1.\" Copyright (c) 1985, 1988, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by the University of 15.\" California, Berkeley and its contributors. 16.\" 4. Neither the name of the University nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" @(#)ftpd.8 8.2 (Berkeley) 4/19/94 33.\" $FreeBSD$ 34.\" 35.Dd January 27, 2000 36.Dt FTPD 8 37.Os 38.Sh NAME 39.Nm ftpd 40.Nd Internet File Transfer Protocol server 41.Sh SYNOPSIS 42.Nm 43.Op Fl 46ADEORSUdro 44.Op Fl l Op Fl l 45.Op Fl T Ar maxtimeout 46.Op Fl a Ar address 47.Op Fl p Ar file 48.Op Fl t Ar timeout 49.Sh DESCRIPTION 50.Nm Ftpd 51is the 52Internet File Transfer Protocol 53server process. The server uses the 54.Tn TCP 55protocol 56and listens at the port specified in the 57.Dq ftp 58service specification; see 59.Xr services 5 . 60.Pp 61Available options: 62.Bl -tag -width indent 63.It Fl 4 64When 65.Fl D 66is specified, accept IPv4 connections. 67When 68.Fl 6 69is also specified, accept IPv4 connection via 70.Dv AF_INET6 71socket. 72When 73.Fl 6 74is not specified, accept IPv4 connection via 75.Dv AF_INET 76socket. 77.It Fl 6 78When 79.Fl D 80is specified, accept connections via 81.Dv AF_INET6 82socket. 83.It Fl A 84Allow only anonymous ftp access. 85.It Fl D 86With this option set, 87.Nm 88will detach and become a daemon, accepting connections on the FTP port and 89forking children processes to handle them. 90This is lower overhead than starting 91.Nm 92from 93.Xr inetd 8 94and is thus useful on busy servers to reduce load. 95.It Fl E 96Disable the EPSV command. 97This is useful for servers behind older firewalls. 98.It Fl O 99Put server in write-only mode for anonymous users only. 100RETR is disabled for anonymous users, preventing anonymous downloads. 101This has no effect if 102.Fl o 103is also specified. 104.It Fl R 105With this option set, 106.Nm 107will revert to historical behavior with regard to security checks on 108user operations and restrictions on PORT requests. 109Currently, 110.Nm 111will only honor PORT commands directed to unprivileged ports on the 112remote user's host (which violates the FTP protocol specification but 113closes some security holes). 114.It Fl S 115With this option set, 116.Nm 117logs all anonymous file downloads to the file 118.Pa /var/log/ftpd 119when this file exists. 120.It Fl U 121In previous versions of 122.Nm , 123when a passive mode client requested a data connection to the server, 124the server would use data ports in the range 1024..4999. Now, by default, 125the server will use data ports in the range 49152..65535. Specifying this 126option will revert to the old behavior. 127.It Fl d 128Debugging information is written to the syslog using 129.Dv LOG_FTP . 130.It Fl r 131Put server in read-only mode. 132All commands which may modify the local filesystem are disabled. 133.It Fl o 134Put server in write-only mode. 135RETR is disabled, preventing downloads. 136.It Fl l 137Each successful and failed 138.Xr ftp 1 139session is logged using syslog with a facility of 140.Dv LOG_FTP . 141If this option is specified twice, the retrieve (get), store (put), append, 142delete, make directory, remove directory and rename operations and 143their filename arguments are also logged. 144Note: 145.Dv LOG_FTP 146messages 147are not displayed by 148.Xr syslogd 8 149by default, and may have to be enabled in 150.Xr syslogd 8 Ns 's 151configuration file. 152.It Fl T 153A client may also request a different timeout period; 154the maximum period allowed may be set to 155.Ar timeout 156seconds with the 157.Fl T 158option. 159The default limit is 2 hours. 160.It Fl a 161When 162.Fl D 163is specified, accept connections only on the specified 164.Ar address . 165.It Fl p 166When 167.Fl D 168is specified, write the daemon's process ID to 169.Ar file . 170.It Fl t 171The inactivity timeout period is set to 172.Ar timeout 173seconds (the default is 15 minutes). 174.El 175.Pp 176The file 177.Pa /var/run/nologin 178can be used to disable ftp access. 179If the file exists, 180.Nm 181displays it and exits. 182If the file 183.Pa /etc/ftpwelcome 184exists, 185.Nm 186prints it before issuing the 187.Dq ready 188message. 189If the file 190.Pa /etc/ftpmotd 191exists, 192.Nm 193prints it after a successful login. Note the motd file used is the one 194relative to the login environment. This means the one in 195.Pa ~ftp/etc 196in the anonymous user's case. 197.Pp 198The ftp server currently supports the following ftp requests. 199The case of the requests is ignored. Requests marked [RW] are 200disabled if 201.Fl r 202is specified. 