1 |
.\" $NetBSD: ftpd.8,v 1.7 1995/04/11 02:44:53 cgd Exp $ |
2 |
.\" |
3 |
.\" Copyright (c) 1985, 1988, 1991, 1993 |
4 |
.\" The Regents of the University of California. All rights reserved. |
5 |
.\" |
6 |
.\" Redistribution and use in source and binary forms, with or without |
7 |
.\" modification, are permitted provided that the following conditions |
8 |
.\" are met: |
9 |
.\" 1. Redistributions of source code must retain the above copyright |
10 |
.\" notice, this list of conditions and the following disclaimer. |
11 |
.\" 2. Redistributions in binary form must reproduce the above copyright |
12 |
.\" notice, this list of conditions and the following disclaimer in the |
13 |
.\" documentation and/or other materials provided with the distribution. |
14 |
.\" 3. All advertising materials mentioning features or use of this software |
15 |
.\" must display the following acknowledgement: |
16 |
.\" This product includes software developed by the University of |
17 |
.\" California, Berkeley and its contributors. |
18 |
.\" 4. Neither the name of the University nor the names of its contributors |
19 |
.\" may be used to endorse or promote products derived from this software |
20 |
.\" without specific prior written permission. |
21 |
.\" |
22 |
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND |
23 |
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
24 |
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
25 |
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE |
26 |
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
27 |
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
28 |
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
29 |
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
30 |
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
31 |
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
32 |
.\" SUCH DAMAGE. |
33 |
.\" |
34 |
.\" @(#)ftpd.8 8.2 (Berkeley) 4/19/94 |
35 |
.\" |
36 |
.Dd July 19, 2003 |
37 |
.Dt FTPD 8 |
38 |
.Os BSD 4.2 |
39 |
.Sh NAME |
40 |
.Nm ftpd |
41 |
.Nd Internet File Transfer Protocol server |
42 |
.Sh SYNOPSIS |
43 |
.Nm |
44 |
.Op Fl a Ar authmode |
45 |
.Op Fl dilvU |
46 |
.Op Fl g Ar umask |
47 |
.Op Fl p Ar port |
48 |
.Op Fl T Ar maxtimeout |
49 |
.Op Fl t Ar timeout |
50 |
.Op Fl Fl gss-bindings |
51 |
.Op Fl I | Fl Fl no-insecure-oob |
52 |
.Op Fl u Ar default umask |
53 |
.Op Fl B | Fl Fl builtin-ls |
54 |
.Op Fl Fl good-chars= Ns Ar string |
55 |
.Sh DESCRIPTION |
56 |
.Nm Ftpd |
57 |
is the |
58 |
Internet File Transfer Protocol |
59 |
server process. The server uses the |
60 |
.Tn TCP |
61 |
protocol |
62 |
and listens at the port specified in the |
63 |
.Dq ftp |
64 |
service specification; see |
65 |
.Xr services 5 . |
66 |
.Pp |
67 |
Available options: |
68 |
.Bl -tag -width Ds |
69 |
.It Fl a |
70 |
Select the level of authentication required. Kerberised login can not |
71 |
be turned off. The default is to only allow kerberised login. Other |
72 |
possibilities can be turned on by giving a string of comma separated |
73 |
flags as argument to |
74 |
.Fl a . |
75 |
Recognised flags are: |
76 |
.Bl -tag -width plain |
77 |
.It Ar plain |
78 |
Allow logging in with plaintext password. The password can be a(n) OTP |
79 |
or an ordinary password. |
80 |
.It Ar otp |
81 |
Same as |
82 |
.Ar plain , |
83 |
but only OTP is allowed. |
84 |
.It Ar ftp |
85 |
Allow anonymous login. |
86 |
.El |
87 |
.Pp |
88 |
The following combination modes exists for backwards compatibility: |
89 |
.Bl -tag -width plain |
90 |
.It Ar none |
91 |
Same as |
92 |
