Seth Woolley's Man Viewer

ftpd(8) - ftpd - Internet File Transfer Protocol server - man 8 ftpd

([section] manual, -k keyword, -K [section] search, -f whatis)
man plain no title

FTPD(8)                                                                FTPD(8)

       ftpd - Internet File Transfer Protocol server

       ftpd  [ -d ] [ -v ] [ -l ] [ -t timeout(1,3x,3x cbreak) ] [ -T maxtimeout ] [ -a ] [ -A
       ] [ -L ] [ -i ] [ -I ] [ -o ] [ -p ctrlport ] [ -P dataport ] [ -q ]  [
       -Q  ]  [ -r rootdir ] [ -s ] [ -S ] [ -u umask ] [ -V ] [ -w ] [ -W ] [
       -X ]

       Ftpd is the Internet File Transfer Protocol server process.  The server
       uses  the TCP protocol and listens at the port specified in(1,8) the ``ftp''
       service specification; see services(5).

       The -V option causes the  program  to  display  copyright  and  version(1,3,5)
       information, then terminate.

       If  the  -d or -v option is specified, debugging information is written
       to the syslog.

       If the -l option is specified, each ftp session is logged in(1,8)  the  sys-

       The  ftp  server will timeout(1,3x,3x cbreak) an inactive session after 15 minutes.  If
       the -t option is specified, the inactivity timeout(1,3x,3x cbreak) period will  be  set(7,n,1 builtins)
       to  timeout(1,3x,3x cbreak)  seconds.   A  client  may also request a different timeout(1,3x,3x cbreak)
       period; the maximum period allowed may be set(7,n,1 builtins) to timeout(1,3x,3x cbreak)  seconds  with
       the -T option.  The default limit is 2 hours.

       If  the  -a option is specified, the use of the ftpaccess(5) configura-
       tion file(1,n) is enabled.

       If the -A option is specified, use of  the  ftpaccess(5)  configuration
       file(1,n) is disabled. This is the default.

       If the -L option is specified, commands sent to the ftpd(8) server will
       be logged to the syslog.  The -L option is overridden by the use of the
       ftpaccess(5)  file.  If the -L flag is used, command logging will be on
       by default as soon as the ftp server is invoked.  This will  cause  the
       server  to log all USER commands, which if(3,n) a user accidentally enters a
       password for that command instead of the username, will cause passwords
       to be logged via syslog.

       If  the  -i  option  is specified, files received by the ftpd(8) server
       will be logged to the xferlog(5).  The -i option is overridden  by  the
       use of the ftpaccess(5) file.

       The  -I  option  disables  the use of RFC931 (AUTH/ident) to attempt to
       determine the username on the client.

       If the -o option is specified, files transmitted by the ftpd(8)  server
       will  be  logged to the xferlog(5).  The -o option is overridden by the
       use of the ftpaccess(5) file.  If the -X option is specified, the  out-
       put  created  by the -i and -o options is not saved to the xferlog file(1,n)
       but saved via syslog(2,3,5,3 Sys::Syslog) so you can collect output from  several  hosts  on
       one central loghost.

       If the -u option is specified, the default umask is set(7,n,1 builtins) to umask.

       If  the -W option is specified user logins are not recorded in(1,8) the wtmp
       file.  The default ( -w ) is to record every login(1,3,5) and logout.

       The -s and -S options place the daemon in(1,8)  standalone  operation  mode.
       The  -S  option  runs  the  daemon  in(1,8)  the background and is useful in(1,8)
       startup scripts during system initialization (ie., in(1,8)  rc.local).   The
       -s  option  leaves  the daemon in(1,8) foreground and is useful when running
       from init (ie., /etc/inittab).

       The -p and -P options override the port numbers  used  by  the  daemon.
       Normally,  the  daemon  determines  the  port  numbers  by  looking  in(1,8)
       /etc/services for "ftp" and "ftp-data".  If there is  no  /etc/services
       entry  for  "ftp-data"  and  the -P option is not specified, the daemon
       uses the port just prior to the control connection port.  The -p option
       is only available if(3,n) running as a standalone daemon.

       The  -q  and -Q options deterine whether the daemon uses the PID files.
       These files are required by the limit directive to determine the number
       of  current  users(1,5)  in(1,8) each access(2,5) class.  Disabling the use of the PID
       files disables user limits.  The default ( -q  )  is  to  use  the  PID
       files.  Specify -Q when testing the server as a normal user when access(2,5)
       permissions prevent the use of the PID files.  Large, busy sites  which
       do not wish to impose limits on the number of concurrent users(1,5) may also
       consider disabling the PID files.

