[unix-history] / usr / src / libexec / ftpd / ftpd.8

.\" Copyright (c) 1985, 1988 The Regents of the University of California.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms are permitted
.\" provided that the above copyright notice and this paragraph are
.\" duplicated in all such forms and that any documentation,
.\" advertising materials, and other materials related to such
.\" distribution and use acknowledge that the software was developed
.\" by the University of California, Berkeley.  The name of the
.\" University may not be used to endorse or promote products derived
.\" from this software without specific prior written permission.
.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
.\" IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
.\" WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
.\"
.\"	@(#)ftpd.8	6.7.1.1 (Berkeley) %G%
.\"
.TH FTPD 8 "February 23, 1989"
.UC 5
.SH NAME
ftpd \- DARPA Internet File Transfer Protocol server
.SH SYNOPSIS
.B /etc/ftpd
[
.B \-d
] [
.B \-l
] [
.BR \-t timeout
] [
.BR \-T maxtimeout
]
.SH DESCRIPTION
.I Ftpd
is the DARPA Internet File Transfer Protocol
server process.  The server uses the TCP protocol
and listens at the port specified in the ``ftp''
service specification; see
.IR services (5).
.PP
If the 
.B \-d
option is specified,
debugging information is written to the syslog.
.PP
If the
.B \-l
option is specified,
each ftp session is logged in the syslog.
.PP
The ftp server
will timeout an inactive session after 15 minutes.
If the
.B \-t
option is specified,
the inactivity timeout period will be set to
.I timeout
seconds.
A client may also request a different timeout period;
the maximum period allowed may be set to
.I timeout
seconds with the
.B \-T
option.
The default limit is 2 hours.
.PP
The ftp server currently supports the following ftp
requests; case is not distinguished.
.PP
.nf
.ta \w'Request        'u
\fBRequest	Description\fP
ABOR	abort previous command
ACCT	specify account (ignored)
ALLO	allocate storage (vacuously)
APPE	append to a file
CDUP	change to parent of current working directory
CWD	change working directory
DELE	delete a file
HELP	give help information
LIST	give list files in a directory (``ls -lgA'')
MKD	make a directory
MDTM	show last modification time of file
MODE	specify data transfer \fImode\fP
NLST	give name list of files in directory 
NOOP	do nothing
PASS	specify password
PASV	prepare for server-to-server transfer
PORT	specify data connection port
PWD	print the current working directory
QUIT	terminate session
RETR	retrieve a file
RMD	remove a directory
RNFR	specify rename-from file name
RNTO	specify rename-to file name
SITE	non-standard commands (see next section)
SIZE	return size of file
STAT	return status of server
STOR	store a file
STOU	store a file with a unique name
STRU	specify data transfer \fIstructure\fP
SYST	show operating system type of server system
TYPE	specify data transfer \fItype\fP
USER	specify user name
XCUP	change to parent of current working directory (deprecated)
XCWD	change working directory (deprecated)
XMKD	make a directory (deprecated)
XPWD	print the current working directory (deprecated)
XRMD	remove a directory (deprecated)
.fi
.PP
The following non-standard or UNIX specific commands are supported
by the SITE request.
.PP
.nf
.ta \w'Request        'u
\fBRequest	Description\fP
UMASK	change umask. \fIE.g.\fP SITE UMASK 002
IDLE	set idle-timer. \fIE.g.\fP SITE IDLE 60
CHMOD	change mode of a file. \fIE.g.\fP SITE CHMOD 755 filename
HELP	give help information. \fIE.g.\fP SITE HELP
.fi
.PP
The remaining ftp requests specified in Internet RFC 959 are
recognized, but not implemented.
MDTM and SIZE are not specified in
RFC 959, but will appear in the next updated FTP RFC.
.PP
The ftp server will abort an active file transfer only when the
ABOR command is preceded by a Telnet "Interrupt Process" (IP)
signal and a Telnet "Synch" signal in the command Telnet stream,
as described in Internet RFC 959.
If a STAT command is received during a data transfer, preceded by a Telnet IP
and Synch, transfer status will be returned.
.PP
.I Ftpd
interprets file names according to the ``globbing''
conventions used by
.IR csh (1).
This allows users to utilize the metacharacters ``*?[]{}~''.
.PP
.I Ftpd
authenticates users according to three rules. 
.IP 1)
The user name must be in the password data base,
.IR /etc/passwd ,
and not have a null password.  In this case a password
must be provided by the client before any file operations
may be performed.
.IP 2)
The user name must not appear in the file
.IR /etc/ftpusers .
.IP 3)
The user must have a standard shell returned by 
.IR getusershell (3).
.IP 4)
If the user name is ``anonymous'' or ``ftp'', an
anonymous ftp account must be present in the password
file (user ``ftp'').  In this case the user is allowed
to log in by specifying any password (by convention this
is given as the client host's name).
.PP
In the last case, 
.I ftpd
takes special measures to restrict the client's access privileges.
The server performs a 
.IR chroot (2)
command to the home directory of the ``ftp'' user.
In order that system security is not breached, it is recommended
that the ``ftp'' subtree be constructed with care;  the following
rules are recommended.
