FTPD(8)                                                   FTPD(8)

NAME
       ftpd - Internet File Transfer Protocol server

SYNOPSIS
       ftpd [ -d ] [ -v ] [ -l ] [ -t timeout ] [ -T maxtimeout ]
       [ -a ] [ -A ] [ -L ] [ -i ] [ -I ] [ -o ] [ -p ctrlport  ]
       [ -P dataport ] [ -q ] [ -Q ] [ -r rootdir ] [ -s ] [ -S ]
       [ -u umask ] [ -V ] [ -w ] [ -W ] [ -X ]

DESCRIPTION
       Ftpd is the Internet File Transfer  Protocol  server  pro-
       cess.  The server uses the TCP protocol and listens at the
       port specified in the ``ftp'' service  specification;  see
       services(5).

       The  -V option causes the program to display copyright and
       version information, then terminate.

       If the -d or -v option is specified, debugging information
       is written to the syslog.

       If  the -l option is specified, each ftp session is logged
       in the syslog.

       The ftp server will timeout an inactive session  after  15
       minutes.   If  the  -t option is specified, the inactivity
       timeout period will be set to timeout seconds.   A  client
       may  also  request a different timeout period; the maximum
       period allowed may be set to timeout seconds with  the  -T
       option.  The default limit is 2 hours.

       If the -a option is specified, the use of the ftpaccess(5)
       configuration file is enabled.

       If the -A option is specified,  use  of  the  ftpaccess(5)
       configuration file is disabled. This is the default.

       If  the  -L  option  is  specified,  commands  sent to the
       ftpd(8) server will be  logged  to  the  syslog.   The  -L
       option  is overridden by the use of the ftpaccess(5) file.
       If the -L flag is used, command  logging  will  be  on  by
       default  as  soon as the ftp server is invoked.  This will
       cause the server to log all USER commands, which if a user
       accidentally enters a password for that command instead of
       the username, will cause passwords to be logged  via  sys-
       log.

       If  the  -i  option  is  specified,  files received by the
       ftpd(8) server will be logged to the xferlog(5).   The  -i
       option  is overridden by the use of the ftpaccess(5) file.

       The -I option disables the use of RFC931  (AUTH/ident)  to
       attempt to determine the username on the client.

       If  the  -o  option is specified, files transmitted by the
       ftpd(8) server will be logged to the xferlog(5).   The  -o
       option  is overridden by the use of the ftpaccess(5) file.
       If the -X option is specified, the output created  by  the
       -i  and  -o  options  is not saved to the xferlog file but
       saved via syslog so you can collect  output  from  several
       hosts on one central loghost.

       If the -u option is specified, the default umask is set to
       umask.

       If the -W option is specified user logins are not recorded
       in  the  wtmp file.  The default ( -w ) is to record every
       login and logout.

       The -s and -S options place the daemon in standalone oper-
       ation  mode.   The  -S option runs the daemon in the back-
       ground and is useful in startup scripts during system ini-
       tialization  (ie., in rc.local).  The -s option leaves the
       daemon in foreground and is useful when running from  init
       (ie., /etc/inittab).

       The  -p  and  -P options override the port numbers used by
       the daemon.  Normally, the daemon determines the port num-
       bers by looking in /etc/services for "ftp" and "ftp-data".
       If there is no /etc/services entry for "ftp-data" and  the
       -P  option is not specified, the daemon uses the port just
       prior to the control connection port.  The  -p  option  is
       only available if running as a standalone daemon.

       The -q and -Q options deterine whether the daemon uses the
       PID files.  These files are required by the  limit  direc-
       tive  to  determine  the  number  of current users in each
       access class.  Disabling the use of the PID files disables
       user  limits.  The default ( -q ) is to use the PID files.
       Specify -Q when testing the server as a normal  user  when
       access  permissions  prevent  the  use  of  the PID files.
       Large, busy sites which do not wish to  impose  limits  on
       the number of concurrent users may also consider disabling
       the PID files.

       The -r option instructs the daemon  to  chroot(2)  to  the
       specified  rootdir  immedeately  upon  loading.   This can
       improve system security by limiting the files which may be
       damaged should a breakin occur through the daemon.  Set is
       much like anonymous  FTP,  with  additional  files  needed
       which vary from system to system.

