| .\" Copyright (c) 1985, 1988, 1991, 1993 |
| .\" The Regents of the University of California. All rights reserved. |
| .\" |
| .\" Redistribution and use in source and binary forms, with or without |
| .\" modification, are permitted provided that the following conditions |
| .\" are met: |
| .\" 1. Redistributions of source code must retain the above copyright |
| .\" notice, this list of conditions and the following disclaimer. |
| .\" 2. Redistributions in binary form must reproduce the above copyright |
| .\" notice, this list of conditions and the following disclaimer in the |
| .\" documentation and/or other materials provided with the distribution. |
| .\" 3. All advertising materials mentioning features or use of this software |
| .\" must display the following acknowledgement: |
| .\" This product includes software developed by the University of |
| .\" California, Berkeley and its contributors. |
| .\" 4. Neither the name of the University nor the names of its contributors |
| .\" may be used to endorse or promote products derived from this software |
| .\" without specific prior written permission. |
| .\" |
| .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND |
| .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE |
| .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
| .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
| .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
| .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| .\" SUCH DAMAGE. |
| .\" |
| .\" @(#)ftpd.8 8.2 (Berkeley) 4/19/94 |
| .\" $FreeBSD: src/libexec/ftpd/ftpd.8,v 1.31.2.9 2002/02/16 14:02:01 dwmalone Exp $ |
| .\" |
| .Dd January 27, 2000 |
| .Dt S_FTPD 8 |
| .Os |
| .Sh NAME |
| .Nm s_ftpd |
| .Nd Internet File Transfer Protocol server for SCTP |
| .Sh SYNOPSIS |
| .Nm |
| .Op Fl 46ADEORSUdro |
| .Op Fl l Op Fl l |
| .Op Fl T Ar maxtimeout |
| .Op Fl a Ar address |
| .Op Fl p Ar file |
| .Op Fl t Ar timeout |
| .Sh DESCRIPTION |
| .Nm Ftpd |
| is the |
| Internet File Transfer Protocol |
| server process. The server uses the |
| .Tn SCTP |
| protocol |
| and listens at the port specified in the |
| .Dq ftp |
| service specification; see |
| .Xr services 5 . |
| .Pp |
| Available options: |
| .Bl -tag -width indent |
| .It Fl 4 |
| When |
| .Fl D |
| is specified, accept IPv4 connections. |
| When |
| .Fl 6 |
| is also specified, accept IPv4 connection via |
| .Dv AF_INET6 |
| socket. |
| When |
| .Fl 6 |
| is not specified, accept IPv4 connection via |
| .Dv AF_INET |
| socket. |
| .It Fl 6 |
| When |
| .Fl D |
| is specified, accept connections via |
| .Dv AF_INET6 |
| socket. |
| .It Fl A |
| Allow only anonymous ftp access. |
| .It Fl D |
| With this option set, |
| .Nm |
| will detach and become a daemon, accepting connections on the FTP port and |
| forking children processes to handle them. |
| This is lower overhead than starting |
| .Nm |
| from |
| .Xr inetd 8 |
| and is thus useful on busy servers to reduce load. |
| .It Fl E |
| Disable the EPSV command. |
| This is useful for servers behind older firewalls. |
| .It Fl O |
| Put server in write-only mode for anonymous users only. |
| RETR is disabled for anonymous users, preventing anonymous downloads. |
| This has no effect if |
| .Fl o |
| is also specified. |
| .It Fl R |
| With this option set, |
| .Nm |
| will revert to historical behavior with regard to security checks on |
| user operations and restrictions on PORT requests. |
| Currently, |
| .Nm |
| will only honor PORT commands directed to unprivileged ports on the |
| remote user's host (which violates the FTP protocol specification but |
| closes some security holes). |
| .It Fl S |
| With this option set, |
| .Nm |
| logs all anonymous file downloads to the file |
| .Pa /var/log/ftpd |
| when this file exists. |
| .It Fl U |
| In previous versions of |
| .Nm , |
| when a passive mode client requested a data connection to the server, |
| the server would use data ports in the range 1024..4999. Now, by default, |
| the server will use data ports in the range 49152..65535. Specifying this |
| option will revert to the old behavior. |
| .It Fl d |
