*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->HP-UX 11i man pages -> ftpd (1m)              


 ftpd(1M)                                                           ftpd(1M)

 NAME    [Toc]    [Back]
      ftpd - DARPA Internet File Transfer Protocol server

 SYNOPSIS    [Toc]    [Back]
      /usr/lbin/ftpd [-l] [-p] [-v] [-t timeout] [-P] [-T maxtimeout]
           [-u umask] [-U] [-K] [-B size] [-a | -A] [-L] [-i] [-o]
           [-m number_of_tries] [-n nice_value] [-q | -Q] [-r rootdir] [-V]
           [-w | -W] [-X] [-I] [-s | -S] [-c ctrlport] [-C dataport]

 DESCRIPTION    [Toc]    [Back]
      ftpd is the DARPA Internet File Transfer Protocol server.  It expects
      to be run by the Internet daemon (see inetd(1M) and inetd.conf(4)).
      inetd runs ftpd when a service request is received at the port
      indicated in the ftp service specification in /etc/services (see

    Options    [Toc]    [Back]
      ftpd recognizes the following options and command-line arguments.

           -a             Enables the use of the configuration file
                          /etc/ftpd/ftpaccess.  (see ftpaccess(4)).

           -A             Disables the use of the configuration file
                          /etc/ftpd/ftpaccess.  (see ftpaccess(4)).

           -B size        Sets the buffer size of the data socket to size
                          blocks of 1024 bytes.  The valid range for size is
                          from 1 to 2097151 (default is 56).  Note: A large
                          buffer size will improve the performance of ftpd
                          on fast links (e.g. FDDI), but may cause long
                          connection times on slow links (e.g. X.25).

                          Note: If the buffer size needs to be set to any
                          value other than multiples of 1024 bytes, use `B'
                          immediately after size without any space. The size
                          value will be taken in terms of bytes. For
                          example, to set the buffer size to a value equal
                          to "1500", use -B 1500B.

           -c ctrlport
           -C dataport    Overrides the control and the data port numbers
                          respectively that is used by the daemon.
                          Normally, the daemon determines the port numbers
                          by looking in /etc/services (see services(4)) for
                          "ftp" and "ftp-data".  If there is no
                          /etc/services entry for "ftp-data" and the -C
                          option is not specified, the daemon uses the port
                          just prior to the control connection port.  The -c
                          and -C options are both available if running as a
                          standalone daemon.  Otherwise, only the -C option
                          can be used.

 Hewlett-Packard Company            - 1 -   HP-UX 11i Version 2: August 2003

 ftpd(1M)                                                           ftpd(1M)

           -i             Logs all the files received by ftpd server to
                          xferlog (see xferlog(5)).  This option is
                          overridden by the /etc/ftpd/ftpaccess file. (see

           -I             Enables the use of RFC931 (AUTH/ident) to attempt
                          to determine the username on the client.

           -K             Applicable only in a secure environment based on
                          Kerberos V5.  Causes access to be denied if
                          network authentication fails.  See sis(5).

           -l             Causes each FTP session to be logged in the syslog

           -L             Logs all commands sent to the ftpd server to be
                          logged to the syslog. The -L option is overridden
                          by the /etc/ftpd/ftpaccess file (see
                          ftpaccess(4)).  If the -L option is used, commands
                          will be logged to syslog by default.

           -m number_of_tries
                          Specifies the number of tries for a bind() socket

           -n nice_value  Sets the nice value for an ftpd process. When
                          using this option, make sure that the nice clause
                          in /etc/ftpd/ftpaccess file (see ftpaccess(4)) is
                          not set.

           -o             Logs all files transmitted by ftpd to xferlog (see
                          xferlog(5)).  It logs outgoing files from the ftpd
                          server. This option is overridden by the
                          /etc/ftpd/ftpaccess file (see ftpaccess(4)).

           -p             The default action of ftpd does not allow usage of
                          reserved ports as the originating port on the
                          client's system i.e., the PORT command cannot
                          specify a reserved port. This option allows the
                          client to specify a reserved port. Note, allowing
                          usage of reserved ports can result in the misuse
                          of ftpd. The security ramifications should be
                          understood before the option is turned on.

           -P             Enables third party transfer.

