ftpd is the Internet File
Transfer Protocol server process. The server uses the
TCP protocol and listens at the port specified in
the ftp service specification; see
services(SFF).
ftpd is started by the super server
inetd, and therefore must have an entry in
inetd's configuration file,
/etc/inetd.conf. See
inetd(ADMN)
and
inetd.conf(SFF).
-a
Specify that the access file,
/etc/ftpaccess,
must be present. This is the default behavior.
-A
Ignore the access file,
/etc/ftpaccess.
-d
Write debugging information to the syslog file.
-i
Log all inbound file transfers to the ftplog file.
-l
Log all FTP sessions to the syslog file.
-L
Log all commands received from remote FTP clients to the
syslog file.
-o
Log all outbound file transfers to the ftplog file.
-P
Override the port numbers used by the daemon. Normally, the daemon
determines the port numbers by looking in the /etc/services
for "ftp" and "ftp-data".
If there is no /etc/services entry for "ftp-data" and
the -P option is not specified, the daemon uses the port just prior to
the control connection port.
-p
Override the port numbers used by the daemon. Available only if
running as a standalone daemon.
-Q
Disable the PID files. These files are
required by the limit directive to determine the number of current
users in each access class. Disabling the use of the PID files disables
user limits. Use this option when testing the server as a normal user when
access permissions prevent the use of the PID files. Large, busy sites
which do not wish to impose limits on the number of concurrent users may
also consider disabling the PID files.
-q
Specify that the daemon is to use the PID files.
-r
chroot(S) to the specified rootdir immediately upon
loading. This can improve system security by limiting the files which may
be damaged should a breakin occur through the daemon. Set is much like
anonymous FTP, with additional files needed which vary from system to
system.
-S
Run in standalone operation mode in the background. This option is
useful in startup scripts during system initialization (ie., in rc.local).
-s
Run in standalone operation mode in the foreground. This option is
useful when running from init (ie., /etc/inittab.
-ttimeout
Set the timeout period for an inactive session
to timeout seconds. The default is 15 minutes.
A client may also request a different timeout period; see
the -T option.
-Tmaxtimeout
Set the maximum timeout limit to maxtimeout seconds.
The default limit is 2 hours. This option prevents clients from
requesting longer timeout periods than the set limit.
-umask
Set the file creation mask to mask.
-v
Equivalent to -d.
-V
Cause the program to display copyright and version information,
then terminate.
-w
Log every login and logout in the wtmp file.
This is the default behavior.
-W
Do not log user logins and logouts in the wtmp file.
-X
Output created by the -i and -o options
is not saved to ftplog, but saved to syslog so that
output from several hosts can be saved on one central host.
FTP requests
The FTP server currently supports the following
FTP requests; case is not distinguished.
ABOR
abort previous command
ADAT
send authentication data
ACCT
specify account (ignored)
ALLO
allocate storage (vacuously)
APPE
append to a file
AUTH
send authentication type
CDUP
change to parent of current working directory
CWD
change working directory
DELE
delete a file
HELP
give help information
LIST
give list files in a directory (ls -l)
MKD
make a directory
MDTM
show last modification time of file
MODE
specify data transfer mode
NLST
give name list of files in directory (ls)
NOOP
do nothing
PASS
specify password
PASV
prepare for server-to-server transfer
PBSZ
specify protection level
PORT
specify data connection port
PROT
set protection level
PWD
print the current working directory
QUIT
terminate session
REST
restart a file transfer
RETR
retrieve a file
RMD
remove a directory
RNFR
specify rename-from file name
RNTO
specify rename-to file name
SITE
non-standard commands (see next section)
SIZE
return size of file
STAT
return status of server
STOR
store a file
STOU
store a file with a unique name
STRU
specify data transfer structure
SYST
display operating system information
TYPE
specify data transfer type
USER
specify user name
XCUP
change to parent of current working directory
XCWD
change working directory
XMKD
make a directory
XPWD
print the current working directory
XRMD
remove a directory
SITE request commands
The following non-standard or UNIX-specific commands are
supported by the SITE request.
CHMOD
change mode of a file. For example, SITE CHMOD 755 filename
EXEC
run the specified command. For example, SITE EXEC command,
where command resides in or is linked into the
/etc/ftp-exec directory on the FTP server.
WARNING:
Providing the capability for remote clients to execute non-standard
commands on the FTP server incurs potential security
risks. Use extreme caution when placing executables and setting
permissions in the /etc/ftp-exec directory.
GPASS
validate with the specified group password.
For example, SITE GPASS passwd
GROUP
change to the specified group. For example, SITE GROUP group
HELP
give help information. For example, SITE HELP
IDLE
set idle-timer. For example, SITE IDLE 60
INDEX
exec a local index command. For example, SITE INDEX list
LANG
change the language in which ftpd sends messages
back to the client. By default, the value of LANG
is read from the client user's environment. If
this variable is not set, LANG is set to english
by default. For example, SITE LANG french sets the
language of ftpd messages to French.
