1.\" $NetBSD: ftpd.8,v 1.87 2018/04/28 13:38:00 riastradh Exp $ 2.\" 3.\" Copyright (c) 1997-2008 The NetBSD Foundation, Inc. 4.\" All rights reserved. 5.\" 6.\" This code is derived from software contributed to The NetBSD Foundation 7.\" by Luke Mewburn. 8.\" 9.\" Redistribution and use in source and binary forms, with or without 10.\" modification, are permitted provided that the following conditions 11.\" are met: 12.\" 1. Redistributions of source code must retain the above copyright 13.\" notice, this list of conditions and the following disclaimer. 14.\" 2. Redistributions in binary form must reproduce the above copyright 15.\" notice, this list of conditions and the following disclaimer in the 16.\" documentation and/or other materials provided with the distribution. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 19.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 20.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 21.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 22.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 23.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 24.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 26.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 27.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 28.\" POSSIBILITY OF SUCH DAMAGE. 29.\" 30.\" Copyright (c) 1985, 1988, 1991, 1993 31.\" The Regents of the University of California. All rights reserved. 32.\" 33.\" Redistribution and use in source and binary forms, with or without 34.\" modification, are permitted provided that the following conditions 35.\" are met: 36.\" 1. Redistributions of source code must retain the above copyright 37.\" notice, this list of conditions and the following disclaimer. 38.\" 2. Redistributions in binary form must reproduce the above copyright 39.\" notice, this list of conditions and the following disclaimer in the 40.\" documentation and/or other materials provided with the distribution. 41.\" 3. Neither the name of the University nor the names of its contributors 42.\" may be used to endorse or promote products derived from this software 43.\" without specific prior written permission. 44.\" 45.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 46.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 47.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 48.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 49.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 50.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 51.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 52.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 53.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 54.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 55.\" SUCH DAMAGE. 56.\" 57.\" @(#)ftpd.8 8.2 (Berkeley) 4/19/94 58.\" 59.Dd May 1, 2009 60.Dt FTPD 8 61.Os 62.Sh NAME 63.Nm ftpd 64.Nd 65Internet File Transfer Protocol server 66.Sh SYNOPSIS 67.Nm 68.Op Fl 46DdfHlnQqrsUuWwX 69.Op Fl a Ar anondir 70.Op Fl C Ar user Ns Op @ Ns Ar host 71.Op Fl c Ar confdir 72.Op Fl e Ar emailaddr 73.Op Fl h Ar hostname 74.Op Fl L Ar xferlogfile 75.Op Fl P Ar dataport 76.Op Fl V Ar version 77.Sh DESCRIPTION 78.Nm 79is the Internet File Transfer Protocol server process. 80The server uses the 81.Tn TCP 82protocol and listens at the port specified in the 83.Dq ftp 84service specification; see 85.Xr services 5 . 86.Pp 87Available options: 88.Bl -tag -width Ds 89.It Fl 4 90When 91.Fl D 92is specified, bind to IPv4 addresses only. 93.It Fl 6 94When 95.Fl D 96is specified, bind to IPv6 addresses only. 97.It Fl a Ar anondir 98Define 99.Ar anondir 100as the directory to 101.Xr chroot 2 102into for anonymous logins. 103Default is the home directory for the ftp user. 104This can also be specified with the 105.Xr ftpd.conf 5 106.Sy chroot 107directive. 108.It Fl C Ar user Ns Op @ Ns Ar host 109Check whether 110.Ar user 111.Po 112as if connecting from 113.Ar host , 114if provided 115.Pc 116would be granted access under 117the restrictions given in 118.Xr ftpusers 5 , 119and exit without attempting a connection. 