           -q | -Q        Determines whether the daemon uses the PID files.
                          These files are required by the limit directive to
                          determine the number of current users in each
                          access class. Disabling the use of the PID files
                          disables user limits. The default (-q) specifies

 Hewlett-Packard Company            - 2 -   HP-UX 11i Version 2: August 2003

 ftpd(1M)                                                           ftpd(1M)

                          to use the PID files.  Specify -Q to disable using
                          the PID files.  The -Q option can be used when
                          testing the server as a normal user when access
                          permissions prevent the use of the PID files.
                          Large, busy sites which do not wish to impose
                          limits on the number of concurrent users may also
                          consider disabling the PID files.

           -r rootdir     Instructs the daemon to chroot (see chroot(2)) to
                          the specified rootdir immediately upon loading.
                          This can improve system security by limiting the
                          files which may be damaged should a break-in occur
                          through the daemon. This option is like anonymous
                          FTP. For this option to work properly additional
                          files may be needed under the specified rootdir,
                          which can vary from system to system.

           -s | -S        Runs the daemon in standalone operation mode.  The
                          -S option runs the daemon in the background and is
                          useful in startup scripts during system
                          initialization (ie., in rc.local).  The -s option
                          leaves the daemon in foreground and is useful when
                          running from init (see init(1M)).

           -t timeout     Causes ftpd to timeout inactive sessions after
                          timeout seconds.  By default, ftpd terminates an
                          inactive session after 15 minutes.

           -T maxtimeout  A client can also request a different timeout
                          period.  The -T option sets to maxtimeout the
                          maximum timeout that client can request, in
                          seconds.  By default, the maximum timeout is 2

           -u umask       Change default ftpd umask from 027 to umask.

           -U             Disables the use of sendfile() and uses send() for
                          sending data.  Use this option if the link cannot
                          handle more than one buffer per packet (e.g.
                          Gigabit Ethernet).

           -v             The debugging information is written to the syslog

           -V             Causes the program to display copyright and
                          version information, then terminate.

           -w | -W        Determines whether the user logins are to be
                          recorded in the wtmps and btmps files. If the -W
                          option is specified, user logins are not recorded
                          in the wtmps or btmps file.  The default (-w) is

 Hewlett-Packard Company            - 3 -   HP-UX 11i Version 2: August 2003

 ftpd(1M)                                                           ftpd(1M)

                          used to record every login, logout, and bad login

           -X             Specifies that the output created by the -i and -o
                          options is not saved to the xferlog file but saved
                          via syslog so that the output can be collected
                          from several hosts on one central loghost.

      ftpd currently supports the following commands (uppercase and
      lowercase are interpreted as equivalent):

           Command        Description
           ABOR           Abort previous command
           ACCT           Specify account (ignored)
           ALLO           Allocate storage (vacuously)
           APPE           Append to a file
           CDUP           Change to parent of current working directory
           CWD            Change working directory
           DELE           Delete a file
           EPSV           Sets the server to listen on a data port and wait
                          for a connection
           EPRT           Use extended address for data connection
           HELP           Give help information
           LIST           Give list files in a directory (ls -l)
           LPRT           Use long address for data connection
           LPSV           Sets the server to listen on a data port and wait
                          for a connection
           MKD            Make a directory
           MDTM           Show last modification time of file
           MODE           Specify data transfer mode
           NLST           Give name list of files in directory
           NOOP           Do nothing
           PASS           Specify password
           PASV           Prepare for server-to-server transfer
           PORT           Specify data connection port
           PWD            Print the current working directory
           QUIT           Terminate session
           REST           Restart incomplete transfer
           RETR           Retrieve a file
           RMD            Remove a directory
           RNFR           Specify rename-from file name
           RNTO           Specify rename-to file name
           SITE           Non-standard commands (see next section)
           SIZE           Return size of file
           STAT           Return status of server
           STOR           Store a file
           STOU           Store a file with a unique name
           STRU           Specify data transfer structure
           SYST           Show operating system type of server system
           TYPE           Specify data transfer type

 Hewlett-Packard Company            - 4 -   HP-UX 11i Version 2: August 2003

 ftpd(1M)                                                           ftpd(1M)

           USER           Specify user name
           XCUP           Change to parent of current working directory
           XCWD           Change working directory
           XMKD           Make a directory
           XPWD           Print the current working directory
           XRMD           Remove a directory

      The following commands are supported when ftpd is operating in a
      secure environment which is based on Kerberos V5 (see sis(5)).

