| 1 | .\" Copyright (c) 1985, 1988 The Regents of the University of California. |
| 2 | .\" All rights reserved. |
| 3 | .\" |
| 4 | .\" Redistribution and use in source and binary forms are permitted |
| 5 | .\" provided that the above copyright notice and this paragraph are |
| 6 | .\" duplicated in all such forms and that any documentation, |
| 7 | .\" advertising materials, and other materials related to such |
| 8 | .\" distribution and use acknowledge that the software was developed |
| 9 | .\" by the University of California, Berkeley. The name of the |
| 10 | .\" University may not be used to endorse or promote products derived |
| 11 | .\" from this software without specific prior written permission. |
| 12 | .\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR |
| 13 | .\" IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED |
| 14 | .\" WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. |
| 15 | .\" |
| 16 | .\" @(#)ftpd.8 6.7.1.1 (Berkeley) %G% |
| 17 | .\" |
| 18 | .TH FTPD 8 "February 23, 1989" |
| 19 | .UC 5 |
| 20 | .SH NAME |
| 21 | ftpd \- DARPA Internet File Transfer Protocol server |
| 22 | .SH SYNOPSIS |
| 23 | .B /etc/ftpd |
| 24 | [ |
| 25 | .B \-d |
| 26 | ] [ |
| 27 | .B \-l |
| 28 | ] [ |
| 29 | .BR \-t timeout |
| 30 | ] [ |
| 31 | .BR \-T maxtimeout |
| 32 | ] |
| 33 | .SH DESCRIPTION |
| 34 | .I Ftpd |
| 35 | is the DARPA Internet File Transfer Protocol |
| 36 | server process. The server uses the TCP protocol |
| 37 | and listens at the port specified in the ``ftp'' |
| 38 | service specification; see |
| 39 | .IR services (5). |
| 40 | .PP |
| 41 | If the |
| 42 | .B \-d |
| 43 | option is specified, |
| 44 | debugging information is written to the syslog. |
| 45 | .PP |
| 46 | If the |
| 47 | .B \-l |
| 48 | option is specified, |
| 49 | each ftp session is logged in the syslog. |
| 50 | .PP |
| 51 | The ftp server |
| 52 | will timeout an inactive session after 15 minutes. |
| 53 | If the |
| 54 | .B \-t |
| 55 | option is specified, |
| 56 | the inactivity timeout period will be set to |
| 57 | .I timeout |
| 58 | seconds. |
| 59 | A client may also request a different timeout period; |
| 60 | the maximum period allowed may be set to |
| 61 | .I timeout |
| 62 | seconds with the |
| 63 | .B \-T |
| 64 | option. |
| 65 | The default limit is 2 hours. |
| 66 | .PP |
| 67 | The ftp server currently supports the following ftp |
| 68 | requests; case is not distinguished. |
| 69 | .PP |
| 70 | .nf |
| 71 | .ta \w'Request 'u |
| 72 | \fBRequest Description\fP |
| 73 | ABOR abort previous command |
| 74 | ACCT specify account (ignored) |
| 75 | ALLO allocate storage (vacuously) |
| 76 | APPE append to a file |
| 77 | CDUP change to parent of current working directory |
| 78 | CWD change working directory |
| 79 | DELE delete a file |
| 80 | HELP give help information |
| 81 | LIST give list files in a directory (``ls -lgA'') |
| 82 | MKD make a directory |
| 83 | MDTM show last modification time of file |
| 84 | MODE specify data transfer \fImode\fP |
| 85 | NLST give name list of files in directory |
| 86 | NOOP do nothing |
| 87 | PASS specify password |
| 88 | PASV prepare for server-to-server transfer |
| 89 | PORT specify data connection port |
| 90 | PWD print the current working directory |
| 91 | QUIT terminate session |
| 92 | RETR retrieve a file |
| 93 | RMD remove a directory |
| 94 | RNFR specify rename-from file name |
| 95 | RNTO specify rename-to file name |
| 96 | SITE non-standard commands (see next section) |
| 97 | SIZE return size of file |
| 98 | STAT return status of server |
| 99 | STOR store a file |
| 100 | STOU store a file with a unique name |
| 101 | STRU specify data transfer \fIstructure\fP |
| 102 | SYST show operating system type of server system |
| 103 | TYPE specify data transfer \fItype\fP |
| 104 | USER specify user name |
| 105 | XCUP change to parent of current working directory (deprecated) |
| 106 | XCWD change working directory (deprecated) |
| 107 | XMKD make a directory (deprecated) |
| 108 | XPWD print the current working directory (deprecated) |
| 109 | XRMD remove a directory (deprecated) |
| 110 | .fi |
| 111 | .PP |