120.Nm 121exits with an exit code of 0 if access would be granted, or 1 otherwise. 122This can be useful for testing configurations. 123.It Fl c Ar confdir 124Change the root directory of the configuration files from 125.Dq Pa /etc 126to 127.Ar confdir . 128This changes the directory for the following files: 129.Pa /etc/ftpchroot , 130.Pa /etc/ftpusers , 131.Pa /etc/ftpwelcome , 132.Pa /etc/motd , 133and the file specified by the 134.Xr ftpd.conf 5 135.Sy limit 136directive. 137.It Fl D 138Run as daemon. 139.Nm 140will listen on the default FTP port for incoming connections 141and fork a child for each connection. 142This is lower overhead than starting 143.Nm 144from 145.Xr inetd 8 146and thus might be useful on busy servers to reduce load. 147.It Fl d 148Debugging information is written to the syslog using a facility of 149.Dv LOG_FTP . 150.It Fl e Ar emailaddr 151Use 152.Ar emailaddr 153for the 154.Dq "\&%E" 155escape sequence (see 156.Sx Display file escape sequences ) 157.It Fl f 158Stops the 159.Fl D 160flag from detaching from the tty and going into the background. 161.It Fl H 162Equivalent to 163.Do 164-h 165`hostname` 166.Dc . 167.It Fl h Ar hostname 168Explicitly set the hostname to advertise as to 169.Ar hostname . 170The default is the hostname associated with the IP address that 171.Nm 172is listening on. 173This ability (with or without 174.Fl h ) , 175in conjunction with 176.Fl c Ar confdir , 177is useful when configuring 178.Sq virtual 179.Tn FTP 180servers, each listening on separate addresses as separate names. 181Refer to 182.Xr inetd.conf 5 183for more information on starting services to listen on specific IP addresses. 184.It Fl L Ar xferlogfile 185Log 186.Tn wu-ftpd 187style 188.Sq xferlog 189entries to 190.Ar xferlogfile . 191.It Fl l 192Each successful and failed 193.Tn FTP 194session is logged using syslog with a facility of 195.Dv LOG_FTP . 196If this option is specified more than once, the retrieve (get), store (put), 197append, delete, make directory, remove directory and rename operations and 198their file name arguments are also logged. 199.It Fl n 200Don't attempt translation of IP addresses to hostnames. 201.It Fl P Ar dataport 202Use 203.Ar dataport 204as the data port, overriding the default of using the port one less 205that the port 206.Nm 207is listening on. 208.It Fl Q 209Disable the use of pid files for keeping track of the number of logged-in 210users per class. 211This may reduce the load on heavily loaded 212.Tn FTP 213servers. 214.It Fl q 215Enable the use of pid files for keeping track of the number of logged-in 216users per class. 217This is the default. 218.It Fl r 219Permanently drop root privileges once the user is logged in. 220The use of this option may result in the server using a port other 221than the (listening-port - 1) for 222.Sy PORT 223style commands, which is contrary to the 224.Cm RFC 959 225specification, but in practice very few clients rely upon this behaviour. 226See 227.Sx SECURITY CONSIDERATIONS 228below for more details. 229.It Fl s 230Require a secure authentication mechanism like Kerberos or S/Key to be used. 231.It Fl U 232Don't log each concurrent 233.Tn FTP 234session to 235.Pa /var/run/utmp . 236This is the default. 237.It Fl u 238Log each concurrent 239.Tn FTP 240session to 241.Pa /var/run/utmp , 242making them visible to commands such as 243.Xr who 1 . 244.It Fl V Ar version 245Use 246.Ar version 247as the version to advertise in the login banner and in the output of 248.Sy STAT 249and 250.Sy SYST 251instead of the default version information. 252If 253.Ar version 254is empty or 255.Sq - 256then don't display any version information. 257.It Fl W 258Don't log each 259.Tn FTP 260session to 261.Pa /var/log/wtmp . 262.It Fl w 263Log each 264.Tn FTP 265session to 266.Pa /var/log/wtmp , 267making them visible to commands such as 268.Xr last 1 . 269This is the default. 270.It Fl X 271Log 272.Tn wu-ftpd 273style 274.Sq xferlog 275entries to the syslog, prefixed with 276.Dq "xferlog:\ " , 277using a facility of 278.Dv LOG_FTP . 