IN.FTPD(1M)IN.FTPD(1M)NAME
in.ftpd, ftpd - File Transfer Protocol Server
SYNOPSISin.ftpd [-4] [-A] [-a] [-C] [-d] [-I] [-i] [-K] [-L] [-l]
[-o] [-P dataport] [-p ctrlport] [-Q] [-q]
[-r rootdir] [-S] [-s] [-T maxtimeout] [-t timeout]
[-u umask] [-V] [-v] [-W] [-w] [-X]
DESCRIPTIONin.ftpd is the Internet File Transfer Protocol (FTP) server process.
The server may be invoked by the Internet daemon inetd(1M) each time a
connection to the FTP service is made or run as a standalone server.
See services(4).
OPTIONSin.ftpd supports the following options:
-4
When running in standalone mode, listen for connec‐
tions on an AF_INET type socket. The default is to
listen on an AF_INET6 type socket.
-a
Enables use of the ftpaccess(4) file.
-A
Disables use of the ftpaccess(4) file. Use of ftpac‐
cess is disabled by default.
-C
Non-anonymous users need local credentials (for exam‐
ple, to authenticate to remote fileservers). So they
should be prompted for a password unless they for‐
warded credentials as part of authentication.
-d
Writes debugging information to syslogd(1M).
-i
Logs the names of all files received by the FTP Server
to xferlog(4). You can override the -i option through
use of the ftpaccess(4) file.
-I
Disables the use of AUTH and ident to determine the
username on the client. See RFC 931. The FTP Server is
built not to use AUTH and ident.
-K
Connections are only allowed for users who can authen‐
ticate through the ftp AUTH mechanism. (Anonymous ftp
may also be allowed if it is configured.) ftpd will
ask the user for a password if one is required.
-l
Logs each FTP session to syslogd(1M).
-L
Logs all commands sent to in.ftpd to syslogd(1M). When
the -L option is used, command logging will be on by
default, once the FTP Server is invoked. Because the
FTP Server includes USER commands in those logged, if
a user accidentally enters a password instead of the
username, the password will be logged. You can over‐
ride the -L option through use of the ftpaccess(4)
file.
-o
Logs the names of all files transmitted by the FTP
Server to xferlog(4). You can override the -o option
through use of the ftpaccess(4) file.
-P dataport
The FTP Server determines the port number by looking
in the services(4) file for an entry for the ftp-data
service. If there is no entry, the daemon uses the
port just prior to the control connection port. Use
the -P option to specify the data port number.
-p ctrlport
When run in standalone mode, the FTP Server determines
the control port number by looking in the services(4)
file for an entry for the ftp service. Use the -p
option to specify the control port number.
-Q
Disables PID files. This disables user limits. Large,
busy sites that do not want to impose limits on the
number of concurrent users can use this option to dis‐
able PID files.
-q
Uses PID files. The limit directive uses PID files to
determine the number of current users in each access
class. By default, PID files are used.
-r rootdir
chroot(2) to rootdir upon loading. Use this option to
improve system security. It limits the files that can
be damaged should a break in occur through the daemon.
This option is similar to anonymous FTP. Additional
files are needed, which vary from system to system.
-S
Places the daemon in standalone operation mode. The
daemon runs in the background. This is useful for
startup scripts that run during system initialization.
See init.d(4).
-s
Places the daemon in standalone operation mode. The
daemon runs in the foreground. This is useful when run
from /etc/inittab by init(1M).
-T maxtimeout
Sets the maximum allowable timeout period to maxtime‐
out seconds. The default maximum timeout limit is 7200
second (two hours). You can override the -T option
through use of the ftpaccess(4) file.
-t timeout
Sets the inactivity timeout period to timeout seconds.
The default timeout period is 900 seconds (15 min‐
utes). You can override the -t option through use of
the ftpaccess(4) file.
-u umask
Sets the default umask to umask.
-V
Displays copyright and version information, then ter‐
minate.
-v
Writes debugging information to syslogd(1M).
-W
Does not record user login and logout in the wtmpx(4)
file.
-w
Records each user login and logout in the wtmpx(4)
file. By default, logins and logouts are recorded.
-X
Writes the output from the -i and -o options to the
syslogd(1M) file instead of xferlog(4). This allows
the collection of output from several hosts on one
central loghost. You can override the -X option
through use of the ftpaccess(4) file.
Requests
The FTP Server currently supports the following FTP requests. Case is
not distinguished.
ABOR
Abort previous command.
ADAT
Send an authentication protocol message.
ALLO
Allocate storage (vacuously).
AUTH
Specify an authentication protocol to be performed. Currently
only "GSSAPI" is supported.
APPE
Append to a file.
CCC
Set the command channel protection mode to "Clear" (no protec‐
tion). Not allowed if data channel is protected.
CDUP
Change to parent of current working directory.
CWD
Change working directory.
DELE
Delete a file.
ENC
Send a privacy and integrity protected command (given in argu‐
ment).
EPRT
Specify extended address for the transport connection.
EPSV
Extended passive command request.
HELP
Give help information.
LIST
Give list files in a directory (ls -lA).
LPRT
Specify long address for the transport connection.