           Command        Description
           AUTH           Authentication/security mechanism
           ADAT           Authentication/security data
           CCC            Clear command channel
           ENC            Privacy protected command
           MIC            Integrity protected command
           PROT           Data channel protection level (level 'C' only)
           PBSZ           Protection buffer size (has no effect)

      These commands are described in draft 8 of the FTP security

      The following non-standard or HP-UX specific commands are supported by
      the SITE command:

           Command        Description
           UMASK          Change umask. (e.g., SITE UMASK 002)
           IDLE           Set idle-timer. (e.g., SITE IDLE 60)
           CHMOD          Change mode of a file. (e.g., SITE CHMOD 755
           HELP           Give help information. (e.g., SITE HELP)
           NEWER          List files newer than a particular date.
           MINFO          Works like SITE NEWER, but gives extra
           GROUP          Request for special group access. (e.g. , SITE
                          GROUP foo)
           GPASS          Give special group access password. (e.g. , SITE
                          GPASS bar)
           EXEC           Execute a program. (e.g. , SITE EXEC program

      For the SITE EXEC command, in order to execute a program it has to be
      placed in the /etc/ftpd/ftp-exec directory. The program to be executed
      must be either a binary program file or a valid shell. For example for
      the following program:

           cat /etc/ftpd/ftp-exec/hi.sh
           echo hello

 Hewlett-Packard Company            - 5 -   HP-UX 11i Version 2: August 2003

 ftpd(1M)                                                           ftpd(1M)

      When we give the following SITE EXEC command:

           ftp> site exec hi.sh

      The output will be as follows:

           200  (end of 'hi.sh')

      Note: The security of the system will entirely be dependent on what
      binaries or shell programs that the administrator has placed in the
      directory /etc/ftpd/ftp-exec.  Making this functionality available to
      real users who have shell access does not have any major security
      ramifications, but for anonymous and guest users who do not have shell
      access, it does.

      The remaining FTP requests specified in Internet RFC 959 are
      recognized, but not implemented.  MDTM and SIZE are not specified in
      RFC 959, but are expected in the next updated FTP RFC.

      The FTP server aborts an active file transfer only when the ABOR
      command is preceded by a Telnet "Interrupt Process" (IP) signal and a
      Telnet "Synch" signal in the command Telnet stream, as described in
      Internet RFC 959.  If ftpd receives a STAT command during a data
      transfer, preceded by a Telnet IP and Synch, it returns the status of
      the transfer.

      ftpd interprets file names according to the "globbing" conventions
      used by csh(1).  This allows users to utilize the metacharacters *, .,
      [, ], {, }, ~, and ?.

      ftpd authenticates users according to three rules:

           +  The user name must be in the password data base, /etc/passwd,
              and not have a null password.  The client must provide the
              correct password for the user before any file operations can
              be performed.

           +  The user name must not appear in the file /etc/ftpd/ftpusers
              (see ftpusers(4)).

           +  The user must have a standard shell returned by

      Optionally, a system administrator can permit public access or
      "anonymous FTP." If this has been set up, users can access the
      anonymous FTP account with the user name anonymous or ftp and any
      non-null password (by convention, the client host's name).  ftpd does
      a chroot() to the home directory of user ftp, thus limiting anonymous

 Hewlett-Packard Company            - 6 -   HP-UX 11i Version 2: August 2003

 ftpd(1M)                                                           ftpd(1M)

      FTP users' access to the system.  If the user name is anonymous or
      ftp, an anonymous FTP account must be present in the password file
      (user ftp).  In this case the user is allowed to log in by specifying
      any password (by convention this is given as the user's e-mail

      In order to permit anonymous FTP, there must be an entry in the
      passwd(4) database for an account named ftp.  The password field
      should be *, the group membership should be guest, and the login shell
      should be /usr/bin/false.  For example (assuming the guest group ID is

           ftp:*:500:10:anonymous ftp:/home/ftp:/usr/bin/false

      The anonymous FTP directory should be set up as follows:

      ~ftp    The home directory of the FTP account should be owned by user
              root and mode 555 (not writable).  Since ftpd does a chroot()
              to this directory, it must have the following subdirectories
              and files:

                        This directory must be owned by root and mode 555
                        (not writable).  The file /sbin/ls should be copied
                        to ~ftp/usr/bin.  This is needed to support
                        directory listing by ftpd.  The command should be
                        mode 111 (executable only).  If the FTP account is
                        on the same file system as /sbin, ~ftp/usr/bin/ls
                        can be hard link, but it may not be a symbolic link,
                        because of the chroot().  The command must be
                        replaced when the system is updated.

