University of California.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms are permitted
.\" provided that the above copyright notice and this paragraph are
.\" duplicated in all such forms and that any documentation,
.\" advertising materials, and other materials related to such
.\" distribution and use acknowledge that the software was developed
.\" by the University of California, Berkeley.  The name of the
.\" University may not be used to endorse or promote products derived
.\" from this software without specific prior written permission.
.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
.\" IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
.\" WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
.\"
.\"	@(#)ftpd.8	6.7 (Berkeley) %G%
.\"
.TH FTPD 8 "February 23, 1989"
.UC 5
.SH NAME
ftpd \- DARPA Internet File Transfer Protocol server
.SH SYNOPSIS
.B /etc/ftpd
[
.B \-d
] [
.B \-l
] [
.BR \-t timeout
] [
.BR \-T maxtimeout
]
.SH DESCRIPTION
.I Ftpd
is the DARPA Internet File Transfer Protocol
server process.  The server uses the TCP protocol
and listens at the port specified in the ``ftp''
service specification; see
.IR services (5).
.PP
If the 
.B \-d
option is specified,
debugging information is written to the syslog.
.PP
If the
.B \-l
option is specified,
each ftp session is logged in the syslog.
.PP
The ftp server
will timeout an inactive session after 15 minutes.
If the
.B \-t
option is specified,
the inactivity timeout period will be set to
.I timeout
seconds.
A client may also request a different timeout period;
the maximum period allowed may be set to
.I timeout
seconds with the
.B \-T
option.
The default limit is 2 hours.
.PP
The ftp server currently supports the following ftp
requests; case is not distinguished.
.PP
.nf
.ta \w'Request        'u
\fBRequest	Description\fP
ABOR	abort previous command
ACCT	specify account (ignored)
ALLO	allocate storage (vacuously)
APPE	append to a file
CDUP	change to parent of current working directory
CWD	change working directory
DELE	delete a file
HELP	give help information
LIST	give list files in a directory (``ls -lgA'')
MKD	make a directory
MDTM	show last modification time of file
MODE	specify data transfer \fImode\fP
NLST	give name list of files in directory 
NOOP	do nothing
PASS	specify password
PASV	prepare for server-to-server transfer
PORT	specify data connection port
PWD	print the current working directory
QUIT	terminate session
REST	restart incomplete transfer
RETR	retrieve a file
RMD	remove a directory
RNFR	specify rename-from file name
RNTO	specify rename-to file name
SITE	non-standard commands (see next section)
SIZE	return size of file
STAT	return status of server
STOR	store a file
STOU	store a file with a unique name
STRU	specify data transfer \fIstructure\fP
SYST	show operating system type of server system
TYPE	specify data transfer \fItype\fP
USER	specify user name
XCUP	change to parent of current working directory (deprecated)
XCWD	change working directory (deprecated)
XMKD	make a directory (deprecated)
XPWD	print the current working directory (deprecated)
XRMD	remove a directory (deprecated)
.fi
.PP
The following non-standard or UNIX specific commands are supported
by the SITE request.
.PP
.nf
.ta \w'Request        'u
\fBRequest	Description\fP
UMASK	change umask. \fIE.g.\fP SITE UMASK 002
IDLE	set idle-timer. \fIE.g.\fP SITE IDLE 60
CHMOD	change mode of a file. \fIE.g.\fP SITE CHMOD 755 filename
HELP	give help information. \fIE.g.\fP SITE HELP
.fi
.PP
The remaining ftp requests specified in Internet RFC 959 are
recognized, but not implemented.
MDTM and SIZE are not specified in
RFC 959, but will appear in the next updated FTP RFC.
.PP
The ftp server will abort an active file transfer only when the
ABOR command is preceded by a Telnet "Interrupt Process" (IP)
signal and a Telnet "Synch" signal in the command Telnet stream,
as described in Internet RFC 959.
If a STAT command is received during a data transfer, preceded by a Telnet IP
and Synch, transfer status will be returned.
.PP
.I Ftpd
interprets file names according to the ``globbing''
conventions used by
.IR csh (1).
This allows users to utilize the metacharacters ``*?[]{}~''.
.PP
.I Ftpd
authenticates users according to three rules. 
.IP 1)
The user name must be in the password data base,
.IR /etc/passwd ,
and not have a null password.  In this case a password
must be provided by the client before any file operations
may be performed.
.IP 2)
The user name must not appear in the file
.IR /etc/ftpusers .
.IP 3)
The user must have a standard shell returned by 
.IR getusershell (3).
.IP 4)
If the user name is ``anonymous'' or ``ftp'', an
anonymous ftp account must be present in the password
file (user ``ftp'').  In this case the user is allowed
to log in by specifying any password (by convention this
is given as the client host's name).
.PP
In the last case, 
.I ftpd
takes special measures to restrict the client's access privileges.
The server performs a 
.IR chroot (2)
command to the home directory of the ``ftp'' user.
In order that system security is not breached, it is recommended
that the ``ftp'' subtree be constructed with care;  the following
rules are recommended.
.IP ~ftp)
Make the home directory owned by ``ftp'' and unwritable by anyone.
