| blob | bae17571751cf0944517a06bc6ead72ed850633b |
1 .\" Copyright (c) 1985 Regents of the University of California.
2 .\" All rights reserved. The Berkeley software License Agreement
3 .\" specifies the terms and conditions for redistribution.
4 .\"
5 .\" @(#)ftpd.8c 6.4 (Berkeley) 5/28/86
6 .\"
7 .TH FTPD 8
8 .SH NAME
9 ftpd, in.ftpd, ftpdsh, setup.anonftp \- DARPA Internet File Transfer Protocol server
10 .SH SYNOPSIS
11 .B "ftp stream tcp nowait root /usr/bin/in.ftpd in.ftpd"
12 .br
13 .B "tcpd ftp /usr/bin/in.ftpd"
14 .SH DESCRIPTION
15 .B Ftpd
16 is the DARPA Internet File Transfer Prototocol
17 server process. The server uses the TCP protocol
18 and listens at the port specified in the ``ftp''
19 service specification; see
20 .BR services (5).
21 .PP
22 The ftp server currently supports the following ftp
23 requests; case is not distinguished.
24 .PP
25 .nf
26 .ta \w'Request 'u
27 \fBRequest Description\fP
28 ABOR abort previous command
29 ACCT specify account (ignored)
30 ALLO allocate storage (vacuously)
31 APPE append to a file
32 CDUP change to parent of current working directory
33 CWD change working directory
34 DELE delete a file
35 HELP give help information
36 LIST give list files in a directory (``ls -lA'')
37 MKD make a directory
38 MODE specify data transfer \fImode\fP
39 NLST give name list of files in directory (``ls'')
40 NOOP do nothing
41 PASS specify password
42 PASV prepare for server-to-server transfer
43 PORT specify data connection port
44 PWD print the current working directory
45 QUIT terminate session
46 RETR retrieve a file
47 RMD remove a directory
48 RNFR specify rename-from file name
49 RNTO specify rename-to file name
50 STOR store a file
51 STOU store a file with a unique name
52 STRU specify data transfer \fIstructure\fP
53 TYPE specify data transfer \fItype\fP
54 USER specify user name
55 XCUP change to parent of current working directory
56 XCWD change working directory
57 XMKD make a directory
58 XPWD print the current working directory
59 XRMD remove a directory
60 .fi
61 .PP
62 The remaining ftp requests specified in Internet RFC 959 are
63 recognized, but not implemented.
64 .PP
65 The ftp server will abort an active file transfer only when the
66 ABOR command is preceded by a Telnet "Interrupt Process" (IP)
67 signal and a Telnet "Synch" signal in the command Telnet stream,
68 as described in Internet RFC 959.
69 .PP
70 .B Ftpd
71 interprets file names according to the ``globbing''
72 conventions used by
73 .BR csh (1).
74 This allows users to utilize the metacharacters ``*?[]{}~''.
75 .PP
76 .B Ftpd
77 authenticates users according to two rules.
78 .IP 1)
79 The user name must be in the password data base,
80 .BR /etc/passwd ,
81 and not have a null password. In this case a password
82 must be provided by the client before any file operations
83 may be performed.
84 .IP 2)
85 If the user name is ``anonymous'' or ``ftp'', an
86 anonymous ftp account must be present in the password
87 file (user ``ftp''). In this case the user is allowed
88 to log in by specifying any password (by convention this
89 is given as the client host's name).
90 .PP
91 In the last case,
92 .B ftpd
93 takes special measures to restrict the client's access privileges.
94 The server performs a
95 .BR chroot (2)
96 command to the home directory of the ``ftp'' user.
97 In order that system security is not breached, it is recommended
98 that the ``ftp'' subtree be constructed with care; the following
99 rules are recommended.
100 .IP ~ftp)
101 Make the home directory owned by ``ftp'' and unwritable by anyone.
102 .IP ~ftp/bin)
103 Make this directory owned by the super-user and unwritable by
104 anyone. The program
105 .BR ls (1)
106 must be present to support the list commands.
107 Also,
108 .BR crc (1)
109 must be present to support generating crcs using the site command,
110 .BR tar (1)
111 and
112 .BR compress (1)
113 must be present to support on-the-fly generation of .tar and .tar.Z archives,
114 .BR gzip (1)
115 must be present to support gzip compression, and
116 .BR sh (1)
117 must be present to support
118 .BR ftpdsh (8)
119 which also must be present.
120 .BR ftpdsh controls which binaries can be used.
121 These programs should all have mode 111.
122 .IP ~ftp/etc)
123 Make this directory owned by the super-user and unwritable by
124 anyone. The files
125 .BR passwd (5)
126 and
127 .BR group (5)
128 must be present for the
129 .B ls
130 command to work properly. These files should be mode 444. They can (and
131 should) be stripped down versions so as not to reveal names of users who
132 are not owners of files in the ~ftp/pub directory tree.
133 .IP ~ftp/pub)
134 Make this directory mode 755 and owned by the super-user. Create
135 directories in it owned by users if those users want to manage an
136 anonymous ftp directory.
137 .IP ~ftp/pub/incoming)
138 Optionally create this directory for anonymous uploads. Make it mode
139 777. The FTP daemon will create files with mode 266, so remote users
140 can write a file, but only local users can do something with it.
141 .PP
142 The script
143 .B setup.anonftp
144 can be used to create or check an anonymous FTP tree.
145 .SH "SEE ALSO"
146 .BR ftp (1).
147 .SH BUGS
148 The anonymous account is inherently dangerous and should
149 avoided when possible.
150 .ig \" Minix doesn't have privileged port numbers (yet?)
151 .PP
152 The server must run as the super-user
153 to create sockets with privileged port numbers. It maintains
154 an effective user id of the logged in user, reverting to
155 the super-user only when binding addresses to sockets. The
156 possible security holes have been extensively
157 scrutinized, but are possibly incomplete.
158 ..
159 .\" man page updated by Al Woodhull 2005-02-25