ftpd(ADMN)

ftpd -- Internet File Transfer Protocol server

Syntax

/etc/ftpd [ -a ] [ -A ] [ -d ] [ -i ] [ -l ] [ -L ] [ -o ] [ -P ] [ -p ] [ -Q ] [ -q ] [ -r ] [ -S ] [ -s ]
[ -t timeout ] [ -T maxtimeout ] [ -u mask ] [ -v ] [ -V ] [ -w ] [ -W ] [ -X ]

Description

ftpd is the Internet File Transfer Protocol server process. The server uses the TCP protocol and listens at the port specified in the ftp service specification; see services(SFF).

ftpd is started by the super server inetd, and therefore must have an entry in inetd's configuration file, /etc/inetd.conf. See inetd(ADMN) and inetd.conf(SFF).

-a: Specify that the access file, /etc/ftpaccess, must be present. This is the default behavior.
-A: Ignore the access file, /etc/ftpaccess.
-d: Write debugging information to the syslog file.
-i: Log all inbound file transfers to the ftplog file.
-l: Log all FTP sessions to the syslog file.
-L: Log all commands received from remote FTP clients to the syslog file.
-o: Log all outbound file transfers to the ftplog file.
-P: Override the port numbers used by the daemon. Normally, the daemon determines the port numbers by looking in the /etc/services for "ftp" and "ftp-data". If there is no /etc/services entry for "ftp-data" and the -P option is not specified, the daemon uses the port just prior to the control connection port.
-p: Override the port numbers used by the daemon. Available only if running as a standalone daemon.
-Q: Disable the PID files. These files are required by the limit directive to determine the number of current users in each access class. Disabling the use of the PID files disables user limits. Use this option when testing the server as a normal user when access permissions prevent the use of the PID files. Large, busy sites which do not wish to impose limits on the number of concurrent users may also consider disabling the PID files.
-q: Specify that the daemon is to use the PID files.
-r: chroot(S) to the specified rootdir immediately upon loading. This can improve system security by limiting the files which may be damaged should a breakin occur through the daemon. Set is much like anonymous FTP, with additional files needed which vary from system to system.
-S: Run in standalone operation mode in the background. This option is useful in startup scripts during system initialization (ie., in rc.local).
-s: Run in standalone operation mode in the foreground. This option is useful when running from init (ie., /etc/inittab.
-t timeout: Set the timeout period for an inactive session to timeout seconds. The default is 15 minutes. A client may also request a different timeout period; see the -T option.
-T maxtimeout: Set the maximum timeout limit to maxtimeout seconds. The default limit is 2 hours. This option prevents clients from requesting longer timeout periods than the set limit.
-u mask: Set the file creation mask to mask.
-v: Equivalent to -d.
-V: Cause the program to display copyright and version information, then terminate.
-w: Log every login and logout in the wtmp file. This is the default behavior.
-W: Do not log user logins and logouts in the wtmp file.
-X: Output created by the -i and -o options is not saved to ftplog, but saved to syslog so that output from several hosts can be saved on one central host.

FTP requests

The FTP server currently supports the following FTP requests; case is not distinguished.

ABOR: abort previous command
ADAT: send authentication data
ACCT: specify account (ignored)
ALLO: allocate storage (vacuously)
APPE: append to a file
AUTH: send authentication type
CDUP: change to parent of current working directory
CWD: change working directory
DELE: delete a file
HELP: give help information
LIST: give list files in a directory (ls -l)
MKD: make a directory
MDTM: show last modification time of file
MODE: specify data transfer mode
NLST: give name list of files in directory (ls)
NOOP: do nothing
PASS: specify password
PASV: prepare for server-to-server transfer
PBSZ: specify protection level
PORT: specify data connection port
PROT: set protection level
PWD: print the current working directory
QUIT: terminate session
REST: restart a file transfer
RETR: retrieve a file
RMD: remove a directory
RNFR: specify rename-from file name
RNTO: specify rename-to file name
SITE: non-standard commands (see next section)
SIZE: return size of file
STAT: return status of server
STOR: store a file
STOU: store a file with a unique name
STRU: specify data transfer structure
SYST: display operating system information
TYPE: specify data transfer type
USER: specify user name
XCUP: change to parent of current working directory
XCWD: change working directory
XMKD: make a directory
XPWD: print the current working directory
XRMD: remove a directory

SITE request commands

The following non-standard or UNIX-specific commands are supported by the SITE request.

