1ea022d16SRodney W. Grimes.\" Copyright (c) 1985, 1988, 1991, 1993 2ea022d16SRodney W. Grimes.\" The Regents of the University of California. All rights reserved. 3ea022d16SRodney W. Grimes.\" 4ea022d16SRodney W. Grimes.\" Redistribution and use in source and binary forms, with or without 5ea022d16SRodney W. Grimes.\" modification, are permitted provided that the following conditions 6ea022d16SRodney W. Grimes.\" are met: 7ea022d16SRodney W. Grimes.\" 1. Redistributions of source code must retain the above copyright 8ea022d16SRodney W. Grimes.\" notice, this list of conditions and the following disclaimer. 9ea022d16SRodney W. Grimes.\" 2. Redistributions in binary form must reproduce the above copyright 10ea022d16SRodney W. Grimes.\" notice, this list of conditions and the following disclaimer in the 11ea022d16SRodney W. Grimes.\" documentation and/or other materials provided with the distribution. 12ea022d16SRodney W. Grimes.\" 3. All advertising materials mentioning features or use of this software 13ea022d16SRodney W. Grimes.\" must display the following acknowledgement: 14ea022d16SRodney W. Grimes.\" This product includes software developed by the University of 15ea022d16SRodney W. Grimes.\" California, Berkeley and its contributors. 16ea022d16SRodney W. Grimes.\" 4. Neither the name of the University nor the names of its contributors 17ea022d16SRodney W. Grimes.\" may be used to endorse or promote products derived from this software 18ea022d16SRodney W. Grimes.\" without specific prior written permission. 19ea022d16SRodney W. Grimes.\" 20ea022d16SRodney W. Grimes.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21ea022d16SRodney W. Grimes.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22ea022d16SRodney W. Grimes.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23ea022d16SRodney W. Grimes.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24ea022d16SRodney W. Grimes.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25ea022d16SRodney W. Grimes.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26ea022d16SRodney W. Grimes.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27ea022d16SRodney W. Grimes.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28ea022d16SRodney W. Grimes.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29ea022d16SRodney W. Grimes.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30ea022d16SRodney W. Grimes.\" SUCH DAMAGE. 31ea022d16SRodney W. Grimes.\" 32ea022d16SRodney W. Grimes.\" @(#)ftpd.8 8.2 (Berkeley) 4/19/94 337f3dea24SPeter Wemm.\" $FreeBSD$ 34ea022d16SRodney W. Grimes.\" 354dd8b5abSYoshinobu Inoue.Dd January 27, 2000 36ea022d16SRodney W. Grimes.Dt FTPD 8 37ea022d16SRodney W. Grimes.Os BSD 4.2 38ea022d16SRodney W. Grimes.Sh NAME 39ea022d16SRodney W. Grimes.Nm ftpd 40ea022d16SRodney W. Grimes.Nd 41ea022d16SRodney W. GrimesInternet File Transfer Protocol server 42ea022d16SRodney W. Grimes.Sh SYNOPSIS 4376081989SRuslan Ermilov.Nm 444dd8b5abSYoshinobu Inoue.Op Fl 4 454dd8b5abSYoshinobu Inoue.Op Fl 6 46a206edcdSMike Pritchard.Op Fl d 47a206edcdSMike Pritchard.Op Fl l Op Fl l 48e57c110bSGuy Helmer.Op Fl A 49cf09a206SDavid Greenman.Op Fl D 50a5a4544eSPaul Traina.Op Fl R 513eb568f2SGuido van Rooij.Op Fl S 524c450ad7SPaul Traina.Op Fl U 53a4b77a2aSPoul-Henning Kamp.Op Fl r 54a4b77a2aSPoul-Henning Kamp.Op Fl E 55ea022d16SRodney W. Grimes.Op Fl T Ar maxtimeout 56ea022d16SRodney W. Grimes.Op Fl t Ar timeout 