1.\" Copyright (c) 1985, 1988, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by the University of 15.\" California, Berkeley and its contributors. 16.\" 4. Neither the name of the University nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" @(#)ftpd.8 8.2 (Berkeley) 4/19/94 33.\" 34.Dd April 19, 1994 35.Dt FTPD 8 36.Os BSD 4.2 37.Sh NAME 38.Nm ftpd 39.Nd 40Internet File Transfer Protocol server 41.Sh SYNOPSIS 42.Nm ftpd 43.Op Fl dl 44.Op Fl S 45.Op Fl T Ar maxtimeout 46.Op Fl t Ar timeout 47.Sh DESCRIPTION 48.Nm Ftpd 49is the 50Internet File Transfer Protocol 51server process. The server uses the 52.Tn TCP 53protocol 54and listens at the port specified in the 55.Dq ftp 56service specification; see 57.Xr services 5 . 58.Pp 59Available options: 60.Bl -tag -width Ds 61.It Fl d 62Debugging information is written to the syslog using LOG_FTP. 63.It Fl l 64Each successful and failed 65.Xr ftp 1 66session is logged using syslog with a facility of LOG_FTP. 67If this option is specified twice, the retrieve (get), store (put), append, 68delete, make directory, remove directory and rename operations and 69their filename arguments are also logged. 70.It Fl S 71With this option set, 72.Nm ftpd 73logs all anonymous transfers to the file 74.Pa /var/log/ftpd 75when this file exists. 76. 77.It Fl T 78A client may also request a different timeout period; 79the maximum period allowed may be set to 80.Ar timeout 81seconds with the 82.Fl T 83option. 84The default limit is 2 hours. 85.It Fl t 86The inactivity timeout period is set to 87.Ar timeout 88seconds (the default is 15 minutes). 89.El 90.Pp 91The file 92.Pa /etc/nologin 93can be used to disable ftp access. 94If the file exists, 95.Nm 96displays it and exits. 97If the file 98.Pa /etc/ftpwelcome 99exists, 100.Nm 101prints it before issuing the 102.Dq ready 103message. 104If the file 105.Pa /etc/ftpmotd 106exists, 107.Nm 108prints it after a successful login. 109.Pp 110The ftp server currently supports the following ftp requests. 111The case of the requests is ignored. 112.Bl -column "Request" -offset indent 113.It Request Ta "Description" 114.It ABOR Ta "abort previous command" 115.It ACCT Ta "specify account (ignored)" 116.It ALLO Ta "allocate storage (vacuously)" 117.It APPE Ta "append to a file" 118.It CDUP Ta "change to parent of current working directory" 119.It CWD Ta "change working directory" 120.It DELE Ta "delete a file" 121.It HELP Ta "give help information" 122.It LIST Ta "give list files in a directory" Pq Dq Li "ls -lgA" 123.It MKD Ta "make a directory" 124.It MDTM Ta "show last modification time of file" 125.It MODE Ta "specify data transfer" Em mode 126.It NLST Ta "give name list of files in directory" 127.It NOOP Ta "do nothing" 128.It PASS Ta "specify password" 129.It PASV Ta "prepare for server-to-server transfer" 130.It PORT Ta "specify data connection port" 131.It PWD Ta "print the current working directory" 132.It QUIT Ta "terminate session" 133.It REST Ta "restart incomplete transfer" 134.It RETR Ta "retrieve a file" 135.It RMD Ta "remove a directory" 136.It RNFR Ta "specify rename-from file name" 137.It RNTO Ta "specify rename-to file name" 138.It SITE Ta "non-standard commands (see next section)" 139.It SIZE Ta "return size of file" 140.It STAT Ta "return status of server" 141.It STOR Ta "store a file" 142.It STOU Ta "store a file with a unique name" 143.It STRU Ta "specify data transfer" Em structure 144.It SYST Ta "show operating system type of server system" 145.It TYPE Ta "specify data transfer" Em type 146.It USER Ta "specify user name" 147.It XCUP Ta "change to parent of current working directory (deprecated)" 148.It XCWD Ta "change working directory (deprecated)" 149.It XMKD Ta "make a directory (deprecated)" 150.It XPWD Ta "print the current working directory (deprecated)" 151.It XRMD Ta "remove a directory (deprecated)" 152.El 153.Pp 154The following non-standard or 155.Tn UNIX 156specific commands are supported 157by the 158SITE request. 