X-Git-Url: https://git.subgeniuskitty.com/unix-history/.git/blobdiff_plain/fdb56acddf1dab947863185aabafee15ae1833ea..ed554bc5e4201344d7eaad78263566e79428759c:/usr/src/libexec/ftpd/ftpd.8 diff --git a/usr/src/libexec/ftpd/ftpd.8 b/usr/src/libexec/ftpd/ftpd.8 index 88a9390fc0..a7c5cae54b 100644 --- a/usr/src/libexec/ftpd/ftpd.8 +++ b/usr/src/libexec/ftpd/ftpd.8 @@ -1,209 +1,290 @@ -.\" Copyright (c) 1985, 1988 The Regents of the University of California. -.\" All rights reserved. +.\" Copyright (c) 1985, 1988, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. .\" -.\" Redistribution and use in source and binary forms are permitted -.\" provided that the above copyright notice and this paragraph are -.\" duplicated in all such forms and that any documentation, -.\" advertising materials, and other materials related to such -.\" distribution and use acknowledge that the software was developed -.\" by the University of California, Berkeley. The name of the -.\" University may not be used to endorse or promote products derived -.\" from this software without specific prior written permission. -.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR -.\" IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED -.\" WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by the University of +.\" California, Berkeley and its contributors. +.\" 4. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. .\" -.\" @(#)ftpd.8 6.7 (Berkeley) %G% +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. .\" -.TH FTPD 8 "February 23, 1989" -.UC 5 -.SH NAME -ftpd \- DARPA Internet File Transfer Protocol server -.SH SYNOPSIS -.B /etc/ftpd -[ -.B \-d -] [ -.B \-l -] [ -.BR \-t timeout -] [ -.BR \-T maxtimeout -] -.SH DESCRIPTION -.I Ftpd -is the DARPA Internet File Transfer Protocol -server process. The server uses the TCP protocol -and listens at the port specified in the ``ftp'' +.\" @(#)ftpd.8 8.2 (Berkeley) 4/19/94 +.\" +.Dd April 19, 1994 +.Dt FTPD 8 +.Os BSD 4.2 +.Sh NAME +.Nm ftpd +.Nd +Internet File Transfer Protocol server +.Sh SYNOPSIS +.Nm ftpd +.Op Fl dl +.Op Fl T Ar maxtimeout +.Op Fl t Ar timeout +.Sh DESCRIPTION +.Nm Ftpd +is the +Internet File Transfer Protocol +server process. The server uses the +.Tn TCP +protocol +and listens at the port specified in the +.Dq ftp service specification; see -.IR services (5). -.PP -If the -.B \-d -option is specified, -debugging information is written to the syslog. -.PP -If the -.B \-l -option is specified, -each ftp session is logged in the syslog. -.PP -The ftp server -will timeout an inactive session after 15 minutes. -If the -.B \-t -option is specified, -the inactivity timeout period will be set to -.I timeout -seconds. +.Xr services 5 . +.Pp +Available options: +.Bl -tag -width Ds +.It Fl d +Debugging information is written to the syslog using LOG_FTP. +.It Fl l +Each successful and failed +.Xr ftp 1 +session is logged using syslog with a facility of LOG_FTP. +If this option is specified twice, the retrieve (get), store (put), append, +delete, make directory, remove directory and rename operations and +their filename arguments are also logged. +.It Fl T A client may also request a different timeout period; the maximum period allowed may be set to -.I timeout +.Ar timeout seconds with the -.B \-T +.Fl T option. The default limit is 2 hours. -.PP -The ftp server currently supports the following ftp -requests; case is not distinguished. -.PP -.nf -.ta \w'Request 'u -\fBRequest Description\fP -ABOR abort previous command -ACCT specify account (ignored) -ALLO allocate storage (vacuously) -APPE append to a file -CDUP change to parent of current working directory -CWD change working directory -DELE delete a file -HELP give help information -LIST give list files in a directory (``ls -lgA'') -MKD make a directory -MDTM show last modification time of file -MODE specify data transfer \fImode\fP -NLST give name list of files in directory -NOOP do nothing -PASS specify password -PASV prepare for server-to-server transfer -PORT specify data connection port -PWD print the current working directory -QUIT terminate session -REST restart incomplete transfer -RETR retrieve a file -RMD remove a directory -RNFR specify rename-from file name -RNTO specify rename-to file name -SITE non-standard commands (see next section) -SIZE return size of file -STAT return status of server -STOR store a file -STOU store a file with a unique name -STRU specify data transfer \fIstructure\fP -SYST show operating system type of server system -TYPE specify data transfer \fItype\fP -USER specify user name -XCUP change to parent of current working directory (deprecated) -XCWD change working directory (deprecated) -XMKD make a directory (deprecated) -XPWD print the current working directory (deprecated) -XRMD remove a directory (deprecated) -.fi -.PP -The following non-standard or UNIX specific commands are supported -by the SITE request. -.PP -.nf -.ta \w'Request 'u -\fBRequest Description\fP -UMASK change umask. \fIE.g.