ftpd



FTPD(8)                                                                FTPD(8)




NAME

       ftpd - DARPA Internet File Transfer Protocol server


SYNOPSIS

       ftpd  [-a  |  -A]  [-c] [-C] [-d] [-l] [-t timeout] [-T maxtimeout] [-p
       port]   [-u   umask]   [-r   realm-file]   [-s   srvtab]    [-w[ip|max-
       hostlen[,[no]striplocal]]]


DESCRIPTION

       Ftpd  is the DARPA Internet File Transfer Protocol server process.  The
       server uses the TCP protocol and listens at the port specified  in  the
       ``ftp'' service specification; see services(5).

       Available options:

       -A     Connections  are only allowed for users who can authenticate via
              the ftp AUTH mechanism. (Anonymous ftp may also be allowed if it
              is  configured.) Ftpd will ask the user for a password if one is
              required.

       -a     Connections are only allowed for users who can authenticate (via
              the ftp AUTH mechanism) and who are authorized to connect to the
              named account without a password. (Anonymous  ftp  may  also  be
              allowed if it is configured.)

       -C     Non-anonymous  users  need  local  credentials  (for example, to
              authenticate to remote  fileservers),  and  so  they  should  be
              prompted  for  a  password  unless they forwarded credentials as
              part of authentication.

       -c     Allow the CCC (Clear Command Channel) command to be  used.  This
              allows less secure connections, and should probably only be used
              when debugging.

       -d     Debugging information is written to the syslog.

       -l     Each ftp(1) session is logged in the syslog.

       -t     The inactivity timeout period is set  to  timeout  seconds  (the
              default is 15 minutes).

       -T     A  client may also request a different timeout period; the maxi-
              mum period allowed may be set to timeout  seconds  with  the  -T
              option.  The default limit is 2 hours.

       -p port
              Run  as  a server and accept a connection on port.  Normally the
              ftp server is invoked by inetd(8).

       -u umask
              Sets the umask for the ftpd process.  The default value is  nor-
              mally 027.

       -r realm-file
              Sets the name of the krb.conf file to use.  The default value is
              normally set by /etc/krb5.conf.

       -s srvtab
              Sets the name of the srvtab file to use for Kerberos V4  authen-
              tication.  The default value is normally /etc/srvtab.

       -w [ip|maxhostlen[,[no]striplocal]]
              Controls  the  form  of  the remote hostname passed to login(1).
              Specifying ip results in the numeric  IP  address  always  being
              passed  to  login(1).  Specifying a number, maxhostlen, sets the
              maximum length of the hostname passed to login(1) before it will
              be passed as a numeric IP address.  If maxhostlen is 0, then the
              system default, as determined by the utmp or  utmpx  structures,
              is used.  The nostriplocal and striplocal options, which must be
              preceded by a comma, control  whether  or  not  the  local  host
              domain  is  stripped  from the remote hostname.  By default, the
              equivalent of striplocal is in effect.

       The ftp server currently supports the following ftp requests;  case  is
       not distinguished.

       Request  Description
       ABOR     abort previous command
       ACCT     specify account (ignored)
       ADAT     send an authentication protocol message
       ALLO     allocate storage (vacuously)
       APPE     append to a file
       AUTH     specify an authentication protocol to be performed
       CCC      set the command channel protection mode to "Clear" (no protec-
                tion).  Only available  if  the  -c  command-line  option  was
                given.
       CDUP     change to parent of current working directory
       CWD      change working directory
       DELE     delete a file
       ENC      send a privacy and integrity protected command (given in argu-
                ment)
       HELP     give help information
       LIST     give list files in a directory (``ls -lgA'')
       MIC      send an integrity protected command (given in argument)
       MKD      make a directory
       MDTM     show last modification time of file
       MODE     specify data transfer mode
       NLST     give name list of files in directory
       NOOP     do nothing
       PASS     specify password
       PASV     prepare for server-to-server transfer
       PBSZ     specify a protection buffer size
       PORT     specify data connection port
       PROT     specify a protection level under which to protect data  trans-
                fers
       PWD      print the current working directory
       QUIT     terminate session
       REST     restart incomplete transfer
       RETR     retrieve a file
       RMD      remove a directory
       RNFR     specify rename-from file name
       RNTO     specify rename-to file name
       SITE     non-standard commands (see next section)
       SIZE     return size of file
       STAT     return status of server
       STOR     store a file
       STOU     store a file with a unique name
       STRU     specify data transfer structure
       SYST     show operating system type of server system
       TYPE     specify data transfer type
       USER     specify user name
       XCUP     change to parent of current working directory (deprecated)
       XCWD     change working directory (deprecated)
       XMKD     make a directory (deprecated)
       XPWD     print the current working directory (deprecated)
       XRMD     remove a directory (deprecated)

       The  following  non-standard or UNIX specific commands are supported by
       the SITE request.