57105a3c98SJulian Elischer.Op Fl a Ar address 58105a3c98SJulian Elischer.Op Fl p Ar file 59ea022d16SRodney W. Grimes.Sh DESCRIPTION 60ea022d16SRodney W. Grimes.Nm Ftpd 61ea022d16SRodney W. Grimesis the 62ea022d16SRodney W. GrimesInternet File Transfer Protocol 63ea022d16SRodney W. Grimesserver process. The server uses the 64ea022d16SRodney W. Grimes.Tn TCP 65ea022d16SRodney W. Grimesprotocol 66ea022d16SRodney W. Grimesand listens at the port specified in the 67ea022d16SRodney W. Grimes.Dq ftp 68ea022d16SRodney W. Grimesservice specification; see 69ea022d16SRodney W. Grimes.Xr services 5 . 70ea022d16SRodney W. Grimes.Pp 71ea022d16SRodney W. GrimesAvailable options: 72e02897faSPhilippe Charnier.Bl -tag -width indent 73ea022d16SRodney W. Grimes.It Fl d 74ea022d16SRodney W. GrimesDebugging information is written to the syslog using LOG_FTP. 75ea022d16SRodney W. Grimes.It Fl l 76ea022d16SRodney W. GrimesEach successful and failed 77ea022d16SRodney W. Grimes.Xr ftp 1 78ea022d16SRodney W. Grimessession is logged using syslog with a facility of LOG_FTP. 79ea022d16SRodney W. GrimesIf this option is specified twice, the retrieve (get), store (put), append, 80ea022d16SRodney W. Grimesdelete, make directory, remove directory and rename operations and 81f3396fdcSMike Pritchardtheir filename arguments are also logged. Note: LOG_FTP messages 82f3396fdcSMike Pritchardare not displayed by 83f3396fdcSMike Pritchard.Xr syslogd 8 84f3396fdcSMike Pritchardby default, and may have to be enabled in 85f3396fdcSMike Pritchard.Xr syslogd 8 Ns 's 86f3396fdcSMike Pritchardconfiguration file. 87cf09a206SDavid Greenman.It Fl D 88cf09a206SDavid GreenmanWith this option set, 89e02897faSPhilippe Charnier.Nm 90cf09a206SDavid Greenmanwill detach and become a daemon, accepting connections on the FTP port and 9119a05e11SRuslan Ermilovforking children processes to handle them. 9219a05e11SRuslan ErmilovThis is lower overhead than starting 93e02897faSPhilippe Charnier.Nm 94cf09a206SDavid Greenmanfrom 95cf09a206SDavid Greenman.Xr inetd 8 96cf09a206SDavid Greenmanand is thus useful on busy servers to reduce load. 97a5a4544eSPaul Traina.It Fl R 98a5a4544eSPaul TrainaWith this option set, 99e02897faSPhilippe Charnier.Nm 100a5a4544eSPaul Trainawill revert to historical behavior with regard to security checks on 101a5a4544eSPaul Trainauser operations and restrictions on PORT requests. 102a5a4544eSPaul TrainaCurrently, 103e02897faSPhilippe Charnier.Nm 104a5a4544eSPaul Trainawill only honor PORT commands directed to unprivileged ports on the 105a5a4544eSPaul Trainaremote user's host (which violates the FTP protocol specification but 106a5a4544eSPaul Trainacloses some security holes). 1073eb568f2SGuido van Rooij.It Fl S 1083eb568f2SGuido van RooijWith this option set, 109e02897faSPhilippe Charnier.Nm 110a611641fSBen Smithurstlogs all anonymous file downloads to the file 1113eb568f2SGuido van Rooij.Pa /var/log/ftpd 1123eb568f2SGuido van Rooijwhen this file exists. 1134c450ad7SPaul Traina.It Fl U 1144c450ad7SPaul TrainaIn previous versions of 11576081989SRuslan Ermilov.Nm , 1164c450ad7SPaul Trainawhen a passive mode client requested a data connection to the server, 1174c450ad7SPaul Trainathe server would use data ports in the range 1024..4999. Now, by default, 118c711c51dSBill Fumerolathe server will use data ports in the range 49152..65535. Specifying this 1194c450ad7SPaul Trainaoption will revert to the old behavior. 