| 112 | The following non-standard or UNIX specific commands are supported |
| 113 | by the SITE request. |
| 114 | .PP |
| 115 | .nf |
| 116 | .ta \w'Request 'u |
| 117 | \fBRequest Description\fP |
| 118 | UMASK change umask. \fIE.g.\fP SITE UMASK 002 |
| 119 | IDLE set idle-timer. \fIE.g.\fP SITE IDLE 60 |
| 120 | CHMOD change mode of a file. \fIE.g.\fP SITE CHMOD 755 filename |
| 121 | HELP give help information. \fIE.g.\fP SITE HELP |
| 122 | .fi |
| 123 | .PP |
| 124 | The remaining ftp requests specified in Internet RFC 959 are |
| 125 | recognized, but not implemented. |
| 126 | MDTM and SIZE are not specified in |
| 127 | RFC 959, but will appear in the next updated FTP RFC. |
| 128 | .PP |
| 129 | The ftp server will abort an active file transfer only when the |
| 130 | ABOR command is preceded by a Telnet "Interrupt Process" (IP) |
| 131 | signal and a Telnet "Synch" signal in the command Telnet stream, |
| 132 | as described in Internet RFC 959. |
| 133 | If a STAT command is received during a data transfer, preceded by a Telnet IP |
| 134 | and Synch, transfer status will be returned. |
| 135 | .PP |
| 136 | .I Ftpd |
| 137 | interprets file names according to the ``globbing'' |
| 138 | conventions used by |
| 139 | .IR csh (1). |
| 140 | This allows users to utilize the metacharacters ``*?[]{}~''. |
| 141 | .PP |
| 142 | .I Ftpd |
| 143 | authenticates users according to three rules. |
| 144 | .IP 1) |
| 145 | The user name must be in the password data base, |
| 146 | .IR /etc/passwd , |
| 147 | and not have a null password. In this case a password |
| 148 | must be provided by the client before any file operations |
| 149 | may be performed. |
| 150 | .IP 2) |
| 151 | The user name must not appear in the file |
| 152 | .IR /etc/ftpusers . |
| 153 | .IP 3) |
| 154 | The user must have a standard shell returned by |
| 155 | .IR getusershell (3). |
| 156 | .IP 4) |
| 157 | If the user name is ``anonymous'' or ``ftp'', an |
| 158 | anonymous ftp account must be present in the password |
| 159 | file (user ``ftp''). In this case the user is allowed |
| 160 | to log in by specifying any password (by convention this |
| 161 | is given as the client host's name). |
| 162 | .PP |
| 163 | In the last case, |
| 164 | .I ftpd |
| 165 | takes special measures to restrict the client's access privileges. |
| 166 | The server performs a |
| 167 | .IR chroot (2) |
| 168 | command to the home directory of the ``ftp'' user. |
| 169 | In order that system security is not breached, it is recommended |
| 170 | that the ``ftp'' subtree be constructed with care; the following |
| 171 | rules are recommended. |
| 172 | .IP ~ftp) |
| 173 | Make the home directory owned by ``ftp'' and unwritable by anyone. |
| 174 | .IP ~ftp/bin) |
| 175 | Make this directory owned by the super-user and unwritable by |
| 176 | anyone. The program |
| 177 | .IR ls (1) |
| 178 | must be present to support the list command. This |
| 179 | program should have mode 111. |
| 180 | .IP ~ftp/etc) |
| 181 | Make this directory owned by the super-user and unwritable by |
| 182 | anyone. The files |
| 183 | .IR passwd (5) |
| 184 | and |
| 185 | .IR group (5) |
| 186 | must be present for the |
| 187 | .I ls |
| 188 | command to be able to produce owner names rather than numbers. |
| 189 | The password field in |
| 190 | .I passwd |
| 191 | is not used, and should not contain real encrypted passwords. |
| 192 | These files should be mode 444. |
| 193 | .IP ~ftp/pub) |
| 194 | Make this directory mode 777 and owned by ``ftp''. Users |
| 195 | should then place files which are to be accessible via the |
| 196 | anonymous account in this directory. |
| 197 | .SH "SEE ALSO" |
| 198 | ftp(1), getusershell(3), syslogd(8) |
| 199 | .SH BUGS |
| 200 | The anonymous account is inherently dangerous and should |
| 201 | avoided when possible. |
| 202 | .PP |
| 203 | The server must run as the super-user |
| 204 | to create sockets with privileged port numbers. It maintains |
| 205 | an effective user id of the logged in user, reverting to |
| 206 | the super-user only when binding addresses to sockets. The |
| 207 | possible security holes have been extensively |
| 208 | scrutinized, but are possibly incomplete. |