| Debugging information is written to the syslog using |
| .Dv LOG_FTP . |
| .It Fl r |
| Put server in read-only mode. |
| All commands which may modify the local filesystem are disabled. |
| .It Fl o |
| Put server in write-only mode. |
| RETR is disabled, preventing downloads. |
| .It Fl l |
| Each successful and failed |
| .Xr ftp 1 |
| session is logged using syslog with a facility of |
| .Dv LOG_FTP . |
| If this option is specified twice, the retrieve (get), store (put), append, |
| delete, make directory, remove directory and rename operations and |
| their filename arguments are also logged. |
| Note: |
| .Dv LOG_FTP |
| messages |
| are not displayed by |
| .Xr syslogd 8 |
| by default, and may have to be enabled in |
| .Xr syslogd 8 Ns 's |
| configuration file. |
| .It Fl T |
| A client may also request a different timeout period; |
| the maximum period allowed may be set to |
| .Ar timeout |
| seconds with the |
| .Fl T |
| option. |
| The default limit is 2 hours. |
| .It Fl a |
| When |
| .Fl D |
| is specified, accept connections only on the specified |
| .Ar address . |
| .It Fl p |
| When |
| .Fl D |
| is specified, write the daemon's process ID to |
| .Ar file . |
| .It Fl t |
| The inactivity timeout period is set to |
| .Ar timeout |
| seconds (the default is 15 minutes). |
| .El |
| .Pp |
| The file |
| .Pa /var/run/nologin |
| can be used to disable ftp access. |
| If the file exists, |
| .Nm |
| displays it and exits. |
| If the file |
| .Pa /etc/ftpwelcome |
| exists, |
| .Nm |
| prints it before issuing the |
| .Dq ready |
| message. |
| If the file |
| .Pa /etc/ftpmotd |
| exists, |
| .Nm |
| prints it after a successful login. Note the motd file used is the one |
| relative to the login environment. This means the one in |
| .Pa ~ftp/etc |
| in the anonymous user's case. |
| .Pp |
| The ftp server currently supports the following ftp requests. |
| The case of the requests is ignored. Requests marked [RW] are |
| disabled if |
| .Fl r |
| is specified. |
| .Bl -column "Request" -offset indent |
| .It Sy Request Ta Sy "Description" |
| .It ABOR Ta "abort previous command" |
| .It ACCT Ta "specify account (ignored)" |
| .It ALLO Ta "allocate storage (vacuously)" |
| .It APPE Ta "append to a file [RW]" |
| .It CDUP Ta "change to parent of current working directory" |
| .It CWD Ta "change working directory" |
| .It DELE Ta "delete a file [RW]" |
| .It EPRT Ta "specify data connection port, multiprotocol" |
| .It EPSV Ta "prepare for server-to-server transfer, multiprotocol" |
| .It HELP Ta "give help information" |
| .It LIST Ta "give list files in a directory" Pq Dq Li "ls -lgA" |
| .It LPRT Ta "specify data connection port, multiprotocol" |
| .It LPSV Ta "prepare for server-to-server transfer, multiprotocol" |
| .It MDTM Ta "show last modification time of file" |
| .It MKD Ta "make a directory [RW]" |
| .It MODE Ta "specify data transfer" Em mode |
| .It NLST Ta "give name list of files in directory" |
| .It NOOP Ta "do nothing" |
| .It PASS Ta "specify password" |
| .It PASV Ta "prepare for server-to-server transfer" |
| .It PORT Ta "specify data connection port" |
| .It PWD Ta "print the current working directory" |
| .It QUIT Ta "terminate session" |
| .It REST Ta "restart incomplete transfer" |
| .It RETR Ta "retrieve a file" |
| .It RMD Ta "remove a directory [RW]" |
| .It RNFR Ta "specify rename-from file name [RW]" |
| .It RNTO Ta "specify rename-to file name [RW]" |
| .It SITE Ta "non-standard commands (see next section)" |
| .It SIZE Ta "return size of file" |
| .It STAT Ta "return status of server" |
| .It STOR Ta "store a file [RW]" |
| .It STOU Ta "store a file with a unique name [RW]" |
| .It STRU Ta "specify data transfer" Em structure |
| .It SYST Ta "show operating system type of server system" |
| .It TYPE Ta "specify data transfer" Em type |
| .It USER Ta "specify user name" |
| .It XCUP Ta "change to parent of current working directory (deprecated)" |
| .It XCWD Ta "change working directory (deprecated)" |
| .It XMKD Ta "make a directory (deprecated) [RW]" |
| .It XPWD Ta "print the current working directory (deprecated)" |
| .It XRMD Ta "remove a directory (deprecated) [RW]" |