279These syslog entries can be converted to a 280.Tn wu-ftpd 281style 282.Pa xferlog 283file suitable for input into a third-party log analysis tool with a command 284similar to: 285.Dl "sed -ne 's/^.*xferlog: //p' /var/log/xferlog > wuxferlog" 286.El 287.Pp 288The file 289.Pa /etc/nologin 290can be used to disable 291.Tn FTP 292access. 293If the file exists, 294.Nm 295displays it and exits. 296If the file 297.Pa /etc/ftpwelcome 298exists, 299.Nm 300prints it before issuing the 301.Dq ready 302message. 303If the file 304.Pa /etc/motd 305exists (under the chroot directory if applicable), 306.Nm 307prints it after a successful login. 308This may be changed with the 309.Xr ftpd.conf 5 310directive 311.Sy motd . 312.Pp 313The 314.Nm 315server currently supports the following 316.Tn FTP 317requests. 318The case of the requests is ignored. 319.Bl -column "Request" "Description" -offset indent 320.It Sy Request Ta Sy Description 321.It ABOR Ta "abort previous command" 322.It ACCT Ta "specify account (ignored)" 323.It ALLO Ta "allocate storage (vacuously)" 324.It APPE Ta "append to a file" 325.It CDUP Ta "change to parent of current working directory" 326.It CWD Ta "change working directory" 327.It DELE Ta "delete a file" 328.It EPSV Ta "prepare for server-to-server transfer" 329.It EPRT Ta "specify data connection port" 330.It FEAT Ta "list extra features that are not defined in" Cm "RFC 959" 331.It HELP Ta "give help information" 332.It LIST Ta "give list files in a directory" Pq Dq Li "ls -lA" 333.It LPSV Ta "prepare for server-to-server transfer" 334.It LPRT Ta "specify data connection port" 335.It MLSD Ta "list contents of directory in a machine-processable form" 336.It MLST Ta "show a pathname in a machine-processable form" 337.It MKD Ta "make a directory" 338.It MDTM Ta "show last modification time of file" 339.It MODE Ta "specify data transfer" Em mode 340.It NLST Ta "give name list of files in directory" 341.It NOOP Ta "do nothing" 342.It OPTS Ta "define persistent options for a given command" 343.It PASS Ta "specify password" 344.It PASV Ta "prepare for server-to-server transfer" 345.It PORT Ta "specify data connection port" 346.It PWD Ta "print the current working directory" 347.It QUIT Ta "terminate session" 348.It REST Ta "restart incomplete transfer" 349.It RETR Ta "retrieve a file" 350.It RMD Ta "remove a directory" 351.It RNFR Ta "specify rename-from file name" 352.It RNTO Ta "specify rename-to file name" 353.It SITE Ta "non-standard commands (see next section)" 354.It SIZE Ta "return size of file" 355.It STAT Ta "return status of server" 356.It STOR Ta "store a file" 357.It STOU Ta "store a file with a unique name" 358.It STRU Ta "specify data transfer" Em structure 359.It SYST Ta "show operating system type of server system" 360.It TYPE Ta "specify data transfer" Em type 361.It USER Ta "specify user name" 362.It XCUP Ta "change to parent of current working directory (deprecated)" 363.It XCWD Ta "change working directory (deprecated)" 364.It XMKD Ta "make a directory (deprecated)" 365.It XPWD Ta "print the current working directory (deprecated)" 366.It XRMD Ta "remove a directory (deprecated)" 367.El 368.Pp 369The following non-standard or 370.Ux 371specific commands are supported by the SITE request. 372.Pp 373.Bl -column Request Description -offset indent 374.It Sy Request Ta Sy Description 375.It CHMOD Ta "change mode of a file, e.g. ``SITE CHMOD 755 filename''" 376.It HELP Ta "give help information." 377.It IDLE Ta "set idle-timer, e.g. ``SITE IDLE 60''" 378.It RATEGET Ta "set maximum get rate throttle in bytes/second, e.g. ``SITE RATEGET 5k''" 379.It RATEPUT Ta "set maximum put rate throttle in bytes/second, e.g. ``SITE RATEPUT 5k''" 380.It UMASK Ta "change umask, e.g. ``SITE UMASK 002''" 381.El 382.Pp 383The following 384.Tn FTP 385requests (as specified in 386.Cm RFC 959 387and 388.Cm RFC 2228 ) 389are recognized, but are not implemented: 390.Sy ACCT , 391.Sy ADAT , 392.Sy AUTH , 393.Sy CCC , 394.Sy CONF , 395.Sy ENC , 396.Sy MIC , 397.Sy PBSZ , 398.Sy PROT , 399.Sy REIN , 400and 401.Sy SMNT . 