              ~ftp/etc  This directory must be owned by root and mode 555
                        (not writable).  It should contain versions of the
                        files passwd and group.  See passwd(4) and group(4).
                        These files must be owned by root and mode 444
                        (readable only).  These files must be present for
                        the LIST command to be able to produce owner names
                        rather than numbers.

                        This file should contain entries for the ftp user
                        and any other users who own files under the
                        anonymous ftp directory.  Such entries should have *
                        for passwords.  Group IDs must be listed in the
                        anonymous FTP group file, ~ftp/etc/group.  The path
                        names of home directories in ~ftp/etc/passwd must be
                        with respect to the anonymous FTP home directory.

                        This file should contain the group names associated

 Hewlett-Packard Company            - 7 -   HP-UX 11i Version 2: August 2003

 ftpd(1M)                                                           ftpd(1M)

                        with any group IDs in file ~ftp/etc/passwd and any
                        group IDs of files in the anonymous FTP

              ~ftp/pub (optional)
                        This directory is used by anonymous FTP users to
                        deposit files on the system.  It should be owned by
                        user ftp and should be mode 777 (readable and
                        writable by all).

              ~ftp/dist (optional)
                        Directories used to make files available to
                        anonymous ftp users should be mode 555 (not
                        writable), and any files to be distributed should be
                        owned by root and mode 444 (readable only) so that
                        they cannot be modified or removed by anonymous FTP

      Note: The steps that are followed to create an anonymous account are
      used to create a guest account also.

 DIAGNOSTICS    [Toc]    [Back]
      ftpd replies to FTP commands to ensure synchronization of requests and
      actions during file transfers, and to indicate the status of ftpd.
      Every command produces at least one reply, although there may be more
      than one.  A reply consists of a three-digit number, a space, some
      text, and an end of line.  The number is useful for programs; the text
      is useful for users.  The number must conform to this standard, but
      the text can vary.

      The first digit of the message indicates whether the reply is good,
      bad, or incomplete.  Five values exist for the first digit.  The
      values and the interpretations of the values are:

           1       The requested action is being initiated; expect another
                   reply before proceeding with a new command.

           2       The requested action is complete.  The server is ready
                   for a new request.

           3       The command has been accepted, but the requested action
                   requires more information.

           4       The command was not accepted, the requested action
                   failed, but the error condition is temporary and the
                   action can be requested again.

           5       The command was not accepted, the requested action
                   failed, and the error condition would most likely occur
                   again if the same command sequence is repeated.

 Hewlett-Packard Company            - 8 -   HP-UX 11i Version 2: August 2003

 ftpd(1M)                                                           ftpd(1M)

      The second digit indicates the functional area that the message
      addresses.  The values of the second digit and the interpretations of
      these values are:

           0       Syntax.  A message with a 0 for the second digit
                   indicates that a syntax error occurred.

           1       Information.  A message with a 1 as the second digit
                   indicates that the message is in reply to a request for

           2       Connections.  A message with a 2 as the second digit
                   indicates that the message is a reply to a request for
                   control and data connection information.

           3       Authentication and accounting.  A message with a 3 as the
                   second digit indicates that the message is a reply to a
                   login or accounting procedure.

           4       Not currently specified.

           5       File system.  A message with a 5 as the second digit
                   indicates that the text following the number contains
                   information concerning the status of the server file

      The third digit provides a further clarification of the information
      supplied by the second digit.  Following are several examples of
      messages.  Note that ftpd's replies match the number but not the text.

