ftpd man page on DigitalUNIX

Man page or keyword search:  
man Server   12896 pages
apropos Keyword Search (all sections)
Output format
DigitalUNIX logo
[printable version]

ftpd(8)								       ftpd(8)

NAME
       ftpd  -	The  File Transfer Protocol server daemon, including anonymous
       service

SYNOPSIS
       ftpd [-dlnxK] [-t time-out] [-T maxtime-out]

OPTIONS
       Debugging information is sent to the syslogd daemon  (see  syslogd(8)).
       Each  FTP  session, as well as additional information, such as the file
       name retrieved or stored, the number of bytes, and the attempted logins
       that  failed, is sent to the syslogd daemon (see syslogd(8)).  Disables
       reverse lookups of remote host names. This  option  can	prevent	 login
       delays  and  timeouts  in  an environment where host name resolution is
       sluggish.  The inactivity time-out period will be set to time-out  sec‐
       onds.   The maximum time-out period allowed may be set to time-out sec‐
       onds with this option.  Encrypts the data transmitted between the local
       host  and  the  remote  host.  This  option requires that the local and
       remote hosts be configured to use Kerberos authentication in  the  same
       or trusting Kerberos realms.

	      If  the  ftpd daemon is started with the -x option, only connec‐
	      tions initiated with the -x option from a remote	host  will  be
	      accepted.	  All  communications  between	the  two hosts will be
	      encrypted.  Specifies that only Kerberos	authenticated  connec‐
	      tions  will be accepted. This option requires that the local and
	      remote hosts be configured to use Kerberos authentication in the
	      same or trusting Kerberos realms.

	      If  the  ftpd daemon is started with the -K option, only connec‐
	      tions initiated from a host in the  same	or  trusting  Kerberos
	      domain  will  be	accepted.  All	communications between the two
	      hosts will be encrypted.

SECURITY NOTE
       This security-sensitive command	uses  the  SIA	(Security  Integration
       Architecture)  routine  as an interface to the security mechanisms. See
       matrix.conf(4) for more information.

DESCRIPTION
       The ftpd command is  the	 DARPA	(Defense  Advanced  Research  Projects
       Agency)	Internet  File	Transfer  Protocol server process.  The server
       uses the TCP protocol and listens at the port specified in the FTP ser‐
       vice specification; see services(4).

       The  FTP	 server will time out an inactive session after 15 minutes. If
       the -t option is specified, the inactivity time-out period will be  set
       to  time-out  seconds.  A  client may also request a different time-out
       period; the maximum period allowed may be set to time-out seconds  with
       the -T option. The default limit is 2 hours.

       If you want to use a customized banner, create an /etc/banner file. The
       ftpd daemon reads the file, if it exists, and writes its contents  over
       a new FTP connection prior to starting the login dialog.

       The  ftpd  command  interprets file names according to the ``globbing''
       conventions used by the	C  shell  (see	csh(1)).  This	interpretation
       allows users to utilize the metacharacters ``*?[]{}~''.

       The  way	 in  which  the ftpd daemon authenticates a user and transmits
       data depends on if the local and remote hosts are using a basic connec‐
       tion  or	 a  secure connection (Kerberos). Basic and secure connections
       provide user authentication; however, a secure connection also provides
       client  and server authentication, data encryption, data integrity, and
       nonrepudiation.

   Basic Connection
       A basic connection is one where the  ftpd  daemon  authenticates	 users
       according  to  four  rules: The user name must be in the password data‐
       base, /etc/passwd, and not have a null password.	 In this case, a pass‐
       word  must  be provided by the client before any file operations may be
       performed.  The user name must not appear in  the  /etc/ftpusers	 file.
       The user must have a standard shell returned by the getusershell() call
       (see getusershell(3)).  If the user name is anonymous or ftp, an anony‐
       mous  ftp  account  must be present in the /etc/passwd file (user ftp).
       In this case, the user is allowed to log in by specifying any  password
       (by convention this is given as the client host's name).

   Secure Connection
       A  secure  connection is one where the ftpd daemon authenticates a user
       by using Kerberos. Kerberos is a client/server application that authen‐
       ticate  the  client,  server,  and  user, encrypt data, and ensure data
       integrity and nonrepudiation.  See your system administrator to	deter‐
       mine  if	 your  system is running Kerberos. See Security Administration
       for more information about Kerberos.

       Kerberos authenticates by using	secret-key  cryptography  and  tickets
       between	Kerberos  clients  and Kerberos server in the same or trusting
       Kerberos realms. Once authenticated by Kerberos, users receive  a  Ker‐
       beros  Ticket  Granting	Ticket	(TGT).	Users with a valid TGT are not
       prompted for a user name or password when the remote  host  is  in  the
       same or trusting Kerberos realm.

   FTP REQUESTS
       The  FTP	 server currently supports the following ftp requests; case is
       not distinguished:

       ─────────────────────────────────────────────────────────────────────────
       Request	 Description
       ─────────────────────────────────────────────────────────────────────────
       ABOR	 Abort previous command.

