Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (OSF1-V5.1-alpha)
Apropos / Subsearch:
optional field

ftpd(8)								      ftpd(8)


  ftpd - Describes File	Transfer Protocol server daemon, including anonymous


  ftpd [-dl] [-t timeout] [-T maxtimeout]


  -d  Debugging	information is sent to the syslogd daemon (see syslogd(8)).

  -l  Each FTP session,	as well	as additional information, such	as the file
      name retrieved or	stored,	the number of bytes, and the attempted logins
      that failed, is sent to the syslogd daemon (see syslogd(8)).

  -t time-out
      The inactivity time-out period will be set to time-out seconds.

  -T maxtime-out
      The maximum timeout period allowed may be	set to timeout seconds with
      this option.


  This security-sensitive command uses the SIA (Security Integration Archi-
  tecture) routine as an interface to the security mechanisms. See
  matrix.conf(4) for more information.


  The ftpd command is the DARPA	(Defense Advanced Research Projects Agency)
  Internet File	Transfer Protocol server process.  The server uses the TCP
  protocol and listens at the port specified in	the FTP	service	specifica-
  tion;	see services(4).

  The ftpd command includes two	options	to control the information logged for
  the ftpd daemon. If the -d option is specified, debugging information	is
  logged.  If the -l option is specified, each ftp session, along with data
  for login failures and file operations, is logged. Refer to the syslogd(8)
  reference page for information on system log files.

  The FTP server will time out an inactive session after 15 minutes. If	the
  -t option is specified, the inactivity time-out period will be set to
  time-out seconds. A client may also request a	different time-out period;
  the maximum period allowed may be set	to time-out seconds with the -T
  option. The default limit is 2 hours.

  If you want to use a customized banner, create an /etc/banner	file. The
  ftpd daemon reads the	file, if it exists, and	writes its contents over a
  new FTP connection prior to starting the login dialog.

  The FTP server currently supports the	following ftp requests;	case is	not

  Request   Description
  ABOR	    Abort previous command
  ACCT	    Specify account (ignored)
  ALLO	    Allocate storage (vacuously)
  APPE	    Append to a	file
  CDUP	    Change to parent of	current	working	directory
  CWD	    Change working directory
  DELE	    Delete a file

	    Prepare for	proxy transfer (default) and server-to-server
  EPRT	    Specify data connection port
  HELP	    Give help information
  LIST	    Give list files in a directory (ls -lgA)
  LPRT	    Specify data connection port (IPv6 addresses only)
  LPSV	    Prepare for	server-to-server transfer (IPv6	addresses only)
  MKD	    Make a directory
  MDTM	    Show last modification time	of file
  MODE	    Specify data transfer mode
  NLST	    Give name list of files in directory
  NOOP	    Do nothing
  PASS	    Specify password
  PASV	    Prepare for	server-to-server transfer (IPv4	addresses only)
  PORT	    Specify data connection port (IPv4 addresses only)
  PWD	    Print the current working directory
  QUIT	    Terminate session
  REST	    Restart incomplete transfer
  RETR	    Retrieve a file
  RMD	    Remove a directory
  RNFR	    Specify rename-from	file name
  RNTO	    Specify rename-to file name
  SITE	    Nonstandard	commands (see next section)
  SIZE	    Return size	of file
  STAT	    Return status of server
  STOR	    Store a file
  STOU	    Store a file with a	unique name
  STRU	    Specify data transfer structure
  SYST	    Show operating system type of server system
  TYPE	    Specify data transfer type
  USER	    Specify username
  XCUP	    Change to parent of	current	working	directory (deprecated)
  XCWD	    Change working directory (deprecated)
  XMKD	    Make a directory (deprecated)
  XPWD	    Print the current working directory	(deprecated)
  XRMD	    Remove a directory (deprecated)

  The following	nonstandard or UNIX compatible commands	are supported by the
  SITE request:

  Request   Description

	    Change umask (for example, SITE UMASK 002)

	    Set	idle timer (for	example, SITE IDLE 60)

	    Change mode	of a file (for example,
	    SITE CHMOD 755 filename)

	    Give help information (for example,	SITE HELP)

  The remaining	ftp requests specified in Internet RFC 959 are recognized,
  but not implemented.	MDTM and SIZE are not specified	in RFC 959, but	will
  appear in the	next updated FTP RFC.

  The ftp server will abort an active file transfer only when the ABOR com-
  mand is preceded by a	Telnet Interrupt Process (IP) signal and a Telnet
  Synch	signal in the command Telnet stream, as	described in Internet RFC
  959. If a STAT command is received during a data transfer, preceded by a
  Telnet IP and	Synch, transfer	status will be returned.

  The ftpd command interprets file names according to the ``globbing'' con-
  ventions used	by the C shell (see csh(1)). This interpretation allows	users
  to utilize the metacharacters	``*?[]{}~''.

  The ftpd command authenticates users according to four rules:

    +  The username must be in the password database, /etc/passwd, and not
       have a null password.  In this case, a password must be provided	by
       the client before any file operations may be performed.

    +  The username must not appear in the /etc/ftpusers file.

    +  The user	must have a standard shell returned by the getusershell()
       call (see getusershell(3)).

    +  If the username is anonymous or ftp, an anonymous ftp account must be
       present in the password file (user ftp).	 In this case, the user	is
       allowed to log in by specifying any password (by	convention this	is
       given as	the client host's name).

  The ftp command uses the default Type-of-Service values recommended by
  RFC1060, which are as	follows:

      Low delay

      High throughput

  Anonymous FTP	Configuration

  If you are creating an anonymous FTP account,	ftpd takes special measures
  to restrict the client's access privileges when the user logs	in.  The
  server executes a chroot call	(see chroot(2))	to the home directory of
  theftp user. In order	that system security is	not breached, it is recom-
  mended that you adhere to the	following rules	when creating directories and
  files	in the ftp subtree:

      Make the home directory owned by the superuser (root) and	unwritable by

      Make this	directory owned	by the superuser and unwritable	by anyone.
      The ls program (see ls(1)) must be present to support the	list command.
      This program should have mode 111.

      Copy the ls program from /sbin/ls.  This is the statically linked	ver-
      sion of the ls command, which does not require shared library support.
      Be sure to copy the static version of ls from the	/sbin directory, not
      the shared version from the /usr/bin directory.

      Make this	directory owned	by the superuser and unwritable	by anyone.
      The passwd and group files (see passwd(4)	and group(4) ) must be
      present for the ls command to be able to produce owner names rather
      than numbers. The	password field in the passwd file is not used, and
      should not contain real encrypted	passwords.  These files	should be
      mode 444.

      In this environment, the sia subdirectory	(which you can copy from
      /etc/sia)	must also be present for the ls	command	to be able to produce
      owner names rather than numbers.

      Make this	directory mode 777 and owned by	ftp.  Users should then	place
      files that are to	be accessible via the anonymous	account	in this

  You can configure these values by specifying them in the /etc/iptos file.
  For more information,	see iptos(4).


      Specifies	the command path.

      Contains the list	of unauthorized	users.

      Specifies	the path name for the banner file.


  The anonymous	account	is inherently dangerous	and should be avoided when

  The server must run as the superuser to create sockets with privileged port
  numbers.  It maintains an effective user ID of the logged in user, revert-
  ing to the superuser only when binding addresses to sockets.	The possible
  security holes have been extensively scrutinized, but	are possibly incom-


  Commands: ftp(1), syslogd(8)

  Functions: getusershell(3)

  Files: iptos(4)