| 1 | .\" Copyright (c) 1985 Regents of the University of California.
|
|---|
| 2 | .\" All rights reserved. The Berkeley software License Agreement
|
|---|
| 3 | .\" specifies the terms and conditions for redistribution.
|
|---|
| 4 | .\"
|
|---|
| 5 | .\" @(#)ftpd.8c 6.4 (Berkeley) 5/28/86
|
|---|
| 6 | .\"
|
|---|
| 7 | .TH FTPD 8
|
|---|
| 8 | .SH NAME
|
|---|
| 9 | ftpd, in.ftpd, setup.anonftp \- DARPA Internet File Transfer Protocol server
|
|---|
| 10 | .SH SYNOPSIS
|
|---|
| 11 | .B "ftp stream tcp nowait root /usr/sbin/in.ftpd in.ftpd"
|
|---|
| 12 | .br
|
|---|
| 13 | .B "tcpd ftp /usr/sbin/in.ftpd"
|
|---|
| 14 | .SH DESCRIPTION
|
|---|
| 15 | .B Ftpd
|
|---|
| 16 | is the DARPA Internet File Transfer Prototocol
|
|---|
| 17 | server process. The server uses the TCP protocol
|
|---|
| 18 | and listens at the port specified in the ``ftp''
|
|---|
| 19 | service specification; see
|
|---|
| 20 | .BR services (5).
|
|---|
| 21 | .PP
|
|---|
| 22 | The ftp server currently supports the following ftp
|
|---|
| 23 | requests; case is not distinguished.
|
|---|
| 24 | .PP
|
|---|
| 25 | .nf
|
|---|
| 26 | .ta \w'Request 'u
|
|---|
| 27 | \fBRequest Description\fP
|
|---|
| 28 | ABOR abort previous command
|
|---|
| 29 | ACCT specify account (ignored)
|
|---|
| 30 | ALLO allocate storage (vacuously)
|
|---|
| 31 | APPE append to a file
|
|---|
| 32 | CDUP change to parent of current working directory
|
|---|
| 33 | CWD change working directory
|
|---|
| 34 | DELE delete a file
|
|---|
| 35 | HELP give help information
|
|---|
| 36 | LIST give list files in a directory (``ls -lA'')
|
|---|
| 37 | MKD make a directory
|
|---|
| 38 | MODE specify data transfer \fImode\fP
|
|---|
| 39 | NLST give name list of files in directory (``ls'')
|
|---|
| 40 | NOOP do nothing
|
|---|
| 41 | PASS specify password
|
|---|
| 42 | PASV prepare for server-to-server transfer
|
|---|
| 43 | PORT specify data connection port
|
|---|
| 44 | PWD print the current working directory
|
|---|
| 45 | QUIT terminate session
|
|---|
| 46 | RETR retrieve a file
|
|---|
| 47 | RMD remove a directory
|
|---|
| 48 | RNFR specify rename-from file name
|
|---|
| 49 | RNTO specify rename-to file name
|
|---|
| 50 | STOR store a file
|
|---|
| 51 | STOU store a file with a unique name
|
|---|
| 52 | STRU specify data transfer \fIstructure\fP
|
|---|
| 53 | TYPE specify data transfer \fItype\fP
|
|---|
| 54 | USER specify user name
|
|---|
| 55 | XCUP change to parent of current working directory
|
|---|
| 56 | XCWD change working directory
|
|---|
| 57 | XMKD make a directory
|
|---|
| 58 | XPWD print the current working directory
|
|---|
| 59 | XRMD remove a directory
|
|---|
| 60 | .fi
|
|---|
| 61 | .PP
|
|---|
| 62 | The remaining ftp requests specified in Internet RFC 959 are
|
|---|
| 63 | recognized, but not implemented.
|
|---|
| 64 | .PP
|
|---|
| 65 | The ftp server will abort an active file transfer only when the
|
|---|
| 66 | ABOR command is preceded by a Telnet "Interrupt Process" (IP)
|
|---|
| 67 | signal and a Telnet "Synch" signal in the command Telnet stream,
|
|---|
| 68 | as described in Internet RFC 959.
|
|---|
| 69 | .PP
|
|---|
| 70 | .B Ftpd
|
|---|
| 71 | interprets file names according to the ``globbing''
|
|---|
| 72 | conventions used by
|
|---|
| 73 | .BR csh (1).