.IP ~ftp)
Make the home directory owned by ``ftp'' and unwritable by anyone.
.IP ~ftp/bin)
Make this directory owned by the super-user and unwritable by
anyone.  The program
.IR ls (1)
must be present to support the list command.  This
program should have mode 111.
.IP ~ftp/etc)
Make this directory owned by the super-user and unwritable by
anyone.  The files
.IR passwd (5)
and
.IR group (5)
must be present for the 
.I ls
command to be able to produce owner names rather than numbers.
The password field in
.I passwd
is not used, and should not contain real encrypted passwords.
These files should be mode 444.
.IP ~ftp/pub)
Make this directory mode 777 and owned by ``ftp''.  Users
should then place files which are to be accessible via the
anonymous account in this directory.
.SH "SEE ALSO"
ftp(1), getusershell(3), syslogd(8)
.SH BUGS
The anonymous account is inherently dangerous and should
avoided when possible.
.PP
The server must run as the super-user
to create sockets with privileged port numbers.  It maintains
an effective user id of the logged in user, reverting to
the super-user only when binding addresses to sockets.  The
possible security holes have been extensively
scrutinized, but are possibly incomplete.
Commit	Line	Data
fdb56acd	1	.\" Copyright (c) 1985, 1988 The Regents of the University of California.
43c671de	2	.\" All rights reserved.
917eb9fe	3	.\"
43c671de KB	4	.\" Redistribution and use in source and binary forms are permitted
	5	.\" provided that the above copyright notice and this paragraph are
	6	.\" duplicated in all such forms and that any documentation,
	7	.\" advertising materials, and other materials related to such
	8	.\" distribution and use acknowledge that the software was developed
	9	.\" by the University of California, Berkeley. The name of the
	10	.\" University may not be used to endorse or promote products derived
	11	.\" from this software without specific prior written permission.
	12	.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
	13	.\" IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
	14	.\" WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
917eb9fe	15	.\"
8ba00015	16	.\" @(#)ftpd.8 6.7.1.1 (Berkeley) %G%
43c671de	17	.\"
fdb56acd	18	.TH FTPD 8 "February 23, 1989"
917eb9fe KM	19	.UC 5
	20	.SH NAME
	21	ftpd \- DARPA Internet File Transfer Protocol server
	22	.SH SYNOPSIS
	23	.B /etc/ftpd
	24	[
	25	.B \-d
	26	] [
	27	.B \-l
	28	] [
	29	.BR \-t timeout
fdb56acd MK	30	] [
fdb56acd MK	31	.BR \-T maxtimeout
917eb9fe KM	32	]
	33	.SH DESCRIPTION
	34	.I Ftpd
fdb56acd	35	is the DARPA Internet File Transfer Protocol
917eb9fe KM	36	server process. The server uses the TCP protocol
	37	and listens at the port specified in the ``ftp''
	38	service specification; see
	39	.IR services (5).
	40	.PP
	41	If the
	42	.B \-d
	43	option is specified,
2c32d7db	44	debugging information is written to the syslog.
917eb9fe KM	45	.PP
	46	If the
	47	.B \-l
	48	option is specified,
2c32d7db	49	each ftp session is logged in the syslog.
917eb9fe KM	50	.PP
917eb9fe KM	51	The ftp server
2c32d7db	52	will timeout an inactive session after 15 minutes.
917eb9fe KM	53	If the
	54	.B \-t
	55	option is specified,
	56	the inactivity timeout period will be set to
fdb56acd MK	57	.I timeout
	58	seconds.
	59	A client may also request a different timeout period;
	60	the maximum period allowed may be set to
	61	.I timeout
	62	seconds with the
	63	.B \-T
	64	option.
	65	The default limit is 2 hours.
917eb9fe KM	66	.PP
917eb9fe KM	67	The ftp server currently supports the following ftp
fdb56acd	68	requests; case is not distinguished.
917eb9fe KM	69	.PP
	70	.nf
	71	.ta \w'Request 'u
	72	\fBRequest Description\fP
1bd029de	73	ABOR abort previous command
917eb9fe KM	74	ACCT specify account (ignored)
	75	ALLO allocate storage (vacuously)
	76	APPE append to a file
1bd029de	77	CDUP change to parent of current working directory
917eb9fe KM	78	CWD change working directory
	79	DELE delete a file
	80	HELP give help information
fdb56acd	81	LIST give list files in a directory (``ls -lgA'')
1bd029de	82	MKD make a directory
fdb56acd	83	MDTM show last modification time of file
917eb9fe	84	MODE specify data transfer \fImode\fP
fdb56acd	85	NLST give name list of files in directory
917eb9fe KM	86	NOOP do nothing
917eb9fe KM	87	PASS specify password
1bd029de	88	PASV prepare for server-to-server transfer
917eb9fe	89	PORT specify data connection port
1bd029de	90	PWD print the current working directory
917eb9fe KM	91	QUIT terminate session
917eb9fe KM	92	RETR retrieve a file
1bd029de	93	RMD remove a directory
917eb9fe KM	94	RNFR specify rename-from file name
917eb9fe KM	95	RNTO specify rename-to file name
fdb56acd MK	96	SITE non-standard commands (see next section)
	97	SIZE return size of file
	98	STAT return status of server
917eb9fe	99	STOR store a file
1bd029de	100	STOU store a file with a unique name
917eb9fe	101	STRU specify data transfer \fIstructure\fP
843d1a1c	102	SYST show operating system type of server system
917eb9fe KM	103	TYPE specify data transfer \fItype\fP
917eb9fe KM	104	USER specify user name
fdb56acd MK	105	XCUP change to parent of current working directory (deprecated)
	106	XCWD change working directory (deprecated)
	107	XMKD make a directory (deprecated)
	108	XPWD print the current working directory (deprecated)
	109	XRMD remove a directory (deprecated)
	110	.fi
	111	.PP
	112	The following non-standard or UNIX specific commands are supported
	113	by the SITE request.