MINFO
show information about files newer than date.
For example, SITE MINFO datepath
NEWER
find files newer than time. For example, SITE NEWER date
or SITE NEWER date path
UMASK
change umask. For example, SITE UMASK 002
The remaining FTP requests specified in
RFC 959 are recognized, but not implemented.
MDTM and SIZE are not
specified in RFC 959, but will appear in the next
updated FTP RFC.
The FTP server will abort an active file transfer
only when the ABOR command is preceded by
a Telnet Interrupt Process (IP) signal and a
Telnet Synch signal in the command Telnet stream, as
described in RFC 959.
If a STAT command is received during a data
transfer, preceded by a Telnet IP and Synch,
transfer status will be returned.
ftpd interprets file names according to the
``globbing'' conventions used by
sh(C).
This allows users to utilize the metacharacters * ? [ ] { }
and ~.
ftpd authenticates users according to four rules.
The user name must be in the password data base,
/etc/passwd, and not have a null password. In
this case a password must be provided by the client before
any file operations may be performed.
The user name must not appear in the file
/etc/ftpusers.
This file is checked on each non-anonymous ftp connection
request. If the requested user name is located in the
file, the request for service is denied. It is suggested
that this file contain at least the following names:
uucp, root.
The FTP server will not allow FTP
logins to accounts whose shell is not listed in
/etc/shells. This typically restricts access by
UUCP signons, etc.
If the user name is anonymous or ftp, an
anonymous ftp account must be present in the password
file (user ftp). In this case the user is allowed
to log in by specifying any password (by convention this
is given as the client user's e-mail address, such as
user@domain).
Anonymous FTP
When a client logs into the anonymous ftp account,
ftpd takes special measures to
restrict the client's access privileges. The server
performs a
chroot(S)
command to the home directory of the ftp user.
To prevent a breach in system security, use the following rules
when constructing the ftp subtree.
(~ftp means ``the home directory of user ftp.'')
~ftp
Make the home directory owned by root with mode set to 755.
~ftp/bin
Make this directory owned by root and unwritable
by anyone. The program
ls(C)
must be present in this directory to support the list commands.
This program should have mode 111.
~ftp/etc
Make this directory owned by root and unwritable
by anyone. The files
passwd(C)
and
group(F)
must be present for the ls command to be able to
produce owner names rather than numbers. The password
field in passwd is not used, and should not
contain real encrypted passwords. These files should be
mode 444.
~ftp/lib
Make this directory owned by root and unwritable by anyone.
~ftp/lib/libprot.so.1
Copy /lib/libprot.so.1
to this location to support ~ftp/bin/ls.
This file should be mode 555 and owned by bin.
~ftp/pub
Make this directory mode 555 and owned by root. Users
should then place files which are to be accessible via the
anonymous account in this directory. For full details, see
``Setting up anonymous ftp'' in the Networking Guide.
~ftp/pub/incoming
Make this directory owned by root and unreadable by anyone
(mode 333).
These permissions create a ``blind dropbox''.
~ftp/usr
Make this directory owned by root and unwritable by anyone.
~ftp/usr/lib
Make this directory owned by root and unwritable by anyone.
~ftp/usr/lib/libc.so.1
~ftp/usr/lib/libsocket.so.1
Copy /usr/lib/libc.so.1 and /usr/lib/libsocket.so.1
to this location to support ~ftp/bin/ls.
Both files should be mode 555 and owned by bin.
~ftp/dev/socksys
Create this device with the following command:
find /dev/socksys -print | cpio -pdmuv ~ftp
If the networking software on this system is removed and reinstalled,
rerun the above command because the major number of the
original /dev/socksys device may change.
~ftp/dev/zero
Create this device with the following command:
find /dev/zero -print | cpio -pdmuv ~ftp
The FTP server expects that anonymous users will give their e-mail
address as a password. The server will complain if the password is not
of the form user@domain.
Users will not be denied access because of malformed passwords.
Naming
The ftp server recognizes the special extensions, .tar,
.Z, and
.tar.Z. In these cases, it will attempt to execute the system
commands
tar(C),
compress(C),
or a combination of both. This is useful for retrieving entire directory
hierarchies in a single operation. Note that not all systems support
the compress command.
If this functionality is desired for anonymous
logins, the commands must be installed in the appropriate paths under the
anonymous login directory.
See
``Files'' in ftpd(ADMN)
and
ftpconv(SFF).
New filename extensions and rules can be added to the conversions file,
ftpconv(SFF).
Note that conversions only work when retrieving files from the
FTP server.
Long replies
For users whose FTP client will hang on long replies
(multi-line responses), using a dash as the first character of
the password will disable the use of long replies.
Limitations
The anonymous account is inherently dangerous and should
be avoided when possible.
The server must run as root to create sockets
with privileged port numbers. It maintains an effective
user ID of the logged in user, reverting to
root only when binding addresses to sockets.
Kerberos Network Authentication Service protocol is no
longer supported.