402.Pp 403The 404.Nm 405server will abort an active file transfer only when the 406.Sy ABOR 407command is preceded by a Telnet "Interrupt Process" (IP) 408signal and a Telnet "Synch" signal in the command Telnet stream, 409as described in Internet 410.Cm RFC 959 . 411If a 412.Sy STAT 413command is received during a data transfer, preceded by a Telnet IP 414and Synch, transfer status will be returned. 415.Pp 416.Nm 417interprets file names according to the 418.Dq globbing 419conventions used by 420.Xr csh 1 . 421This allows users to use the metacharacters 422.Dq Li \&*?[]{}~ . 423.Ss User authentication 424.Nm 425authenticates users according to five rules. 426.Pp 427.Bl -enum -offset indent 428.It 429The login name must be in the password data base, 430.Xr passwd 5 , 431and not have a null password. 432In this case a password must be provided by the client before any 433file operations may be performed. 434If the user has an S/Key key, the response from a successful 435.Sy USER 436command will include an S/Key challenge. 437The client may choose to respond with a 438.Sy PASS 439command giving either 440a standard password or an S/Key one-time password. 441The server will automatically determine which type of password it 442has been given and attempt to authenticate accordingly. 443See 444.Xr skey 1 445for more information on S/Key authentication. 446S/Key is a Trademark of Bellcore. 447.It 448The login name must be allowed based on the information in 449.Xr ftpusers 5 . 450.It 451The user must have a standard shell returned by 452.Xr getusershell 3 . 453If the user's shell field in the password database is empty, the 454shell is assumed to be 455.Pa /bin/sh . 456As per 457.Xr shells 5 , 458the user's shell must be listed with full path in 459.Pa /etc/shells . 460.It 461If directed by the file 462.Xr ftpchroot 5 463the session's root directory will be changed by 464.Xr chroot 2 465to the directory specified in the 466.Xr ftpd.conf 5 467.Sy chroot 468directive (if set), 469or to the home directory of the user. 470This facility may also be triggered by enabling the boolean 471.Sy ftp-chroot 472in 473.Xr login.conf 5 . 474However, the user must still supply a password. 475This feature is intended as a compromise between a fully anonymous account 476and a fully privileged account. 477The account should also be set up as for an anonymous account. 478.It 479If the user name is 480.Dq anonymous 481or 482.Dq ftp , 483an 484anonymous 485.Tn FTP 486account must be present in the password 487file (user 488.Dq ftp ) . 489In this case the user is allowed 490to log in by specifying any password (by convention an email address for 491the user should be used as the password). 492.Pp 493The server performs a 494.Xr chroot 2 495to the directory specified in the 496.Xr ftpd.conf 5 497.Sy chroot 498directive (if set), 499the 500.Fl a Ar anondir 501directory (if set), 502or to the home directory of the 503.Dq ftp 504user. 505.Pp 506The server then performs a 507.Xr chdir 2 508to the directory specified in the 509.Xr ftpd.conf 5 510.Sy homedir 511directive (if set), otherwise to 512.Pa / . 513.Pp 514If other restrictions are required (such as disabling of certain 515commands and the setting of a specific umask), then appropriate 516entries in 517.Xr ftpd.conf 5 518are required. 519.Pp 520If the first character of the password supplied by an anonymous user 521is 522.Dq - , 523then the verbose messages displayed at login and upon a 524.Sy CWD 525command are suppressed. 526.El 527.Ss Display file escape sequences 528When 529.Nm 530displays various files back to the client (such as 531.Pa /etc/ftpwelcome 532and 533.Pa /etc/motd ) , 534various escape strings are replaced with information pertinent 535to the current connection. 536.Pp 537The supported escape strings are: 538.Bl -tag -width "Escape" -offset indent -compact 539.It Sy "Escape" 540.Sy Description 541.It "\&%c" 542Class name. 543.It "\&%C" 544Current working directory. 545.It "\&%E" 546Email address given with 547.Fl e . 548.It "\&%L" 549Local hostname. 550.It "\&%M" 551Maximum number of users for this class. 552Displays 553.Dq unlimited 554if there's no limit. 