Commit | Line | Data |
---|---|---|
00bbb787 KB |
1 | .\" Copyright (c) 1985, 1988, 1991, 1993 |
2 | .\" The Regents of the University of California. All rights reserved. | |
917eb9fe | 3 | .\" |
ad787160 C |
4 | .\" Redistribution and use in source and binary forms, with or without |
5 | .\" modification, are permitted provided that the following conditions | |
6 | .\" are met: | |
7 | .\" 1. Redistributions of source code must retain the above copyright | |
8 | .\" notice, this list of conditions and the following disclaimer. | |
9 | .\" 2. Redistributions in binary form must reproduce the above copyright | |
10 | .\" notice, this list of conditions and the following disclaimer in the | |
11 | .\" documentation and/or other materials provided with the distribution. | |
12 | .\" 3. All advertising materials mentioning features or use of this software | |
13 | .\" must display the following acknowledgement: | |
14 | .\" This product includes software developed by the University of | |
15 | .\" California, Berkeley and its contributors. | |
16 | .\" 4. Neither the name of the University nor the names of its contributors | |
17 | .\" may be used to endorse or promote products derived from this software | |
18 | .\" without specific prior written permission. | |
917eb9fe | 19 | .\" |
ad787160 C |
20 | .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND |
21 | .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
22 | .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
23 | .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
24 | .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
25 | .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
26 | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
27 | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
28 | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
29 | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
30 | .\" SUCH DAMAGE. | |
43c671de | 31 | .\" |
ed554bc5 | 32 | .\" @(#)ftpd.8 8.2 (Berkeley) 4/19/94 |
ad787160 | 33 | .\" |
ed554bc5 | 34 | .Dd April 19, 1994 |
0fccfdb8 CL |
35 | .Dt FTPD 8 |
36 | .Os BSD 4.2 | |
37 | .Sh NAME | |
38 | .Nm ftpd | |
39 | .Nd | |
0fccfdb8 CL |
40 | Internet File Transfer Protocol server |
41 | .Sh SYNOPSIS | |
42 | .Nm ftpd | |
ee370f9f | 43 | .Op Fl dl |
0fccfdb8 | 44 | .Op Fl T Ar maxtimeout |
3ef4d8e8 | 45 | .Op Fl t Ar timeout |
0fccfdb8 CL |
46 | .Sh DESCRIPTION |
47 | .Nm Ftpd | |
48 | is the | |
0fccfdb8 CL |
49 | Internet File Transfer Protocol |
50 | server process. The server uses the | |
51 | .Tn TCP | |
52 | protocol | |
53 | and listens at the port specified in the | |
54 | .Dq ftp | |
917eb9fe | 55 | service specification; see |
0fccfdb8 CL |
56 | .Xr services 5 . |
57 | .Pp | |
58 | Available options: | |
59 | .Bl -tag -width Ds | |
60 | .It Fl d | |
3ef4d8e8 | 61 | Debugging information is written to the syslog using LOG_FTP. |
0fccfdb8 | 62 | .It Fl l |
3ef4d8e8 | 63 | Each successful and failed |
0fccfdb8 | 64 | .Xr ftp 1 |
3ef4d8e8 AC |
65 | session is logged using syslog with a facility of LOG_FTP. |
66 | If this option is specified twice, the retrieve (get), store (put), append, | |
67 | delete, make directory, remove directory and rename operations and | |
68 | their filename arguments are also logged. | |
0fccfdb8 | 69 | .It Fl T |
fdb56acd MK |
70 | A client may also request a different timeout period; |
71 | the maximum period allowed may be set to | |
0fccfdb8 | 72 | .Ar timeout |
fdb56acd | 73 | seconds with the |
0fccfdb8 | 74 | .Fl T |
fdb56acd MK |
75 | option. |
76 | The default limit is 2 hours. | |
3ef4d8e8 AC |
77 | .It Fl t |
78 | The inactivity timeout period is set to | |
79 | .Ar timeout | |
80 | seconds (the default is 15 minutes). | |
0fccfdb8 CL |
81 | .El |
82 | .Pp | |
3ef4d8e8 AC |
83 | The file |
84 | .Pa /etc/nologin | |
85 | can be used to disable ftp access. | |
86 | If the file exists, | |
87 | .Nm | |
88 | displays it and exits. | |
89 | If the file | |
90 | .Pa /etc/ftpwelcome | |
91 | exists, | |
92 | .Nm | |
93 | prints it before issuing the | |
94 | .Dq ready | |
95 | message. | |
