xref: /minix3/libexec/ftpd/ftpd.conf.5 (revision 62da011387586b019f85cdc44165baf17b9633da)

.\"	$NetBSD: ftpd.conf.5,v 1.37 2009/04/09 02:25:45 joerg Exp $
.\"
.\" Copyright (c) 1997-2008 The NetBSD Foundation, Inc.
.\" All rights reserved.
.\"
.\" This code is derived from software contributed to The NetBSD Foundation
.\" by Luke Mewburn.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd April 13, 2007
.Dt FTPD.CONF 5
.Os
.Sh NAME
.Nm ftpd.conf
.Nd
.Xr ftpd 8
configuration file
.Sh DESCRIPTION
The
.Nm
file specifies various configuration options for
.Xr ftpd 8
that apply once a user has authenticated their connection.
.Pp
.Nm
consists of a series of lines, each of which may contain a
configuration directive, a comment, or a blank line.
Directives that appear later in the file override settings by previous
directives.
This allows
.Sq wildcard
entries to define defaults, and then have class-specific overrides.
.Pp
A directive line has the format:
.Dl command class [arguments]
.Pp
A
.Dq \e
is the escape character; it can be used to escape the meaning of the
comment character, or if it is the last character on a line, extends
a configuration directive across multiple lines.
A
.Dq #
is the comment character, and all characters from it to the end of
line are ignored (unless it is escaped with the escape character).
.Pp
Each authenticated user is a member of a
.Em class ,
which is determined by
.Xr ftpusers 5 .
.Em class
is used to determine which
.Nm
entries apply to the user.
The following special classes exist when parsing entries in
.Nm :
.Bl -tag -width "chroot" -compact -offset indent
.It Sy all
Matches any class.
.It Sy none
Matches no class.
.El
.Pp
Each class has a type, which may be one of:
.Bl -tag -width "CHROOT" -offset indent
.It Sy GUEST
Guests (as per the
.Dq anonymous
and
.Dq ftp
logins).
A
.Xr chroot 2
is performed after login.
.It Sy CHROOT
.Xr chroot 2 Ns ed
users (as per
.Xr ftpchroot 5 ) .
A
.Xr chroot 2
is performed after login.
.It Sy REAL
Normal users.
.El
.Pp
The
.Xr ftpd 8
.Sy STAT
command will return the class settings for the current user as defined by
.Nm ,
unless the
.Sy private
directive is set for the class.
.Pp
Each configuration line may be one of:
.Bl -tag -width 4n
.It Sy advertize Ar class Op Ar host
Set the address to advertise in the response to the
.Sy PASV
and
.Sy LPSV
commands to the address for
.Ar host
(which may be either a host name or IP address).
This may be useful in some firewall configurations, although many
ftp clients may not work if the address being advertised is different
to the address that they've connected to.
If
.Ar class
is
.Dq none
or
.Ar host
not is specified, disable this.
.It Sy checkportcmd Ar class Op Sy off
Check the
.Sy PORT
command for validity.
The
.Sy PORT
command will fail if the IP address specified does not match the
.Tn FTP
command connection, or if the remote TCP port number is less than
.Dv IPPORT_RESERVED .
It is
.Em strongly
encouraged that this option be used, especially for sites concerned
with potential security problems with
.Tn FTP
bounce attacks.
If
.Ar class
is
.Dq none
or
.Sy off
is specified, disable this feature, otherwise enable it.
.It Sy chroot Ar class Op Sy pathformat
If
.Ar pathformat
is not specified or
.Ar class
is
.Dq none ,
use the default behavior (see below).
Otherwise,
.Ar pathformat
is parsed to create a directory to create as the root directory with
.Xr chroot 2
into upon login.
.Pp
.Ar pathformat
can contain the following escape strings:
.Bl -tag -width "Escape" -offset indent -compact
.It Sy "Escape"
.Sy Description
.It "\&%c"
Class name.
.It "\&%d"
Home directory of user.
.It "\&%u"
User name.
.It "\&%\&%"
A
.Dq \&%
character.