203.Bl -column "Request" -offset indent 204.It Sy Request Ta Sy "Description" 205.It ABOR Ta "abort previous command" 206.It ACCT Ta "specify account (ignored)" 207.It ALLO Ta "allocate storage (vacuously)" 208.It APPE Ta "append to a file [RW]" 209.It CDUP Ta "change to parent of current working directory" 210.It CWD Ta "change working directory" 211.It DELE Ta "delete a file [RW]" 212.It EPRT Ta "specify data connection port, multiprotocol" 213.It EPSV Ta "prepare for server-to-server transfer, multiprotocol" 214.It HELP Ta "give help information" 215.It LIST Ta "give list files in a directory" Pq Dq Li "ls -lgA" 216.It LPRT Ta "specify data connection port, multiprotocol" 217.It LPSV Ta "prepare for server-to-server transfer, multiprotocol" 218.It MDTM Ta "show last modification time of file" 219.It MKD Ta "make a directory [RW]" 220.It MODE Ta "specify data transfer" Em mode 221.It NLST Ta "give name list of files in directory" 222.It NOOP Ta "do nothing" 223.It PASS Ta "specify password" 224.It PASV Ta "prepare for server-to-server transfer" 225.It PORT Ta "specify data connection port" 226.It PWD Ta "print the current working directory" 227.It QUIT Ta "terminate session" 228.It REST Ta "restart incomplete transfer" 229.It RETR Ta "retrieve a file" 230.It RMD Ta "remove a directory [RW]" 231.It RNFR Ta "specify rename-from file name [RW]" 232.It RNTO Ta "specify rename-to file name [RW]" 233.It SITE Ta "non-standard commands (see next section)" 234.It SIZE Ta "return size of file" 235.It STAT Ta "return status of server" 236.It STOR Ta "store a file [RW]" 237.It STOU Ta "store a file with a unique name [RW]" 238.It STRU Ta "specify data transfer" Em structure 239.It SYST Ta "show operating system type of server system" 240.It TYPE Ta "specify data transfer" Em type 241.It USER Ta "specify user name" 242.It XCUP Ta "change to parent of current working directory (deprecated)" 243.It XCWD Ta "change working directory (deprecated)" 244.It XMKD Ta "make a directory (deprecated) [RW]" 245.It XPWD Ta "print the current working directory (deprecated)" 246.It XRMD Ta "remove a directory (deprecated) [RW]" 247.El 248.Pp 249The following non-standard or 250.Tn UNIX 251specific commands are supported 252by the 253SITE request. 254.Pp 255.Bl -column Request -offset indent 256.It Sy Request Ta Sy Description 257.It UMASK Ta change umask, e.g. ``SITE UMASK 002'' 258.It IDLE Ta set idle-timer, e.g. ``SITE IDLE 60'' 259.It CHMOD Ta "change mode of a file [RW], e.g. ``SITE CHMOD 755 filename''" 260.It MD5 Ta "report the files MD5 checksum, e.g. ``SITE MD5 filename''" 261.It HELP Ta give help information 262.El 263.Pp 264Note: SITE requests are disabled in case of anonymous logins. 265.Pp 266The remaining ftp requests specified in Internet RFC 959 267are 268recognized, but not implemented. 269MDTM and SIZE are not specified in RFC 959, but will appear in the 270next updated FTP RFC. 271.Pp 272The ftp server will abort an active file transfer only when the 273ABOR 274command is preceded by a Telnet "Interrupt Process" (IP) 275signal and a Telnet "Synch" signal in the command Telnet stream, 276as described in Internet RFC 959. 277If a 278STAT 279command is received during a data transfer, preceded by a Telnet IP 280and Synch, transfer status will be returned. 281.Pp 282.Nm Ftpd 283interprets file names according to the 284.Dq globbing 285conventions used by 286.Xr csh 1 . 287This allows users to utilize the metacharacters 288.Dq Li \&*?[]{}~ . 289.Pp 290.Nm Ftpd 291authenticates users according to six rules. 292.Pp 293.Bl -enum -offset indent 294.It 295The login name must be in the password data base 296and not have a null password. 297In this case a password must be provided by the client before any 298file operations may be performed. 299If the user has an S/Key key, the response from a successful USER 300command will include an S/Key challenge. 301The client may choose to respond with a PASS command giving either 302a standard password or an S/Key one-time password. 303The server will automatically determine which type of 304password it has been given and attempt to authenticate accordingly. 305See 306.Xr key 1 307for more information on S/Key authentication. 308S/Key is a Trademark of Bellcore. 309.It 310The login name must not appear in the file 311.Pa /etc/ftpusers . 312.It 313The login name must not be a member of a group specified in the file 314.Pa /etc/ftpusers . 315Entries in this file interpreted as group names are prefixed by an "at" 316.Ql \&@ 317sign. 318.It 319The user must have a standard shell returned by 320.Xr getusershell 3 . 321.It 322If the user name appears in the file 323.Pa /etc/ftpchroot , 324or the user is a member of a group with a group entry in this file, 325i.e. one prefixed with 326.Ql \&@ , 327the session's root will be changed to the user's login directory by 328.Xr chroot 2 329as for an 330.Dq anonymous 331or 332.Dq ftp 333account (see next item). 334This facility may also be triggered by enabling the boolean "ftp-chroot" 335capability in 336.Xr login.conf 5 . 337However, the user must still supply a password. 338This feature is intended as a compromise between a fully anonymous 339account and a fully privileged account. 340The account should also be set up as for an anonymous account. 