 4ba7f17ce0
			
		
	
	4ba7f17ce0
	
	
	
		
			
			git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@620 ec53bebd-3082-4978-b11e-865c3cabbd6b
		
			
				
	
	
		
			368 lines
		
	
	
		
			11 KiB
		
	
	
	
		
			Groff
		
	
	
	
	
	
			
		
		
	
	
			368 lines
		
	
	
		
			11 KiB
		
	
	
	
		
			Groff
		
	
	
	
	
	
| .\"	$NetBSD: ftpd.8,v 1.7 1995/04/11 02:44:53 cgd Exp $
 | |
| .\"
 | |
| .\" Copyright (c) 1985, 1988, 1991, 1993
 | |
| .\"	The Regents of the University of California.  All rights reserved.
 | |
| .\"
 | |
| .\" Redistribution and use in source and binary forms, with or without
 | |
| .\" modification, are permitted provided that the following conditions
 | |
| .\" are met:
 | |
| .\" 1. Redistributions of source code must retain the above copyright
 | |
| .\"    notice, this list of conditions and the following disclaimer.
 | |
| .\" 2. Redistributions in binary form must reproduce the above copyright
 | |
| .\"    notice, this list of conditions and the following disclaimer in the
 | |
| .\"    documentation and/or other materials provided with the distribution.
 | |
| .\" 3. All advertising materials mentioning features or use of this software
 | |
| .\"    must display the following acknowledgement:
 | |
| .\"	This product includes software developed by the University of
 | |
| .\"	California, Berkeley and its contributors.
 | |
| .\" 4. Neither the name of the University nor the names of its contributors
 | |
| .\"    may be used to endorse or promote products derived from this software
 | |
| .\"    without specific prior written permission.
 | |
| .\"
 | |
| .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
 | |
| .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 | |
| .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 | |
| .\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
 | |
| .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 | |
| .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 | |
| .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 | |
| .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 | |
| .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 | |
| .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 | |
| .\" SUCH DAMAGE.
 | |
| .\"
 | |
| .\"     @(#)ftpd.8	8.2 (Berkeley) 4/19/94
 | |
| .\"
 | |
| .Dd April 25, 1996
 | |
| .Dt FTPD 8
 | |
| .Os BSD 4.2
 | |
| .Sh NAME
 | |
| .Nm ftpd
 | |
| .Nd
 | |
| Internet File Transfer Protocol server
 | |
| .Sh SYNOPSIS
 | |
| .Nm ftpd
 | |
| .Op Fl a Ar authmode
 | |
| .Op Fl dilv
 | |
| .Op Fl p Ar port 
 | |
| .Op Fl T Ar maxtimeout
 | |
| .Op Fl t Ar timeout
 | |
| .Op Fl u Ar default umask
 | |
| .Sh DESCRIPTION
 | |
| .Nm Ftpd
 | |
| is the
 | |
| Internet File Transfer Protocol
 | |
| server process.  The server uses the
 | |
| .Tn TCP
 | |
| protocol
 | |
| and listens at the port specified in the
 | |
| .Dq ftp
 | |
| service specification; see
 | |
| .Xr services 5 .
 | |
| .Pp
 | |
| Available options:
 | |
| .Bl -tag -width Ds
 | |
| .It Fl a
 | |
| Select the level of authentication required. Recognised values are:
 | |
| .Bl -tag -width debug
 | |
| .It none
 | |
| Allows anyone to connect.
 | |
| .It safe
 | |
| Allows only authorized access and anonymous ftp.
 | |
| .It user
 | |
| Allows only authorized access.
 | |
| .El
 | |
| .It Fl d
 | |
| Debugging information is written to the syslog using LOG_FTP.
 | |
| .It Fl i
 | |
| Open a socket and wait for a connection. This is mainly used for
