Manual page for FTPD(8C)
ftpd, in.ftpd - TCP/IP Internet File Transfer Protocol server
SYNOPSIS
/usr/etc/in.ftpd
[
-dl
] [
-ttimeout
]
host.socket
AVAILABILITY
This program is available with the
Networking
software installation option. Refer to
[a manual with the abbreviation INSTALL]
for information on how to install optional software.
DESCRIPTION
ftpd
is the
TCP/IP
Internet File Transfer Protocol (FTP)
server process. The server is invoked by the Internet daemon
inetd.8c
each time a connection to the
FTP
service (see
services.5
is made, with the connection available as descriptor 0 and the
host and socket the connection originated from (in hex
and decimal respectively) as argument.
Inactive connections are timed out after 60 seconds.
If the
-d
option is specified,
debugging information is logged to the system log daemon,
syslogd.8
If the
-l
option is specified, each
FTP
session is logged to
syslogd.
The FTP server
will timeout an inactive session after 15 minutes.
If the
-t
option is specified,
the inactivity timeout period will be set to
timeout.
The
FTP
server currently supports the following
FTP
requests; case is not distinguished.
- Request
-
Description
- ABOR
-
abort previous command
- ACCT
-
specify account (ignored)
- ALLO
-
allocate storage (vacuously)
- APPE
-
append to a file
- CDUP
-
change to parent of current working directory
- CWD
-
change working directory
- DELE
-
delete a file
- HELP
-
give help information
- LIST
-
give list files in a directory
(ls -lg)
- MKD
-
make a directory
- MODE
-
specify data transfer
mode
- NLST
-
give name list of files in directory
(ls)
- NOOP
-
do nothing
- PASS
-
specify password
- PASV
-
prepare for server-to-server transfer
- PORT
-
specify data connection port
- PWD
-
print the current working directory
- QUIT
-
terminate session
- RETR
-
retrieve a file
- RMD
-
remove a directory
- RNFR
-
specify rename-from file name
- RNTO
-
specify rename-to file name
- STOR
-
store a file
- STOU
-
store a file with a unique name
- STRU
-
specify data transfer
structure
- TYPE
-
specify data transfer
type
- USER
-
specify user name
- XCUP
-
change to parent of current working directory
- XCWD
-
change working directory
- XMKD
-
make a directory
- XPWD
-
print the current working directory
- XRMD
-
remove a directory
The remaining
FTP
requests specified in
RFC
959 are recognized, but not implemented.
The
FTP
server will abort an active file transfer only when the
ABOR
command is preceded by a Telnet ``Interrupt Process'' (IP)
signal and a Telnet ``Synch'' signal in the command Telnet stream,
as described in
RFC
959.
ftpd
interprets file names according to the ``globbing''
conventions used by
csh.1
This allows users to utilize the metacharacters
`* ? [] {}~'.
ftpd
authenticates users according to three rules.
- The user name must be in the password data base,
/etc/passwd,
and not have a null password. In this case a password
must be provided by the client before any file operations
may be performed.
- If the file
/etc/ftpusers
exists, the user name must not appear in that file.
- The user must have a standard shell returned by
getusershell.3
- If the user name is ``anonymous'' or ``ftp'', an
anonymous
FTP
account must be present in the password
file (user ``ftp''). In this case the user is allowed
to log in by specifying any password (by convention this
is given as the client host's name).
In the last case,
ftpd
takes special measures to restrict the client's access privileges.
The server performs a
chroot.2
command to the home directory of the ``ftp'' user.
In order that system security is not breached, it is recommended
that the ``ftp'' subtree be constructed with care; the following
rules are recommended.
- ~ftp
-
Make the home directory owned by ``ftp'' and unwritable by anyone.
- ~ftp/bin
-
Make this directory owned by the super-user and unwritable by
anyone. The program
ls.1v
must be present to support the list commands. This
program should have mode 111.
Since the default /bin/ls command is linked with a shared
library, so you need to set up the files for dynamic linking as well.
- ~ftp/usr/lib/ld.so
-
the runtime loader must be present and executable.
- ~ftp/dev/zero
-
used by the runtime loader, create this with the command
``mknod zero c 3 12''.
- ~ftp/usr/lib/libc.so.*
-
should be a copy of the latest version of the shared C library.
- ~ftp/etc
-
Make this directory owned by the super-user and unwritable by
anyone. The files
passwd.5
and
group.5
must be present for the
ls
command to work properly. These files should be mode 444.
- ~ftp/pub
-
Make this directory mode 777 and owned by ``ftp''. Users
should then place files which are to be accessible via the
anonymous account in this directory.
DIAGNOSTICS
ftpd
logs various errors to the system log daemon,
syslogd,
with a facility code of
daemon.
The messages are listed here, grouped by severity level.
Err Severity
- getpeername failed:
reason
-
A
getpeername.2
call failed.
- getsockname failed:
reason
-
A
getsockname.2
call failed.
- signal failed:
reason
-
A
signal (3V)
(see
signal.3v
call failed.
- setsockopt failed:
reason
-
A
setsockopt
call
(see
getsockopt.2
failed.
- ioctl failed:
reason
-
A
ioctl.2
call failed.
- directory: reason
-
ftpd
did not have write permission on the directory
directory
in which a file was to be created by the
STOU
command.
Info Severity
These messages are logged only if the
-l
flag is specified.
- FTPD: connection from
host
at
time
-
A connection was made to
ftpd
from the host
host
at the date and time
time.
- FTPD: User
user
timed out after
timeout
seconds at
time
-
The user
user
was logged out because they hadn't entered any commands after
timeout
seconds; the logout occurred at the date and time
time.
Debug Severity
These messages are logged only if the
-d
flag is specified.
- S-1FTPD: command:
command
-
A command line containing
command
was read from the
FTP
client.
- lost connection
-
The
FTP
client dropped the connection.
- <--- replycode
-
- <--- replycode-
-
A reply was sent to the
FTP
client with the reply code
replycode.
The next message logged will include the message associated with the
reply. If a
-
follows the reply code, the reply is continued on later lines.
SEE ALSO
csh.1
ftp.1c
ls.1v
chroot.2
getpeername.2
getsockname.2
getsockopt.2
ioctl.2
getusershell.3
ftpusers.5
group.5
passwd.5
services.5
inetd.8c
syslogd.8
Postel, Jon, and Joyce Reynolds,
File Transfer Protocol (FTP),
RFC
959, Network Information Center,
SRI
International, Menlo Park, Calif.,
October 1985.
BUGS
The anonymous account is inherently dangerous
and should be avoided when possible.
The server must run as the super-user to create sockets with privileged
port numbers.
It maintains an effective user
ID
of the logged in user, reverting to the super-user only when
binding addresses to sockets.
The possible security holes have been extensively scrutinized, but are
possibly incomplete.
Created by unroff & hp-tools.
© somebody (See intro for details). All Rights Reserved.
Last modified 11/5/97