ftpd

Hurricane Electric Internet Services: Accounts starting at $9.95/month
Hurricane Electric Internet Services

NAME

       ftpd - DARPA Internet File Transfer Protocol server


SYNOPSIS

       ftpd [ -d ] [ -l ] [ -ttimeout ] [ -Tmaxtimeout ] [ -a ] [
       -A ] [ -L ] [ -i ] [ -I ] [ -o ] [ -O ]


DESCRIPTION

       Ftpd is the DARPA Internet File Transfer  Protocol  server
       process.   The server uses the TCP protocol and listens at
       the port specified in the ``ftp''  service  specification;
       see services(5).

       If  the  -d  option is specified, debugging information is
       written to the syslog.

       If the -l option is specified, each ftp session is  logged
       in the syslog.

       The  ftp  server will timeout an inactive session after 15
       minutes.  If the -t option is  specified,  the  inactivity
       timeout  period  will be set to timeout seconds.  A client
       may also request a different timeout period;  the  maximum
       period  allowed  may be set to timeout seconds with the -T
       option.  The default limit is 2 hours.

       If the -a option is specified, the use of the ftpaccess(5)
       configuration file is enabled.

       If  the  -A  option  is specified, use of the ftpaccess(5)
       configuration file is disabled.

       If the -L  option  is  specified,  commands  sent  to  the
       ftpd(8)  server  will  be  logged  to  the syslog.  The -L
       option is overridden by the use of the ftpaccess(5)  file.
       If  the  -L  flag  is  used, command logging will be on by
       default as soon as the ftp server is invoked.   This  will
       cause the server to log all USER commands, which if a user
       accidentally enters a password for that command instead of
       the  username,  will cause passwords to be logged via sys-
       log.

       If the -i option  is  specified,  files  received  by  the
       ftpd(8)  server  will be logged to the xferlog(5).  The -i
       option is overridden by the use of the ftpaccess(5)  file.

       If  the  -o  option is specified, files transmitted by the
       ftpd(8) server will be  logged  to  the  syslog.   The  -o
       option  is overridden by the use of the ftpaccess(5) file.

       The  ftp  server  currently  supports  the  following  ftp
       requests; case is not distinguished.

       Request        Description
       ABOR           abort previous command
       ACCT           specify account (ignored)
       ALLO           allocate storage (vacuously)
       APPE           append to a file
       CDUP           change to parent of current working directory
       CWD            change working directory
       DELE           delete a file
       HELP           give help information
       LIST           give list files in a directory (``ls -lgA'')
       MKD            make a directory
       MDTM           show last modification time of file
       MODE           specify data transfer mode
       NLST           give name list of files in directory
       NOOP           do nothing
       PASS           specify password
       PASV           prepare for server-to-server transfer
       PORT           specify data connection port
       PWD            print the current working directory
       QUIT           terminate session
       REST           restart incomplete transfer
       RETR           retrieve a file
       RMD            remove a directory
       RNFR           specify rename-from file name
       RNTO           specify rename-to file name
       SITE           non-standard commands (see next section)
       SIZE           return size of file
       STAT           return status of server
       STOR           store a file
       STOU           store a file with a unique name
       STRU           specify data transfer structure
       SYST           show operating system type of server system
       TYPE           specify data transfer type
       USER           specify user name
       XCUP           change to parent of current working directory (deprecated)
       XCWD           change working directory (deprecated)
       XMKD           make a directory (deprecated)
       XPWD           print the current working directory (deprecated)
       XRMD           remove a directory (deprecated)

       The  following  non-standard or UNIX specific commands are
       supported by the SITE request.

       Request        Description
       UMASK          change umask. E.g. SITE UMASK 002
       IDLE           set idle-timer. E.g. SITE IDLE 60
       CHMOD          change mode of a file. E.g. SITE CHMOD 755 filename
       HELP           give help information. E.g. SITE HELP
       NEWER          list files newer than a particular date
       MINFO          like SITE NEWER, but gives extra information
       GROUP          request special group access. E.g. SITE GROUP foo
       GPASS          give special group access password. E.g. SITE GPASS bar
       EXEC           execute a program.  E.g. SITE EXEC program params

       The remaining ftp requests specified in Internet  RFC  959
       are  recognized,  but  not implemented.  MDTM and SIZE are
       not specified in RFC 959, but  will  appear  in  the  next
       updated FTP RFC.

       The  ftp  server  will  abort an active file transfer only
       when the ABOR command is preceded by a  Telnet  "Interrupt
       Process"  (IP)  signal  and a Telnet "Synch" signal in the
       command Telnet stream, as described in Internet  RFC  959.
       If a STAT command is received during a data transfer, pre-
       ceded by a Telnet IP and Synch, transfer  status  will  be
       returned.