.El
.Pp
The default root directory is:
.Bl -tag -width "CHROOT" -offset indent -compact
.It Sy CHROOT
The user's home directory.
.It Sy GUEST
If
.Fl a Ar anondir
is specified, use
.Ar anondir ,
otherwise the home directory of the
.Sq ftp
user.
.It Sy REAL
By default no
.Xr chroot 2
is performed.
.El
.It Sy classtype Ar class Ar type
Set the class type of
.Ar class
to
.Ar type
(see above).
.It Sy conversion Ar class Ar suffix Op Ar "type disable command"
Define an automatic in-line file conversion.
If a file to retrieve ends in
.Ar suffix ,
and a real file (sans
.Ar suffix )
exists, then the output of
.Ar command
is returned instead of the contents of the file.
.Pp
.Bl -tag -width "disable" -offset indent
.It Ar suffix
The suffix to initiate the conversion.
.It Ar type
A list of valid file types for the conversion.
Valid types are:
.Sq f
(file), and
.Sq d
(directory).
.It Ar disable
The name of file that will prevent conversion if it exists.
A file name of
.Dq Pa \&.
will prevent this disabling action
(i.e., the conversion is always permitted.)
.It Ar command
The command to run for the conversion.
The first word should be the full path name
of the command, as
.Xr execv 3
is used to execute the command.
All instances of the word
.Dq %s
in
.Ar command
are replaced with the requested file (sans
.Ar suffix ) .
.El
.Pp
Conversion directives specified later in the file override earlier
conversions with the same suffix.
.It Sy denyquick Ar class Op Sy off
Enforce
.Xr ftpusers 5
rules after the
.Sy USER
command is received, rather than after the
.Sy PASS
command is received.
Whilst enabling this feature may allow information leakage about
available accounts (for example, if you allow some users of a
.Sy REAL
or
.Sy CHROOT
class but not others), it is useful in preventing a denied user
(such as
.Sq root )
from entering their password across an insecure connection.
This option is
.Em strongly
recommended for servers which run an anonymous-only service.
If
.Ar class
is
.Dq none
or
.Sy off
is specified, disable this feature, otherwise enable it.
.It Sy display Ar class Op Ar file
If
.Ar file
is not specified or
.Ar class
is
.Dq none ,
disable this.
Otherwise, each time the user enters a new directory, check if
.Ar file
exists, and if so, display its contents to the user.
Escape sequences are supported; refer to
.Sx Display file escape sequences
in
.Xr ftpd 8
for more information.
.It Sy hidesymlinks Ar class Op Sy off
If
.Ar class
is
.Dq none
or
.Sy off
is specified, disable this feature.
Otherwise, the
.Sy LIST
command lists symbolic links as the file or directory the link
references
.Pq Dq Li "ls -LlA" .
Servers which run an anonymous service may wish to enable this
feature for
.Sy GUEST
users, so that symbolic links do not leak names in
directories that are not searchable by
.Sy GUEST
users.
.It Sy homedir Ar class Op Sy pathformat
If
.Ar pathformat
is not specified or
.Ar class
is
.Dq none ,
use the default behavior (see below).
Otherwise,
.Ar pathformat
is parsed to create a directory to change into upon login, and to use
as the
.Sq home
directory of the user for tilde expansion in pathnames, etc.
.Ar pathformat
is parsed as per the
.Sy chroot
directive.
.Pp
The default home directory is the home directory of the user for
.Sy REAL
users, and
.Pa /
for
.Sy GUEST
and
.Sy CHROOT
users.
.It Sy limit Ar class Op Ar count Op Ar file
Limit the maximum number of concurrent connections for
.Ar class
to
.Ar count ,
with
.Sq \-1
meaning unlimited connections.
If the limit is exceeded and
.Ar file
is specified, display its contents to the user.
If
.Ar class
is
.Dq none
or
.Ar count
is not specified, disable this.
If
.Ar file
is a relative path, it will be searched for in
.Pa /etc
(which can be overridden with
.Fl c Ar confdir ) .