       The  ftp  server  currently  supports  the  following  ftp
       requests; case is not distinguished.

       Request        Description
       ABOR           abort previous command
       ACCT           specify account (ignored)
       ALLO           allocate storage (vacuously)
       APPE           append to a file
       CDUP           change to parent of current working directory
       CWD            change working directory
       DELE           delete a file
       HELP           give help information
       LIST           give list files in a directory (``ls -lgA'')
       MKD            make a directory
       MDTM           show last modification time of file
       MODE           specify data transfer mode
       NLST           give name list of files in directory
       NOOP           do nothing
       PASS           specify password
       PASV           prepare for server-to-server transfer
       PORT           specify data connection port
       PWD            print the current working directory
       QUIT           terminate session
       REST           restart incomplete transfer
       RETR           retrieve a file
       RMD            remove a directory
       RNFR           specify rename-from file name
       RNTO           specify rename-to file name
       SITE           non-standard commands (see next section)
       SIZE           return size of file
       STAT           return status of server
       STOR           store a file
       STOU           store a file with a unique name
       STRU           specify data transfer structure
       SYST           show operating system type of server system
       TYPE           specify data transfer type
       USER           specify user name
       XCUP           change to parent of current working directory (deprecated)
       XCWD           change working directory (deprecated)
       XMKD           make a directory (deprecated)
       XPWD           print the current working directory (deprecated)
       XRMD           remove a directory (deprecated)

       The following non-standard or UNIX specific  commands  are
       supported by the SITE request.

       Request        Description
       UMASK          change umask. E.g. SITE UMASK 002
       IDLE           set idle-timer. E.g. SITE IDLE 60
       CHMOD          change mode of a file. E.g. SITE CHMOD 755 filename
       HELP           give help information. E.g. SITE HELP
       NEWER          list files newer than a particular date
       MINFO          like SITE NEWER, but gives extra information
       GROUP          request special group access. E.g. SITE GROUP foo
       GPASS          give special group access password. E.g. SITE GPASS bar
       EXEC           execute a program.  E.g. SITE EXEC program params

       The  remaining  ftp requests specified in Internet RFC 959
       are recognized, but not implemented.  MDTM  and  SIZE  are
       not  specified  in  RFC  959,  but will appear in the next
       updated FTP RFC.

       The ftp server will abort an  active  file  transfer  only
       when  the  ABOR command is preceded by a Telnet "Interrupt
       Process" (IP) signal and a Telnet "Synch"  signal  in  the
       command  Telnet  stream, as described in Internet RFC 959.
       If a STAT command is received during a data transfer, pre-
       ceded  by  a  Telnet IP and Synch, transfer status will be
       returned.

       Ftpd interprets file names according to  the  ``globbing''
       conventions  used by csh(1).  This allows users to utilize
       the metacharacters ``*?[]{}~''.

       Ftpd authenticates users according to four rules.

       1)     The user name must be in the  password  data  base,
              /etc/passwd,  or  whatever  is  appropriate for the
              operating system, and  the  password  must  not  be
              null.   In this case a password must be provided by
              the client before any file operations may  be  per-
              formed.

       2)     The   user   name  must  not  appear  in  the  file
              /etc/ftpusers.

       3)     The user must have a  standard  shell  returned  by
              getusershell(3).

       4)     If  the  user  name is ``anonymous'' or ``ftp'', an
              anonymous ftp account must be present in the  pass-
              word file (user ``ftp'').  In this case the user is
              allowed to log in by specifying  any  password  (by
              convention  this  is  given  as  the  client host's
              name).

       In the last case, ftpd takes special measures to  restrict
       the  client's  access  privileges.   The server performs a
       chroot(2) command to the home  directory  of  the  ``ftp''
       user.   In  order that system security is not breached, it
       is recommended that the  ``ftp''  subtree  be  constructed
       with care;  the following rules are recommended.

       ~ftp)  Make  the  home  directory  owned by super-user and
              unwritable by anyone.