120ea022d16SRodney W. Grimes.It Fl T 121ea022d16SRodney W. GrimesA client may also request a different timeout period; 122ea022d16SRodney W. Grimesthe maximum period allowed may be set to 123ea022d16SRodney W. Grimes.Ar timeout 124ea022d16SRodney W. Grimesseconds with the 125ea022d16SRodney W. Grimes.Fl T 126ea022d16SRodney W. Grimesoption. 127ea022d16SRodney W. GrimesThe default limit is 2 hours. 128ea022d16SRodney W. Grimes.It Fl t 129ea022d16SRodney W. GrimesThe inactivity timeout period is set to 130ea022d16SRodney W. Grimes.Ar timeout 131ea022d16SRodney W. Grimesseconds (the default is 15 minutes). 132105a3c98SJulian Elischer.It Fl a 133105a3c98SJulian ElischerWhen 134105a3c98SJulian Elischer.Fl D 135105a3c98SJulian Elischeris specified, accept connections only on the specified 136105a3c98SJulian Elischer.Ar address . 137105a3c98SJulian Elischer.It Fl p 138105a3c98SJulian ElischerWhen 139105a3c98SJulian Elischer.Fl D 140105a3c98SJulian Elischeris specified, write the daemon's process ID to 141105a3c98SJulian Elischer.Ar file . 1424dd8b5abSYoshinobu Inoue.It Fl 6 1434dd8b5abSYoshinobu InoueWhen 1444dd8b5abSYoshinobu Inoue.Fl D 1454dd8b5abSYoshinobu Inoueis specified, accept connections via AF_INET6 socket. 1464dd8b5abSYoshinobu Inoue.It Fl 4 1474dd8b5abSYoshinobu InoueWhen 1484dd8b5abSYoshinobu Inoue.Fl D 1494dd8b5abSYoshinobu Inoueis specified, accept IPv4 connections. 1504dd8b5abSYoshinobu InoueWhen 1514dd8b5abSYoshinobu Inoue.Fl 6 1524dd8b5abSYoshinobu Inoueis also specified, accept IPv4 connection via AF_INET6 socket. 1534dd8b5abSYoshinobu InoueWhen 1544dd8b5abSYoshinobu Inoue.Fl 6 1554dd8b5abSYoshinobu Inoueis not specified, accept IPv4 connection via AF_INET socket. 1565a392aecSTorsten Blum.It Fl A 157e02897faSPhilippe CharnierAllow only anonymous ftp access. 158a4b77a2aSPoul-Henning Kamp.It Fl r 15919a05e11SRuslan ErmilovPut server in read-only mode. 16019a05e11SRuslan ErmilovAll commands which may modify the local filesystem are disabled. 161a4b77a2aSPoul-Henning Kamp.It Fl E 16219a05e11SRuslan ErmilovDisable the EPSV command. 16319a05e11SRuslan ErmilovThis is useful for servers behind older firewalls. 164ea022d16SRodney W. Grimes.El 165ea022d16SRodney W. Grimes.Pp 166ea022d16SRodney W. GrimesThe file 1670e510aedSSatoshi Asami.Pa /var/run/nologin 168ea022d16SRodney W. Grimescan be used to disable ftp access. 169ea022d16SRodney W. GrimesIf the file exists, 170ea022d16SRodney W. Grimes.Nm 171ea022d16SRodney W. Grimesdisplays it and exits. 172ea022d16SRodney W. GrimesIf the file 173ea022d16SRodney W. Grimes.Pa /etc/ftpwelcome 174ea022d16SRodney W. Grimesexists, 175ea022d16SRodney W. Grimes.Nm 176ea022d16SRodney W. Grimesprints it before issuing the 177ea022d16SRodney W. Grimes.Dq ready 178ea022d16SRodney W. Grimesmessage. 179ea022d16SRodney W. GrimesIf the file 180025362a7SGary Palmer.Pa /etc/ftpmotd 181ea022d16SRodney W. Grimesexists, 182ea022d16SRodney W. Grimes.Nm 183f97d7807SDavid E. O'Brienprints it after a successful login. Note the motd file used is the one 184f97d7807SDavid E. O'Brienrelative to the login environment. This means the one in 185f97d7807SDavid E. O'Brien.Pa ~ftp/etc 186f97d7807SDavid E. O'Brienin the anonymous user's case. 187ea022d16SRodney W. Grimes.Pp 188ea022d16SRodney W. GrimesThe ftp server currently supports the following ftp requests. 