BSD 4_4_Lite1 release

[unix-history] / usr / src / libexec / ftpd / ftpd.8

diff --git a/usr/src/libexec/ftpd/ftpd.8 b/usr/src/libexec/ftpd/ftpd.8
index 271e562..a7c5cae 100644 (file)
--- a/usr/src/libexec/ftpd/ftpd.8
+++ b/usr/src/libexec/ftpd/ftpd.8
@@ -1,157 +1,290 @@
-.\" Copyright (c) 1983 Regents of the University of California.
-.\" All rights reserved.  The Berkeley software License Agreement
-.\" specifies the terms and conditions for redistribution.
+.\" Copyright (c) 1985, 1988, 1991, 1993
+.\"    The Regents of the University of California.  All rights reserved.

 .\"
 .\"

-.\"    @(#)ftpd.8      5.1 (Berkeley) %G%
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"    This product includes software developed by the University of
+.\"    California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.

 .\"
 .\"

-.TH FTPD 8C "4 March 1983"
-.UC 5
-.SH NAME
-ftpd \- DARPA Internet File Transfer Protocol server
-.SH SYNOPSIS
-.B /etc/ftpd
-[
-.B \-d
-] [
-.B \-l
-] [
-.BR \-t timeout
-]
-.SH DESCRIPTION
-.I Ftpd
-is the DARPA Internet File Transfer Prototocol
-server process.  The server uses the TCP protocol
-and listens at the port specified in the ``ftp''
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"     @(#)ftpd.8     8.2 (Berkeley) 4/19/94
+.\"
+.Dd April 19, 1994
+.Dt FTPD 8
+.Os BSD 4.2
+.Sh NAME
+.Nm ftpd
+.Nd
+Internet File Transfer Protocol server
+.Sh SYNOPSIS
+.Nm ftpd
+.Op Fl dl
+.Op Fl T Ar maxtimeout
+.Op Fl t Ar timeout
+.Sh DESCRIPTION
+.Nm Ftpd
+is the
+Internet File Transfer Protocol
+server process.  The server uses the
+.Tn TCP
+protocol
+and listens at the port specified in the
+.Dq ftp

