| [9] | 1 | .\" Copyright (c) 1985 Regents of the University of California.
|
|---|
| 2 | .\" All rights reserved. The Berkeley software License Agreement
|
|---|
| 3 | .\" specifies the terms and conditions for redistribution.
|
|---|
| 4 | .\"
|
|---|
| 5 | .\" @(#)ftpd.8c 6.4 (Berkeley) 5/28/86
|
|---|
| 6 | .\"
|
|---|
| 7 | .TH FTPD 8
|
|---|
| 8 | .SH NAME
|
|---|
| 9 | ftpd, in.ftpd, ftpdsh, setup.anonftp \- DARPA Internet File Transfer Protocol server
|
|---|
| 10 | .SH SYNOPSIS
|
|---|
| 11 | .B "ftp stream tcp nowait root /usr/bin/in.ftpd in.ftpd"
|
|---|
| 12 | .br
|
|---|
| 13 | .B "tcpd ftp /usr/bin/in.ftpd"
|
|---|
| 14 | .SH DESCRIPTION
|
|---|
| 15 | .B Ftpd
|
|---|
| 16 | is the DARPA Internet File Transfer Prototocol
|
|---|
| 17 | server process. The server uses the TCP protocol
|
|---|
| 18 | and listens at the port specified in the ``ftp''
|
|---|
| 19 | service specification; see
|
|---|
| 20 | .BR services (5).
|
|---|
| 21 | .PP
|
|---|
| 22 | The ftp server currently supports the following ftp
|
|---|
| 23 | requests; case is not distinguished.
|
|---|
| 24 | .PP
|
|---|
| 25 | .nf
|
|---|
| 26 | .ta \w'Request 'u
|
|---|
| 27 | \fBRequest Description\fP
|
|---|
| 28 | ABOR abort previous command
|
|---|
| 29 | ACCT specify account (ignored)
|
|---|
| 30 | ALLO allocate storage (vacuously)
|
|---|
| 31 | APPE append to a file
|
|---|
| 32 | CDUP change to parent of current working directory
|
|---|
| 33 | CWD change working directory
|
|---|
| 34 | DELE delete a file
|
|---|
| 35 | HELP give help information
|
|---|
| 36 | LIST give list files in a directory (``ls -lA'')
|
|---|
| 37 | MKD make a directory
|
|---|
| 38 | MODE specify data transfer \fImode\fP
|
|---|
| 39 | NLST give name list of files in directory (``ls'')
|
|---|
| 40 | NOOP do nothing
|
|---|
| 41 | PASS specify password
|
|---|
| 42 | PASV prepare for server-to-server transfer
|
|---|
| 43 | PORT specify data connection port
|
|---|
| 44 | PWD print the current working directory
|
|---|
| 45 | QUIT terminate session
|
|---|
| 46 | RETR retrieve a file
|
|---|
| 47 | RMD remove a directory
|
|---|
| 48 | RNFR specify rename-from file name
|
|---|
| 49 | RNTO specify rename-to file name
|
|---|
| 50 | STOR store a file
|
|---|
| 51 | STOU store a file with a unique name
|
|---|
| 52 | STRU specify data transfer \fIstructure\fP
|
|---|
| 53 | TYPE specify data transfer \fItype\fP
|
|---|
| 54 | USER specify user name
|
|---|
| 55 | XCUP change to parent of current working directory
|
|---|
| 56 | XCWD change working directory
|
|---|
| 57 | XMKD make a directory
|
|---|
| 58 | XPWD print the current working directory
|
|---|
| 59 | XRMD remove a directory
|
|---|
| 60 | .fi
|
|---|
| 61 | .PP
|
|---|
| 62 | The remaining ftp requests specified in Internet RFC 959 are
|
|---|
| 63 | recognized, but not implemented.
|
|---|
| 64 | .PP
|
|---|
| 65 | The ftp server will abort an active file transfer only when the
|
|---|
| 66 | ABOR command is preceded by a Telnet "Interrupt Process" (IP)
|
|---|
| 67 | signal and a Telnet "Synch" signal in the command Telnet stream,
|
|---|
| 68 | as described in Internet RFC 959.
|
|---|
| 69 | .PP
|
|---|
| 70 | .B Ftpd
|
|---|
| 71 | interprets file names according to the ``globbing''
|
|---|
| 72 | conventions used by
|
|---|
| 73 | .BR csh (1).
|
|---|
| 74 | This allows users to utilize the metacharacters ``*?[]{}~''.
|
|---|
| 75 | .PP
|
|---|
| 76 | .B Ftpd
|
|---|
| 77 | authenticates users according to two rules.
|
|---|
| 78 | .IP 1)
|
|---|
| 79 | The user name must be in the password data base,
|
|---|
| 80 | .BR /etc/passwd ,
|
|---|
| 81 | and not have a null password. In this case a password
|
|---|
| 82 | must be provided by the client before any file operations
|
|---|
| 83 | may be performed.
