*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->IRIX man pages -> ftpd (1)              


FTPD(1M)							      FTPD(1M)

NAME    [Toc]    [Back]

     ftpd - Internet File Transfer Protocol server

SYNOPSIS    [Toc]    [Back]

     /usr/etc/ftpd [ -dSlp ] [ -ttimeout ] [ -Tmaxtimeout ]
	 [ -uumask ]

DESCRIPTION    [Toc]    [Back]

     Ftpd is the Internet File Transfer	Protocol server	process.  The server
     uses the TCP protocol and listens at the well-known port specified	in the
     services(4) file.

     Ftpd is started by	inetd(1M) whenever a remote client makes a connection
     request.  The following options should specified on the ftpd line	in
     inetd's configuration file, /etc/inetd.conf.

     If	the -l option is specified, each successful and	failed ftp session
     login is logged in	the syslog.  If	this option is specified twice,	the
     retrieve (get), store (put), append, delete, make directory, remove
     directory and rename operations and their filename	arguments are also
     logged.  If this option is	specified thrice, logging for the retrieve
     (get) and store (put) commands includes the number	of bytes transferred.

     If	the -d option is specified, verbose debugging information is written
     to	the syslog.  Note: this	option logs all	the commands and arguments
     that the client sends. However arguments from the PASS command for	normal
     accounts are not logged.

     The ftp server will timeout an inactive session after 15 minutes.	If the
     -t	option is specified, the inactivity timeout period will	be set to
     timeout seconds.  A client	may also request a different timeout period;
     the maximum period	allowed	may be set to timeout seconds with the -T
     option.  The default limit	is 2 hours.

     The -u option specifies the default file protection mask (see umask(1)).
     If	not specified, the default mask	is set to 022 (group- and worldreadable).
	 A client may also request a different mask.

     The -S option turns on extra safety measures for anonymous	FTP sites.
     For one thing, makes symbolic links appear	to be ordinary links, so that
     links do not leak names in	'private' directories.	(Those are directories
     that are not searchable by	anonymous users.)

     The -p option turns on address checking to	prevent	the PORT command from
     redirecting the ftp-data connection to a third party machine.  This
     provides added protection from network scanning.

     The file /etc/nologin can be used to disable ftp access.  If the file
     exists, ftpd prints it and	exits.	If the file /etc/issue exists, ftpd
     prints it before issuing the ``ready'' message.

									Page 1

FTPD(1M)							      FTPD(1M)

     The ftp server currently supports the following ftp requests; case	is not

     Request	    Description
     ABOR	    abort previous command
     ACCT	    specify account (ignored)
     ALLO	    allocate storage (vacuously)
     APPE	    append to a	file
     CDUP	    change to parent of	current	working	directory
     CWD	    change working directory
     DELE	    delete a file
     HELP	    give help information
     LIST	    give list files in a directory (``ls -lA'')
     MKD	    make a directory
     MDTM	    show last modification time	of file
     MODE	    specify data transfer mode
     NLST	    give name list of files in directory
     NOOP	    do nothing
     PASS	    specify password
     PASV	    prepare for	server-to-server transfer
     PORT	    specify data connection port
     PWD	    print the current working directory
     QUIT	    terminate session
     REST	    restart incomplete transfer
     RETR	    retrieve a file
     RMD	    remove a directory
     RNFR	    specify rename-from	file name
     RNTO	    specify rename-to file name
     SITE	    non-standard commands (see next section)
     SIZE	    return size	of file
     STAT	    return status of server
     STOR	    store a file
     STOU	    store a file with a	unique name
     STRU	    specify data transfer structure
     SYST	    show operating system type of server system
     TYPE	    specify data transfer type
     USER	    specify user name
     XCUP	    change to parent of	current	working	directory (deprecated)
     XCWD	    change working directory (deprecated)
     XMKD	    make a directory (deprecated)
     XPWD	    print the current working directory	(deprecated)
     XRMD	    remove a directory (deprecated)

     The following non-standard	or UNIX	specific commands are supported	by the
     SITE request.