\fP SITE UMASK 002 -IDLE set idle-timer. \fIE.g.\fP SITE IDLE 60 -CHMOD change mode of a file. \fIE.g.\fP SITE CHMOD 755 filename -HELP give help information. \fIE.g.\fP SITE HELP -.fi -.PP -The remaining ftp requests specified in Internet RFC 959 are +.It Fl t +The inactivity timeout period is set to +.Ar timeout +seconds (the default is 15 minutes). +.El +.Pp +The file +.Pa /etc/nologin +can be used to disable ftp access. +If the file exists, +.Nm +displays it and exits. +If the file +.Pa /etc/ftpwelcome +exists, +.Nm +prints it before issuing the +.Dq ready +message. +If the file +.Pa /etc/motd +exists, +.Nm +prints it after a successful login. +.Pp +The ftp server currently supports the following ftp requests. +The case of the requests is ignored. +.Bl -column "Request" -offset indent +.It Request Ta "Description" +.It ABOR Ta "abort previous command" +.It ACCT Ta "specify account (ignored)" +.It ALLO Ta "allocate storage (vacuously)" +.It APPE Ta "append to a file" +.It CDUP Ta "change to parent of current working directory" +.It CWD Ta "change working directory" +.It DELE Ta "delete a file" +.It HELP Ta "give help information" +.It LIST Ta "give list files in a directory" Pq Dq Li "ls -lgA" +.It MKD Ta "make a directory" +.It MDTM Ta "show last modification time of file" +.It MODE Ta "specify data transfer" Em mode +.It NLST Ta "give name list of files in directory" +.It NOOP Ta "do nothing" +.It PASS Ta "specify password" +.It PASV Ta "prepare for server-to-server transfer" +.It PORT Ta "specify data connection port" +.It PWD Ta "print the current working directory" +.It QUIT Ta "terminate session" +.It REST Ta "restart incomplete transfer" +.It RETR Ta "retrieve a file" +.It RMD Ta "remove a directory" +.It RNFR Ta "specify rename-from file name" +.It RNTO Ta "specify rename-to file name" +.It SITE Ta "non-standard commands (see next section)" +.It SIZE Ta "return size of file" +.It STAT Ta "return status of server" +.It STOR Ta "store a file" +.It STOU Ta "store a file with a unique name" +.It STRU Ta "specify data transfer" Em structure +.It SYST Ta "show operating system type of server system" +.It TYPE Ta "specify data transfer" Em type +.It USER Ta "specify user name" +.It XCUP Ta "change to parent of current working directory (deprecated)" +.It XCWD Ta "change working directory (deprecated)" +.It XMKD Ta "make a directory (deprecated)" +.It XPWD Ta "print the current working directory (deprecated)" +.It XRMD Ta "remove a directory (deprecated)" +.El +.Pp +The following non-standard or +.Tn UNIX +specific commands are supported +by the +SITE request. +.Pp +.Bl -column Request -offset indent +.It Sy Request Ta Sy Description +.It UMASK Ta change umask, e.g. ``SITE UMASK 002'' +.It IDLE Ta set idle-timer, e.g. ``SITE IDLE 60'' +.It CHMOD Ta change mode of a file, e.g. ``SITE CHMOD 755 filename'' +.It HELP Ta give help information. +.El +.Pp +The remaining ftp requests specified in Internet RFC 959 +are recognized, but not implemented. -MDTM and SIZE are not specified in -RFC 959, but will appear in the next updated FTP RFC. -.PP +MDTM and SIZE are not specified in RFC 959, but will appear in the +next updated FTP RFC. +.Pp The ftp server will abort an active file transfer only when the -ABOR command is preceded by a Telnet "Interrupt Process" (IP) +ABOR +command is preceded by a Telnet "Interrupt Process" (IP) signal and a Telnet "Synch" signal in the command Telnet stream, as described in Internet RFC 959. -If a STAT command is received during a data transfer, preceded by a Telnet IP +If a +STAT +command is received during a data transfer, preceded by a Telnet IP and Synch, transfer status will be returned. -.PP -.I Ftpd -interprets file names according to the ``globbing'' +.Pp +.Nm Ftpd +interprets file names according to the +.Dq globbing conventions used by -.IR csh (1). -This allows users to utilize the metacharacters ``*?