96 | If the file | |
97 | .Pa /etc/motd | |
98 | exists, | |
99 | .Nm | |
ed554bc5 | 100 | prints it after a successful login. |
3ef4d8e8 AC |
101 | .Pp |
102 | The ftp server currently supports the following ftp requests. | |
103 | The case of the requests is ignored. | |
0fccfdb8 CL |
104 | .Bl -column "Request" -offset indent |
105 | .It Request Ta "Description" | |
106 | .It ABOR Ta "abort previous command" | |
107 | .It ACCT Ta "specify account (ignored)" | |
108 | .It ALLO Ta "allocate storage (vacuously)" | |
109 | .It APPE Ta "append to a file" | |
110 | .It CDUP Ta "change to parent of current working directory" | |
111 | .It CWD Ta "change working directory" | |
112 | .It DELE Ta "delete a file" | |
113 | .It HELP Ta "give help information" | |
114 | .It LIST Ta "give list files in a directory" Pq Dq Li "ls -lgA" | |
115 | .It MKD Ta "make a directory" | |
116 | .It MDTM Ta "show last modification time of file" | |
117 | .It MODE Ta "specify data transfer" Em mode | |
118 | .It NLST Ta "give name list of files in directory" | |
119 | .It NOOP Ta "do nothing" | |
120 | .It PASS Ta "specify password" | |
121 | .It PASV Ta "prepare for server-to-server transfer" | |
122 | .It PORT Ta "specify data connection port" | |
123 | .It PWD Ta "print the current working directory" | |
124 | .It QUIT Ta "terminate session" | |
125 | .It REST Ta "restart incomplete transfer" | |
126 | .It RETR Ta "retrieve a file" | |
127 | .It RMD Ta "remove a directory" | |
128 | .It RNFR Ta "specify rename-from file name" | |
129 | .It RNTO Ta "specify rename-to file name" | |
130 | .It SITE Ta "non-standard commands (see next section)" | |
131 | .It SIZE Ta "return size of file" | |
132 | .It STAT Ta "return status of server" | |
133 | .It STOR Ta "store a file" | |
134 | .It STOU Ta "store a file with a unique name" | |
135 | .It STRU Ta "specify data transfer" Em structure | |
136 | .It SYST Ta "show operating system type of server system" | |
137 | .It TYPE Ta "specify data transfer" Em type | |
138 | .It USER Ta "specify user name" | |
139 | .It XCUP Ta "change to parent of current working directory (deprecated)" | |
140 | .It XCWD Ta "change working directory (deprecated)" | |
141 | .It XMKD Ta "make a directory (deprecated)" | |
142 | .It XPWD Ta "print the current working directory (deprecated)" | |
143 | .It XRMD Ta "remove a directory (deprecated)" | |
144 | .El | |
145 | .Pp | |
146 | The following non-standard or | |
147 | .Tn UNIX | |
148 | specific commands are supported | |
149 | by the | |
150 | SITE request. | |
151 | .Pp | |
152 | .Bl -column Request -offset indent | |
153 | .It Sy Request Ta Sy Description | |
3ef4d8e8 AC |
154 | .It UMASK Ta change umask, e.g. ``SITE UMASK 002'' |
155 | .It IDLE Ta set idle-timer, e.g. ``SITE IDLE 60'' | |
156 | .It CHMOD Ta change mode of a file, e.g. ``SITE CHMOD 755 filename'' | |
157 | .It HELP Ta give help information. | |
0fccfdb8 CL |
158 | .El |
159 | .Pp | |
3ef4d8e8 | 160 | The remaining ftp requests specified in Internet RFC 959 |
0fccfdb8 | 161 | are |
917eb9fe | 162 | recognized, but not implemented. |
3ef4d8e8 AC |
163 | MDTM and SIZE are not specified in RFC 959, but will appear in the |
164 | next updated FTP RFC. | |
0fccfdb8 | 165 | .Pp |
1bd029de | 166 | The ftp server will abort an active file transfer only when the |
0fccfdb8 CL |
167 | ABOR |
168 | command is preceded by a Telnet "Interrupt Process" (IP) | |
1bd029de | 169 | signal and a Telnet "Synch" signal in the command Telnet stream, |
3ef4d8e8 | 170 | as described in Internet RFC 959. |
0fccfdb8 CL |
171 | If a |
172 | STAT | |
173 | command is received during a data transfer, preceded by a Telnet IP | |
fdb56acd | 174 | and Synch, transfer status will be returned. |
0fccfdb8 CL |
175 | .Pp |
176 | .Nm Ftpd | |
177 | interprets file names according to the | |
178 | .Dq globbing | |
917eb9fe | 179 | conventions used by |
0fccfdb8 CL |
180 | .Xr csh 1 . |
181 | This allows users to utilize the metacharacters | |
182 | .Dq Li \&*?[]{}~ . | |
183 | .Pp | |
184 | .Nm Ftpd | |
917eb9fe | 185 | authenticates users according to three rules. |