 service specification; see
 service specification; see

-.IR services (5).
-.PP
-If the 
-.B \-d
-option is specified,
-each socket created will have debugging turned
-on (SO_DEBUG).  With debugging enabled, the system
-will trace all TCP packets sent and received on a
-socket.  The program
-.IR trpt (8C)
-may then be used to interpret the packet traces.
-.PP
-If the
-.B \-l
-option is specified,
-each ftp session is logged on the standard output.
-This allows a line of the form 
-`/etc/ftpd -l > /tmp/ftplog''
-to be used to conveniently maintain a log of ftp sessions.
-.PP
-The ftp server
-will timeout an inactive session after 60 seconds.
-If the
-.B \-t
-option is specified,
-the inactivity timeout period will be set to
-.IR timeout .
-.PP
-The ftp server currently supports the following ftp
-requests;  case is not distinguished.
-.PP
-.nf
-.ta \w'Request        'u
-\fBRequest     Description\fP
-ACCT   specify account (ignored)
-ALLO   allocate storage (vacuously)
-APPE   append to a file
-CWD    change working directory
-DELE   delete a file
-HELP   give help information
-LIST   give list files in a directory (``ls -lg'')
-MODE   specify data transfer \fImode\fP
-NLST   give name list of files in directory (``ls'')
-NOOP   do nothing
-PASS   specify password
-PORT   specify data connection port
-QUIT   terminate session
-RETR   retrieve a file
-RNFR   specify rename-from file name
-RNTO   specify rename-to file name
-STOR   store a file
-STRU   specify data transfer \fIstructure\fP
-TYPE   specify data transfer \fItype\fP
-USER   specify user name
-XCUP   change to parent of current working directory
-XCWD   change working directory
-XMKD   make a directory
-XPWD   print the current working directory
-XRMD   remove a directory
-.fi
-.PP
-The remaining ftp requests specified in Internet RFC 765 are
+.Xr services 5 .
+.Pp
+Available options:
+.Bl -tag -width Ds
+.It Fl d
+Debugging information is written to the syslog using LOG_FTP.
+.It Fl l
+Each successful and failed 
+.Xr ftp 1
+session is logged using syslog with a facility of LOG_FTP.
+If this option is specified twice, the retrieve (get), store (put), append,
+delete, make directory, remove directory and rename operations and
+their filename arguments are also logged.
+.It Fl T
+A client may also request a different timeout period;
+the maximum period allowed may be set to
+.Ar timeout
+seconds with the
+.Fl T
+option.
+The default limit is 2 hours.
+.It Fl t
+The inactivity timeout period is set to
+.Ar timeout
+seconds (the default is 15 minutes).
+.El
+.Pp
+The file
+.Pa /etc/nologin
+can be used to disable ftp access.
+If the file exists,
+.Nm
+displays it and exits.
+If the file
+.Pa /etc/ftpwelcome
+exists,
+.Nm
+prints it before issuing the 
+.Dq ready
+message.
+If the file
+.Pa /etc/motd
+exists,
+.Nm
+prints it after a successful login.
+.Pp
+The ftp server currently supports the following ftp requests.
+The case of the requests is ignored.
+.Bl -column "Request" -offset indent
+.It Request Ta "Description"
+.It ABOR Ta "abort previous command"
+.It ACCT Ta "specify account (ignored)"
+.It ALLO Ta "allocate storage (vacuously)"
+.It APPE Ta "append to a file"
+.It CDUP Ta "change to parent of current working directory"
+.It CWD Ta "change working directory"
+.It DELE Ta "delete a file"
+.It HELP Ta "give help information"
+.It LIST Ta "give list files in a directory" Pq Dq Li "ls -lgA"
+.It MKD Ta "make a directory"
+.It MDTM Ta "show last modification time of file"
+.It MODE Ta "specify data transfer" Em mode
+.It NLST Ta "give name list of files in directory"
+.It NOOP Ta "do nothing"
+.It PASS Ta "specify password"
+.It PASV Ta "prepare for server-to-server transfer"
+.It PORT Ta "specify data connection port"
+.It PWD Ta "print the current working directory"
+.It QUIT Ta "terminate session"
+.It REST Ta "restart incomplete transfer"
+.It RETR Ta "retrieve a file"
+.It RMD Ta "remove a directory"
+.It RNFR Ta "specify rename-from file name"
+.It RNTO Ta "specify rename-to file name"
+.It SITE Ta "non-standard commands (see next section)"
+.It SIZE Ta "return size of file"
+.It STAT Ta "return status of server"
+.It STOR Ta "store a file"
+.It STOU Ta "store a file with a unique name"
+.It STRU Ta "specify data transfer" Em structure
+.It SYST Ta "show operating system type of server system"
+.It TYPE Ta "specify data transfer" Em type
+.It USER Ta "specify user name"
+.It XCUP Ta "change to parent of current working directory (deprecated)"
+.It XCWD Ta "change working directory (deprecated)"
+.It XMKD Ta "make a directory (deprecated)"
+.It XPWD Ta "print the current working directory (deprecated)"
+.It XRMD Ta "remove a directory (deprecated)"
+.El
+.Pp
+The following non-standard or
+.Tn UNIX
+specific commands are supported
+by the
+SITE request.
+.Pp
+.Bl -column Request -offset indent
+.It Sy Request Ta Sy Description
+.It UMASK Ta change umask, e.g. ``SITE UMASK 002''
+.It IDLE Ta set idle-timer, e.g. ``SITE IDLE 60''
+.It CHMOD Ta change mode of a file, e.g. ``SITE CHMOD 755 filename''
+.It HELP Ta give help information.
+.El
+.Pp
+The remaining ftp requests specified in Internet RFC 959
+are

 recognized, but not implemented.
 recognized, but not implemented.

-.PP
-.I Ftpd
-interprets file names according to the ``globbing''
+MDTM and SIZE are not specified in RFC 959, but will appear in the
+next updated FTP RFC.
+.Pp
+The ftp server will abort an active file transfer only when the
+ABOR
+command is preceded by a Telnet "Interrupt Process" (IP)
+signal and a Telnet "Synch" signal in the command Telnet stream,
+as described in Internet RFC 959.
+If a
+STAT
+command is received during a data transfer, preceded by a Telnet IP
+and Synch, transfer status will be returned.
+.Pp
+.Nm Ftpd
+interprets file names according to the
+.Dq globbing

 conventions used by
 conventions used by

-.IR csh (1).
-This allows users to utilize the metacharacters ``*?[]{}~''.
-.PP
-.I Ftpd
+.Xr csh 1 .
+This allows users to utilize the metacharacters
+.Dq Li \&*?[]{}~ .
+.Pp
+.Nm Ftpd

 authenticates users according to three rules. 
 authenticates users according to three rules. 