     Request	    Description
     UMASK	    change umask, e.g.,	SITE UMASK 002
     IDLE	    set	idle-timer, e.g., SITE IDLE 60
     CHMOD	    change mode	of a file, e.g., SITE CHMOD 755	filename
     HELP	    give help information, e.g., SITE HELP

									Page 2

FTPD(1M)							      FTPD(1M)

     The remaining ftp requests	specified in Internet RFC 959 are recognized,
     but not implemented.  MDTM	and SIZE are not specified in RFC 959, but
     will appear in the	next updated FTP RFC.

     The ftp server will abort an active file transfer only when the ABOR
     command is	preceded by a Telnet "Interrupt	Process" (IP) signal and a
     Telnet "Synch" signal in the command Telnet stream, as described in
     Internet RFC 959.	If a STAT command is received during a data transfer,
     preceded by a Telnet IP and Synch,	transfer status	will be	returned.

     Ftpd interprets file names	according to the ``globbing'' conventions used
     by	csh(1).	 This allows users to utilize the metacharacters ``*?[]{}~''.

     Ftpd authenticates	users according	to three rules.

     1)	The user name must be in the password data base, /etc/passwd, and not
	have a null password.  In this case a password must be provided	by the
	client before any file operations may be performed.

     2)	The user name must not appear in the file /etc/ftpusers.  However, if
	the user name is in /etc/ftpusers followed by the white-space
	separated keyword ``restrict'',	the user is allowed restricted access
	privileges, as described below.

     3)	If the user name is ``anonymous'' or ``ftp'', an anonymous ftp account
	must be	present	in the password	file (user ``ftp'').  In this case the
	user is	allowed	to log in by specifying	any password (by convention
	this is	given as the client user and host name).

     For the restricted	and anonymous accounts,	ftpd takes special measures to
     restrict the client's access privileges.  The server performs a chroot(2)
     command to	the home directory of the user and prints the file README if
     it	exists.	 In order that system security is not breached,	it is
     recommended that the subtree be constructed with care;  the following
     rules are recommended, using the ``ftp'' anonymous	account	as an example.
     If	you allow logins as the	ftp account, then you should instead make all
     the files and directories owned by	a user and group other than ftp	(or
     any other account that can	login using the	restricted passwd file in the
     chrooted tree), with the possible exception of directories	to which you
     allow file	transfers, such	as ~ftp/pub.  Remember that because the
     account name and password are valid, the user will	be able	to login
     directly or via telnet, rlogin, or	rsh.  This can be prevented, if
     desired, by using the feature documented in the passwd(4) man page,
     having the	shell field start with *, and the home directory being a real
     or	impossible base	for the	chrooted environment.  See that	manual page
     for more information.

     Note that ftpd uses the information in /etc/passwd	to perform
     authentication and	to establish its environment; i.e., ftpd does not use
     the etc/passwd file in the	chrooted tree (unlike login(1)).

									Page 3

FTPD(1M)							      FTPD(1M)

     ~ftp      Make the	home directory owned by	``bin''	and unwritable by
	       anyone (mode 555	- see chmod(1)):

		    chown bin ~ftp
		    chmod a-w ~ftp

     ~ftp/bin  Make this directory owned by the	super-user and unwritable by
	       anyone (mode 555).  The program ls(1) must be present to
	       support the list	commands.  This	program	should have mode 111.

     ~ftp/etc  Make this directory owned by the	super-user and unwritable by
	       anyone (mode 555).  The files passwd(4) and group(4) must be
	       present for the ls command to be	able to	produce	owner names
	       rather than numbers.  This should not be	a copy of the real
	       file in /etc, and in particular,	it should contain no encrypted
	       passwords from the real /etc/passwd or /etc/group.  The
	       password	field in passwd	is not used.  Only the minimal number
	       of accounts should be listed.  These files should be mode 444.

	       Make this directory own by the super-user and unwritable	by
	       anyone (mode 555).  In order for	ls to run, the files
	       /lib32/rld and /lib32/libc.so.1 must be copied into lib32
	       (older releases,	or some	uses of	other programs might also
	       require the o32 versions	in /lib.  Both rld and libc.so.1
	       should be readable and executable by everyone, e.g. mode	555.