.It Sy maxfilesize Ar class Op Ar size
Set the maximum size of an uploaded file to
.Ar size ,
with
.Sq \-1
meaning unlimited connections.
If
.Ar class
is
.Dq none
or
.Ar size
is not specified, disable this.
.It Sy maxtimeout Ar class Op Ar time
Set the maximum timeout period that a client may request,
defaulting to two hours.
This cannot be less than 30 seconds, or the value for
.Sy timeout .
If
.Ar class
is
.Dq none
or
.Ar time
is not specified, use the default.
.It Sy mmapsize Ar class Op Ar size
Set the size of the sliding window to map a file using
.Xr mmap 2 .
If zero,
.Xr ftpd 8
will use
.Xr read 2
instead.
The default is zero.
This option affects only binary transfers.
If
.Ar class
is
.Dq none
or
.Ar size
is not specified, use the default.
.It Sy modify Ar class Op Sy off
If
.Ar class
is
.Dq none
or
.Sy off
is specified, disable the following commands:
.Sy CHMOD ,
.Sy DELE ,
.Sy MKD ,
.Sy RMD ,
.Sy RNFR ,
and
.Sy UMASK .
Otherwise, enable them.
.It Sy motd Ar class Op Ar file
If
.Ar file
is not specified or
.Ar class
is
.Dq none ,
disable this.
Otherwise, use
.Ar file
as the message of the day file to display after login.
Escape sequences are supported; refer to
.Sx Display file escape sequences
in
.Xr ftpd 8
for more information.
If
.Ar file
is a relative path, it will be searched for in
.Pa /etc
(which can be overridden with
.Fl c Ar confdir ) .
.It Sy notify Ar class Op Ar fileglob
If
.Ar fileglob
is not specified or
.Ar class
is
.Dq none ,
disable this.
Otherwise, each time the user enters a new directory,
notify the user of any files matching
.Ar fileglob .
.It Sy passive Ar class Op Sy off
If
.Ar class
is
.Dq none
or
.Sy off
is specified, prevent passive
.Sy ( PASV ,
.Sy LPSV ,
and
.Sy EPSV )
connections.
Otherwise, enable them.
.It Sy portrange Ar class Op Ar min Ar max
Set the range of port number which will be used for the passive data port.
.Ar max
must be greater than
.Ar min ,
and both numbers must be be between
.Dv IPPORT_RESERVED
(1024) and 65535.
If
.Ar class
is
.Dq none
or no arguments are specified, disable this.
.It Sy private Ar class Op Sy off
If
.Ar class
is
.Dq none
or
.Sy off
is specified, do not display class information in the output of the
.Sy STAT
command.
Otherwise, display the information.
.It Sy rateget Ar class Op Ar rate
Set the maximum get
.Pq Sy RETR
transfer rate throttle for
.Ar class
to
.Ar rate
bytes per second.
If
.Ar rate
is 0, the throttle is disabled.
If
.Ar class
is
.Dq none
or
.Ar rate
is not specified, disable this.
.It Sy rateput Ar class Op Ar rate
Set the maximum put
.Pq Sy STOR
transfer rate throttle for
.Ar class
to
.Ar rate
bytes per second.
If
.Ar rate
is 0, the throttle is disabled.
If
.Ar class
is
.Dq none
or
.Ar rate
is not specified, disable this.
.It Sy readsize Ar class Op Ar size
Set the size of the read buffer to
.Xr read 2
a file.
The default is the file system block size.
This option affects only binary transfers.
If
.Ar class
is
.Dq none
or
.Ar size
is not specified, use the default.
.It Sy recvbufsize Ar class Op Ar size
Set the size of the socket receive buffer.
The default is zero and the system default value will be used.
This option affects only passive transfers.
If
.Ar class
is
.Dq none
or
.Ar size
is not specified, use the default.
.It Sy sanenames Ar class Op Sy off
If
.Ar class
is
.Dq none
or
.Sy off
is specified, allow uploaded file names to contain any characters valid for a
file name.