0fccfdb8 CL |
186 | .Pp |
187 | .Bl -enum -offset indent | |
188 | .It | |
3ef4d8e8 | 189 | The login name must be in the password data base, |
0fccfdb8 | 190 | .Pa /etc/passwd , |
3ef4d8e8 AC |
191 | and not have a null password. |
192 | In this case a password must be provided by the client before any | |
193 | file operations may be performed. | |
0fccfdb8 | 194 | .It |
3ef4d8e8 | 195 | The login name must not appear in the file |
0fccfdb8 CL |
196 | .Pa /etc/ftpusers . |
197 | .It | |
06e77c11 | 198 | The user must have a standard shell returned by |
0fccfdb8 CL |
199 | .Xr getusershell 3 . |
200 | .It | |
201 | If the user name is | |
202 | .Dq anonymous | |
203 | or | |
204 | .Dq ftp , | |
205 | an | |
917eb9fe | 206 | anonymous ftp account must be present in the password |
0fccfdb8 CL |
207 | file (user |
208 | .Dq ftp ) . | |
209 | In this case the user is allowed | |
3ef4d8e8 AC |
210 | to log in by specifying any password (by convention an email address for |
211 | the user should be used as the password). | |
0fccfdb8 CL |
212 | .El |
213 | .Pp | |
917eb9fe | 214 | In the last case, |
0fccfdb8 | 215 | .Nm ftpd |
917eb9fe KM |
216 | takes special measures to restrict the client's access privileges. |
217 | The server performs a | |
0fccfdb8 | 218 | .Xr chroot 2 |
3ef4d8e8 | 219 | to the home directory of the |
0fccfdb8 CL |
220 | .Dq ftp |
221 | user. | |
917eb9fe | 222 | In order that system security is not breached, it is recommended |
0fccfdb8 CL |
223 | that the |
224 | .Dq ftp | |
ee370f9f | 225 | subtree be constructed with care, following these rules: |
0fccfdb8 CL |
226 | .Bl -tag -width "~ftp/pub" -offset indent |
227 | .It Pa ~ftp | |
228 | Make the home directory owned by | |
ee370f9f | 229 | .Dq root |
0fccfdb8 CL |
230 | and unwritable by anyone. |
231 | .It Pa ~ftp/bin | |
ee370f9f KB |
232 | Make this directory owned by |
233 | .Dq root | |
3ef4d8e8 | 234 | and unwritable by anyone (mode 555). |
ee370f9f | 235 | The program |
0fccfdb8 | 236 | .Xr ls 1 |
ee370f9f KB |
237 | must be present to support the list command. |
238 | This program should be mode 111. | |
0fccfdb8 | 239 | .It Pa ~ftp/etc |
ee370f9f KB |
240 | Make this directory owned by |
241 | .Dq root | |
3ef4d8e8 | 242 | and unwritable by anyone (mode 555). |
ee370f9f | 243 | The files |
0fccfdb8 | 244 | .Xr passwd 5 |
917eb9fe | 245 | and |
0fccfdb8 | 246 | .Xr group 5 |
917eb9fe | 247 | must be present for the |
0fccfdb8 | 248 | .Xr ls |
fdb56acd MK |
249 | command to be able to produce owner names rather than numbers. |
250 | The password field in | |
0fccfdb8 | 251 | .Xr passwd |
ee370f9f | 252 | is not used, and should not contain real passwords. |
3ef4d8e8 AC |
253 | The file |
254 | .Pa motd , | |
ed554bc5 | 255 | if present, will be printed after a successful login. |
fdb56acd | 256 | These files should be mode 444. |
0fccfdb8 CL |
257 | .It Pa ~ftp/pub |
258 | Make this directory mode 777 and owned by | |
259 | .Dq ftp . | |
ee370f9f KB |
260 | Guests |
261 | can then place files which are to be accessible via the anonymous | |
262 | account in this directory. | |
0fccfdb8 | 263 | .El |
3ef4d8e8 AC |
264 | .Sh FILES |
265 | .Bl -tag -width /etc/ftpwelcome -compact | |
266 | .It Pa /etc/ftpusers | |
267 | List of unwelcome/restricted users. | |
268 | .It Pa /etc/ftpwelcome | |
269 | Welcome notice. | |
270 | .It Pa /etc/motd | |
271 | Welcome notice after login. | |
272 | .It Pa /etc/nologin | |
273 | Displayed and access refused. | |
274 | .El | |
0fccfdb8 CL |
275 | .Sh SEE ALSO |
276 | .Xr ftp 1 , | |
277 | .Xr getusershell 3 , | |
278 | .Xr syslogd 8 | |
279 | .Sh BUGS | |
917eb9fe KM |
280 | The server must run as the super-user |
281 | to create sockets with privileged port numbers. It maintains | |
282 | an effective user id of the logged in user, reverting to | |
283 | the super-user only when binding addresses to sockets. The | |
284 | possible security holes have been extensively | |
285 | scrutinized, but are possibly incomplete. | |
0fccfdb8 CL |
286 | .Sh HISTORY |
287 | The | |
288 | .Nm | |
289 | command appeared in | |
290 | .Bx 4.2 . |