 | |
| debugging when ftpd isn't started by inetd.
 | |
| .It Fl l
 | |
| Each successful and failed 
 | |
| .Xr ftp 1
 | |
| session is logged using syslog with a facility of LOG_FTP.
 | |
| If this option is specified twice, the retrieve (get), store (put), append,
 | |
| delete, make directory, remove directory and rename operations and
 | |
| their filename arguments are also logged.
 | |
| .It Fl p
 | |
| Use
 | |
| .Ar port
 | |
| (a service name or number) instead of the default 
 | |
| .Ar ftp/tcp .
 | |
| .It Fl T
 | |
| A client may also request a different timeout period;
 | |
| the maximum period allowed may be set to
 | |
| .Ar timeout
 | |
| seconds with the
 | |
| .Fl T
 | |
| option.
 | |
| The default limit is 2 hours.
 | |
| .It Fl t
 | |
| The inactivity timeout period is set to
 | |
| .Ar timeout
 | |
| seconds (the default is 15 minutes).
 | |
| .It Fl v
 | |
| Verbose mode.
 | |
| .El
 | |
| .Pp
 | |
| The file
 | |
| .Pa /etc/nologin
 | |
| can be used to disable ftp access.
 | |
| If the file exists,
 | |
| .Nm
 | |
| displays it and exits.
 | |
| If the file
 | |
| .Pa /etc/ftpwelcome
 | |
| exists,
 | |
| .Nm
 | |
| prints it before issuing the 
 | |
| .Dq ready
 | |
| message.
 | |
| If the file
 | |
| .Pa /etc/motd
 | |
| exists,
 | |
| .Nm
 | |
| prints it after a successful login.
 | |
| .Pp
 | |
| The ftp server currently supports the following ftp requests.
 | |
| The case of the requests is ignored.
 | |
| .Bl -column "Request" -offset indent
 | |
| .It Request Ta "Description"
 | |
| .It ABOR Ta "abort previous command"
 | |
| .It ACCT Ta "specify account (ignored)"
 | |
| .It ALLO Ta "allocate storage (vacuously)"
 | |
| .It APPE Ta "append to a file"
 | |
| .It CDUP Ta "change to parent of current working directory"
 | |
| .It CWD Ta "change working directory"
 | |
| .It DELE Ta "delete a file"
 | |
| .It HELP Ta "give help information"
 | |
| .It LIST Ta "give list files in a directory" Pq Dq Li "ls -lgA"
 | |
| .It MKD Ta "make a directory"
 | |
| .It MDTM Ta "show last modification time of file"
 | |
| .It MODE Ta "specify data transfer" Em mode
 | |
| .It NLST Ta "give name list of files in directory"
 | |
| .It NOOP Ta "do nothing"
 | |
| .It PASS Ta "specify password"
 | |
| .It PASV Ta "prepare for server-to-server transfer"
 | |
| .It PORT Ta "specify data connection port"
 | |
| .It PWD Ta "print the current working directory"
 | |
| .It QUIT Ta "terminate session"
 | |
| .It REST Ta "restart incomplete transfer"
 | |
| .It RETR Ta "retrieve a file"
 | |
| .It RMD Ta "remove a directory"
 | |
| .It RNFR Ta "specify rename-from file name"
 | |
| .It RNTO Ta "specify rename-to file name"
 | |
| .It SITE Ta "non-standard commands (see next section)"
 | |
| .It SIZE Ta "return size of file"
 | |
| .It STAT Ta "return status of server"
 | |
| .It STOR Ta "store a file"
 | |
| .It STOU Ta "store a file with a unique name"
 | |
| .It STRU Ta "specify data transfer" Em structure
 | |
| .It SYST Ta "show operating system type of server system"
 | |
| .It TYPE Ta "specify data transfer" Em type
 | |
| .It USER Ta "specify user name"
 | |
| .It XCUP Ta "change to parent of current working directory (deprecated)"
 | |
| .It XCWD Ta "change working directory (deprecated)"
 | |
| .It XMKD Ta "make a directory (deprecated)"
 | |
| .It XPWD Ta "print the current working directory (deprecated)"
 | |
| .It XRMD Ta "remove a directory (deprecated)"
 | |
| .El
 | |
| .Pp
 | |