189a4b77a2aSPoul-Henning KampThe case of the requests is ignored. Requests marked [RW] are 190a4b77a2aSPoul-Henning Kampdisabled if 191a4b77a2aSPoul-Henning Kamp.Fl r 192a4b77a2aSPoul-Henning Kampis specified. 193ea022d16SRodney W. Grimes.Bl -column "Request" -offset indent 194e02897faSPhilippe Charnier.It Sy Request Ta Sy "Description" 195ea022d16SRodney W. Grimes.It ABOR Ta "abort previous command" 196ea022d16SRodney W. Grimes.It ACCT Ta "specify account (ignored)" 197ea022d16SRodney W. Grimes.It ALLO Ta "allocate storage (vacuously)" 198a4b77a2aSPoul-Henning Kamp.It APPE Ta "append to a file [RW]" 199ea022d16SRodney W. Grimes.It CDUP Ta "change to parent of current working directory" 200ea022d16SRodney W. Grimes.It CWD Ta "change working directory" 201a4b77a2aSPoul-Henning Kamp.It DELE Ta "delete a file [RW]" 202a4b77a2aSPoul-Henning Kamp.It EPRT Ta "specify data connection port, multiprotocol" 203a4b77a2aSPoul-Henning Kamp.It EPSV Ta "prepare for server-to-server transfer, multiprotocol" 204ea022d16SRodney W. Grimes.It HELP Ta "give help information" 205ea022d16SRodney W. Grimes.It LIST Ta "give list files in a directory" Pq Dq Li "ls -lgA" 206a4b77a2aSPoul-Henning Kamp.It LPRT Ta "specify data connection port, multiprotocol" 207a4b77a2aSPoul-Henning Kamp.It LPSV Ta "prepare for server-to-server transfer, multiprotocol" 208ea022d16SRodney W. Grimes.It MDTM Ta "show last modification time of file" 209a4b77a2aSPoul-Henning Kamp.It MKD Ta "make a directory [RW]" 210ea022d16SRodney W. Grimes.It MODE Ta "specify data transfer" Em mode 211ea022d16SRodney W. Grimes.It NLST Ta "give name list of files in directory" 212ea022d16SRodney W. Grimes.It NOOP Ta "do nothing" 213ea022d16SRodney W. Grimes.It PASS Ta "specify password" 214ea022d16SRodney W. Grimes.It PASV Ta "prepare for server-to-server transfer" 215ea022d16SRodney W. Grimes.It PORT Ta "specify data connection port" 216ea022d16SRodney W. Grimes.It PWD Ta "print the current working directory" 217ea022d16SRodney W. Grimes.It QUIT Ta "terminate session" 218ea022d16SRodney W. Grimes.It REST Ta "restart incomplete transfer" 219ea022d16SRodney W. Grimes.It RETR Ta "retrieve a file" 220a4b77a2aSPoul-Henning Kamp.It RMD Ta "remove a directory [RW]" 221a4b77a2aSPoul-Henning Kamp.It RNFR Ta "specify rename-from file name [RW]" 222a4b77a2aSPoul-Henning Kamp.It RNTO Ta "specify rename-to file name [RW]" 223ea022d16SRodney W. Grimes.It SITE Ta "non-standard commands (see next section)" 224ea022d16SRodney W. Grimes.It SIZE Ta "return size of file" 225ea022d16SRodney W. Grimes.It STAT Ta "return status of server" 226a4b77a2aSPoul-Henning Kamp.It STOR Ta "store a file [RW]" 227a4b77a2aSPoul-Henning Kamp.It STOU Ta "store a file with a unique name [RW]" 228ea022d16SRodney W. Grimes.It STRU Ta "specify data transfer" Em structure 229ea022d16SRodney W. Grimes.It SYST Ta "show operating system type of server system" 230ea022d16SRodney W. Grimes.It TYPE Ta "specify data transfer" Em type 231ea022d16SRodney W. Grimes.It USER Ta "specify user name" 232ea022d16SRodney W. Grimes.It XCUP Ta "change to parent of current working directory (deprecated)" 233ea022d16SRodney W. Grimes.It XCWD Ta "change working directory (deprecated)" 234a4b77a2aSPoul-Henning Kamp.It XMKD Ta "make a directory (deprecated) [RW]" 235ea022d16SRodney W. Grimes.It XPWD Ta "print the current working directory (deprecated)" 236a4b77a2aSPoul-Henning Kamp.It XRMD Ta "remove a directory (deprecated) [RW]" 237ea022d16SRodney W. Grimes.El 238ea022d16SRodney W. Grimes.Pp 239ea022d16SRodney W. GrimesThe following non-standard or 240ea022d16SRodney W. Grimes.Tn UNIX 241ea022d16SRodney W. Grimesspecific commands are supported 242ea022d16SRodney W. Grimesby the 243ea022d16SRodney W. GrimesSITE request. 