159.Pp 160.Bl -column Request -offset indent 161.It Sy Request Ta Sy Description 162.It UMASK Ta change umask, e.g. ``SITE UMASK 002'' 163.It IDLE Ta set idle-timer, e.g. ``SITE IDLE 60'' 164.It CHMOD Ta change mode of a file, e.g. ``SITE CHMOD 755 filename'' 165.It HELP Ta give help information. 166.El 167.Pp 168The remaining ftp requests specified in Internet RFC 959 169are 170recognized, but not implemented. 171MDTM and SIZE are not specified in RFC 959, but will appear in the 172next updated FTP RFC. 173.Pp 174The ftp server will abort an active file transfer only when the 175ABOR 176command is preceded by a Telnet "Interrupt Process" (IP) 177signal and a Telnet "Synch" signal in the command Telnet stream, 178as described in Internet RFC 959. 179If a 180STAT 181command is received during a data transfer, preceded by a Telnet IP 182and Synch, transfer status will be returned. 183.Pp 184.Nm Ftpd 185interprets file names according to the 186.Dq globbing 187conventions used by 188.Xr csh 1 . 189This allows users to utilize the metacharacters 190.Dq Li \&*?[]{}~ . 191.Pp 192.Nm Ftpd 193authenticates users according to three rules. 194.Pp 195.Bl -enum -offset indent 196.It 197The login name must be in the password data base, 198.Pa /etc/passwd , 199and not have a null password. 200In this case a password must be provided by the client before any 201file operations may be performed. 202.It 203The login name must not appear in the file 204.Pa /etc/ftpusers . 205.It 206The user must have a standard shell returned by 207.Xr getusershell 3 . 208.It 209If the user name is 210.Dq anonymous 211or 212.Dq ftp , 213an 214anonymous ftp account must be present in the password 215file (user 216.Dq ftp ) . 217In this case the user is allowed 218to log in by specifying any password (by convention an email address for 219the user should be used as the password). When the 220.Fl S 221option is set, all transfers are logged as well. 222.El 223.Pp 224In the last case, 225.Nm ftpd 226takes special measures to restrict the client's access privileges. 227The server performs a 228.Xr chroot 2 229to the home directory of the 230.Dq ftp 231user. 232In order that system security is not breached, it is recommended 233that the 234.Dq ftp 235subtree be constructed with care, following these rules: 236.Bl -tag -width "~ftp/pub" -offset indent 237.It Pa ~ftp 238Make the home directory owned by 239.Dq root 240and unwritable by anyone. 241.It Pa ~ftp/bin 242Make this directory owned by 243.Dq root 244and unwritable by anyone (mode 555). 245The program 246.Xr ls 1 247must be present to support the list command. 248This program should be mode 111. 249.It Pa ~ftp/etc 250Make this directory owned by 251.Dq root 252and unwritable by anyone (mode 555). 253The files 254.Xr passwd 5 255and 256.Xr group 5 257must be present for the 258.Xr ls 259command to be able to produce owner names rather than numbers. 260The password field in 261.Xr passwd 262is not used, and should not contain real passwords. 263The file 264.Pa ftpmotd , 265if present, will be printed after a successful login. 266These files should be mode 444. 267.It Pa ~ftp/pub 268Make this directory mode 777 and owned by 269.Dq ftp . 270Guests 271can then place files which are to be accessible via the anonymous 272account in this directory. 273.El 274.Sh FILES 275.Bl -tag -width /etc/ftpwelcome -compact 276.It Pa /etc/ftpusers 277List of unwelcome/restricted users. 278.It Pa /etc/ftpwelcome 279Welcome notice. 280.It Pa /etc/ftpmotd 281Welcome notice after login. 282.It Pa /etc/nologin 283Displayed and access refused. 284.It Pa /var/log/ftpd 285Log file for anonymous transfers. 286.El 287.Sh SEE ALSO 288.Xr ftp 1 , 289.Xr getusershell 3 , 290.Xr syslogd 8 291.Sh BUGS 292The server must run as the super-user 293to create sockets with privileged port numbers. It maintains 294an effective user id of the logged in user, reverting to 295the super-user only when binding addresses to sockets. The 296possible security holes have been extensively 297scrutinized, but are possibly incomplete. 298.Sh HISTORY 299The 300.Nm 301command appeared in 302.Bx 4.2 . 303