[]{}~''. -.PP -.I Ftpd +.Xr csh 1 . +This allows users to utilize the metacharacters +.Dq Li \&*?[]{}~ . +.Pp +.Nm Ftpd authenticates users according to three rules. -.IP 1) -The user name must be in the password data base, -.IR /etc/passwd , -and not have a null password. In this case a password -must be provided by the client before any file operations -may be performed. -.IP 2) -The user name must not appear in the file -.IR /etc/ftpusers . -.IP 3) +.Pp +.Bl -enum -offset indent +.It +The login name must be in the password data base, +.Pa /etc/passwd , +and not have a null password. +In this case a password must be provided by the client before any +file operations may be performed. +.It +The login name must not appear in the file +.Pa /etc/ftpusers . +.It The user must have a standard shell returned by -.IR getusershell (3). -.IP 4) -If the user name is ``anonymous'' or ``ftp'', an +.Xr getusershell 3 . +.It +If the user name is +.Dq anonymous +or +.Dq ftp , +an anonymous ftp account must be present in the password -file (user ``ftp''). In this case the user is allowed -to log in by specifying any password (by convention this -is given as the client host's name). -.PP +file (user +.Dq ftp ) . +In this case the user is allowed +to log in by specifying any password (by convention an email address for +the user should be used as the password). +.El +.Pp In the last case, -.I ftpd +.Nm ftpd takes special measures to restrict the client's access privileges. The server performs a -.IR chroot (2) -command to the home directory of the ``ftp'' user. +.Xr chroot 2 +to the home directory of the +.Dq ftp +user. In order that system security is not breached, it is recommended -that the ``ftp'' subtree be constructed with care; the following -rules are recommended. -.IP ~ftp) -Make the home directory owned by ``ftp'' and unwritable by anyone. -.IP ~ftp/bin) -Make this directory owned by the super-user and unwritable by -anyone. The program -.IR ls (1) -must be present to support the list command. This -program should have mode 111. -.IP ~ftp/etc) -Make this directory owned by the super-user and unwritable by -anyone. The files -.IR passwd (5) +that the +.Dq ftp +subtree be constructed with care, following these rules: +.Bl -tag -width "~ftp/pub" -offset indent +.It Pa ~ftp +Make the home directory owned by +.Dq root +and unwritable by anyone. +.It Pa ~ftp/bin +Make this directory owned by +.Dq root +and unwritable by anyone (mode 555). +The program +.Xr ls 1 +must be present to support the list command. +This program should be mode 111. +.It Pa ~ftp/etc +Make this directory owned by +.Dq root +and unwritable by anyone (mode 555). +The files +.Xr passwd 5 and -.IR group (5) +.Xr group 5 must be present for the -.I ls +.Xr ls command to be able to produce owner names rather than numbers. The password field in -.I passwd -is not used, and should not contain real encrypted passwords. +.Xr passwd +is not used, and should not contain real passwords. +The file +.Pa motd , +if present, will be printed after a successful login. These files should be mode 444. -.IP ~ftp/pub) -Make this directory mode 777 and owned by ``ftp''. Users -should then place files which are to be accessible via the -anonymous account in this directory. -.SH "SEE ALSO" -ftp(1), getusershell(3), syslogd(8) -.SH BUGS -The anonymous account is inherently dangerous and should -avoided when possible. -.PP +.It Pa ~ftp/pub +Make this directory mode 777 and owned by +.Dq ftp . +Guests +can then place files which are to be accessible via the anonymous +account in this directory. +.El +.Sh FILES +.Bl -tag -width /etc/ftpwelcome -compact +.It Pa /etc/ftpusers +List of unwelcome/restricted users. +.It Pa /etc/ftpwelcome +Welcome notice. +.It Pa /etc/motd +Welcome notice after login. +.It Pa /etc/nologin +Displayed and access refused. +.El +.Sh SEE ALSO +.Xr ftp 1 , +.Xr getusershell 3 , +.Xr syslogd 8 +.Sh BUGS The server must run as the super-user to create sockets with privileged port numbers. It maintains an effective user id of the logged in user, reverting to the super-user only when binding addresses to sockets. The possible security holes have been extensively scrutinized, but are possibly incomplete. +.Sh HISTORY +The +.Nm +command appeared in +.Bx 4.2 .