244ea022d16SRodney W. Grimes.Pp 245ea022d16SRodney W. Grimes.Bl -column Request -offset indent 246ea022d16SRodney W. Grimes.It Sy Request Ta Sy Description 247ea022d16SRodney W. Grimes.It UMASK Ta change umask, e.g. ``SITE UMASK 002'' 248ea022d16SRodney W. Grimes.It IDLE Ta set idle-timer, e.g. ``SITE IDLE 60'' 249a4b77a2aSPoul-Henning Kamp.It CHMOD Ta "change mode of a file [RW], e.g. ``SITE CHMOD 755 filename''" 25053ba84a6SPoul-Henning Kamp.It MD5 Ta "report the files MD5 checksum, e.g. ``SITE MD5 filename''" 251e02897faSPhilippe Charnier.It HELP Ta give help information 252ea022d16SRodney W. Grimes.El 253ea022d16SRodney W. Grimes.Pp 2546a01974bSRuslan ErmilovNote: SITE requests are disabled in case of anonymous logins. 2556a01974bSRuslan Ermilov.Pp 256ea022d16SRodney W. GrimesThe remaining ftp requests specified in Internet RFC 959 257ea022d16SRodney W. Grimesare 258ea022d16SRodney W. Grimesrecognized, but not implemented. 259ea022d16SRodney W. GrimesMDTM and SIZE are not specified in RFC 959, but will appear in the 260ea022d16SRodney W. Grimesnext updated FTP RFC. 261ea022d16SRodney W. Grimes.Pp 262ea022d16SRodney W. GrimesThe ftp server will abort an active file transfer only when the 263ea022d16SRodney W. GrimesABOR 264ea022d16SRodney W. Grimescommand is preceded by a Telnet "Interrupt Process" (IP) 265ea022d16SRodney W. Grimessignal and a Telnet "Synch" signal in the command Telnet stream, 266ea022d16SRodney W. Grimesas described in Internet RFC 959. 267ea022d16SRodney W. GrimesIf a 268ea022d16SRodney W. GrimesSTAT 269ea022d16SRodney W. Grimescommand is received during a data transfer, preceded by a Telnet IP 270ea022d16SRodney W. Grimesand Synch, transfer status will be returned. 271ea022d16SRodney W. Grimes.Pp 272ea022d16SRodney W. Grimes.Nm Ftpd 273ea022d16SRodney W. Grimesinterprets file names according to the 274ea022d16SRodney W. Grimes.Dq globbing 275ea022d16SRodney W. Grimesconventions used by 276ea022d16SRodney W. Grimes.Xr csh 1 . 277ea022d16SRodney W. GrimesThis allows users to utilize the metacharacters 278ea022d16SRodney W. Grimes.Dq Li \&*?[]{}~ . 279ea022d16SRodney W. Grimes.Pp 280ea022d16SRodney W. Grimes.Nm Ftpd 2813276496dSDmitry Sivachenkoauthenticates users according to six rules. 282ea022d16SRodney W. Grimes.Pp 283ea022d16SRodney W. Grimes.Bl -enum -offset indent 284ea022d16SRodney W. Grimes.It 28542946c82SMike PritchardThe login name must be in the password data base 286ea022d16SRodney W. Grimesand not have a null password. 287ea022d16SRodney W. GrimesIn this case a password must be provided by the client before any 288ea022d16SRodney W. Grimesfile operations may be performed. 289a5a4544eSPaul TrainaIf the user has an S/Key key, the response from a successful USER 29019a05e11SRuslan Ermilovcommand will include an S/Key challenge. 29119a05e11SRuslan ErmilovThe client may choose to respond with a PASS command giving either 29219a05e11SRuslan Ermilova standard password or an S/Key one-time password. 29319a05e11SRuslan ErmilovThe server will automatically determine which type of 29419a05e11SRuslan Ermilovpassword it has been given and attempt to authenticate accordingly. 