555.It "\&%N" 556Current number of users for this class. 557.It "\&%R" 558Remote hostname. 559.It "\&%s" 560If the result of the most recent 561.Dq "\&%M" 562or 563.Dq "\&%N" 564was not 565.Dq Li 1 , 566print an 567.Dq s . 568.It "\&%S" 569If the result of the most recent 570.Dq "\&%M" 571or 572.Dq "\&%N" 573was not 574.Dq Li 1 , 575print an 576.Dq S . 577.It "\&%T" 578Current time. 579.It "\&%U" 580User name. 581.It "\&%\&%" 582A 583.Dq \&% 584character. 585.El 586.Ss Setting up a restricted ftp subtree 587In order that system security is not breached, it is recommended 588that the 589subtrees for the 590.Dq ftp 591and 592.Dq chroot 593accounts be constructed with care, following these rules 594(replace 595.Dq ftp 596in the following directory names 597with the appropriate account name for 598.Sq chroot 599users): 600.Bl -tag -width "~ftp/incoming" -offset indent 601.It Pa ~ftp 602Make the home directory owned by 603.Dq root 604and unwritable by anyone. 605.It Pa ~ftp/bin 606Make this directory owned by 607.Dq root 608and unwritable by anyone (mode 555). 609Generally any conversion commands should be installed 610here (mode 111). 611.It Pa ~ftp/etc 612Make this directory owned by 613.Dq root 614and unwritable by anyone (mode 555). 615The files 616.Pa pwd.db 617(see 618.Xr passwd 5 ) 619and 620.Pa group 621(see 622.Xr group 5 ) 623must be present for the 624.Sy LIST 625command to be able to display owner and group names instead of numbers. 626The password field in 627.Xr passwd 5 628is not used, and should not contain real passwords. 629The file 630.Pa motd , 631if present, will be printed after a successful login. 632These files should be mode 444. 633.It Pa ~ftp/pub 634This directory and the subdirectories beneath it should be owned 635by the users and groups responsible for placing files in them, 636and be writable only by them (mode 755 or 775). 637They should 638.Em not 639be owned or writable by ftp or its group. 640.It Pa ~ftp/incoming 641This directory is where anonymous users place files they upload. 642The owners should be the user 643.Dq ftp 644and an appropriate group. 645Members of this group will be the only users with access to these 646files after they have been uploaded; these should be people who 647know how to deal with them appropriately. 648If you wish anonymous 649.Tn FTP 650users to be able to see the names of the 651files in this directory the permissions should be 770, otherwise 652they should be 370. 653.Pp 654The following 655.Xr ftpd.conf 5 656directives should be used: 657.Dl "modify guest off" 658.Dl "umask guest 0707" 659.Dl "upload guest on" 660.Pp 661This will result in anonymous users being able to upload files to this 662directory, but they will not be able to download them, delete them, or 663overwrite them, due to the umask and disabling of the commands mentioned 664above. 665.It Pa ~ftp/tmp 666This directory is used to create temporary files which contain 667the error messages generated by a conversion or 668.Sy LIST 669command. 670The owner should be the user 671.Dq ftp . 672The permissions should be 300. 673.Pp 674If you don't enable conversion commands, or don't want anonymous users 675uploading files here (see 676.Pa ~ftp/incoming 677above), then don't create this directory. 678However, error messages from conversion or 679.Sy LIST 680commands won't be returned to the user. 681(This is the traditional behaviour.) 682Note that the 683.Xr ftpd.conf 5 684directive 685.Sy upload 686can be used to prevent users uploading here. 687.El 688.Pp 689To set up "ftp-only" accounts that provide only 690.Tn FTP , 691but no valid shell 692login, you can copy/link 693.Pa /sbin/nologin 694to 695.Pa /sbin/ftplogin , 696and enter 697.Pa /sbin/ftplogin 698to 699.Pa /etc/shells 700to allow logging-in via 701.Tn FTP 702into the accounts, which must have 703.Pa /sbin/ftplogin 704as login shell. 705.Sh FILES 706.Bl -tag -width /etc/ftpwelcome -compact 707.It Pa /etc/ftpchroot 708List of normal users whose root directory should be changed via 709.Xr chroot 2 . 710.It Pa /etc/ftpd.conf 711Configure file conversions and other settings. 