| .El |
| .Pp |
| The following non-standard or |
| .Tn UNIX |
| specific commands are supported |
| by the |
| SITE request. |
| .Pp |
| .Bl -column Request -offset indent |
| .It Sy Request Ta Sy Description |
| .It UMASK Ta change umask, e.g. ``SITE UMASK 002'' |
| .It IDLE Ta set idle-timer, e.g. ``SITE IDLE 60'' |
| .It CHMOD Ta "change mode of a file [RW], e.g. ``SITE CHMOD 755 filename''" |
| .It MD5 Ta "report the files MD5 checksum, e.g. ``SITE MD5 filename''" |
| .It HELP Ta give help information |
| .El |
| .Pp |
| Note: SITE requests are disabled in case of anonymous logins. |
| .Pp |
| The remaining ftp requests specified in Internet RFC 959 |
| are |
| recognized, but not implemented. |
| MDTM and SIZE are not specified in RFC 959, but will appear in the |
| next updated FTP RFC. |
| .Pp |
| The ftp server will abort an active file transfer only when the |
| ABOR |
| command is preceded by a Telnet "Interrupt Process" (IP) |
| signal and a Telnet "Synch" signal in the command Telnet stream, |
| as described in Internet RFC 959. |
| If a |
| STAT |
| command is received during a data transfer, preceded by a Telnet IP |
| and Synch, transfer status will be returned. |
| .Pp |
| .Nm Ftpd |
| interprets file names according to the |
| .Dq globbing |
| conventions used by |
| .Xr csh 1 . |
| This allows users to utilize the metacharacters |
| .Dq Li \&*?[]{}~ . |
| .Pp |
| .Nm Ftpd |
| authenticates users according to six rules. |
| .Pp |
| .Bl -enum -offset indent |
| .It |
| The login name must be in the password data base |
| and not have a null password. |
| In this case a password must be provided by the client before any |
| file operations may be performed. |
| If the user has an S/Key key, the response from a successful USER |
| command will include an S/Key challenge. |
| The client may choose to respond with a PASS command giving either |
| a standard password or an S/Key one-time password. |
| The server will automatically determine which type of |
| password it has been given and attempt to authenticate accordingly. |
| See |
| .Xr key 1 |
| for more information on S/Key authentication. |
| S/Key is a Trademark of Bellcore. |
| .It |
| The login name must not appear in the file |
| .Pa /etc/ftpusers . |
| .It |
| The login name must not be a member of a group specified in the file |
| .Pa /etc/ftpusers . |
| Entries in this file interpreted as group names are prefixed by an "at" |
| .Ql \&@ |
| sign. |
| .It |
| The user must have a standard shell returned by |
| .Xr getusershell 3 . |
| .It |
| If the user name appears in the file |
| .Pa /etc/ftpchroot , |
| or the user is a member of a group with a group entry in this file, |
| i.e. one prefixed with |
| .Ql \&@ , |
| the session's root will be changed to the user's login directory by |
| .Xr chroot 2 |
| as for an |
| .Dq anonymous |
| or |
| .Dq ftp |
| account (see next item). |
| This facility may also be triggered by enabling the boolean "ftp-chroot" |
| capability in |
| .Xr login.conf 5 . |
| However, the user must still supply a password. |
| This feature is intended as a compromise between a fully anonymous |
| account and a fully privileged account. |
| The account should also be set up as for an anonymous account. |
| .It |
| If the user name is |
| .Dq anonymous |
| or |
| .Dq ftp , |
| an |
| anonymous ftp account must be present in the password |
| file (user |
| .Dq ftp ) . |
| In this case the user is allowed |
| to log in by specifying any password (by convention an email address for |
| the user should be used as the password). |
| When the |
| .Fl S |
| option is set, all transfers are logged as well. |
| .El |
| .Pp |
| In the last case, |
| .Nm |
| takes special measures to restrict the client's access privileges. |
| The server performs a |
| .Xr chroot 2 |
| to the home directory of the |
| .Dq ftp |
| user. |
| In order that system security is not breached, it is recommended |
| that the |
| .Dq ftp |
| subtree be constructed with care, following these rules: |
| .Bl -tag -width "~ftp/pub" -offset indent |
| .It Pa ~ftp |
| Make the home directory owned by |
| .Dq root |
| and unwritable by anyone. |