29519a05e11SRuslan ErmilovSee 296a5a4544eSPaul Traina.Xr key 1 29719a05e11SRuslan Ermilovfor more information on S/Key authentication. 29819a05e11SRuslan ErmilovS/Key is a Trademark of Bellcore. 299ea022d16SRodney W. Grimes.It 300ea022d16SRodney W. GrimesThe login name must not appear in the file 301ea022d16SRodney W. Grimes.Pa /etc/ftpusers . 302ea022d16SRodney W. Grimes.It 30331fea7b8SDavid NugentThe login name must not be a member of a group specified in the file 30431fea7b8SDavid Nugent.Pa /etc/ftpusers . 30531fea7b8SDavid NugentEntries in this file interpreted as group names are prefixed by an "at" 30631fea7b8SDavid Nugent.Ql \&@ 30731fea7b8SDavid Nugentsign. 30831fea7b8SDavid Nugent.It 309ea022d16SRodney W. GrimesThe user must have a standard shell returned by 310ea022d16SRodney W. Grimes.Xr getusershell 3 . 311ea022d16SRodney W. Grimes.It 312a5a4544eSPaul TrainaIf the user name appears in the file 31331fea7b8SDavid Nugent.Pa /etc/ftpchroot , 31431fea7b8SDavid Nugentor the user is a member of a group with a group entry in this file, 31531fea7b8SDavid Nugenti.e. one prefixed with 31631fea7b8SDavid Nugent.Ql \&@ , 317a5a4544eSPaul Trainathe session's root will be changed to the user's login directory by 318a5a4544eSPaul Traina.Xr chroot 2 319a5a4544eSPaul Trainaas for an 320a5a4544eSPaul Traina.Dq anonymous 321a5a4544eSPaul Trainaor 322a5a4544eSPaul Traina.Dq ftp 323b071c689SDavid Nugentaccount (see next item). 32431fea7b8SDavid NugentThis facility may also be triggered by enabling the boolean "ftp-chroot" 325b071c689SDavid Nugentcapability in 326b071c689SDavid Nugent.Xr login.conf 5 . 327b071c689SDavid NugentHowever, the user must still supply a password. 328ea4e54b9SDavid NugentThis feature is intended as a compromise between a fully anonymous 329ea4e54b9SDavid Nugentaccount and a fully privileged account. 33031fea7b8SDavid NugentThe account should also be set up as for an anonymous account. 331a5a4544eSPaul Traina.It 332ea022d16SRodney W. GrimesIf the user name is 333ea022d16SRodney W. Grimes.Dq anonymous 334ea022d16SRodney W. Grimesor 335ea022d16SRodney W. Grimes.Dq ftp , 336ea022d16SRodney W. Grimesan 337ea022d16SRodney W. Grimesanonymous ftp account must be present in the password 338ea022d16SRodney W. Grimesfile (user 339ea022d16SRodney W. Grimes.Dq ftp ) . 340ea022d16SRodney W. GrimesIn this case the user is allowed 341ea022d16SRodney W. Grimesto log in by specifying any password (by convention an email address for 342a5a4544eSPaul Trainathe user should be used as the password). 343a5a4544eSPaul TrainaWhen the 3443eb568f2SGuido van Rooij.Fl S 3453eb568f2SGuido van Rooijoption is set, all transfers are logged as well. 346ea022d16SRodney W. Grimes.El 347ea022d16SRodney W. Grimes.Pp 348ea022d16SRodney W. GrimesIn the last case, 349e02897faSPhilippe Charnier.Nm 350ea022d16SRodney W. Grimestakes special measures to restrict the client's access privileges. 351ea022d16SRodney W. GrimesThe server performs a 352ea022d16SRodney W. Grimes.Xr chroot 2 353ea022d16SRodney W. Grimesto the home directory of the 354ea022d16SRodney W. Grimes.Dq ftp 355ea022d16SRodney W. Grimesuser. 356ea022d16SRodney W. GrimesIn order that system security is not breached, it is recommended 357ea022d16SRodney W. Grimesthat the 358ea022d16SRodney W. Grimes.Dq ftp 359ea022d16SRodney W. Grimessubtree be constructed with care, following these rules: 360ea022d16SRodney W. Grimes.Bl -tag -width "~ftp/pub" -offset indent 361ea022d16SRodney W. Grimes.It Pa ~ftp 362ea022d16SRodney W. GrimesMake the home directory owned by 363ea022d16SRodney W. Grimes.Dq root 364ea022d16SRodney W. Grimesand unwritable by anyone. 