		 The ftp server will abort an active file  transfer  only  when
		 the  ABOR  command  is	 preceded by a Telnet Interrupt Process
		 (IP) signal and a Telnet Synch signal in  the	command	 Telnet
		 stream, as described in Internet RFC 959.
       ACCT	 Specify account (ignored).
       ALLO	 Allocate storage (vacuously).
       APPE	 Append to a file.
       CDUP	 Change to parent of current working directory.
       CWD	 Change working directory.
       DELE	 Delete a file.
       EPSV	 Prepare  for  proxy  transfer	(default)  and server-to-server
		 transfer.
       EPRT	 Specify data connection port.
       HELP	 Give help information.
       LIST	 Give list files in a directory (ls -lgA).
       LPRT	 Specify data connection port (IPv6 addresses only).
       LPSV	 Prepare for server-to-server transfer (IPv6 addresses only).
       MKD	 Make a directory.
       MDTM	 Show last modification time of file.
       MODE	 Specify data transfer mode.
       NLST	 Give name list of files in directory.
       NOOP	 Do nothing.
       PASS	 Specify password.
       PASV	 Prepare for server-to-server transfer (IPv4 addresses only).
       PORT	 Specify data connection port (IPv4 addresses only).

       PWD	 Print the current working directory.
       QUIT	 Terminate session.
       REST	 Restart incomplete transfer
       RETR	 Retrieve a file
       RMD	 Remove a directory
       RNFR	 Specify rename-from file name
       RNTO	 Specify rename-to file name
       SITE	 Nonstandard commands (see next section)
       SIZE	 Return size of file
       STAT	 Return status of server. If a STAT command is received	 during
		 a  data  transfer, preceded by a Telnet IP and Synch, transfer
		 status will be returned.
       STOR	 Store a file
       STOU	 Store a file with a unique name
       STRU	 Specify data transfer structure
       SYST	 Show operating system type of server system
       TYPE	 Specify data transfer type
       USER	 Specify username
       XCUP	 Change to parent of current working directory (deprecated)
       XCWD	 Change working directory (deprecated)
       XMKD	 Make a directory (deprecated)
       XPWD	 Print the current working directory (deprecated)
       XRMD	 Remove a directory (deprecated)
       ─────────────────────────────────────────────────────────────────────────

       The following nonstandard or UNIX compatible commands are supported  by
       the SITE request:

       ─────────────────────────────────────────────────────────────
       Request	 Description
       ─────────────────────────────────────────────────────────────
       UMASK	 Change umask (for example, SITE UMASK 002)
       IDLE	 Set idle timer (for example, SITE IDLE 60)
       CHMOD	 Change	   mode	   of	 a   file   (for   example,
		 SITE CHMOD 755 filename)
       HELP	 Give help information (for example, SITE HELP)
       ─────────────────────────────────────────────────────────────

       The remaining ftp requests specified in Internet	 RFC  959  are	recog‐
       nized,  but  not	 implemented.	MDTM and SIZE are not specified in RFC
       959, but will appear in the next updated FTP RFC.

   TYPE-OF-SERVICE VALUES
       The ftp command uses the default Type-of-Service values recommended  by
       RFC1060, which are as follows: Low delay High throughput

   Anonymous FTP Configuration
       If  you	are creating an anonymous FTP account, ftpd takes special mea‐
       sures to restrict the client's access privileges when the user logs in.
       The server executes a chroot call (see chroot(2)) to the home directory
       of the ftp user. In order that system security is not breached,	it  is
       recommended that you adhere to the following rules when creating direc‐
       tories and files in the ftp subtree: Make the home directory  owned  by
       the  superuser  (root)  and  unwritable by anyone.  Make this directory
       owned by the superuser and unwritable by anyone.	 The ls	 program  (see
       ls(1)) must be present to support the list command. This program should
       have mode 111.

	      Copy the ls program  from	 /sbin/ls.   This  is  the  statically
	      linked  version of the ls command, which does not require shared
	      library support.	Be sure to copy the static version of ls  from
	      the  /sbin  directory,  not the shared version from the /usr/bin
	      directory.  Make this  directory	owned  by  the	superuser  and
	      unwritable by anyone.  The passwd and group files (see passwd(4)
	      and group(4) ) must be present for the ls command to be able  to
	      produce  owner  names rather than numbers. The password field in
	      the passwd file  is  not	used,  and  should  not	 contain  real
	      encrypted passwords. These files should be mode 444.

	      In  this	environment,  the sia subdirectory (which you can copy
	      from /etc/sia) must also be present for the  ls  command	to  be
	      able  to	produce	 owner	names  rather than numbers.  Make this
	      directory mode 777 and owned by ftp.  Users  should  then	 place
	      files  that  are	to  be accessible via the anonymous account in
	      this directory.

       You can configure these values by specifying  them  in  the  /etc/iptos
       file. For more information, see iptos(4).

FILES
       Specifies  the  command path.  Contains the list of unauthorized users.
       Specifies the path name for the banner file.

CAUTIONS
       The anonymous account is inherently dangerous  and  should  be  avoided
       when possible.

       The  server must run as the superuser to create sockets with privileged
       port numbers.  It maintains an effective user ID of the logged in user,
       reverting to the superuser only when binding addresses to sockets.  The
       possible security holes have been extensively scrutinized, but are pos‐
       sibly incomplete.

SEE ALSO
       Commands: ftp(1), syslogd(8)

       Functions: getusershell(3)

       Files: iptos(4)

       Guides: Security Administration

								       ftpd(8)
[top]

List of man pages available for DigitalUNIX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net