| .It Pa ~ftp/etc |
| Make this directory owned by |
| .Dq root |
| and unwritable by anyone (mode 555). |
| The files pwd.db (see |
| .Xr passwd 5 ) |
| and |
| .Xr group 5 |
| must be present for the |
| .Xr ls |
| command to be able to produce owner names rather than numbers. |
| The password field in |
| .Xr passwd |
| is not used, and should not contain real passwords. |
| The file |
| .Pa ftpmotd , |
| if present, will be printed after a successful login. |
| These files should be mode 444. |
| .It Pa ~ftp/pub |
| This directory and the subdirectories beneath it should be owned |
| by the users and groups responsible for placing files in them, |
| and be writable only by them (mode 755 or 775). |
| They should |
| .Em not |
| be owned or writable by |
| .Dq ftp |
| or its group, otherwise guest users |
| can fill the drive with unwanted files. |
| .El |
| .Pp |
| If the system has multiple IP addresses, |
| .Nm |
| supports the idea of virtual hosts, which provides the ability to |
| define multiple anonymous ftp areas, each one allocated to a different |
| internet address. |
| The file |
| .Pa /etc/ftphosts |
| contains information pertaining to each of the virtual hosts. |
| Each host is defined on its own line which contains a number of |
| fields separated by whitespace: |
| .Bl -tag -offset indent -width hostname |
| .It hostname |
| Contains the hostname or IP address of the virtual host. |
| .It user |
| Contains a user record in the system password file. |
| As with normal anonymous ftp, this user's access uid, gid and group |
| memberships determine file access to the anonymous ftp area. |
| The anonymous ftp area (to which any user is chrooted on login) |
| is determined by the home directory defined for the account. |
| User id and group for any ftp account may be the same as for the |
| standard ftp user. |
| .It statfile |
| File to which all file transfers are logged, which |
| defaults to |
| .Pa /var/log/ftpd . |
| .It welcome |
| This file is the welcome message displayed before the server ready |
| prompt. |
| It defaults to |
| .Pa /etc/ftpwelcome . |
| .It motd |
| This file is displayed after the user logs in. |
| It defaults to |
| .Pa /etc/ftpmotd . |
| .El |
| .Pp |
| Lines beginning with a '#' are ignored and can be used to include |
| comments. |
| .Pp |
| Defining a virtual host for the primary IP address or hostname |
| changes the default for ftp logins to that address. |
| The 'user', 'statfile', 'welcome' and 'motd' fields may be left |
| blank, or a single hypen '-' used to indicate that the default |
| value is to be used. |
| .Pp |
| As with any anonymous login configuration, due care must be given |
| to setup and maintenance to guard against security related problems. |
| .Pp |
| .Nm |
| has internal support for handling remote requests to list |
| files, and will not execute |
| .Pa /bin/ls |
| in either a chrooted or non-chrooted environment. The |
| .Pa ~/bin/ls |
| executable need not be placed into the chrooted tree, nor need the |
| .Pa ~/bin |
| directory exist. |
| .Sh FILES |
| .Bl -tag -width /etc/ftpwelcome -compact |
| .It Pa /etc/ftpusers |
| List of unwelcome/restricted users. |
| .It Pa /etc/ftpchroot |
| List of normal users who should be chroot'd. |
| .It Pa /etc/ftphosts |
| Virtual hosting configuration file. |
| .It Pa /etc/ftpwelcome |
| Welcome notice. |
| .It Pa /etc/ftpmotd |
| Welcome notice after login. |
| .It Pa /var/run/nologin |
| Displayed and access refused. |
| .It Pa /var/log/ftpd |
| Log file for anonymous transfers. |
| .El |
| .Sh SEE ALSO |
| .Xr ftp 1 , |
| .Xr key 1 , |
| .Xr getusershell 3 , |
| .Xr login.conf 5 , |
| .Xr inetd 8 , |
| .Xr syslogd 8 |
| .Sh BUGS |
| The server must run as the super-user |
| to create sockets with privileged port numbers. It maintains |
| an effective user id of the logged in user, reverting to |
| the super-user only when binding addresses to sockets. The |
| possible security holes have been extensively |
| scrutinized, but are possibly incomplete. |
| .Sh HISTORY |
| The |
| .Nm |
| command appeared in |
| .Bx 4.2 . |
| IPv6 support was added in WIDE Hydrangea IPv6 stack kit. |