.Ar plain,ftp . |
93 |
.It Ar safe |
94 |
Same as |
95 |
.Ar ftp . |
96 |
.It Ar user |
97 |
Ignored. |
98 |
.El |
99 |
.It Fl d |
100 |
Debugging information is written to the syslog using LOG_FTP. |
101 |
.It Fl g |
102 |
Anonymous users will get a umask of |
103 |
.Ar umask . |
104 |
.It Fl Fl gss-bindings |
105 |
require the peer to use GSS-API bindings (ie make sure IP addresses match). |
106 |
.It Fl i |
107 |
Open a socket and wait for a connection. This is mainly used for |
108 |
debugging when ftpd isn't started by inetd. |
109 |
.It Fl l |
110 |
Each successful and failed |
111 |
.Xr ftp 1 |
112 |
session is logged using syslog with a facility of LOG_FTP. |
113 |
If this option is specified twice, the retrieve (get), store (put), append, |
114 |
delete, make directory, remove directory and rename operations and |
115 |
their filename arguments are also logged. |
116 |
.It Fl p |
117 |
Use |
118 |
.Ar port |
119 |
(a service name or number) instead of the default |
120 |
.Ar ftp/tcp . |
121 |
.It Fl T |
122 |
A client may also request a different timeout period; |
123 |
the maximum period allowed may be set to |
124 |
.Ar timeout |
125 |
seconds with the |
126 |
.Fl T |
127 |
option. |
128 |
The default limit is 2 hours. |
129 |
.It Fl t |
130 |
The inactivity timeout period is set to |
131 |
.Ar timeout |
132 |
seconds (the default is 15 minutes). |
133 |
.It Fl u |
134 |
Set the initial umask to something else than the default 027. |
135 |
.It Fl U |
136 |
In previous versions of |
137 |
.Nm ftpd , |
138 |
when a passive mode client requested a data connection to the server, the |
139 |
server would use data ports in the range 1024..4999. Now, by default, |
140 |
if the system supports the IP_PORTRANGE socket option, the server will |
141 |
use data ports in the range 49152..65535. Specifying this option will |
142 |
revert to the old behavior. |
143 |
.It Fl v |
144 |
Verbose mode. |
145 |
.It Xo |
146 |
.Fl B , |
147 |
.Fl Fl builtin-ls |
148 |
.Xc |
149 |
use built-in ls to list files |
150 |
.It Xo |
151 |
.Fl Fl good-chars= Ns Ar string |
152 |
.Xc |
153 |
allowed anonymous upload filename chars |
154 |
.It Xo |
155 |
.Fl I |
156 |
.Fl Fl no-insecure-oob |
157 |
.Xc |
158 |
don't allow insecure out of band. |
159 |
Heimdal ftp clients before 0.6.3 doesn't support secure oob, so turning |
160 |
on this option makes them no longer work. |
161 |
.El |
162 |
.Pp |
163 |
The file |
164 |
.Pa /etc/nologin |
165 |
can be used to disable ftp access. |
166 |
If the file exists, |
167 |
.Nm |
168 |
displays it and exits. |
169 |
If the file |
170 |
.Pa /etc/ftpwelcome |
171 |
exists, |
172 |
.Nm |
173 |
prints it before issuing the |
174 |
.Dq ready |
175 |
message. |
176 |
If the file |
177 |
.Pa /etc/motd |
178 |
exists, |
179 |
.Nm |
180 |
prints it after a successful login. |
181 |
.Pp |
182 |
The ftp server currently supports the following ftp requests. |
183 |
The case of the requests is ignored. |
184 |
.Bl -column "Request" -offset indent |
185 |
.It Request Ta "Description" |
186 |
.It ABOR Ta "abort previous command" |
187 |
.It ACCT Ta "specify account (ignored)" |
188 |
.It ALLO Ta "allocate storage (vacuously)" |
189 |
.It APPE Ta "append to a file" |
190 |
.It CDUP Ta "change to parent of current working directory" |
191 |
.It CWD Ta "change working directory" |
192 |
.It DELE Ta "delete a file" |
193 |
.It HELP Ta "give help information" |
194 |
.It LIST Ta "give list files in a directory" Pq Dq Li "ls -lgA" |
195 |
.It MKD Ta "make a directory" |
196 |
.It MDTM Ta "show last modification time of file" |
