unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (SunOS-4.1.3)
Page:
Section:
Apropos / Subsearch:
optional field

FTPD(8C)                                                              FTPD(8C)



NAME
       ftpd, in.ftpd - TCP/IP Internet File Transfer Protocol server

SYNOPSIS
       /usr/etc/in.ftpd [ -dl ] [ -ttimeout ] host.socket

AVAILABILITY
       This  program  is  available  with the Networking software installation
       option.  Refer to for information on how to install optional software.

DESCRIPTION
       ftpd is  the  TCP/IP  Internet  File  Transfer  Protocol  (FTP)  server
       process.   The  server is invoked by the Internet daemon inetd(8C) each
       time a connection to the FTP service (see services(5))  is  made,  with
       the  connection  available  as descriptor 0 and the host and socket the
       connection originated from (in hex and decimal respectively)  as  argu-
       ment.

       Inactive connections are timed out after 60 seconds.

       If  the  -d option is specified, debugging information is logged to the
       system log daemon, syslogd(8).

       If the -l option is specified, each FTP session is logged to syslogd.

       The FTP server will timeout an inactive session after 15  minutes.   If
       the  -t  option is specified, the inactivity timeout period will be set
       to timeout.

       The FTP server currently supports the following FTP requests;  case  is
       not distinguished.

       Request   Description

       ABOR      abort previous command

       ACCT      specify account (ignored)

       ALLO      allocate storage (vacuously)

       APPE      append to a file

       CDUP      change to parent of current working directory

       CWD       change working directory

       DELE      delete a file

       HELP      give help information

       LIST      give list files in a directory (ls -lg)

       MKD       make a directory

       MODE      specify data transfer mode

       NLST      give name list of files in directory (ls)

       NOOP      do nothing

       PASS      specify password

       PASV      prepare for server-to-server transfer

       PORT      specify data connection port

       PWD       print the current working directory

       QUIT      terminate session

       RETR      retrieve a file

       RMD       remove a directory

       RNFR      specify rename-from file name

       RNTO      specify rename-to file name

       STOR      store a file

       STOU      store a file with a unique name

       STRU      specify data transfer structure

       TYPE      specify data transfer type

       USER      specify user name

       XCUP      change to parent of current working directory

       XCWD      change working directory

       XMKD      make a directory

       XPWD      print the current working directory

       XRMD      remove a directory

       The remaining FTP requests specified in RFC 959 are recognized, but not
       implemented.

       The FTP server will abort an active file transfer only  when  the  ABOR
       command  is  preceded by a Telnet "Interrupt Process" (IP) signal and a
       Telnet "Synch" signal in the command Telnet stream, as described in RFC
       959.

       ftpd interprets file names according to the "globbing" conventions used
       by csh(1).  This allows users to utilize the  metacharacters  `*  ?  []
       {}~'.

       ftpd authenticates users according to three rules.

       o      The  user  name  must be in the password data base, /etc/passwd,
              and not have a null password.  In this case a password  must  be
              provided  by  the  client before any file operations may be per-
              formed.

       o      If the file /etc/ftpusers exists, the user name must not  appear
              in that file.

       o      The user must have a standard shell returned by getusershell(3).

       o      If  the  user  name  is  "anonymous"  or "ftp", an anonymous FTP
              account must be present in the password file (user  "ftp").   In
              this  case the user is allowed to log in by specifying any pass-
              word (by convention this is given as the client host's name).

       In the last case, ftpd takes special measures to restrict the  client's
       access privileges.  The server performs a chroot(2) command to the home
       directory of the "ftp" user.  In order  that  system  security  is  not
       breached,  it is recommended that the "ftp" subtree be constructed with
       care;  the following rules are recommended.

       ~ftp    Make the home directory owned by "ftp" and unwritable  by  any-
               one.

       ~ftp/bin
               Make  this  directory owned by the super-user and unwritable by
               anyone.  The program ls(1V) must be present to support the list
               commands.   This  program  should  have  mode  111.   Since the
               default /bin/ls command is linked with a shared library, so you
               need to set up the files for dynamic linking as well.

       ~ftp/usr/lib/ld.so
               the runtime loader must be present and executable.

       ~ftp/dev/zero
               used by the runtime loader, create this with the command "mknod
               zero c 3 12".

       ~ftp/usr/lib/libc.so.*
               should be a copy of the latest version of the shared C library.

       ~ftp/etc
               Make this directory owned by the super-user and  unwritable  by
               anyone.   The  files passwd(5) and group(5) must be present for
               the ls command to work properly.  These files  should  be  mode
               444.

       ~ftp/pub
               Make  this directory mode 777 and owned by "ftp".  Users should
               then place files which are to be accessible via  the  anonymous
               account in this directory.

DIAGNOSTICS
       ftpd  logs  various  errors  to  the system log daemon, syslogd, with a
       facility code of daemon.  The messages  are  listed  here,  grouped  by
       severity level.

   Err Severity
       getpeername failed: reason
              A getpeername(2) call failed.

       getsockname failed: reason
              A getsockname(2) call failed.

       signal failed: reason
              A signal (3V) (see signal(3V)) call failed.

       setsockopt failed: reason
              A setsockopt call (see getsockopt(2)) failed.

       ioctl failed: reason
              A ioctl(2) call failed.

       directory: reason
              ftpd did not have write permission on the directory directory in
              which a file was to be created by the STOU command.

   Info Severity
       These messages are logged only if the -l flag is specified.

       FTPD: connection from host at time
              A connection was made to ftpd from the host host at the date and
              time time.

       FTPD: User user timed out after timeout seconds at time
              The  user  user  was  logged out because they hadn't entered any
              commands after timeout seconds; the logout occurred at the  date
              and time time.

   Debug Severity
       These messages are logged only if the -d flag is specified.

       1FTPD: command: command
              A command line containing command was read from the FTP client.

       lost connection
              The FTP client dropped the connection.

       <--- replycode
       <--- replycode-
              A  reply  was  sent to the FTP client with the reply code reply-
              code.  The next message logged will include the message  associ-
              ated  with  the reply.  If a - follows the reply code, the reply
              is continued on later lines.

SEE ALSO
       csh(1), ftp(1C), ls(1V), chroot(2) getpeername(2), getsockname(2), get-
       sockopt(2),    ioctl(2),    getusershell(3),   ftpusers(5),   group(5),
       passwd(5), services(5), inetd(8C), syslogd(8)

       Postel, Jon, and Joyce Reynolds, File Transfer Protocol (FTP), RFC 959,
       Network  Information  Center,  SRI  International,  Menlo Park, Calif.,
       October 1985.

BUGS
       The anonymous account is inherently dangerous  and  should  be  avoided
       when possible.

       The server must run as the super-user to create sockets with privileged
       port numbers.  It maintains an effective user ID of the logged in user,
       reverting  to  the  super-user  only when binding addresses to sockets.
       The possible security holes have been extensively scrutinized, but  are
       possibly incomplete.



                               18 December 1989                       FTPD(8C)