| The following commands are specified by ftpsec draft.
 | |
| .Bl -column Request -offset indent
 | |
| .It AUTH Ta "authentication/security mechanism"
 | |
| .It ADAT Ta "authentication/security data"
 | |
| .It PROT Ta "data channel protection level"
 | |
| .It PBSZ Ta "protection buffer size"
 | |
| .It MIC Ta "integrity protected command"
 | |
| .It CONF Ta "confidentiality protected command"
 | |
| .It ENC Ta "privacy protected command"
 | |
| .It CCC Ta "clear command channel"
 | |
| .El
 | |
| .Pp
 | |
| The following non-standard or
 | |
| .Tn UNIX
 | |
| specific commands are supported
 | |
| by the
 | |
| SITE request.
 | |
| .Pp
 | |
| .Bl -column Request -offset indent
 | |
| .It UMASK Ta change umask, e.g. ``SITE UMASK 002''
 | |
| .It IDLE Ta set idle-timer, e.g. ``SITE IDLE 60''
 | |
| .It CHMOD Ta change mode of a file, e.g. ``SITE CHMOD 755 filename''
 | |
| .It HELP Ta give help information.
 | |
| .El
 | |
| .Pp
 | |
| The following Kerberos related site commands are understood.
 | |
| .Bl -column Request -offset indent
 | |
| .It KAUTH Ta obtain remote tickets.
 | |
| .It KLIST Ta show remote tickets
 | |
| .El
 | |
| .Pp
 | |
| The remaining ftp requests specified in Internet RFC 959
 | |
| are
 | |
| recognized, but not implemented.
 | |
| MDTM and SIZE are not specified in RFC 959, but will appear in the
 | |
| next updated FTP RFC.
 | |
| .Pp
 | |
| The ftp server will abort an active file transfer only when the
 | |
| ABOR
 | |
| command is preceded by a Telnet "Interrupt Process" (IP)
 | |
| signal and a Telnet "Synch" signal in the command Telnet stream,
 | |
| as described in Internet RFC 959.
 | |
| If a
 | |
| STAT
 | |
| command is received during a data transfer, preceded by a Telnet IP
 | |
| and Synch, transfer status will be returned.
 | |
| .Pp
 | |
| .Nm Ftpd
 | |
| interprets file names according to the
 | |
| .Dq globbing
 | |
| conventions used by
 | |
| .Xr csh 1 .
 | |
| This allows users to utilize the metacharacters
 | |
| .Dq Li \&*?[]{}~ .
 | |
| .Pp
 | |
| .Nm Ftpd
 | |
| authenticates users according to these rules. 
 | |
| .Pp
 | |
| .Bl -enum -offset indent
 | |
| .It
 | |
| If Kerberos authentication is used, the user must pass valid tickets
 | |
| and the principal must be allowed to login as the remote user.
 | |
| .It
 | |
| The login name must be in the password data base, and not have a null
 | |
| password (if kerberos is used the password field is not checked).
 | |
| In this case a password must be provided by the client before any
 | |
| file operations may be performed.
 | |
| If the user has an S/Key key, the response from a successful USER
 | |
| command will include an S/Key challenge. The client may choose to respond
 | |
| with a PASS command giving either a standard password or an S/Key
 | |
| one-time password. The server will automatically determine which type of
 | |
| password it has been given and attempt to authenticate accordingly. See
 | |
| .Xr skey 1
 | |
| for more information on S/Key authentication. S/Key is a Trademark of
 | |
| Bellcore.
 | |
| .It
 | |
| The login name must not appear in the file
 | |
| .Pa /etc/ftpusers .
 | |
| .It
 | |
| The user must have a standard shell returned by 
 | |
| .Xr getusershell 3 .
 | |
| .It
 | |
| If the user name appears in the file
 | |
| .Pa /etc/ftpchroot
 | |
| the session's root will be changed to the user's login directory by
 | |
| .Xr chroot 2
 | |
| as for an
 | |
| .Dq anonymous
 | |
| or
 | |
| .Dq ftp
 | |