197 |
.It MODE Ta "specify data transfer" Em mode |
198 |
.It NLST Ta "give name list of files in directory" |
199 |
.It NOOP Ta "do nothing" |
200 |
.It PASS Ta "specify password" |
201 |
.It PASV Ta "prepare for server-to-server transfer" |
202 |
.It PORT Ta "specify data connection port" |
203 |
.It PWD Ta "print the current working directory" |
204 |
.It QUIT Ta "terminate session" |
205 |
.It REST Ta "restart incomplete transfer" |
206 |
.It RETR Ta "retrieve a file" |
207 |
.It RMD Ta "remove a directory" |
208 |
.It RNFR Ta "specify rename-from file name" |
209 |
.It RNTO Ta "specify rename-to file name" |
210 |
.It SITE Ta "non-standard commands (see next section)" |
211 |
.It SIZE Ta "return size of file" |
212 |
.It STAT Ta "return status of server" |
213 |
.It STOR Ta "store a file" |
214 |
.It STOU Ta "store a file with a unique name" |
215 |
.It STRU Ta "specify data transfer" Em structure |
216 |
.It SYST Ta "show operating system type of server system" |
217 |
.It TYPE Ta "specify data transfer" Em type |
218 |
.It USER Ta "specify user name" |
219 |
.It XCUP Ta "change to parent of current working directory (deprecated)" |
220 |
.It XCWD Ta "change working directory (deprecated)" |
221 |
.It XMKD Ta "make a directory (deprecated)" |
222 |
.It XPWD Ta "print the current working directory (deprecated)" |
223 |
.It XRMD Ta "remove a directory (deprecated)" |
224 |
.El |
225 |
.Pp |
226 |
The following commands are specified by RFC2228. |
227 |
.Bl -column Request -offset indent |
228 |
.It AUTH Ta "authentication/security mechanism" |
229 |
.It ADAT Ta "authentication/security data" |
230 |
.It PROT Ta "data channel protection level" |
231 |
.It PBSZ Ta "protection buffer size" |
232 |
.It MIC Ta "integrity protected command" |
233 |
.It CONF Ta "confidentiality protected command" |
234 |
.It ENC Ta "privacy protected command" |
235 |
.It CCC Ta "clear command channel" |
236 |
.El |
237 |
.Pp |
238 |
The following non-standard or |
239 |
.Tn UNIX |
240 |
specific commands are supported |
241 |
by the |
242 |
SITE request. |
243 |
.Pp |
244 |
.Bl -column Request -offset indent |
245 |
.It UMASK Ta change umask, (e.g. |
246 |
.Ic "SITE UMASK 002" ) |
247 |
.It IDLE Ta set idle-timer, (e.g. |
248 |
.Ic "SITE IDLE 60" ) |
249 |
.It CHMOD Ta change mode of a file (e.g. |
250 |
.Ic "SITE CHMOD 755 filename" ) |
251 |
.It FIND Ta quickly find a specific file with GNU |
252 |
.Xr locate 1 . |
253 |
.It HELP Ta give help information. |
254 |
.El |
255 |
.Pp |
256 |
The following Kerberos related site commands are understood. |
257 |
.Bl -column Request -offset indent |
258 |
.It KAUTH Ta obtain remote tickets. |
259 |
.It KLIST Ta show remote tickets |
260 |
.El |
261 |
.Pp |
262 |
The remaining ftp requests specified in Internet RFC 959 |
263 |
are |
264 |
recognized, but not implemented. |
265 |
MDTM and SIZE are not specified in RFC 959, but will appear in the |
266 |
next updated FTP RFC. |
267 |
.Pp |
268 |
The ftp server will abort an active file transfer only when the |
269 |
ABOR |
270 |
command is preceded by a Telnet "Interrupt Process" (IP) |
271 |
signal and a Telnet "Synch" signal in the command Telnet stream, |
272 |
as described in Internet RFC 959. |
273 |
If a |
274 |
STAT |
275 |
command is received during a data transfer, preceded by a Telnet IP |
276 |
and Synch, transfer status will be returned. |
277 |
.Pp |
278 |
.Nm Ftpd |
279 |
interprets file names according to the |
280 |
.Dq globbing |
281 |
conventions used by |
282 |
.Xr csh 1 . |
283 |
This allows users to use the metacharacters |