           110     Restart marker reply.  MARK yyyy=mmmm where yyyy is a
                   user process data stream marker, and mmmm is ftpd's
                   equivalent marker
           120     Service ready in nnn minutes
           200     Command okay
           211     System status, or system help reply
           212     Directory status
           230     User logged in, proceed
           250     Requested file action okay, completed
           331     User name okay, need password
           350     Requested file action pending further information
           425     Cannot open data connection
           451     Requested action aborted: local error in processing
           500     Syntax error, command unrecognized or command line too
           530     Not logged in
           550     Requested action not taken; file unavailable, not found,
                   no access

    GENERAL FTP EXTENSIONS    [Toc]    [Back]

 Hewlett-Packard Company            - 9 -   HP-UX 11i Version 2: August 2003

 ftpd(1M)                                                           ftpd(1M)

      There are some extensions to the FTP server such that if the user
      specifies a filename (when using a RETRIEVE command), the following
      actions will occur:

      True Filename   Specified Filename   Action
      filename.Z      filename             Decompress (uncompress) file
                                           before transmitting
      filename        filename.Z           Compress filename
                                           before transmitting
      filename        filename.tar         Tar filename
                                           before transmitting
      filename        filename.tar.Z       Tar and compress filename
                                           before transmitting

      Also, the FTP server will attempt to check for valid e-mail addresses
      and notify the user if invalid e-mail addresses are found.  For users
      whose FTP client will hang on "long replies" (i.e. multiline
      responses), using a dash as the first character of the password will
      disable this "long replies" feature.

      Note: Users whose password starts with a dash, have to use an extra
      dash in the beginning of the password for login to succeed. However,
      the "long replies" feature will be disabled in this case.

      The FTP server can also log all file transmission and reception,
      keeping the following information for each file transmission that
      takes place.

           %.24s %d %s %d %s %c %s %c %c %s %s %d %s
             1   2  3  4  5  6  7  8  9  10 11 12 13

           1       current time in the form DDD MMM dd hh:mm:ss YYYY
           2       transfer time in seconds
           3       remote host name
           4       file size in bytes
           5       name of file
           6       transfer type (a>scii, b>inary)
           7       special action flags (concatenated as needed):
                           C   file was compressed
                           U   file was uncompressed
                           T   file was tar'ed
                           _   no action taken
           8       file was sent to user (o>utgoing) or received from user
           9       accessed anonymously (r>eal, a>nonymous, g>uest)
           10      local username or, if guest, ID string given (anonymous
                   FTP password)
           11      service name ('ftp', other)

 Hewlett-Packard Company           - 10 -   HP-UX 11i Version 2: August 2003

 ftpd(1M)                                                           ftpd(1M)

           12      authentication method (bitmask)
                           0   none
                           1   RFC931 Authentication
           13      authenticated user id (if available, '*' otherwise)

 WARNINGS    [Toc]    [Back]
      The password is sent unencrypted through the socket connection.

      Anonymous FTP is inherently dangerous to system security.

 DEPENDENCIES    [Toc]    [Back]
    Pluggable Authentication Modules (PAM)
      PAM is an Open Group standard for user authentication, password
      modification, and validation of accounts.  In particular,
      pam_authenticate() is invoked to perform all functions related to
      login.  This includes retrieving the password, validating the account,
      and displaying error messages.

 AUTHOR    [Toc]    [Back]
      ftpd was developed by the University of California, Berkeley and the
      Washington University, St. Louis, Missouri.

 SEE ALSO    [Toc]    [Back]
      ftp(1), inetd(1M), chroot(2), send(2), sendfile(2), getusershell(3C),
      pam_authenticate(3), inetd.conf(4), ftpaccess(4), ftpusers(4),
      group(4), passwd(4), xferlog(5), sis(5).

 Hewlett-Packard Company           - 11 -   HP-UX 11i Version 2: August 2003
[ Back ]
 Similar pages
Name OS Title
tftpd OpenBSD DARPA Trivial File Transfer Protocol server
tftpd Tru64 The DARPA Trivial File Transfer Protocol (TFTP) server
ftpd FreeBSD Internet File Transfer Protocol server
in.ftpd Linux Internet File Transfer Protocol server
ftpd IRIX Internet File Transfer Protocol server
ftpd OpenBSD Internet File Transfer Protocol server
tftpd FreeBSD Internet Trivial File Transfer Protocol server
tftpd IRIX internet Trivial File Transfer Protocol server
ftp-proxy OpenBSD Internet File Transfer Protocol proxy server
telnetd OpenBSD DARPA TELNET protocol server
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service