365ea022d16SRodney W. Grimes.It Pa ~ftp/etc 366ea022d16SRodney W. GrimesMake this directory owned by 367ea022d16SRodney W. Grimes.Dq root 368ea022d16SRodney W. Grimesand unwritable by anyone (mode 555). 369a5a4544eSPaul TrainaThe files pwd.db (see 370a5a4544eSPaul Traina.Xr passwd 5 ) 371ea022d16SRodney W. Grimesand 372ea022d16SRodney W. Grimes.Xr group 5 373ea022d16SRodney W. Grimesmust be present for the 374ea022d16SRodney W. Grimes.Xr ls 375ea022d16SRodney W. Grimescommand to be able to produce owner names rather than numbers. 376ea022d16SRodney W. GrimesThe password field in 377ea022d16SRodney W. Grimes.Xr passwd 378ea022d16SRodney W. Grimesis not used, and should not contain real passwords. 379ea022d16SRodney W. GrimesThe file 3807253b58bSGary Palmer.Pa ftpmotd , 381ea022d16SRodney W. Grimesif present, will be printed after a successful login. 382ea022d16SRodney W. GrimesThese files should be mode 444. 383ea022d16SRodney W. Grimes.It Pa ~ftp/pub 384ea022d16SRodney W. GrimesMake this directory mode 777 and owned by 385ea022d16SRodney W. Grimes.Dq ftp . 386ea022d16SRodney W. GrimesGuests 387ea022d16SRodney W. Grimescan then place files which are to be accessible via the anonymous 388ea022d16SRodney W. Grimesaccount in this directory. 389ea022d16SRodney W. Grimes.El 390334ab9fdSDavid Nugent.Pp 391ea4e54b9SDavid NugentIf the system has multiple IP addresses, 392e02897faSPhilippe Charnier.Nm 393ea4e54b9SDavid Nugentsupports the idea of virtual hosts, which provides the ability to 394ea4e54b9SDavid Nugentdefine multiple anonymous ftp areas, each one allocated to a different 395ea4e54b9SDavid Nugentinternet address. 396ea4e54b9SDavid NugentThe file 397ea4e54b9SDavid Nugent.Pa /etc/ftphosts 398ea4e54b9SDavid Nugentcontains information pertaining to each of the virtual hosts. 399ea4e54b9SDavid NugentEach host is defined on its own line which contains a number of 400ea4e54b9SDavid Nugentfields separated by whitespace: 401ea4e54b9SDavid Nugent.Bl -tag -offset indent -width hostname 402ea4e54b9SDavid Nugent.It hostname 403ea4e54b9SDavid NugentContains the hostname or IP address of the virtual host. 404ea4e54b9SDavid Nugent.It user 405ea4e54b9SDavid NugentContains a user record in the system password file. 406ea4e54b9SDavid NugentAs with normal anonymous ftp, this user's access uid, gid and group 407ea4e54b9SDavid Nugentmemberships determine file access to the anonymous ftp area. 408ea4e54b9SDavid NugentThe anonymous ftp area (to which any user is chrooted on login) 409ea4e54b9SDavid Nugentis determined by the home directory defined for the account. 410ea4e54b9SDavid NugentUser id and group for any ftp account may be the same as for the 411ea4e54b9SDavid Nugentstandard ftp user. 412ea4e54b9SDavid Nugent.It statfile 413ea4e54b9SDavid NugentFile to which all file transfers are logged, which 414ea4e54b9SDavid Nugentdefaults to 415ea4e54b9SDavid Nugent.Pa /var/log/ftpd . 416ea4e54b9SDavid Nugent.It welcome 417ea4e54b9SDavid NugentThis file is the welcome message displayed before the server ready 418ea4e54b9SDavid Nugentprompt. 419ea4e54b9SDavid NugentIt defaults to 420ea4e54b9SDavid Nugent.Pa /etc/ftpwelcome . 