284 |
.Dq Li \&*?[]{}~ . |
285 |
.Pp |
286 |
.Nm Ftpd |
287 |
authenticates users according to these rules. |
288 |
.Pp |
289 |
.Bl -enum -offset indent |
290 |
.It |
291 |
If Kerberos authentication is used, the user must pass valid tickets |
292 |
and the principal must be allowed to login as the remote user. |
293 |
.It |
294 |
The login name must be in the password data base, and not have a null |
295 |
password (if Kerberos is used the password field is not checked). In |
296 |
this case a password must be provided by the client before any file |
297 |
operations may be performed. If the user has an OTP key, the response |
298 |
from a successful USER command will include an OTP challenge. The |
299 |
client may choose to respond with a PASS command giving either a |
300 |
standard password or an OTP one-time password. The server will |
301 |
automatically determine which type of password it has been given and |
302 |
attempt to authenticate accordingly. See |
303 |
.Xr otp 1 |
304 |
for more information on OTP authentication. |
305 |
.It |
306 |
The login name must not appear in the file |
307 |
.Pa /etc/ftpusers . |
308 |
.It |
309 |
The user must have a standard shell returned by |
310 |
.Xr getusershell 3 . |
311 |
.It |
312 |
If the user name appears in the file |
313 |
.Pa /etc/ftpchroot |
314 |
the session's root will be changed to the user's login directory by |
315 |
.Xr chroot 2 |
316 |
as for an |
317 |
.Dq anonymous |
318 |
or |
319 |
.Dq ftp |
320 |
account (see next item). However, the user must still supply a password. |
321 |
This feature is intended as a compromise between a fully anonymous account |
322 |
and a fully privileged account. The account should also be set up as for an |
323 |
anonymous account. |
324 |
.It |
325 |
If the user name is |
326 |
.Dq anonymous |
327 |
or |
328 |
.Dq ftp , |
329 |
an |
330 |
anonymous ftp account must be present in the password |
331 |
file (user |
332 |
.Dq ftp ) . |
333 |
In this case the user is allowed |
334 |
to log in by specifying any password (by convention an email address for |
335 |
the user should be used as the password). |
336 |
.El |
337 |
.Pp |
338 |
In the last case, |
339 |
.Nm ftpd |
340 |
takes special measures to restrict the client's access privileges. |
341 |
The server performs a |
342 |
.Xr chroot 2 |
343 |
to the home directory of the |
344 |
.Dq ftp |
345 |
user. |
346 |
In order that system security is not breached, it is recommended |
347 |
that the |
348 |
.Dq ftp |
349 |
subtree be constructed with care, consider following these guidelines |
350 |
for anonymous ftp. |
351 |
.Pp |
352 |
In general all files should be owned by |
353 |
.Dq root , |
354 |
and have non-write permissions (644 or 755 depending on the kind of |
355 |
file). No files should be owned or writable by |
356 |
.Dq ftp |
357 |
(possibly with exception for the |
358 |
.Pa ~ftp/incoming , |
359 |
as specified below). |
360 |
.Bl -tag -width "~ftp/pub" -offset indent |
361 |
.It Pa ~ftp |
362 |
The |
363 |
.Dq ftp |
364 |
homedirectory should be owned by root. |
365 |
.It Pa ~ftp/bin |
366 |
The directory for external programs (such as |
367 |
.Xr ls 1 ) . |
368 |
These programs must either be statically linked, or you must setup an |
369 |
environment for dynamic linking when running chrooted. |
370 |
These programs will be used if present: |
371 |
.Bl -tag -width "locate" -offset indent |
372 |
.It ls |
373 |
Used when listing files. |
374 |
.It compress |
375 |
When retrieving a filename that ends in |
376 |
.Pa .Z , |
377 |
and that file isn't present, |
