1.\" Copyright (c) 1985, 1988, 1991 The Regents of the University of California. 2.\" All rights reserved. 3.\" 4.\" %sccs.include.redist.man% 5.\" 6.\" @(#)ftpd.8 6.10 (Berkeley) 06/22/92 7.\" 8.Dd 9.Dt FTPD 8 10.Os BSD 4.2 11.Sh NAME 12.Nm ftpd 13.Nd 14.Tn DARPA 15Internet File Transfer Protocol server 16.Sh SYNOPSIS 17.Nm ftpd 18.Op Fl dl 19.Op Fl t Ar timeout 20.Op Fl T Ar maxtimeout 21.Sh DESCRIPTION 22.Nm Ftpd 23is the 24.Tn DARPA 25Internet File Transfer Protocol 26server process. The server uses the 27.Tn TCP 28protocol 29and listens at the port specified in the 30.Dq ftp 31service specification; see 32.Xr services 5 . 33.Pp 34Available options: 35.Bl -tag -width Ds 36.It Fl d 37Debugging information is written to the syslog. 38.It Fl l 39Each 40.Xr ftp 1 41session is logged in the syslog. 42.It Fl t 43The inactivity timeout period is set to 44.Ar timeout 45seconds (the default is 15 minutes). 46.It Fl T 47A client may also request a different timeout period; 48the maximum period allowed may be set to 49.Ar timeout 50seconds with the 51.Fl T 52option. 53The default limit is 2 hours. 54.El 55.Pp 56The ftp server currently supports the following ftp 57requests; case is not distinguished. 58.Bl -column "Request" -offset indent 59.It Request Ta "Description" 60.It ABOR Ta "abort previous command" 61.It ACCT Ta "specify account (ignored)" 62.It ALLO Ta "allocate storage (vacuously)" 63.It APPE Ta "append to a file" 64.It CDUP Ta "change to parent of current working directory" 65.It CWD Ta "change working directory" 66.It DELE Ta "delete a file" 67.It HELP Ta "give help information" 68.It LIST Ta "give list files in a directory" Pq Dq Li "ls -lgA" 69.It MKD Ta "make a directory" 70.It MDTM Ta "show last modification time of file" 71.It MODE Ta "specify data transfer" Em mode 72.It NLST Ta "give name list of files in directory" 73.It NOOP Ta "do nothing" 74.It PASS Ta "specify password" 75.It PASV Ta "prepare for server-to-server transfer" 76.It PORT Ta "specify data connection port" 77.It PWD Ta "print the current working directory" 78.It QUIT Ta "terminate session" 79.It REST Ta "restart incomplete transfer" 80.It RETR Ta "retrieve a file" 81.It RMD Ta "remove a directory" 82.It RNFR Ta "specify rename-from file name" 83.It RNTO Ta "specify rename-to file name" 84.It SITE Ta "non-standard commands (see next section)" 85.It SIZE Ta "return size of file" 86.It STAT Ta "return status of server" 87.It STOR Ta "store a file" 88.It STOU Ta "store a file with a unique name" 89.It STRU Ta "specify data transfer" Em structure 90.It SYST Ta "show operating system type of server system" 91.It TYPE Ta "specify data transfer" Em type 92.It USER Ta "specify user name" 93.It XCUP Ta "change to parent of current working directory (deprecated)" 94.It XCWD Ta "change working directory (deprecated)" 95.It XMKD Ta "make a directory (deprecated)" 96.It XPWD Ta "print the current working directory (deprecated)" 97.It XRMD Ta "remove a directory (deprecated)" 98.El 99.Pp 100The following non-standard or 101.Tn UNIX 102specific commands are supported 103by the 104SITE request. 105.Pp 106.Bl -column Request -offset indent 107.It Sy Request Ta Sy Description 108.It UMASK Ta change umask. Em E.g. SITE UMASK 002 109.It IDLE Ta set idle-timer. Em E.g. SITE IDLE 60 110.It CHMOD Ta change mode of a file. Em E.g. 111SITE CHMOD 755 filename 112.It HELP Ta give help information. Em E.g. SITE HELP 113.El 114.Pp 115The remaining ftp requests specified in Internet 116.%T "RFC 959" 117are 118recognized, but not implemented. 119MDTM and SIZE are not specified in 120.%T "RFC 959" , 121but will appear in the next updated FTP RFC. 122.Pp 123The ftp server will abort an active file transfer only when the 124ABOR 125command is preceded by a Telnet "Interrupt Process" (IP) 126signal and a Telnet "Synch" signal in the command Telnet stream, 127as described in Internet 128.%T "RFC 959" . 129If a 130STAT 131command is received during a data transfer, preceded by a Telnet IP 132and Synch, transfer status will be returned. 133.Pp 134.Nm Ftpd 135interprets file names according to the 136.Dq globbing 137conventions used by 138.Xr csh 1 . 139This allows users to utilize the metacharacters 140.Dq Li \&*?[]{}~ . 141.Pp 142.Nm Ftpd 143authenticates users according to three rules. 144.Pp 145.Bl -enum -offset indent 146.It 147The user name must be in the password data base, 148.Pa /etc/passwd , 149and not have a null password. In this case a password 150must be provided by the client before any file operations 151may be performed. 152.It 153The user name must not appear in the file 154.Pa /etc/ftpusers . 155.It 156The user must have a standard shell returned by 157.Xr getusershell 3 . 158.It 159If the user name is 160.Dq anonymous 161or 162.Dq ftp , 163an 164anonymous ftp account must be present in the password 165file (user 166.Dq ftp ) . 167In this case the user is allowed 168to log in by specifying any password (by convention this 169is given as the client host's name). 170.El 171.Pp 172In the last case, 173.Nm ftpd 174takes special measures to restrict the client's access privileges. 175The server performs a 176.Xr chroot 2 177command to the home directory of the 178.Dq ftp 179user. 180In order that system security is not breached, it is recommended 181that the 182.Dq ftp 183subtree be constructed with care, following these rules: 184.Bl -tag -width "~ftp/pub" -offset indent 185.It Pa ~ftp 186Make the home directory owned by 187.Dq root 188and unwritable by anyone. 189.It Pa ~ftp/bin 190Make this directory owned by 191.Dq root 192and unwritable by anyone. 193The program 194.Xr ls 1 195must be present to support the list command. 196This program should be mode 111. 197.It Pa ~ftp/etc 198Make this directory owned by 199.Dq root 200and unwritable by anyone. 201The files 202.Xr passwd 5 203and 204.Xr group 5 205must be present for the 206.Xr ls 207command to be able to produce owner names rather than numbers. 208The password field in 209.Xr passwd 210is not used, and should not contain real passwords. 211These files should be mode 444. 212.It Pa ~ftp/pub 213Make this directory mode 777 and owned by 214.Dq ftp . 215Guests 216can then place files which are to be accessible via the anonymous 217account in this directory. 218.El 219.Sh SEE ALSO 220.Xr ftp 1 , 221.Xr getusershell 3 , 222.Xr syslogd 8 223.Sh BUGS 224The server must run as the super-user 225to create sockets with privileged port numbers. It maintains 226an effective user id of the logged in user, reverting to 227the super-user only when binding addresses to sockets. The 228possible security holes have been extensively 229scrutinized, but are possibly incomplete. 230.Sh HISTORY 231The 232.Nm 233command appeared in 234.Bx 4.2 . 235