|
|---|
| 84 | .IP 2)
|
|---|
| 85 | If the user name is ``anonymous'' or ``ftp'', an
|
|---|
| 86 | anonymous ftp account must be present in the password
|
|---|
| 87 | file (user ``ftp''). In this case the user is allowed
|
|---|
| 88 | to log in by specifying any password (by convention this
|
|---|
| 89 | is given as the client host's name).
|
|---|
| 90 | .PP
|
|---|
| 91 | In the last case,
|
|---|
| 92 | .B ftpd
|
|---|
| 93 | takes special measures to restrict the client's access privileges.
|
|---|
| 94 | The server performs a
|
|---|
| 95 | .BR chroot (2)
|
|---|
| 96 | command to the home directory of the ``ftp'' user.
|
|---|
| 97 | In order that system security is not breached, it is recommended
|
|---|
| 98 | that the ``ftp'' subtree be constructed with care; the following
|
|---|
| 99 | rules are recommended.
|
|---|
| 100 | .IP ~ftp)
|
|---|
| 101 | Make the home directory owned by ``ftp'' and unwritable by anyone.
|
|---|
| 102 | .IP ~ftp/bin)
|
|---|
| 103 | Make this directory owned by the super-user and unwritable by
|
|---|
| 104 | anyone. The program
|
|---|
| 105 | .BR ls (1)
|
|---|
| 106 | must be present to support the list commands.
|
|---|
| 107 | Also,
|
|---|
| 108 | .BR crc (1)
|
|---|
| 109 | must be present to support generating crcs using the site command,
|
|---|
| 110 | .BR tar (1)
|
|---|
| 111 | and
|
|---|
| 112 | .BR compress (1)
|
|---|
| 113 | must be present to support on-the-fly generation of .tar and .tar.Z archives,
|
|---|
| 114 | .BR gzip (1)
|
|---|
| 115 | must be present to support gzip compression, and
|
|---|
| 116 | .BR sh (1)
|
|---|
| 117 | must be present to support
|
|---|
| 118 | .BR ftpdsh (8)
|
|---|
| 119 | which also must be present.
|
|---|
| 120 | .BR ftpdsh controls which binaries can be used.
|
|---|
| 121 | These programs should all have mode 111.
|
|---|
| 122 | .IP ~ftp/etc)
|
|---|
| 123 | Make this directory owned by the super-user and unwritable by
|
|---|
| 124 | anyone. The files
|
|---|
| 125 | .BR passwd (5)
|
|---|
| 126 | and
|
|---|
| 127 | .BR group (5)
|
|---|
| 128 | must be present for the
|
|---|
| 129 | .B ls
|
|---|
| 130 | command to work properly. These files should be mode 444. They can (and
|
|---|
| 131 | should) be stripped down versions so as not to reveal names of users who
|
|---|
| 132 | are not owners of files in the ~ftp/pub directory tree.
|
|---|
| 133 | .IP ~ftp/pub)
|
|---|
| 134 | Make this directory mode 755 and owned by the super-user. Create
|
|---|
| 135 | directories in it owned by users if those users want to manage an
|
|---|
| 136 | anonymous ftp directory.
|
|---|
| 137 | .IP ~ftp/pub/incoming)
|
|---|
| 138 | Optionally create this directory for anonymous uploads. Make it mode
|
|---|
| 139 | 777. The FTP daemon will create files with mode 266, so remote users
|
|---|
| 140 | can write a file, but only local users can do something with it.
|
|---|
| 141 | .PP
|
|---|
| 142 | The script
|
|---|
| 143 | .B setup.anonftp
|
|---|
| 144 | can be used to create or check an anonymous FTP tree.
|
|---|
| 145 | .SH "SEE ALSO"
|
|---|
| 146 | .BR ftp (1).
|
|---|
| 147 | .SH BUGS
|
|---|
| 148 | The anonymous account is inherently dangerous and should
|
|---|
| 149 | avoided when possible.
|
|---|
| 150 | .ig \" Minix doesn't have privileged port numbers (yet?)
|
|---|
| 151 | .PP
|
|---|
| 152 | The server must run as the super-user
|
|---|
| 153 | to create sockets with privileged port numbers. It maintains
|
|---|
| 154 | an effective user id of the logged in user, reverting to
|
|---|
| 155 | the super-user only when binding addresses to sockets. The
|
|---|
| 156 | possible security holes have been extensively
|
|---|
| 157 | scrutinized, but are possibly incomplete.
|
|---|
| 158 | ..
|
|---|
| 159 | .\" man page updated by Al Woodhull 2005-02-25
|
|---|
| 160 |
|
|---|
| 161 |
|
|---|