712.It Pa /etc/ftpusers 713List of unwelcome/restricted users. 714.It Pa /etc/ftpwelcome 715Welcome notice before login. 716.It Pa /etc/motd 717Welcome notice after login. 718.It Pa /etc/nologin 719If it exists, displayed and access is refused. 720.It Pa /var/run/ftpd.pids-CLASS 721State file of logged-in processes for the 722.Nm 723class 724.Sq CLASS . 725.It Pa /var/run/utmp 726List of logged-in users on the system. 727.It Pa /var/log/wtmp 728Login history database. 729.El 730.Sh SEE ALSO 731.Xr ftp 1 , 732.Xr skey 1 , 733.Xr who 1 , 734.Xr getusershell 3 , 735.Xr ftpchroot 5 , 736.Xr ftpd.conf 5 , 737.Xr ftpusers 5 , 738.Xr login.conf 5 , 739.Xr syslogd 8 740.Sh STANDARDS 741.Nm 742recognizes all commands in 743.Cm RFC 959 , 744follows the guidelines in 745.Cm RFC 1123 , 746recognizes all commands in 747.Cm RFC 2228 748(although they are not supported yet), 749and supports the extensions from 750.Cm RFC 2389 , 751.Cm RFC 2428 , 752and 753.Cm RFC 3659 . 754.Sh HISTORY 755The 756.Nm 757command appeared in 758.Bx 4.2 . 759.Pp 760Various features such as the 761.Xr ftpd.conf 5 762functionality, 763.Cm RFC 2389 , 764and 765.Cm RFC 3659 766support was implemented in 767.Nx 1.3 768and later releases by Luke Mewburn. 769.Sh BUGS 770The server must run as the super-user to create sockets with 771privileged port numbers (i.e, those less than 772.Dv IPPORT_RESERVED , 773which is 1024). 774If 775.Nm 776is listening on a privileged port 777it maintains an effective user id of the logged in user, reverting 778to the super-user only when binding addresses to privileged sockets. 779The 780.Fl r 781option can be used to override this behaviour and force privileges to 782be permanently revoked; see 783.Sx SECURITY CONSIDERATIONS 784below for more details. 785.Pp 786.Nm 787may have trouble handling connections from scoped IPv6 addresses, or 788IPv4 mapped addresses 789.Po 790IPv4 connection on 791.Dv AF_INET6 792socket 793.Pc . 794For the latter case, running two daemons, 795one for IPv4 and one for IPv6, will avoid the problem. 796.Sh SECURITY CONSIDERATIONS 797.Cm RFC 959 798provides no restrictions on the 799.Sy PORT 800command, and this can lead to security problems, as 801.Nm 802can be fooled into connecting to any service on any host. 803With the 804.Dq checkportcmd 805feature of the 806.Xr ftpd.conf 5 , 807.Sy PORT 808commands with different host addresses, or TCP ports lower than 809.Dv IPPORT_RESERVED 810will be rejected. 811This also prevents 812.Sq third-party proxy ftp 813from working. 814Use of this option is 815.Em strongly 816recommended, and enabled by default. 817.Pp 818By default 819.Nm 820uses a port that is one less than the port it is listening on to 821communicate back to the client for the 822.Sy EPRT , 823.Sy LPRT , 824and 825.Sy PORT 826commands, unless overridden with 827.Fl P Ar dataport . 828As the default port for 829.Nm 830(21) is a privileged port below 831.Dv IPPORT_RESERVED , 832.Nm 833retains the ability to switch back to root privileges to bind these 834ports. 835In order to increase security by reducing the potential for a bug in 836.Nm 837providing a remote root compromise, 838.Nm 839will permanently drop root privileges if one of the following is true: 840.Bl -enum -offset indent 841.It 842.Nm 843is running on a port greater than 844.Dv IPPORT_RESERVED 845and the user has logged in as a 846.Sq guest 847or 848.Sq chroot 849user. 850.It 851.Nm 852was invoked with 853.Fl r . 854.El 855.Pp 856Don't create 857.Pa ~ftp/tmp 858if you don't want anonymous users to upload files there. 859That directory is only necessary if you want to display the error 860messages of conversion commands to the user. 861Note that if uploads are disabled with the 862.Xr ftpd.conf 5 863directive 864.Sy upload , 865then this directory cannot be abused by the user in this way, so it 866should be safe to create. 867.Pp 868To avoid possible denial-of-service attacks, 869.Sy SIZE 870requests against files larger than 10240 bytes will be denied if 871the current transfer 872.Sy TYPE 873is 874.Sq Li A 875(ASCII). 876