     ~ftp/dev  Make this directory owned by the	super-user and unwritable by
	       anyone (mode 555).  rld uses /dev/zero, so use mknod(1) to make
	       a copy  of /dev/zero in ~ftp/dev	with the same major and	minor
	       device numbers.	Make /dev/zero read-only (mode 444).

		    mknod ~ftp/dev/zero	c 37 0
		    chmod 444 ~ftp/dev/zero

     ~ftp/pub  Make this directory owned by ``ftp''. If	local users and	remote
	       anonymous users are to be allowed to write in this directory,
	       change the directory's mode to 777.  Users can then place files
	       which are to be accessible via the anonymous account in this
	       directory.  If write accesses are to be denied, change the
	       directory's mode	to 555.

SHARE II ACTIONS    [Toc]    [Back]

     If	the Share II system is installed and enabled, then the following
     privilege and resource checks are made immediately	after the other
     validation	checks are passed but before the ftp session is	permitted to

									Page 4

FTPD(1M)							      FTPD(1M)

     1.	 If your nologin flag is set, or you already have another connection
	 and your onelogin flag	is set,	then you are denied connection.

     2.	 If a disk usage exceeds its soft disk limit in	any of your domains,
	 then a	message	is printed and you are given a warning.	 If you
	 accumulate too	many warnings, further connection attempts are denied
	 and you must see your subadministrator	to rectify the situation.
	 Whenever you connect with no disk usages in excess of any soft
	 limits, all your accumulated warnings are cleared.

     3.	 If you	do not have permission to use an ftp connection, as determined
	 by the	terminal permission flag terminal.flag.ftp, then you are
	 denied	connection.

     4.	 Some installations place limits on terminal connect-time, which apply
	 equally to connection by way of ftp.  If you have already reached
	 your connect-time limit, then you are denied connection.  Otherwise,
	 if you	have a limit, your remaining connect-time is printed.

     If	all of these checks are	passed,	ftpd proceeds normally.

FILES    [Toc]    [Back]

     /etc/ftpusers     list of unwelcome/restricted users
     /etc/issue	       welcome notice
     /etc/nologin      disables	access
     /etc/limconf      The compiled Share II configuration file	(machine

SEE ALSO    [Toc]    [Back]

     login(1), ftp(1C),	inetd(1M), rexecd(1M), syslogd(1M), passwd(4),

DIAGNOSTICS    [Toc]    [Back]

     The Share II specific diagnostic messages are listed as follows:

     Warning X <b>of Y: soft disk limit exceeded.
	  One of your domains has a disk usage in excess of its	soft limit.

     Connection	denied.	 Too many warnings.
	  You have reached your	warning	limit.	See your subadministrator.

     Connection	denied.	 Already logged	in - only one login allowed.
	  You are already connected to the system and your onelogin flag is

     Connection	denied.	 Currently barred from logging in.
	  Your nologin flag is set.

     Connection	denied.	 No permission to use this terminal.
	  You are not allowed to log in	at this	terminal because of a clear
	  terminal.flag.rsh flag.

									Page 5

FTPD(1M)							      FTPD(1M)

     You have a	remaining terminal connect-time	of Y.
	  You may use this connection until you	have used up your remaining
	  connect-time,	at which point you are forced to disconnect.

     Connection	denied.	 Terminal connect-time limit exceeded.
	  You have already reached your	terminal connect-time limit.

     Share not configured - no limit checks.
	  The configuration file is unreadable for some	reason,	so terminal
	  privileges, connect-time limits and disk space limits	could not be

BUGS    [Toc]    [Back]

     The anonymous account is inherently dangerous and should avoided when

     The server	must run as the	super-user to create sockets with privileged
     port numbers.  It maintains an effective user ID of the logged in user,
     reverting to the super-user only when binding addresses to	sockets.  The
     possible security holes have been extensively scrutinized,	but are
     possibly incomplete.

									PPPPaaaaggggeeee 6666
[ Back ]
 Similar pages
Name OS Title
ftpd HP-UX DARPA Internet File Transfer Protocol server
ftp-proxy OpenBSD Internet File Transfer Protocol proxy server
tftpd IRIX internet Trivial File Transfer Protocol server
tftpd FreeBSD Internet Trivial File Transfer Protocol server
tftpd HP-UX trivial file transfer protocol server
tftpd OpenBSD DARPA Trivial File Transfer Protocol server
tftpd Tru64 The DARPA Trivial File Transfer Protocol (TFTP) server
ftpd Tru64 The File Transfer Protocol server daemon, including anonymous service
httpd OpenBSD Apache Hypertext Transfer Protocol Server
telnetd IRIX internet TELNET protocol server
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service