Otherwise, only permit file names which don't start with a
.Sq \&.
and only comprise of characters from the set
.Dq [-+,._A-Za-z0-9] .
.It Sy sendbufsize Ar class Op Ar size
Set the size of the socket send buffer.
The default is zero and the system default value will be used.
This option affects only binary transfers.
If
.Ar class
is
.Dq none
or
.Ar size
is not specified, use the default.
.It Sy sendlowat Ar class Op Ar size
Set the low water mark of socket send buffer.
The default is zero and system default value will be used.
This option affects only for binary transfer.
If
.Ar class
is
.Dq none
or
.Ar size
is not specified, use the default.
.It Sy template Ar class Op Ar refclass
Define
.Ar refclass
as the
.Sq template
for
.Ar class ;
any reference to
.Ar refclass
in following directives will also apply to members of
.Ar class .
This is useful to define a template class so that other classes which are
to share common attributes can be easily defined without unnecessary
duplication.
There can be only one template defined at a time.
If
.Ar refclass
is not specified, disable the template for
.Ar class .
.It Sy timeout Ar class Op Ar time
Set the inactivity timeout period.
(the default is fifteen minutes).
This cannot be less than 30 seconds, or greater than the value for
.Sy maxtimeout .
If
.Ar class
is
.Dq none
or
.Ar time
is not specified, use the default.
.It Sy umask Ar class Op Ar umaskval
Set the umask to
.Ar umaskval .
If
.Ar class
is
.Dq none
or
.Ar umaskval
is not specified, set to the default of
.Li 027 .
.It Sy upload Ar class Op Sy off
If
.Ar class
is
.Dq none
or
.Sy off
is specified, disable the following commands:
.Sy APPE ,
.Sy STOR ,
and
.Sy STOU ,
as well as the modify commands:
.Sy CHMOD ,
.Sy DELE ,
.Sy MKD ,
.Sy RMD ,
.Sy RNFR ,
and
.Sy UMASK .
Otherwise, enable them.
.It Sy writesize Ar class Op Ar size
Limit the number of bytes to
.Xr write 2
at a time.
The default is zero, which means all the data available as a result of
.Xr mmap 2
or
.Xr read 2
will be written at a time.
This option affects only binary transfers.
If
.Ar class
is
.Dq none
or
.Ar size
is not specified, use the default.
.El
.Ss Numeric argument suffix parsing
Where command arguments are numeric, a decimal number is expected.
Two or more numbers may be separated by an
.Dq x
to indicate a product.
Each number may have one of the following optional suffixes:
.Bl -tag -width 3n -offset indent -compact
.It b
Block; multiply by 512
.It k
Kibi; multiply by 1024 (1 KiB)
.It m
Mebi; multiply by 1048576 (1 MiB)
.It g
Gibi; multiply by 1073741824 (1 GiB)
.It t
Tebi; multiply by 1099511627776 (1 TiB)
.It w
Word; multiply by the number of bytes in an integer
.El
.Pp
See
.Xr strsuftoll 3
for more information.
.Sh DEFAULTS
The following defaults are used:
.Pp
.Bd -literal -offset indent -compact
checkportcmd  all
classtype     chroot CHROOT
classtype     guest  GUEST
classtype     real   REAL
display       none
limit         all    \-1     # unlimited connections
maxtimeout    all    7200   # 2 hours
modify        all
motd          all    motd
notify        none
passive       all
timeout       all    900    # 15 minutes
umask         all    027
upload        all
modify        guest  off
umask         guest  0707
.Ed
.Sh FILES
.Bl -tag -width /usr/share/examples/ftpd/ftpd.conf -compact
.It Pa /etc/ftpd.conf
This file.
.It Pa /usr/share/examples/ftpd/ftpd.conf
A sample
.Nm
file.
.El
.Sh SEE ALSO
.Xr strsuftoll 3 ,
.Xr ftpchroot 5 ,
.Xr ftpusers 5 ,
.Xr ftpd 8
.Sh HISTORY
The
.Nm
functionality was implemented in
.Nx 1.3
and later releases by Luke Mewburn, based on work by Simon Burge.