	114	.PP
	115	.nf
	116	.ta \w'Request 'u
	117	\fBRequest Description\fP
	118	UMASK change umask. \fIE.g.\fP SITE UMASK 002
	119	IDLE set idle-timer. \fIE.g.\fP SITE IDLE 60
	120	CHMOD change mode of a file. \fIE.g.\fP SITE CHMOD 755 filename
	121	HELP give help information. \fIE.g.\fP SITE HELP
917eb9fe KM	122	.fi
917eb9fe KM	123	.PP
1bd029de	124	The remaining ftp requests specified in Internet RFC 959 are
917eb9fe	125	recognized, but not implemented.
fdb56acd MK	126	MDTM and SIZE are not specified in
fdb56acd MK	127	RFC 959, but will appear in the next updated FTP RFC.
917eb9fe	128	.PP
1bd029de GM	129	The ftp server will abort an active file transfer only when the
	130	ABOR command is preceded by a Telnet "Interrupt Process" (IP)
	131	signal and a Telnet "Synch" signal in the command Telnet stream,
	132	as described in Internet RFC 959.
fdb56acd MK	133	If a STAT command is received during a data transfer, preceded by a Telnet IP
fdb56acd MK	134	and Synch, transfer status will be returned.
1bd029de	135	.PP
917eb9fe KM	136	.I Ftpd
	137	interprets file names according to the ``globbing''
	138	conventions used by
	139	.IR csh (1).
	140	This allows users to utilize the metacharacters ``*?[]{}~''.
	141	.PP
	142	.I Ftpd
	143	authenticates users according to three rules.
	144	.IP 1)
	145	The user name must be in the password data base,
	146	.IR /etc/passwd ,
	147	and not have a null password. In this case a password
	148	must be provided by the client before any file operations
	149	may be performed.
	150	.IP 2)
	151	The user name must not appear in the file
	152	.IR /etc/ftpusers .
	153	.IP 3)
06e77c11 KM	154	The user must have a standard shell returned by
	155	.IR getusershell (3).
	156	.IP 4)
917eb9fe KM	157	If the user name is ``anonymous'' or ``ftp'', an
	158	anonymous ftp account must be present in the password
	159	file (user ``ftp''). In this case the user is allowed
	160	to log in by specifying any password (by convention this
	161	is given as the client host's name).
	162	.PP
	163	In the last case,
	164	.I ftpd
	165	takes special measures to restrict the client's access privileges.
	166	The server performs a
	167	.IR chroot (2)
	168	command to the home directory of the ``ftp'' user.
	169	In order that system security is not breached, it is recommended
	170	that the ``ftp'' subtree be constructed with care; the following
	171	rules are recommended.
	172	.IP ~ftp)
	173	Make the home directory owned by ``ftp'' and unwritable by anyone.
	174	.IP ~ftp/bin)
	175	Make this directory owned by the super-user and unwritable by
	176	anyone. The program
	177	.IR ls (1)
fdb56acd	178	must be present to support the list command. This
917eb9fe KM	179	program should have mode 111.
	180	.IP ~ftp/etc)
	181	Make this directory owned by the super-user and unwritable by
	182	anyone. The files
	183	.IR passwd (5)
	184	and
	185	.IR group (5)
	186	must be present for the
	187	.I ls
fdb56acd MK	188	command to be able to produce owner names rather than numbers.
	189	The password field in
	190	.I passwd
	191	is not used, and should not contain real encrypted passwords.
	192	These files should be mode 444.
917eb9fe KM	193	.IP ~ftp/pub)
	194	Make this directory mode 777 and owned by ``ftp''. Users
	195	should then place files which are to be accessible via the
	196	anonymous account in this directory.
	197	.SH "SEE ALSO"
43c671de	198	ftp(1), getusershell(3), syslogd(8)
917eb9fe	199	.SH BUGS
917eb9fe KM	200	The anonymous account is inherently dangerous and should
	201	avoided when possible.
	202	.PP
	203	The server must run as the super-user
	204	to create sockets with privileged port numbers. It maintains
	205	an effective user id of the logged in user, reverting to
	206	the super-user only when binding addresses to sockets. The
	207	possible security holes have been extensively
	208	scrutinized, but are possibly incomplete.