.IP ~ftp/bin)
Make this directory owned by the super-user and unwritable by
anyone.  The program
.IR ls (1)
must be present to support the list command.  This
program should have mode 111.
.IP ~ftp/etc)
Make this directory owned by the super-user and unwritable by
anyone.  The files
.IR passwd (5)
and
.IR group (5)
must be present for the 
.I ls
command to be able to produce owner names rather than numbers.
The password field in
.I passwd
is not used, and should not contain real encrypted passwords.
These files should be mode 444.
.IP ~ftp/pub)
Make this directory mode 777 and owned by ``ftp''.  Users
should then place files which are to be accessible via the
anonymous account in this directory.
.SH "SEE ALSO"
ftp(1), getusershell(3), syslogd(8)
.SH BUGS
The anonymous account is inherently dangerous and should
avoided when possible.
.PP
The server must run as the super-user
to create sockets with privileged port numbers.  It maintains
an effective user id of the logged in user, reverting to
the super-user only when binding addresses to sockets.  The
possible security holes have been extensively
scrutinized, but are possibly incomplete.
Commit	Line	Data
fdb56acd	1	.\" Copyright (c) 1985, 1988 The Regents of the University of California.
43c671de	2	.\" All rights reserved.
917eb9fe	3	.\"
43c671de KB	4	.\" Redistribution and use in source and binary forms are permitted
	5	.\" provided that the above copyright notice and this paragraph are
	6	.\" duplicated in all such forms and that any documentation,
	7	.\" advertising materials, and other materials related to such
	8	.\" distribution and use acknowledge that the software was developed
	9	.\" by the University of California, Berkeley. The name of the
	10	.\" University may not be used to endorse or promote products derived
	11	.\" from this software without specific prior written permission.
	12	.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
	13	.\" IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
	14	.\" WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
917eb9fe	15	.\"
fdb56acd	16	.\" @(#)ftpd.8 6.7 (Berkeley) %G%
43c671de	17	.\"
fdb56acd	18	.TH FTPD 8 "February 23, 1989"
917eb9fe KM	19	.UC 5
	20	.SH NAME
	21	ftpd \- DARPA Internet File Transfer Protocol server
	22	.SH SYNOPSIS
	23	.B /etc/ftpd
	24	[
	25	.B \-d
	26	] [
	27	.B \-l
	28	] [
	29	.BR \-t timeout
fdb56acd MK	30	] [
fdb56acd MK	31	.BR \-T maxtimeout
917eb9fe KM	32	]
	33	.SH DESCRIPTION
	34	.I Ftpd
fdb56acd	35	is the DARPA Internet File Transfer Protocol
917eb9fe KM	36	server process. The server uses the TCP protocol
	37	and listens at the port specified in the ``ftp''
	38	service specification; see
	39	.IR services (5).
	40	.PP
	41	If the
	42	.B \-d
	43	option is specified,
2c32d7db	44	debugging information is written to the syslog.
917eb9fe KM	45	.PP
	46	If the
	47	.B \-l
	48	option is specified,
2c32d7db	49	each ftp session is logged in the syslog.
917eb9fe KM	50	.PP
917eb9fe KM	51	The ftp server
2c32d7db	52	will timeout an inactive session after 15 minutes.
917eb9fe KM	53	If the
	54	.B \-t
	55	option is specified,
	56	the inactivity timeout period will be set to
fdb56acd MK	57	.I timeout
	58	seconds.
	59	A client may also request a different timeout period;
	60	the maximum period allowed may be set to
	61	.I timeout
	62	seconds with the
	63	.B \-T
	64	option.
	65	The default limit is 2 hours.
917eb9fe KM	66	.PP
917eb9fe KM	67	The ftp server currently supports the following ftp
fdb56acd	68	requests; case is not distinguished.
917eb9fe KM	69	.PP
	70	.nf
	71	.ta \w'Request 'u
	72	\fBRequest Description\fP
1bd029de	73	ABOR abort previous command
917eb9fe KM	74	ACCT specify account (ignored)
	75	ALLO allocate storage (vacuously)
	76	APPE append to a file
1bd029de	77	CDUP change to parent of current working directory
917eb9fe KM	78	CWD change working directory
	79	DELE delete a file
	80	HELP give help information
fdb56acd	81	LIST give list files in a directory (``ls -lgA'')
1bd029de	82	MKD make a directory
fdb56acd	83	MDTM show last modification time of file
917eb9fe	84	MODE specify data transfer \fImode\fP
fdb56acd	85	NLST give name list of files in directory
917eb9fe KM	86	NOOP do nothing
917eb9fe KM	87	PASS specify password
1bd029de	88	PASV prepare for server-to-server transfer
917eb9fe	89	PORT specify data connection port
1bd029de	90	PWD print the current working directory
917eb9fe	91	QUIT terminate session
fdb56acd	92	REST restart incomplete transfer
917eb9fe	93	RETR retrieve a file
1bd029de	94	RMD remove a directory
917eb9fe KM	95	RNFR specify rename-from file name
917eb9fe KM	96	RNTO specify rename-to file name
fdb56acd MK	97	SITE non-standard commands (see next section)
	98	SIZE return size of file
	99	STAT return status of server
917eb9fe	100	STOR store a file
1bd029de	101	STOU store a file with a unique name
917eb9fe	102	STRU specify data transfer \fIstructure\fP
843d1a1c	103	SYST show operating system type of server system
917eb9fe KM	104	TYPE specify data transfer \fItype\fP
917eb9fe KM	105	USER specify user name
fdb56acd MK	106	XCUP change to parent of current working directory (deprecated)
	107	XCWD change working directory (deprecated)
	108	XMKD make a directory (deprecated)
	109	XPWD print the current working directory (deprecated)
	110	XRMD remove a directory (deprecated)
	111	.fi
	112	.PP
	113	The following non-standard or UNIX specific commands are supported
	114	by the SITE request.
