1.\" Copyright (c) 1985, 1988, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by the University of 15.\" California, Berkeley and its contributors. 16.\" 4. Neither the name of the University nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" @(#)ftpd.8 8.2 (Berkeley) 4/19/94 33.\" $Id: ftpd.8,v 1.9 1996/09/22 21:53:26 wosch Exp $ 34.\" 35.Dd April 19, 1994 36.Dt FTPD 8 37.Os BSD 4.2 38.Sh NAME 39.Nm ftpd 40.Nd 41Internet File Transfer Protocol server 42.Sh SYNOPSIS 43.Nm ftpd 44.Op Fl dl 45.Op Fl D 46.Op Fl R 47.Op Fl S 48.Op Fl U 49.Op Fl T Ar maxtimeout 50.Op Fl t Ar timeout 51.Op Fl a Ar address 52.Op Fl p Ar file 53.Sh DESCRIPTION 54.Nm Ftpd 55is the 56Internet File Transfer Protocol 57server process. The server uses the 58.Tn TCP 59protocol 60and listens at the port specified in the 61.Dq ftp 62service specification; see 63.Xr services 5 . 64.Pp 65Available options: 66.Bl -tag -width Ds 67.It Fl d 68Debugging information is written to the syslog using LOG_FTP. 69.It Fl l 70Each successful and failed 71.Xr ftp 1 72session is logged using syslog with a facility of LOG_FTP. 73If this option is specified twice, the retrieve (get), store (put), append, 74delete, make directory, remove directory and rename operations and 75their filename arguments are also logged. 76.It Fl D 77With this option set, 78.Nm ftpd 79will detach and become a daemon, accepting connections on the FTP port and 80forking children processes to handle them. This is lower overhead than 81starting 82.Nm ftpd 83from 84.Xr inetd 8 85and is thus useful on busy servers to reduce load. 86.It Fl R 87With this option set, 88.Nm ftpd 89will revert to historical behavior with regard to security checks on 90user operations and restrictions on PORT requests. 91Currently, 92.Nm ftpd 93will only honor PORT commands directed to unprivileged ports on the 94remote user's host (which violates the FTP protocol specification but 95closes some security holes). 96. 97.It Fl S 98With this option set, 99.Nm ftpd 100logs all anonymous transfers to the file 101.Pa /var/log/ftpd 102when this file exists. 103. 104.It Fl U 105In previous versions of 106.Nm ftpd , 107when a passive mode client requested a data connection to the server, 108the server would use data ports in the range 1024..4999. Now, by default, 109the server will use data ports in the range 40000..44999. Specifying this 110option will revert to the old behavior. 111.It Fl T 112A client may also request a different timeout period; 113the maximum period allowed may be set to 114.Ar timeout 115seconds with the 116.Fl T 117option. 118The default limit is 2 hours. 119.It Fl t 120The inactivity timeout period is set to 121.Ar timeout 122seconds (the default is 15 minutes). 123.It Fl a 124When 125.Fl D 126is specified, accept connections only on the specified 127.Ar address . 128.It Fl p 129When 130.Fl D 131is specified, write the daemon's process ID to 132.Ar file . 133.It Fl A 134Allow only anonymous ftp access 135.El 136.Pp 137The file 138.Pa /etc/nologin 139can be used to disable ftp access. 140If the file exists, 141.Nm 142displays it and exits. 143If the file 144.Pa /etc/ftpwelcome 145exists, 146.Nm 147prints it before issuing the 148.Dq ready 149message. 150If the file 151.Pa /etc/ftpmotd 152exists, 153.Nm 154prints it after a successful login. 155.Pp 156The ftp server currently supports the following ftp requests. 157The case of the requests is ignored. 158.Bl -column "Request" -offset indent 159.It Request Ta "Description" 160.It ABOR Ta "abort previous command" 161.It ACCT Ta "specify account (ignored)" 162.It ALLO Ta "allocate storage (vacuously)" 163.It APPE Ta "append to a file" 164.It CDUP Ta "change to parent of current working directory" 165.It CWD Ta "change working directory" 166.It DELE Ta "delete a file" 167.It HELP Ta "give help information" 168.It LIST Ta "give list files in a directory" Pq Dq Li "ls -lgA" 169.It MKD Ta "make a directory" 170.It MDTM Ta "show last modification time of file" 171.It MODE Ta "specify data transfer" Em mode 172.It NLST Ta "give name list of files in directory" 173.It NOOP Ta "do nothing" 174.It PASS Ta "specify password" 175.It PASV Ta "prepare for server-to-server transfer" 176.It PORT Ta "specify data connection port" 177.It PWD Ta "print the current working directory" 178.It QUIT Ta "terminate session" 179.It REST Ta "restart incomplete transfer" 180.It RETR Ta "retrieve a file" 181.It RMD Ta "remove a directory" 182.It RNFR Ta "specify rename-from file name" 183.It RNTO Ta "specify rename-to file name" 184.It SITE Ta "non-standard commands (see next section)" 185.It SIZE Ta "return size of file" 186.It STAT Ta "return status of server" 187.It STOR Ta "store a file" 188.It STOU Ta "store a file with a unique name" 189.It STRU Ta "specify data transfer" Em structure 190.It SYST Ta "show operating system type of server system" 191.It TYPE Ta "specify data transfer" Em type 192.It USER Ta "specify user name" 193.It XCUP Ta "change to parent of current working directory (deprecated)" 194.It XCWD Ta "change working directory (deprecated)" 195.It XMKD Ta "make a directory (deprecated)" 196.It XPWD Ta "print the current working directory (deprecated)" 197.It XRMD Ta "remove a directory (deprecated)" 198.El 199.Pp 200The following non-standard or 201.Tn UNIX 202specific commands are supported 203by the 204SITE request. 