378 |
.Nm |
379 |
will try to find the filename without |
380 |
.Pa .Z |
381 |
and compress it on the fly. |
382 |
.It gzip |
383 |
Same as compress, just with files ending in |
384 |
.Pa .gz . |
385 |
.It gtar |
386 |
Enables retrieval of whole directories as files ending in |
387 |
.Pa .tar . |
388 |
Can also be combined with compression. You must use GNU Tar (or some |
389 |
other that supports the |
390 |
.Fl z |
391 |
and |
392 |
.Fl Z |
393 |
flags). |
394 |
.It locate |
395 |
Will enable ``fast find'' with the |
396 |
.Ic SITE FIND |
397 |
command. You must also create a |
398 |
.Pa locatedb |
399 |
file in |
400 |
.Pa ~ftp/etc . |
401 |
.El |
402 |
.It Pa ~ftp/etc |
403 |
If you put copies of the |
404 |
.Xr passwd 5 |
405 |
and |
406 |
.Xr group 5 |
407 |
files here, ls will be able to produce owner names rather than |
408 |
numbers. Remember to remove any passwords from these files. |
409 |
.Pp |
410 |
The file |
411 |
.Pa motd , |
412 |
if present, will be printed after a successful login. |
413 |
.It Pa ~ftp/dev |
414 |
Put a copy of |
415 |
.Xr /dev/null 7 |
416 |
here. |
417 |
.It Pa ~ftp/pub |
418 |
Traditional place to put whatever you want to make public. |
419 |
.El |
420 |
.Pp |
421 |
If you want guests to be able to upload files, create a |
422 |
.Pa ~ftp/incoming |
423 |
directory owned by |
424 |
.Dq root , |
425 |
and group |
426 |
.Dq ftp |
427 |
with mode 730 (make sure |
428 |
.Dq ftp |
429 |
is member of group |
430 |
.Dq ftp ) . |
431 |
The following restrictions apply to anonymous users: |
432 |
.Bl -bullet |
433 |
.It |
434 |
Directories created will have mode 700. |
435 |
.It |
436 |
Uploaded files will be created with an umask of 777, if not changed |
437 |
with the |
438 |
.Fl g |
439 |
option. |
440 |
.It |
441 |
These command are not accessible: |
442 |
.Ic DELE , RMD , RNTO , RNFR , |
443 |
.Ic SITE UMASK , |
444 |
and |
445 |
.Ic SITE CHMOD . |
446 |
.It |
447 |
Filenames must start with an alpha-numeric character, and consist of |
448 |
alpha-numeric characters or any of the following: |
449 |
.Li \&+ |
450 |
(plus), |
451 |
.Li \&- |
452 |
(minus), |
453 |
.Li \&= |
454 |
(equal), |
455 |
.Li \&_ |
456 |
(underscore), |
457 |
.Li \&. |
458 |
(period), and |
459 |
.Li \&, |
460 |
(comma). |
461 |
.El |
462 |
.Sh FILES |
463 |
.Bl -tag -width /etc/ftpwelcome -compact |
464 |
.It Pa /etc/ftpusers |
465 |
Access list for users. |
466 |
.It Pa /etc/ftpchroot |
467 |
List of normal users who should be chroot'd. |
468 |
.It Pa /etc/ftpwelcome |
469 |
Welcome notice. |
470 |
.It Pa /etc/motd |
471 |
Welcome notice after login. |
472 |
.It Pa /etc/nologin |
473 |
Displayed and access refused. |
474 |
.It Pa ~/.klogin |
475 |
Login access for Kerberos. |
476 |
.El |
477 |
.Sh SEE ALSO |
478 |
.Xr ftp 1 , |
479 |
.Xr otp 1 , |
480 |
.Xr getusershell 3 , |
481 |
.Xr ftpusers 5 , |
482 |
.Xr syslogd 8 |
483 |
.Sh STANDARDS |
484 |
.Bl -tag -compact -width "RFC 1938" |
485 |
.It Cm RFC 959 |
486 |
FTP PROTOCOL SPECIFICATION |
487 |
.It Cm RFC 1938 |
488 |
OTP Specification |
489 |
.It Cm RFC 2228 |
490 |
FTP Security Extensions. |
491 |
.El |
492 |
.Sh BUGS |
493 |
The server must run as the super-user |
494 |
to create sockets with privileged port numbers. It maintains |
495 |
an effective user id of the logged in user, reverting to |
496 |
the super-user only when binding addresses to sockets. The |
497 |
possible security holes have been extensively |
498 |
scrutinized, but are possibly incomplete. |
499 |
.Sh HISTORY |
500 |
The |
501 |
.Nm |
502 |
command appeared in |
503 |
.Bx 4.2 . |