       Ftpd  interprets  file names according to the ``globbing''
       conventions used by csh(1).  This allows users to  utilize
       the metacharacters ``*?[]{}~''.

       Ftpd authenticates users according to four rules.

       1)     The  user  name  must be in the password data base,
              /etc/passwd, and not have a null password.  In this
              case  a  password  must  be  provided by the client
              before any file operations may be performed.

       2)     The  user  name  must  not  appear  in   the   file
              /etc/ftpusers.

       3)     The  user  must  have  a standard shell returned by
              getusershell(3).

       4)     If the user name is ``anonymous''  or  ``ftp'',  an
              anonymous  ftp account must be present in the pass-
              word file (user ``ftp'').  In this case the user is
              allowed  to  log  in by specifying any password (by
              convention this  is  given  as  the  client  host's
              name).

       In  the last case, ftpd takes special measures to restrict
       the client's access privileges.   The  server  performs  a
       chroot(2)  command  to  the  home directory of the ``ftp''
       user.  In order that system security is not  breached,  it
       is  recommended  that  the  ``ftp'' subtree be constructed
       with care;  the following rules are recommended.

       ~ftp)  Make  the  home  directory  owned  by  ``ftp''  and
              unwritable by anyone.

       ~ftp/bin)
              Make  this  directory  owned  by the super-user and
              unwritable by anyone.  The program  ls(1)  must  be
              present  to support the list command.  This program
              should have mode 111.

       ~ftp/etc)
              Make this directory owned  by  the  super-user  and
              unwritable  by  anyone.   The  files  passwd(5) and
              group(5) must be present for the ls command  to  be
              able  to  produce  owner names rather than numbers.
              The password field  in  passwd  is  not  used,  and
              should not contain real encrypted passwords.  These
              files should be mode 444.

       ~ftp/pub)
              Make this directory mode 777 and owned by  ``ftp''.
              Users  should  then  place  files  which  are to be
              accessible via the anonymous account in this direc-
              tory.


GENERAL FTP EXTENSIONS

       There  are  some extensions to the FTP server such that if
       the user specifies a filename (when using a RETRIEVE  com-
       mand) such that:

        True Filename  Specified Filename  Action
        -------------                          ------------------
       -----------------------------------
        <filename>.Z   <filename>          Decompress file before
       transmitting
        <filename>      <filename>.Z         Compress  <filename>
       before
                                                   transmitting
        <filename>     <filename>.tar      Tar <filename>  before
       transmitting
        <filename>       <filename>.tar.Z      Tar  and  compress
       <filename> before
                                                   transmitting

       Also, the FTP server will attempt to check  for  valid  e-
       mail  addresses  and chide the user if he doesn't pass the
       test.  For users whose  FTP  client  will  hang  on  "long
       replies"  (i.e.  multiline responses), using a dash as the
       first character of the password will disable the  server's
       lreply() function.

       The  FTP  server  can  also  log all file transmission and
       reception, keeping the following information for each file
       transmission that takes place.

       Mon  Dec   3  18:52:41  1990  1 wuarchive.wustl.edu 568881
       /files.lst.Z a _ o a chris@wugate.wustl.edu ftp 0 *

         %.24s %d %s %d %s %c %s %c %c %s %s %d %s
           1   2  3  4  5  6  7  8  9  10 11 12 13

         1 current time in the form DDD MMM dd hh:mm:ss YYYY
         2 transfer time in seconds
         3 remote host name
         4 file size in bytes
         5 name of file
         6 transfer type (a>scii, b>inary)
         7 special action flags (concatenated as needed):
               C   file was compressed
               U   file was uncompressed
               T   file was tar'ed
               _   no action taken
         8 file was sent to user (o>utgoing) or received from
           user (i>ncoming)
         9 accessed anonymously (r>eal, a>nonymous) -- mostly for
       FTP
        10 local username or, if guest, ID string given
           (anonymous FTP password)
        11 service name ('ftp', other)
        12 authentication method (bitmask)
               0   none
               1   RFC931 Authentication
        13 authenticated user id (if available, '*' otherwise)


SEE ALSO


BUGS

       The  anonymous  account is inherently dangerous and should
       avoided when possible.

       The server must run as the super-user  to  create  sockets
       with  privileged  port numbers.  It maintains an effective
       user id of the logged in user, reverting to the super-user
       only  when  binding  addresses  to  sockets.  The possible
       security holes have been extensively scrutinized, but  are
       possibly incomplete.
Hurricane Electric Internet Services: Accounts starting at $9.95/month
Hurricane Electric Internet Services
Copyright (C) 1998 Hurricane Electric. All Rights Reserved.