| account (see next item).  However, the user must still supply a password.
 | |
| This feature is intended as a compromise between a fully anonymous account 
 | |
| and a fully privileged account.  The account should also be set up as for an
 | |
| anonymous account.
 | |
| .It
 | |
| If the user name is
 | |
| .Dq anonymous
 | |
| or
 | |
| .Dq ftp ,
 | |
| an
 | |
| anonymous ftp account must be present in the password
 | |
| file (user
 | |
| .Dq ftp ) .
 | |
| In this case the user is allowed
 | |
| to log in by specifying any password (by convention an email address for
 | |
| the user should be used as the password).
 | |
| .El
 | |
| .Pp
 | |
| In the last case, 
 | |
| .Nm ftpd
 | |
| takes special measures to restrict the client's access privileges.
 | |
| The server performs a 
 | |
| .Xr chroot 2
 | |
| to the home directory of the
 | |
| .Dq ftp
 | |
| user.
 | |
| In order that system security is not breached, it is recommended
 | |
| that the
 | |
| .Dq ftp
 | |
| subtree be constructed with care, following these rules:
 | |
| .Bl -tag -width "~ftp/pub" -offset indent
 | |
| .It Pa ~ftp
 | |
| Make the home directory owned by
 | |
| .Dq root
 | |
| and unwritable by anyone.
 | |
| .It Pa ~ftp/bin
 | |
| Make this directory owned by
 | |
| .Dq root
 | |
| and unwritable by anyone (mode 555).
 | |
| The program
 | |
| .Xr ls 1
 | |
| must be present to support the list command.
 | |
| This program should be mode 111.
 | |
| .It Pa ~ftp/etc
 | |
| Make this directory owned by
 | |
| .Dq root
 | |
| and unwritable by anyone (mode 555).
 | |
| The files
 | |
| .Xr passwd 5
 | |
| and
 | |
| .Xr group 5
 | |
| must be present for the 
 | |
| .Xr ls
 | |
| command to be able to produce owner names rather than numbers.
 | |
| The password field in
 | |
| .Xr passwd
 | |
| is not used, and should not contain real passwords.
 | |
| The file
 | |
| .Pa motd ,
 | |
| if present, will be printed after a successful login.
 | |
| These files should be mode 444.
 | |
| .It Pa ~ftp/pub
 | |
| Make this directory mode 777 and owned by
 | |
| .Dq ftp .
 | |
| Guests
 | |
| can then place files which are to be accessible via the anonymous
 | |
| account in this directory.
 | |
| .El
 | |
| .Sh FILES
 | |
| .Bl -tag -width /etc/ftpwelcome -compact
 | |
| .It Pa /etc/ftpusers
 | |
| List of unwelcome/restricted users.
 | |
| .It Pa /etc/ftpchroot
 | |
| List of normal users who should be chroot'd.
 | |
| .It Pa /etc/ftpwelcome
 | |
| Welcome notice.
 | |
| .It Pa /etc/motd
 | |
| Welcome notice after login.
 | |
| .It Pa /etc/nologin
 | |
| Displayed and access refused.
 | |
| .It Pa ~/.klogin
 | |
| Login access for Kerberos.
 | |
| .El
 | |
| .Sh SEE ALSO
 | |
| .Xr ftp 1 ,
 | |
| .Xr skey 1 ,
 | |
| .Xr getusershell 3 ,
 | |
| .Xr syslogd 8 ,
 | |
| .Sh STANDARDS
 | |
| .Bl -tag -compact -width RFC-959
 | |
| .It Cm RFC-959
 | |
| FTP PROTOCOL SPECIFICATION
 | |
| .It Cm draft-ietf-cat-ftpsec-08
 | |
| FTP Security Extensions. This is work in progress and might change in
 | |
| the future.
 | |
| .Sh BUGS
 | |
| The server must run as the super-user
 | |
| to create sockets with privileged port numbers.  It maintains
 | |
| an effective user id of the logged in user, reverting to
 | |
| the super-user only when binding addresses to sockets.  The
 | |
| possible security holes have been extensively
 | |
| scrutinized, but are possibly incomplete.
 | |
| .Sh HISTORY
 | |
| The
 | |
| .Nm
 | |
| command appeared in
 | |
| .Bx 4.2 .
 |