       The -r option instructs the daemon to chroot(1,2)(2) to the specified  root-
       dir immedeately upon loading.  This can improve system security by lim-
       iting the files which may be damaged should a breakin occur through the
       daemon.   Set  is much like anonymous FTP, with additional files needed
       which vary from system to system.

       The ftp server currently supports the following ftp requests;  case  is
       not distinguished.

       Request        Description
       ABOR           abort(3,7) previous command
       ACCT           specify account (ignored)
       ALLO           allocate storage (vacuously)
       APPE           append to a file(1,n)
       CDUP           change to parent of current working directory
       CWD            change working directory
       DELE           delete a file(1,n)
       HELP           give help information
       LIST           give list files in(1,8) a directory (``ls -lgA'')
       MKD            make a directory
       MDTM           show last modification time(1,2,n) of file(1,n)
       MODE           specify data transfer mode
       NLST           give name list of files in(1,8) directory
       NOOP           do nothing
       PASS           specify password
       PASV           prepare for server-to-server transfer
       PORT           specify data connection port
       PWD            print the current working directory
       QUIT           terminate session
       REST           restart incomplete transfer
       RETR           retrieve a file(1,n)
       RMD            remove a directory
       RNFR           specify rename-from file(1,n) name
       RNTO           specify rename-to file(1,n) name
       SITE           non-standard commands (see next section)
       SIZE           return size of file(1,n)
       STAT           return status of server
       STOR           store a file(1,n)
       STOU           store a file(1,n) with a unique name
       STRU           specify data transfer structure
       SYST           show operating system type of server system
       TYPE           specify data transfer type
       USER           specify user name
       XCUP           change to parent of current working directory (deprecated)
       XCWD           change working directory (deprecated)
       XMKD           make a directory (deprecated)
       XPWD           print the current working directory (deprecated)
       XRMD           remove a directory (deprecated)

       The  following  non-standard or UNIX specific commands are supported by
       the SITE request.

       Request        Description
       UMASK          change umask. E.g. SITE UMASK 002
       IDLE           set(7,n,1 builtins) idle-timer. E.g. SITE IDLE 60
       CHMOD          change mode of a file. E.g. SITE CHMOD 755 filename
       HELP           give help information. E.g. SITE HELP
       NEWER          list files newer than a particular date
       MINFO          like SITE NEWER, but gives extra information
       GROUP          request special group access. E.g. SITE GROUP foo
       GPASS          give special group access(2,5) password. E.g. SITE GPASS bar
       EXEC           execute a program.  E.g. SITE EXEC program params

       The remaining ftp requests specified in(1,8) Internet  RFC  959  are  recog-
       nized,  but  not  implemented.   MDTM and SIZE are not specified in(1,8) RFC
       959, but will appear in(1,8) the next updated FTP RFC.

       The ftp server will abort(3,7) an active file(1,n) transfer only  when  the  ABOR
       command  is  preceded by a Telnet "Interrupt Process" (IP) signal(2,7) and a
       Telnet "Synch" signal(2,7) in(1,8) the command Telnet  stream,  as  described  in(1,8)
       Internet  RFC  959.  If a STAT command is received during a data trans-
       fer, preceded by a  Telnet  IP  and  Synch,  transfer  status  will  be

       Ftpd  interprets  file(1,n)  names according to the ``globbing'' conventions
       used by csh(1).   This  allows  users(1,5)  to  utilize  the  metacharacters

       Ftpd authenticates users(1,5) according to four rules.

       1)     The user name must be in(1,8) the password data base, /etc/passwd(1,5), or
              whatever is appropriate for the operating system, and the  pass-
              word must not be null.  In this case a password must be provided
              by the client before any file(1,n) operations may be performed.

       2)     The user name must not appear in(1,8) the file(1,n) /etc/ftpusers.

       3)     The user must have a standard shell returned by getusershell(3).

       4)     If  the  user name is ``anonymous'' or ``ftp'', an anonymous ftp
              account must be present in(1,8) the password file(1,n) (user ``ftp'').  In
              this  case the user is allowed to log in(1,8) by specifying any pass-
              word (by convention this is given as the client host(1,5)'s name).