421ea4e54b9SDavid Nugent.It motd 422ea4e54b9SDavid NugentThis file is displayed after the user logs in. 423ea4e54b9SDavid NugentIt defaults to 424ea4e54b9SDavid Nugent.Pa /etc/ftpmotd . 425ea4e54b9SDavid Nugent.El 426ea4e54b9SDavid Nugent.Pp 427d59b62e3SJoseph KoshyLines beginning with a '#' are ignored and can be used to include 428d59b62e3SJoseph Koshycomments. 429d59b62e3SJoseph Koshy.Pp 430ea4e54b9SDavid NugentDefining a virtual host for the primary IP address or hostname 431ea4e54b9SDavid Nugentchanges the default for ftp logins to that address. 432ea4e54b9SDavid NugentThe 'user', 'statfile', 'welcome' and 'motd' fields may be left 433ea4e54b9SDavid Nugentblank, or a single hypen '-' used to indicate that the default 434ea4e54b9SDavid Nugentvalue is to be used. 435ea4e54b9SDavid Nugent.Pp 436ea4e54b9SDavid NugentAs with any anonymous login configuration, due care must be given 437ea4e54b9SDavid Nugentto setup and maintenance to guard against security related problems. 438ea4e54b9SDavid Nugent.Pp 439e02897faSPhilippe Charnier.Nm 44017130647SPeter Wemmhas internal support for handling remote requests to list 441334ab9fdSDavid Nugentfiles, and will not execute 442334ab9fdSDavid Nugent.Pa /bin/ls 44317130647SPeter Wemmin either a chrooted or non-chrooted environment. The 444334ab9fdSDavid Nugent.Pa ~/bin/ls 445334ab9fdSDavid Nugentexecutable need not be placed into the chrooted tree, nor need the 446334ab9fdSDavid Nugent.Pa ~/bin 447334ab9fdSDavid Nugentdirectory exist. 448ea022d16SRodney W. Grimes.Sh FILES 449ea022d16SRodney W. Grimes.Bl -tag -width /etc/ftpwelcome -compact 450ea022d16SRodney W. Grimes.It Pa /etc/ftpusers 451ea022d16SRodney W. GrimesList of unwelcome/restricted users. 452a5a4544eSPaul Traina.It Pa /etc/ftpchroot 453a5a4544eSPaul TrainaList of normal users who should be chroot'd. 454f97d7807SDavid E. O'Brien.It Pa /etc/ftphosts 455f97d7807SDavid E. O'BrienVirtual hosting configuration file. 456ea022d16SRodney W. Grimes.It Pa /etc/ftpwelcome 457ea022d16SRodney W. GrimesWelcome notice. 4587253b58bSGary Palmer.It Pa /etc/ftpmotd 459ea022d16SRodney W. GrimesWelcome notice after login. 4600e510aedSSatoshi Asami.It Pa /var/run/nologin 461ea022d16SRodney W. GrimesDisplayed and access refused. 4623eb568f2SGuido van Rooij.It Pa /var/log/ftpd 4633eb568f2SGuido van RooijLog file for anonymous transfers. 464ea022d16SRodney W. Grimes.El 465ea022d16SRodney W. Grimes.Sh SEE ALSO 466ea022d16SRodney W. Grimes.Xr ftp 1 , 467a5a4544eSPaul Traina.Xr key 1 , 468ea022d16SRodney W. Grimes.Xr getusershell 3 , 469b071c689SDavid Nugent.Xr login.conf 5 , 470cf09a206SDavid Greenman.Xr inetd 8 , 471ea022d16SRodney W. Grimes.Xr syslogd 8 472ea022d16SRodney W. Grimes.Sh BUGS 473ea022d16SRodney W. GrimesThe server must run as the super-user 474ea022d16SRodney W. Grimesto create sockets with privileged port numbers. It maintains 475ea022d16SRodney W. Grimesan effective user id of the logged in user, reverting to 476ea022d16SRodney W. Grimesthe super-user only when binding addresses to sockets. The 477ea022d16SRodney W. Grimespossible security holes have been extensively 478ea022d16SRodney W. Grimesscrutinized, but are possibly incomplete. 479ea022d16SRodney W. Grimes.Sh HISTORY 480ea022d16SRodney W. GrimesThe 481ea022d16SRodney W. Grimes.Nm 482ea022d16SRodney W. Grimescommand appeared in 483ea022d16SRodney W. Grimes.Bx 4.2 . 4844dd8b5abSYoshinobu InoueIPv6 support was added in WIDE Hydrangea IPv6 stack kit. 485