	115	.PP
	116	.nf
	117	.ta \w'Request 'u
	118	\fBRequest Description\fP
	119	UMASK change umask. \fIE.g.\fP SITE UMASK 002
	120	IDLE set idle-timer. \fIE.g.\fP SITE IDLE 60
	121	CHMOD change mode of a file. \fIE.g.\fP SITE CHMOD 755 filename
	122	HELP give help information. \fIE.g.\fP SITE HELP
917eb9fe KM	123	.fi
917eb9fe KM	124	.PP
1bd029de	125	The remaining ftp requests specified in Internet RFC 959 are
917eb9fe	126	recognized, but not implemented.
fdb56acd MK	127	MDTM and SIZE are not specified in
fdb56acd MK	128	RFC 959, but will appear in the next updated FTP RFC.
917eb9fe	129	.PP
1bd029de GM	130	The ftp server will abort an active file transfer only when the
	131	ABOR command is preceded by a Telnet "Interrupt Process" (IP)
	132	signal and a Telnet "Synch" signal in the command Telnet stream,
	133	as described in Internet RFC 959.
fdb56acd MK	134	If a STAT command is received during a data transfer, preceded by a Telnet IP
fdb56acd MK	135	and Synch, transfer status will be returned.
1bd029de	136	.PP
917eb9fe KM	137	.I Ftpd
	138	interprets file names according to the ``globbing''
	139	conventions used by
	140	.IR csh (1).
	141	This allows users to utilize the metacharacters ``*?[]{}~''.
	142	.PP
	143	.I Ftpd
	144	authenticates users according to three rules.
	145	.IP 1)
	146	The user name must be in the password data base,
	147	.IR /etc/passwd ,
	148	and not have a null password. In this case a password
	149	must be provided by the client before any file operations
	150	may be performed.
	151	.IP 2)
	152	The user name must not appear in the file
	153	.IR /etc/ftpusers .
	154	.IP 3)
06e77c11 KM	155	The user must have a standard shell returned by
	156	.IR getusershell (3).
	157	.IP 4)
917eb9fe KM	158	If the user name is ``anonymous'' or ``ftp'', an
	159	anonymous ftp account must be present in the password
	160	file (user ``ftp''). In this case the user is allowed
	161	to log in by specifying any password (by convention this
	162	is given as the client host's name).
	163	.PP
	164	In the last case,
	165	.I ftpd
	166	takes special measures to restrict the client's access privileges.
	167	The server performs a
	168	.IR chroot (2)
	169	command to the home directory of the ``ftp'' user.
	170	In order that system security is not breached, it is recommended
	171	that the ``ftp'' subtree be constructed with care; the following
	172	rules are recommended.
	173	.IP ~ftp)
	174	Make the home directory owned by ``ftp'' and unwritable by anyone.
	175	.IP ~ftp/bin)
	176	Make this directory owned by the super-user and unwritable by
	177	anyone. The program
	178	.IR ls (1)
fdb56acd	179	must be present to support the list command. This
917eb9fe KM	180	program should have mode 111.
	181	.IP ~ftp/etc)
	182	Make this directory owned by the super-user and unwritable by
	183	anyone. The files
	184	.IR passwd (5)
	185	and
	186	.IR group (5)
	187	must be present for the
	188	.I ls
fdb56acd MK	189	command to be able to produce owner names rather than numbers.
	190	The password field in
	191	.I passwd
	192	is not used, and should not contain real encrypted passwords.
	193	These files should be mode 444.
917eb9fe KM	194	.IP ~ftp/pub)
	195	Make this directory mode 777 and owned by ``ftp''. Users
	196	should then place files which are to be accessible via the
	197	anonymous account in this directory.
	198	.SH "SEE ALSO"
43c671de	199	ftp(1), getusershell(3), syslogd(8)
917eb9fe	200	.SH BUGS
917eb9fe KM	201	The anonymous account is inherently dangerous and should
	202	avoided when possible.
	203	.PP
	204	The server must run as the super-user
	205	to create sockets with privileged port numbers. It maintains
	206	an effective user id of the logged in user, reverting to
	207	the super-user only when binding addresses to sockets. The
	208	possible security holes have been extensively
	209	scrutinized, but are possibly incomplete.