CHMOD

change mode of a file. For example, SITE CHMOD 755 filename

EXEC

run the specified command. For example, SITE EXEC command, where command resides in or is linked into the /etc/ftp-exec directory on the FTP server.

WARNING: Providing the capability for remote clients to execute non-standard commands on the FTP server incurs potential security risks. Use extreme caution when placing executables and setting permissions in the /etc/ftp-exec directory.

GPASS

validate with the specified group password. For example, SITE GPASS passwd

GROUP

change to the specified group. For example, SITE GROUP group

HELP

give help information. For example, SITE HELP

IDLE

set idle-timer. For example, SITE IDLE 60

INDEX

exec a local index command. For example, SITE INDEX list

LANG

change the language in which ftpd sends messages back to the client. By default, the value of LANG is read from the client user's environment. If this variable is not set, LANG is set to english by default. For example, SITE LANG french sets the language of ftpd messages to French.

MINFO

show information about files newer than date. For example, SITE MINFO datepath

NEWER

find files newer than time. For example, SITE NEWER date or SITE NEWER date path

UMASK

change umask. For example, SITE UMASK 002

The remaining FTP requests specified in RFC 959 are recognized, but not implemented. MDTM and SIZE are not specified in RFC 959, but will appear in the next updated FTP RFC.

The FTP server will abort an active file transfer only when the ABOR command is preceded by a Telnet Interrupt Process (IP) signal and a Telnet Synch signal in the command Telnet stream, as described in RFC 959. If a STAT command is received during a data transfer, preceded by a Telnet IP and Synch, transfer status will be returned.

ftpd interprets file names according to the ``globbing'' conventions used by sh(C). This allows users to utilize the metacharacters * ? [ ] { } and ~.

ftpd authenticates users according to four rules.

The user name must be in the password data base, /etc/passwd, and not have a null password. In this case a password must be provided by the client before any file operations may be performed.
The user name must not appear in the file /etc/ftpusers. This file is checked on each non-anonymous ftp connection request. If the requested user name is located in the file, the request for service is denied. It is suggested that this file contain at least the following names: uucp, root.
The FTP server will not allow FTP logins to accounts whose shell is not listed in /etc/shells. This typically restricts access by UUCP signons, etc.
If the user name is anonymous or ftp, an anonymous ftp account must be present in the password file (user ftp). In this case the user is allowed to log in by specifying any password (by convention this is given as the client user's e-mail address, such as user@domain).

Anonymous FTP

When a client logs into the anonymous ftp account, ftpd takes special measures to restrict the client's access privileges. The server performs a chroot(S) command to the home directory of the ftp user.

To prevent a breach in system security, use the following rules when constructing the ftp subtree. (~ftp means ``the home directory of user ftp.'')