       ~ftp/bin)
              Make this directory owned  by  the  super-user  and
              unwritable  by  anyone.   The program ls(1) must be
              present to support the list command.  This  program
              should have mode 111.

       ~ftp/etc)
              Make  this  directory  owned  by the super-user and
              unwritable by  anyone.   The  files  passwd(5)  and
              group(5)  must  be present for the ls command to be
              able to produce owner names  rather  than  numbers.
              Depending  on  the  operating  system, there may be
              other required files. Check your  manual  page  for
              the  getpwent(3)  library  routine.   The  password
              field in passwd is not used, and should not contain
              real  encrypted  passwords.   These files should be
              mode 444 and owned by the  super-user.   Don't  use
              the  system's /etc/passwd file as the password file
              or the system's /etc/group file as the  group  file
              in the ~ftp/etc directory.

       ~ftp/pub)
              Create  a  subdirectory in ~ftp/pub with the appro-
              priate mode (777 or 733) if you want to allow  nor-
              mal users to upload files.

AUTHENTICATION MECHANISM ON BSD/OS SYSTEMS ONLY
       The authentication mechanism used by ftpd is determined by
       the ``auth-ftp'' entry in the  /etc/login.conf  file  (see
       login.conf(5))  that matches the users class.  If there is
       no ``auth-ftp'' entry for the class, the  normal  ``auth''
       entry  will  be used instead.  An alternate authentication
       mechanism may be specified by appending  a  colon  (``:'')
       followed by the authentication style, i.e. ``joe:skey''.

GENERAL FTP EXTENSIONS
       There  are  some extensions to the FTP server such that if
       the user specifies a filename (when using a RETRIEVE  com-
       mand) such that:

        True Filename  Specified Filename  Action
        -------------  ------------------  -----------------------------------
        <filename>.Z   <filename>          Decompress file before transmitting
        <filename>     <filename>.Z        Compress <filename> before
                                                   transmitting
        <filename>     <filename>.tar      Tar <filename> before transmitting
        <filename>     <filename>.tar.Z    Tar and compress <filename> before
                                                   transmitting

       Also,  the  FTP  server will attempt to check for valid e-
       mail addresses and chide the user if he doesn't  pass  the
       test.   For  users  whose  FTP  client  will hang on "long
       replies" (i.e. multiline responses), using a dash  as  the
       first  character of the password will disable the server's
       lreply() function.

       The FTP server can also  log  all  file  transmission  and
       reception, keeping the following information for each file
       transmission that takes place.

       Mon Dec  3 18:52:41 1990 1 wuarchive.wustl.edu 568881 /files.lst.Z a _ o a chris@wugate.wustl.edu ftp 0 *

         %.24s %d %s %d %s %c %s %c %c %s %s %d %s
           1   2  3  4  5  6  7  8  9  10 11 12 13

         1 current time in the form DDD MMM dd hh:mm:ss YYYY
         2 transfer time in seconds
         3 remote host name
         4 file size in bytes
         5 name of file
         6 transfer type (a>scii, b>inary)
         7 special action flags (concatenated as needed):
               C   file was compressed
               U   file was uncompressed
               T   file was tar'ed
               _   no action taken
         8 file was sent to user (o>utgoing) or received from
           user (i>ncoming)
         9 accessed anonymously (r>eal, a>nonymous, g>uest) -- mostly for FTP
        10 local username or, if guest, ID string given
           (anonymous FTP password)
        11 service name ('ftp', other)
        12 authentication method (bitmask)
               0   none
               1   RFC931 Authentication
        13 authenticated user id (if available, '*' otherwise)

SEE ALSO
       ftp(1), getusershell(3), syslogd(8),  ftpaccess(5),  xfer-
       log(5), umask(2)

BUGS
       The  anonymous  account is inherently dangerous and should
       avoided when possible.

       The server must run as the super-user  to  create  sockets
       with  privileged  port numbers.  It maintains an effective
       user id of the logged in user, reverting to the super-user
       only  when  binding  addresses  to  sockets.  The possible
       security holes have been extensively scrutinized, but  are
       possibly incomplete.

                           Jan 10, 1997                         1