NAME
ftpd - The DARPA Internet File Transfer Protocol server
SYNOPSIS
ftpd [-dl] [-ttimeout] [-Tmaxtimeout]
FLAGS
-d Debugging information is written to the syslogd(8).
-l Each FTP session is logged in the syslog.
-ttime-out
The inactivity time-out period will be set to time-out
seconds.
-Tmaxtime-out
The maximum timeout period allowd may be set to timeout
seconds with this option.
DESCRIPTION
The ftpd command is the DARPA (Defense Advanced Research
Projects Agency) Internet File Transfer Protocol server pro-
cess. The server uses the TCP protocol and listens at the
port specified in the FTP service specification; see
services (5).
If the -d flag is specified, debugging information is writ-
ten to the syslogd(8).
If the -l flag is specified, each ftp session is logged in
the syslog.
The FTP server will time out an inactive session after 15
minutes. If the -t flag is specified, the inactivity time-
out period will be set to time-out seconds. A client may
also request a different time-out period; the maximum period
allowed may be set to time-out seconds with the -T flag.
The default limit is 2 hours.
The FTP server currently supports the following ftp
requests; case is not distinguished.
Request Description
ABOR Abort previous command
ACCT Specify account (ignored)
ALLO Allocate storage (vacuously)
APPE Append to a file
CDUP Change to parent of current working directory
CWD Change working directory
DELE Delete a file
HELP Give help information
LIST Give list files in a directory (ls -lgA)
MKD Make a directory
MDTM Show last modification time of file
MODE Specify data transfer mode
NLST Give name list of files in directory
NOOP Do nothing
PASS Specify password
PASV Prepare for server-to-server transfer
PORT Specify data connection port
PWD Print the current working directory
QUIT Terminate session
REST Restart incomplete transfer
RETR Retrieve a file
RMD Remove a directory
RNFR Specify rename-from filename
RNTO Specify rename-to filename
SITE Nonstandard commands (see next section)
SIZE Return size of file
STAT Return status of server
STOR Store a file
STOU Store a file with a unique name
STRU Specify data transfer structure
SYST Show operating system type of server system
TYPE Specify data transfer type
USER Specify username
XCUP Change to parent of current working directory
(deprecated)
XCWD Change working directory (deprecated)
XMKD Make a directory (deprecated)
XPWD Print the current working directory (deprecated)
XRMD Remove a directory (deprecated)
The following nonstandard or UNIX compatible commands are
supported by the SITE request.
Request Description
UMASK Change umask (for example: SITE UMASK 002)
IDLE Set idle timer (for example: SITE IDLE 60)
CHMOD Change mode of a file (for example: SITE CHMOD 755
filename)
HELP Give help information (for example: SITE HELP)
The remaining ftp requests specified in Internet RFC959 are
recognized, but not implemented. MDTM and SIZE are not
specified in RFC959, but will appear in the next updated FTP
RFC.
The ftp server will abort an active file transfer only when
the ABOR command is preceded by a Telnet Interrupt Process
(IP) signal and a Telnet Synch signal in the command Telnet
stream, as described in Internet RFC959. If a STAT command
is received during a data transfer, preceded by a Telnet IP
and Synch, transfer status will be returned.
The ftpd command interprets filenames according to the
``globbing'' conventions used by csh(1). This allows users
to utilize the metacharacters ``*?[]{}~''.
The.B ftpd command authenticates users according to four
rules:
1. The username must be in the password database,
/etc/passwd, and not have a null password. In this
case, a password must be provided by the client before
any file operations may be performed.
2. The username must not appear in the /etc/ftpusers file.
3. The user must have a standard shell returned by
getusershell(3).
4. If the username is anonymous or ftp, an anonymous ftp
account must be present in the password file (user
ftp). In this case, the user is allowed to log in by
specifying any password (by convention this is given as
the client host's name).
In the last case, ftpd takes special measures to restrict
the client's access privileges. The server performs a
chroot(2) command to the home directory of the ftp user. In
order that system security is not breached, it is recom-
mended that the ftp subtree be constructed with care; the
following rules are recommended.
~ftp)
Make the home directory owned by ftp and unwritable by
anyone.
~ftp/bin)
Make this directory owned by the superuser and unwrit-
able by anyone. The program ls(1) must be present to
support the list command. This program should have
mode 111.
~ftp/etc)
Make this directory owned by the superuser and unwrit-
able by anyone. The files passwd(5) and group(5) must
be present for the ls command to be able to produce
owner names rather than numbers. The password field in
passwd is not used, and should not contain real
encrypted passwords. These files should be mode 444.
~ftp/pub)
Make this directory mode 777 and owned by ftp. Users
should then place files that are to be accessible via
the anonymous account in this directory.
FILES
/usr/sbin/ftpd
Specifies the command path.
CAUTION
The anonymous account is inherently dangerous and should be
avoided when possible.
The server must run as the superuser to create sockets with
privileged port numbers. It maintains an effective user ID
of the logged in user, reverting to the superuser only when
binding addresses to sockets. The possible security holes
have been extensively scrutinized, but are possibly incom-
plete.
RELATED INFORMATION
Commands: ftp(1)
Routines: getusershell(3)
Daemons: syslogd(8)
Acknowledgement and Disclaimer