205.Pp 206.Bl -column Request -offset indent 207.It Sy Request Ta Sy Description 208.It UMASK Ta change umask, e.g. ``SITE UMASK 002'' 209.It IDLE Ta set idle-timer, e.g. ``SITE IDLE 60'' 210.It CHMOD Ta change mode of a file, e.g. ``SITE CHMOD 755 filename'' 211.It HELP Ta give help information. 212.El 213.Pp 214The remaining ftp requests specified in Internet RFC 959 215are 216recognized, but not implemented. 217MDTM and SIZE are not specified in RFC 959, but will appear in the 218next updated FTP RFC. 219.Pp 220The ftp server will abort an active file transfer only when the 221ABOR 222command is preceded by a Telnet "Interrupt Process" (IP) 223signal and a Telnet "Synch" signal in the command Telnet stream, 224as described in Internet RFC 959. 225If a 226STAT 227command is received during a data transfer, preceded by a Telnet IP 228and Synch, transfer status will be returned. 229.Pp 230.Nm Ftpd 231interprets file names according to the 232.Dq globbing 233conventions used by 234.Xr csh 1 . 235This allows users to utilize the metacharacters 236.Dq Li \&*?[]{}~ . 237.Pp 238.Nm Ftpd 239authenticates users according to five rules. 240.Pp 241.Bl -enum -offset indent 242.It 243The login name must be in the password data base, 244.Pa /etc/pwd.db , 245and not have a null password. 246In this case a password must be provided by the client before any 247file operations may be performed. 248If the user has an S/Key key, the response from a successful USER 249command will include an S/Key challenge. The client may choose to respond 250with a PASS command giving either a standard password or an S/Key 251one-time password. The server will automatically determine which type of 252password it has been given and attempt to authenticate accordingly. See 253.Xr key 1 254for more information on S/Key authentication. S/Key is a Trademark of 255Bellcore. 256.It 257The login name must not appear in the file 258.Pa /etc/ftpusers . 259.It 260The user must have a standard shell returned by 261.Xr getusershell 3 . 262.It 263If the user name appears in the file 264.Pa /etc/ftpchroot 265the session's root will be changed to the user's login directory by 266.Xr chroot 2 267as for an 268.Dq anonymous 269or 270.Dq ftp 271account (see next item). However, the user must still supply a password. 272This feature is intended as a compromise between a fully anonymous account 273and a fully privileged account. The account should also be set up as for an 274anonymous account. 275.It 276If the user name is 277.Dq anonymous 278or 279.Dq ftp , 280an 281anonymous ftp account must be present in the password 282file (user 283.Dq ftp ) . 284In this case the user is allowed 285to log in by specifying any password (by convention an email address for 286the user should be used as the password). 287When the 288.Fl S 289option is set, all transfers are logged as well. 290.El 291.Pp 292In the last case, 293.Nm ftpd 294takes special measures to restrict the client's access privileges. 295The server performs a 296.Xr chroot 2 297to the home directory of the 298.Dq ftp 299user. 300In order that system security is not breached, it is recommended 301that the 302.Dq ftp 303subtree be constructed with care, following these rules: 304.Bl -tag -width "~ftp/pub" -offset indent 305.It Pa ~ftp 306Make the home directory owned by 307.Dq root 308and unwritable by anyone. 309.It Pa ~ftp/bin 310Make this directory owned by 311.Dq root 312and unwritable by anyone (mode 555). 313The program 314.Xr ls 1 315must be present to support the list command. 316This program should be mode 111. 317.It Pa ~ftp/etc 318Make this directory owned by 319.Dq root 320and unwritable by anyone (mode 555). 321The files pwd.db (see 322.Xr passwd 5 ) 323and 324.Xr group 5 325must be present for the 326.Xr ls 327command to be able to produce owner names rather than numbers. 328The password field in 329.Xr passwd 330is not used, and should not contain real passwords. 331The file 332.Pa ftpmotd , 333if present, will be printed after a successful login. 334These files should be mode 444. 335.It Pa ~ftp/pub 336Make this directory mode 777 and owned by 337.Dq ftp . 338Guests 339can then place files which are to be accessible via the anonymous 340account in this directory. 341.El 342.Sh FILES 343.Bl -tag -width /etc/ftpwelcome -compact 344.It Pa /etc/ftpusers 345List of unwelcome/restricted users. 346.It Pa /etc/ftpchroot 347List of normal users who should be chroot'd. 348.It Pa /etc/ftpwelcome 349Welcome notice. 350.It Pa /etc/ftpmotd 351Welcome notice after login. 352.It Pa /etc/nologin 353Displayed and access refused. 354.It Pa /var/log/ftpd 355Log file for anonymous transfers. 356.El 357.Sh SEE ALSO 358.Xr ftp 1 , 359.Xr key 1 , 360.Xr getusershell 3 , 361.Xr inetd 8 , 362.Xr syslogd 8 363.Sh BUGS 364The server must run as the super-user 365to create sockets with privileged port numbers. It maintains 366an effective user id of the logged in user, reverting to 367the super-user only when binding addresses to sockets. The 368possible security holes have been extensively 369scrutinized, but are possibly incomplete. 370.Sh HISTORY 371The 372.Nm 373command appeared in 374.Bx 4.2 . 375