-.IP 1)
-The user name must be in the password data base,
-.IR /etc/passwd ,
-and not have a null password.  In this case a password
-must be provided by the client before any file operations
-may be performed.
-.IP 2)
-The user name must not appear in the file
-.IR /etc/ftpusers .
-.IP 3)
-If the user name is ``anonymous'' or ``ftp'', an
+.Pp
+.Bl -enum -offset indent
+.It
+The login name must be in the password data base,
+.Pa /etc/passwd ,
+and not have a null password.
+In this case a password must be provided by the client before any
+file operations may be performed.
+.It
+The login name must not appear in the file
+.Pa /etc/ftpusers .
+.It
+The user must have a standard shell returned by 
+.Xr getusershell 3 .
+.It
+If the user name is
+.Dq anonymous
+or
+.Dq ftp ,
+an

 anonymous ftp account must be present in the password
 anonymous ftp account must be present in the password

-file (user ``ftp'').  In this case the user is allowed
-to log in by specifying any password (by convention this
-is given as the client host's name).
-.PP
+file (user
+.Dq ftp ) .
+In this case the user is allowed
+to log in by specifying any password (by convention an email address for
+the user should be used as the password).
+.El
+.Pp

 In the last case, 
 In the last case, 

-.I ftpd
+.Nm ftpd

 takes special measures to restrict the client's access privileges.
 The server performs a 
 takes special measures to restrict the client's access privileges.
 The server performs a 

-.IR chroot (2)
-command to the home directory of the ``ftp'' user.
+.Xr chroot 2
+to the home directory of the
+.Dq ftp
+user.

 In order that system security is not breached, it is recommended
 In order that system security is not breached, it is recommended

-that the ``ftp'' subtree be constructed with care;  the following
-rules are recommended.
-.IP ~ftp)
-Make the home directory owned by ``ftp'' and unwritable by anyone.
-.IP ~ftp/bin)
-Make this directory owned by the super-user and unwritable by
-anyone.  The program
-.IR ls (1)
-must be present to support the list commands.  This
-program should have mode 111.
-.IP ~ftp/etc)
-Make this directory owned by the super-user and unwritable by
-anyone.  The files
-.IR passwd (5)
+that the
+.Dq ftp
+subtree be constructed with care, following these rules:
+.Bl -tag -width "~ftp/pub" -offset indent
+.It Pa ~ftp
+Make the home directory owned by
+.Dq root
+and unwritable by anyone.
+.It Pa ~ftp/bin
+Make this directory owned by
+.Dq root
+and unwritable by anyone (mode 555).
+The program
+.Xr ls 1
+must be present to support the list command.
+This program should be mode 111.
+.It Pa ~ftp/etc
+Make this directory owned by
+.Dq root
+and unwritable by anyone (mode 555).
+The files
+.Xr passwd 5

 and
 and

-.IR group (5)
+.Xr group 5

 must be present for the 
 must be present for the 

-.I ls
-command to work properly.  These files should be mode 444.
-.IP ~ftp/pub)
-Make this directory mode 777 and owned by ``ftp''.  Users
-should then place files which are to be accessible via the
-anonymous account in this directory.
-.SH "SEE ALSO"
-ftp(1C),
-.SH BUGS
-There is no support for aborting commands.
-.PP
-The anonymous account is inherently dangerous and should
-avoided when possible.
-.PP
+.Xr ls
+command to be able to produce owner names rather than numbers.
+The password field in
+.Xr passwd
+is not used, and should not contain real passwords.
+The file
+.Pa motd ,
+if present, will be printed after a successful login.
+These files should be mode 444.
+.It Pa ~ftp/pub
+Make this directory mode 777 and owned by
+.Dq ftp .
+Guests
+can then place files which are to be accessible via the anonymous
+account in this directory.
+.El
+.Sh FILES
+.Bl -tag -width /etc/ftpwelcome -compact
+.It Pa /etc/ftpusers
+List of unwelcome/restricted users.
+.It Pa /etc/ftpwelcome
+Welcome notice.
+.It Pa /etc/motd
+Welcome notice after login.
+.It Pa /etc/nologin
+Displayed and access refused.
+.El
+.Sh SEE ALSO
+.Xr ftp 1 ,
+.Xr getusershell 3 ,
+.Xr syslogd 8
+.Sh BUGS

 The server must run as the super-user
 to create sockets with privileged port numbers.  It maintains
 an effective user id of the logged in user, reverting to
 the super-user only when binding addresses to sockets.  The
 possible security holes have been extensively
 scrutinized, but are possibly incomplete.
 The server must run as the super-user
 to create sockets with privileged port numbers.  It maintains
 an effective user id of the logged in user, reverting to
 the super-user only when binding addresses to sockets.  The
 possible security holes have been extensively
 scrutinized, but are possibly incomplete.

+.Sh HISTORY
+The
+.Nm
+command appeared in
+.Bx 4.2 .