~ftp: Make the home directory owned by root with mode set to 755.
~ftp/bin: Make this directory owned by root and unwritable by anyone. The program ls(C) must be present in this directory to support the list commands. This program should have mode 111.
~ftp/etc: Make this directory owned by root and unwritable by anyone. The files passwd(C) and group(F) must be present for the ls command to be able to produce owner names rather than numbers. The password field in passwd is not used, and should not contain real encrypted passwords. These files should be mode 444.
~ftp/lib: Make this directory owned by root and unwritable by anyone.
~ftp/lib/libprot.so.1: Copy /lib/libprot.so.1 to this location to support ~ftp/bin/ls. This file should be mode 555 and owned by bin.
~ftp/pub: Make this directory mode 555 and owned by root. Users should then place files which are to be accessible via the anonymous account in this directory. For full details, see ``Setting up anonymous ftp'' in the Networking Guide.
~ftp/pub/incoming: Make this directory owned by root and unreadable by anyone (mode 333). These permissions create a ``blind dropbox''.
~ftp/usr: Make this directory owned by root and unwritable by anyone.
~ftp/usr/lib: Make this directory owned by root and unwritable by anyone.
~ftp/usr/lib/libc.so.1
~ftp/usr/lib/libsocket.so.1
~ftp/usr/lib/libsocket.so.2
~ftp/usr/lib/libresolv.so.1: Copy /usr/lib/libc.so.1, /usr/lib/libsocket.so.1, /usr/lib/libsocket.so.2, and /usr/lib/libresolv.so.1 to this location to support ~ftp/bin/ls. Both files should be mode 555 and owned by bin.
~ftp/dev/socksys: Create this device with the following command:

find /dev/socksys -print | cpio -pdmuv ~ftp
If the networking software on this system is removed and reinstalled, rerun the above command because the major number of the original /dev/socksys device may change.
~ftp/dev/zero: Create this device with the following command:

find /dev/zero -print | cpio -pdmuv ~ftp

The FTP server expects that anonymous users will give their e-mail address as a password. The server will complain if the password is not of the form user@domain. Users will not be denied access because of malformed passwords.

Naming

The ftp server recognizes the special extensions, .tar, .Z, and .tar.Z. In these cases, it will attempt to execute the system commands tar(C), compress(C), or a combination of both. This is useful for retrieving entire directory hierarchies in a single operation. Note that not all systems support the compress command. If this functionality is desired for anonymous logins, the commands must be installed in the appropriate paths under the anonymous login directory. See ``Files'' and ftpconv(SFF).

New filename extensions and rules can be added to the conversions file, ftpconv(SFF). Note that conversions only work when retrieving files from the FTP server.

Long replies

For users whose FTP client will hang on long replies (multi-line responses), using a dash as the first character of the password will disable the use of long replies.

Limitations

The anonymous account is inherently dangerous and should be avoided when possible.

The server must run as root to create sockets with privileged port numbers. It maintains an effective user ID of the logged in user, reverting to root only when binding addresses to sockets.

Kerberos Network Authentication Service protocol is no longer supported.

Data encryption is not supported.

Files

/etc/ftpaccess: ftp server configuration file
/etc/ftpconv: file name conversions
/etc/ftpusers: list of disallowed users, including root, uucp, and other pseudo-users
/etc/shells: allowable shell list
/etc/passwd: user database
/etc/group: group database
/var/adm/syslog: system log file
/var/adm/ftplog: default transfer log file
/etc/inetd.conf: configuration file for inetd
/etc/services: Internet services list

The following files are needed for anonymous ftp:

~ftp/bin/ls: to support the LIST and NLST commands
~ftp/shlib/libc_s: to support the LIST and NLST commands
~ftp/usr/bin/tar: allows the ftp server to execute tar for anonymous logins
~ftp/usr/bin/compress: allows the ftp server to execute compress for anonymous logins
~ftp/dev/socksys: needed to establish data connections
~ftp/etc/passwd: used by ~ftp/bin/ls
~ftp/etc/group: used by ~ftp/bin/ls
~ftp/pub/files: files to be accessible via anonymous ftp

The contents of the files ~ftp/etc/passwd and ~ftp/etc/group should be minimal and not contain real passwords for security reasons.

Standards conformance

ftpd is not part of any currently supported standard. It is an extension of AT&T UNIX System V provided by The Santa Cruz Operation, Inc.

ftpd is conformant with:
RFC 959 (STD 9), RFC 1123