       In the last case, ftpd takes special measures to restrict the  client's
       access(2,5) privileges.  The server performs a chroot(1,2)(2) command to the home
       directory of the ``ftp'' user.  In order that system  security  is  not
       breached,  it  is  recommended  that the ``ftp'' subtree be constructed
       with care;  the following rules are recommended.

       ~ftp)  Make the home directory owned by super-user  and  unwritable  by

              Make  this  directory  owned by the super-user and unwritable by
              anyone.  The program ls(1) must be present to support  the  list
              command.  This program should have mode 111.

              Make  this  directory  owned by the super-user and unwritable by
              anyone.  The files passwd(1,5)(5) and group(5) must  be  present  for
              the  ls  command  to  be able to produce owner names rather than
              numbers. Depending on the operating system, there may  be  other
              required  files.  Check  your  manual  page  for the getpwent(3)
              library routine.  The password field in(1,8) passwd(1,5) is not used,  and
              should not contain real encrypted passwords.  These files should
              be mode 444 and owned by the super-user.  Don't use the system's
              /etc/passwd(1,5) file(1,n) as the password file(1,n) or the system's /etc/group
              file(1,n) as the group file(1,n) in(1,8) the ~ftp/etc directory.

              Create a subdirectory in(1,8) ~ftp/pub with the appropriate mode (777
              or 733) if(3,n) you want to allow normal users(1,5) to upload files.

       The  authentication mechanism used by ftpd is determined by the ``auth-
       ftp'' entry  in(1,8)  the  /etc/login.conf  file(1,n)  (see  login.conf(5))  that
       matches  the  users(1,5)  class.   If there is no ``auth-ftp'' entry for the
       class, the normal ``auth'' entry will be used  instead.   An  alternate
       authentication  mechanism may be specified by appending a colon (``:'')
       followed by the authentication style, i.e. ``joe:skey''.

       There are some extensions to the FTP server such that if(3,n) the user spec-
       ifies a filename (when using a RETRIEVE command) such that:

        True Filename  Specified Filename  Action
        -------------  ------------------  -----------------------------------
        <filename>.Z   <filename>          Decompress file(1,n) before transmitting
        <filename>     <filename>.Z        Compress <filename> before
        <filename>     <filename>.tar      Tar <filename> before transmitting
        <filename>     <filename>.tar.Z    Tar and compress <filename> before

       Also,  the  FTP server will attempt to check for valid e-mail addresses
       and chide the user if(3,n) he doesn't pass the test.  For  users(1,5)  whose  FTP
       client  will hang on "long replies" (i.e. multiline responses), using a
       dash as the first character of the password will disable  the  server's
       lreply() function.

       The  FTP server can also log all file(1,n) transmission and reception, keep-
       ing the following information for each  file(1,n)  transmission  that  takes

       Mon Dec  3 18:52:41 1990 1 568881 /files.lst.Z a _ o a ftp 0 *

         %.24s %d %s %d %s %c %s %c %c %s %s %d %s
           1   2  3  4  5  6  7  8  9  10 11 12 13

         1 current time(1,2,n) in(1,8) the form DDD MMM dd hh:mm:ss YYYY
         2 transfer time(1,2,n) in(1,8) seconds
         3 remote host(1,5) name
         4 file(1,n) size in(1,8) bytes
         5 name of file(1,n)
         6 transfer type (a>scii, b>inary)
         7 special action flags (concatenated as needed):
               C   file(1,n) was compressed
               U   file(1,n) was uncompressed
               T   file(1,n) was tar'ed
               _   no action taken
         8 file(1,n) was sent to user (o>utgoing) or received from
           user (i>ncoming)
         9 accessed anonymously (r>eal, a>nonymous, g>uest) -- mostly for FTP
        10 local username or, if(3,n) guest, ID string(3,n) given
           (anonymous FTP password)
        11 service name ('ftp', other)
        12 authentication method (bitmask)
               0   none
               1   RFC931 Authentication
        13 authenticated user id (if(3,n) available, '*' otherwise)

       ftp(1), getusershell(3), syslogd(8), ftpaccess(5), xferlog(5), umask(2)

       The anonymous account is inherently dangerous and should  avoided  when

       The server must run as the super-user to create sockets with privileged
       port numbers.  It maintains an effective user id of the logged in(1,8) user,
       reverting  to  the  super-user  only when binding addresses to sockets.
       The possible security holes have been extensively scrutinized, but  are
       possibly incomplete.

4.2 Berkeley Distribution        Jan 10, 1997                          FTPD(8)

References for this manual (incoming links)