341.It 342If the user name is 343.Dq anonymous 344or 345.Dq ftp , 346an 347anonymous ftp account must be present in the password 348file (user 349.Dq ftp ) . 350In this case the user is allowed 351to log in by specifying any password (by convention an email address for 352the user should be used as the password). 353When the 354.Fl S 355option is set, all transfers are logged as well. 356.El 357.Pp 358In the last case, 359.Nm 360takes special measures to restrict the client's access privileges. 361The server performs a 362.Xr chroot 2 363to the home directory of the 364.Dq ftp 365user. 366In order that system security is not breached, it is recommended 367that the 368.Dq ftp 369subtree be constructed with care, following these rules: 370.Bl -tag -width "~ftp/pub" -offset indent 371.It Pa ~ftp 372Make the home directory owned by 373.Dq root 374and unwritable by anyone. 375.It Pa ~ftp/etc 376Make this directory owned by 377.Dq root 378and unwritable by anyone (mode 555). 379The files pwd.db (see 380.Xr passwd 5 ) 381and 382.Xr group 5 383must be present for the 384.Xr ls 385command to be able to produce owner names rather than numbers. 386The password field in 387.Xr passwd 388is not used, and should not contain real passwords. 389The file 390.Pa ftpmotd , 391if present, will be printed after a successful login. 392These files should be mode 444. 393.It Pa ~ftp/pub 394This directory and the subdirectories beneath it should be owned 395by the users and groups responsible for placing files in them, 396and be writable only by them (mode 755 or 775). 397They should 398.Em not 399be owned or writable by 400.Dq ftp 401or its group, otherwise guest users 402can fill the drive with unwanted files. 403.El 404.Pp 405If the system has multiple IP addresses, 406.Nm 407supports the idea of virtual hosts, which provides the ability to 408define multiple anonymous ftp areas, each one allocated to a different 409internet address. 410The file 411.Pa /etc/ftphosts 412contains information pertaining to each of the virtual hosts. 413Each host is defined on its own line which contains a number of 414fields separated by whitespace: 415.Bl -tag -offset indent -width hostname 416.It hostname 417Contains the hostname or IP address of the virtual host. 418.It user 419Contains a user record in the system password file. 420As with normal anonymous ftp, this user's access uid, gid and group 421memberships determine file access to the anonymous ftp area. 422The anonymous ftp area (to which any user is chrooted on login) 423is determined by the home directory defined for the account. 424User id and group for any ftp account may be the same as for the 425standard ftp user. 426.It statfile 427File to which all file transfers are logged, which 428defaults to 429.Pa /var/log/ftpd . 430.It welcome 431This file is the welcome message displayed before the server ready 432prompt. 433It defaults to 434.Pa /etc/ftpwelcome . 435.It motd 436This file is displayed after the user logs in. 437It defaults to 438.Pa /etc/ftpmotd . 439.El 440.Pp 441Lines beginning with a '#' are ignored and can be used to include 442comments. 443.Pp 444Defining a virtual host for the primary IP address or hostname 445changes the default for ftp logins to that address. 446The 'user', 'statfile', 'welcome' and 'motd' fields may be left 447blank, or a single hypen '-' used to indicate that the default 448value is to be used. 449.Pp 450As with any anonymous login configuration, due care must be given 451to setup and maintenance to guard against security related problems. 452.Pp 453.Nm 454has internal support for handling remote requests to list 455files, and will not execute 456.Pa /bin/ls 457in either a chrooted or non-chrooted environment. The 458.Pa ~/bin/ls 459executable need not be placed into the chrooted tree, nor need the 460.Pa ~/bin 461directory exist. 462.Sh FILES 463.Bl -tag -width /etc/ftpwelcome -compact 464.It Pa /etc/ftpusers 465List of unwelcome/restricted users. 466.It Pa /etc/ftpchroot 467List of normal users who should be chroot'd. 468.It Pa /etc/ftphosts 469Virtual hosting configuration file. 470.It Pa /etc/ftpwelcome 471Welcome notice. 472.It Pa /etc/ftpmotd 473Welcome notice after login. 474.It Pa /var/run/nologin 475Displayed and access refused. 476.It Pa /var/log/ftpd 477Log file for anonymous transfers. 478.El 479.Sh SEE ALSO 480.Xr ftp 1 , 481.Xr key 1 , 482.Xr getusershell 3 , 483.Xr login.conf 5 , 484.Xr inetd 8 , 485.Xr syslogd 8 486.Sh BUGS 487The server must run as the super-user 488to create sockets with privileged port numbers. It maintains 489an effective user id of the logged in user, reverting to 490the super-user only when binding addresses to sockets. The 491possible security holes have been extensively 492scrutinized, but are possibly incomplete. 493.Sh HISTORY 494The 495.Nm 496command appeared in 497.Bx 4.2 . 498IPv6 support was added in WIDE Hydrangea IPv6 stack kit. 499