       Request  Description
       UMASK    change umask.  E.g., SITE UMASK 002
       IDLE     set idle-timer.  E.g., SITE IDLE 60
       CHMOD    change mode of a file.  E.g., SITE CHMOD 755 filename
       HELP     give help information.  E.g., SITE HELP

       The remaining ftp requests specified in Internet  RFC  959  are  recog-
       nized,  but  not  implemented.   MDTM and SIZE are not specified in RFC
       959, but will appear in the next updated FTP RFC.

       The ftp server will abort an active file transfer only  when  the  ABOR
       command  is  preceded by a Telnet "Interrupt Process" (IP) signal and a
       Telnet "Synch" signal in the command Telnet  stream,  as  described  in
       Internet  RFC  959.  If a STAT command is received during a data trans-
       fer, preceded by a  Telnet  IP  and  Synch,  transfer  status  will  be
       returned.

       Ftpd  interprets  file  names according to the ``globbing'' conventions
       used by csh(1).   This  allows  users  to  utilize  the  metacharacters
       ``*?[]{}~''.

       Ftpd authenticates users according to the following rules:


         1.   The user name must be in the password data base, /etc/passwd.

         2.   An  AUTH  command  must  be accepted, the ensuing authentication
              protocol (conducted via ADAT commands and replies) must success-
              fully  complete,  and  the  authenticated  user  must  permitted
              access.  Otherwise, a valid password which is not null  must  be
              provided by the client.

         3.   The user name must not appear in the file /etc/ftpusers.

         4.   The user must have a standard shell returned by getusershell(3).

         5.   If the user name is ``anonymous'' or ``ftp'', an  anonymous  ftp
              account must be present in the password file (user ``ftp'').  In
              this case the user is allowed to log in by specifying any  pass-
              word (by convention this is given as the client host's name).

       In  the last case, ftpd takes special measures to restrict the client's
       access privileges.  The server performs a chroot(2) command to the home
       directory  of  the  ``ftp'' user.  In order that system security is not
       breached, it is recommended that the  ``ftp''  subtree  be  constructed
       with care; the following rules are recommended.

       ~ftp   Make  the home directory owned by ``ftp'' and unwritable by any-
              one.

       ~ftp/bin
              Make this directory owned by the super-user  and  unwritable  by
              anyone.   The  program ls(1) must be present to support the list
              command.  This program should have mode 111.

       ~ftp/etc
              Make this directory owned by the super-user  and  unwritable  by
              anyone.   The  files  passwd(5) and group(5) must be present for
              the ls command to be able to produce  owner  names  rather  than
              numbers.   The  password field in passwd is not used, and should
              not contain real encrypted passwords.   These  files  should  be
              mode 444.

       ~ftp/pub
              Make this directory mode 777 and owned by ``ftp''.  Users should
              then place files which are to be accessible  via  the  anonymous
              account in this directory.

       If  an  ADAT  command  succeeds,  the  control  channel  must be either
       integrity or privacy protected.  In this case, the MIC and ENC commands
       are  the  only commands allowed over the control channel.  The argument
       to the MIC command is a base 64 encoded string which, when decoded,  is
       an  ftp command integrity protected with a cryptographic checksum.  The
       argument to the ENC command is a base 64  encoded  string  which,  when
       decoded, is an ftp command privacy and integrity protected with encryp-
       tion.

       If an ADAT command succeeds, ftp replies will also be either  integrity
       or privacy protected.

       If  an ADAT command succeeds, the data channel can also be integrity or
       privacy protected.  The PROT command accepts S for integrity and P  for
       privacy  protection.  Unless an ADAT command succeeds, the only protec-
       tion level accepted by the PROT command is C (clear).


SEE ALSO

       ftp(1), getusershell(3), syslogd(8)

       Lunt, S. J., FTP Security Extensions, Internet Draft, November 1993.


BUGS

       The anonymous account is inherently dangerous and should  avoided  when
       possible.

       The server must run as the super-user to create sockets with privileged
       port numbers.  It maintains an effective user id of the logged in user,
       reverting  to  the  super-user  only when binding addresses to sockets.
       The possible security holes have been extensively scrutinized, but  are
       possibly incomplete.


HISTORY

       The ftpd command appeared in 4.2BSD.



                                                                       FTPD(8)

Man(1) output converted with man2html