|
|---|
| 74 | This allows users to utilize the metacharacters ``*?[]{}~''.
|
|---|
| 75 | .PP
|
|---|
| 76 | .B Ftpd
|
|---|
| 77 | authenticates users according to three rules.
|
|---|
| 78 | .IP 1)
|
|---|
| 79 | The user name must be in the password data base,
|
|---|
| 80 | .BR /etc/passwd ,
|
|---|
| 81 | and not have a null password. In this case a password
|
|---|
| 82 | must be provided by the client before any file operations
|
|---|
| 83 | may be performed.
|
|---|
| 84 | .IP 2)
|
|---|
| 85 | The user name must not appear in the file
|
|---|
| 86 | .BR /etc/ftpusers .
|
|---|
| 87 | .IP 3)
|
|---|
| 88 | If the user name is ``anonymous'' or ``ftp'', an
|
|---|
| 89 | anonymous ftp account must be present in the password
|
|---|
| 90 | file (user ``ftp''). In this case the user is allowed
|
|---|
| 91 | to log in by specifying any password (by convention this
|
|---|
| 92 | is given as the client host's name).
|
|---|
| 93 | .PP
|
|---|
| 94 | In the last case,
|
|---|
| 95 | .B ftpd
|
|---|
| 96 | takes special measures to restrict the client's access privileges.
|
|---|
| 97 | The server performs a
|
|---|
| 98 | .BR chroot (2)
|
|---|
| 99 | command to the home directory of the ``ftp'' user.
|
|---|
| 100 | In order that system security is not breached, it is recommended
|
|---|
| 101 | that the ``ftp'' subtree be constructed with care; the following
|
|---|
| 102 | rules are recommended.
|
|---|
| 103 | .IP ~ftp)
|
|---|
| 104 | Make the home directory owned by ``ftp'' and unwritable by anyone.
|
|---|
| 105 | .IP ~ftp/bin)
|
|---|
| 106 | Make this directory owned by the super-user and unwritable by
|
|---|
| 107 | anyone. The program
|
|---|
| 108 | .BR ls (1)
|
|---|
| 109 | must be present to support the list commands. This
|
|---|
| 110 | program should have mode 111.
|
|---|
| 111 | .IP ~ftp/etc)
|
|---|
| 112 | This directory could be created, and could have
|
|---|
| 113 | .BR passwd (5)
|
|---|
| 114 | and
|
|---|
| 115 | .BR group (5)
|
|---|
| 116 | databases in it so that
|
|---|
| 117 | .B ls
|
|---|
| 118 | can show file ownership, but outsiders will grab your password file and
|
|---|
| 119 | misuse it to spam you. So don't bother.
|
|---|
| 120 | .IP ~ftp/pub)
|
|---|
| 121 | Make this directory mode 755 and owned by the super-user. Create
|
|---|
| 122 | directories in it owned by users if those users want to manage an
|
|---|
| 123 | anonymous ftp directory.
|
|---|
| 124 | .IP ~ftp/pub/incoming)
|
|---|
| 125 | Optionally create this directory for anonymous uploads. Make it mode
|
|---|
| 126 | 777. The FTP daemon will create files with mode 266, so remote users
|
|---|
| 127 | can write a file, but only local users can do something with it.
|
|---|
| 128 | .PP
|
|---|
| 129 | The script
|
|---|
| 130 | .B setup.anonftp
|
|---|
| 131 | can be used to create or check an anonymous FTP tree.
|
|---|
| 132 | .SH "SEE ALSO"
|
|---|
| 133 | .BR ftp (1).
|
|---|
| 134 | .SH BUGS
|
|---|
| 135 | The anonymous account is inherently dangerous and should
|
|---|
| 136 | avoided when possible.
|
|---|
| 137 | .ig \" MINIX 3 doesn't have privileged port numbers (yet?)
|
|---|
| 138 | .PP
|
|---|
| 139 | The server must run as the super-user
|
|---|
| 140 | to create sockets with privileged port numbers. It maintains
|
|---|
| 141 | an effective user id of the logged in user, reverting to
|
|---|
| 142 | the super-user only when binding addresses to sockets. The
|
|---|
| 143 | possible security holes have been extensively
|
|---|
| 144 | scrutinized, but are possibly incomplete.
|
|---|
| 145 | ..
|
|---|