LPSV
Long passive command request.
MIC
Send an integrity protected command (given in argument).
MKD
Make a directory.
MDTM
Show last time file modified.
MODE
Specify data transfer mode.
NLST
Give name list of files in directory (ls).
NOOP
Do nothing.
PASS
Specify password.
PASV
Prepare for server-to-server transfer.
PBSZ
Specify a protection buffer size.
PROT
Specify a protection level under which to protect data trans‐
fers. Allowed arguments:
clear
No protection.
safe
Integrity protection
private
Integrity and encryption protection
PORT
Specify data connection port.
PWD
Print the current working directory.
QUIT
Terminate session.
REST
Restart incomplete transfer.
RETR
Retrieve a file.
RMD
Remove a directory.
RNFR
Specify rename-from file name.
RNTO
Specify rename-to file name.
SITE
Use nonstandard commands.
SIZE
Return size of file.
STAT
Return status of server.
STOR
Store a file.
STOU
Store a file with a unique name.
STRU
Specify data transfer structure.
SYST
Show operating system type of server system.
TYPE
Specify data transfer type.
USER
Specify user name.
XCUP
Change to parent of current working directory. This request is
deprecated.
XCWD
Change working directory. This request is deprecated.
XMKD
Make a directory. This request is deprecated.
XPWD
Print the current working directory. This request is depre‐
cated.
XRMD
Remove a directory. This request is deprecated.
The following nonstandard or UNIX specific commands are supported by
the SITE request:
ALIAS
List aliases.
CDPATH
List the search path used when changing directories.
CHECKMETHOD
List or set the checksum method.
CHECKSUM
Give the checksum of a file.
CHMOD
Change mode of a file. For example, SITE CHMOD 755 file‐
name.
EXEC
Execute a program. For example, SITE EXEC program params
GPASS
Give special group access password. For example, SITE
GPASS bar.
GROUP
Request special group access. For example, SITE GROUP
foo.
GROUPS
List supplementary group membership.
HELP
Give help information. For example, SITE HELP.
IDLE
Set idle-timer. For example, SITE IDLE 60.
UMASK
Change umask. For example, SITE UMASK 002.
The remaining FTP requests specified in RFC 959 are recognized, but not
implemented.
The FTP server will abort an active file transfer only when the ABOR
command is preceded by a Telnet "Interrupt Process" (IP) signal and a
Telnet "Synch" signal in the command Telnet stream, as described in RFC
959. If a STAT command is received during a data transfer that has been
preceded by a Telnet IP and Synch, transfer status will be returned.
in.ftpd interprets file names according to the "globbing" conventions
used by csh(1). This allows users to utilize the metacharacters: * ? [
] { } ~
in.ftpd authenticates users according to the following rules:
First, the user name must be in the password data base, the location of
which is specified in nsswitch.conf(4). An encrypted password (an
authentication token in PAM) must be present. A password must always be
provided by the client before any file operations can be performed. For
non-anonymous users, the PAM framework is used to verify that the cor‐
rect password was entered. See SECURITY below.
Second, the user name must not appear in either the /etc/ftpusers or
the /etc/ftpd/ftpusers file. Use of the /etc/ftpusers files is depre‐
cated, although it is still supported.
Third, the users must have a standard shell returned by getuser‐
shell(3C).
Fourth, if the user name is anonymous or ftp, an anonymous ftp account
must be present in the password file for user ftp. Use ftpconfig(1M) to
create the anonymous ftp account and home directory tree.
Fifth, if the GSS-API is used to authenticate the user, then
gss_auth_rules(5) determines user access without a password needed.
The FTP Server supports virtual hosting, which can be configured by
using ftpaddhost(1M).
The FTP Server does not support sublogins.
General FTP Extensions
The FTP Server has certain extensions. If the user specifies a filename
that does not exist with a RETR (retrieve) command, the FTP Server
looks for a conversion to change a file or directory that does into the
one requested. See ftpconversions(4).
By convention, anonymous users supply their email address when prompted
for a password. The FTP Server attempts to validate these email
addresses. A user whose FTP client hangs on a long reply, for example,
a multiline response, should use a dash (-) as the first character of
the user's password, as this disables the Server's lreply() function.
The FTP Server can also log all file transmission and reception. See
xferlog(4) for details of the log file format.
The SITE EXEC command may be used to execute commands in the /bin/ftp-
exec directory. Take care that you understand the security implications
before copying any command into the /bin/ftp-exec directory. For exam‐
ple, do not copy in /bin/sh. This would enable the user to execute
other commands through the use of sh -c. If you have doubts about this
feature, do not create the /bin/ftp-exec directory.
SECURITY
For non-anonymous users, in.ftpd uses pam(3PAM) for authentication,
account management, and session management, and can use Kerberos v5 for
authentication.
The PAM configuration policy, listed through /etc/pam.conf, specifies
the module to be used for in.ftpd. Here is a partial pam.conf file with
entries for the in.ftpd command using the UNIX authentication, account
management, and session management module.
ftp auth requisite pam_authtok_get.so.1
ftp auth required pam_dhkeys.so.1
ftp auth required pam_unix_auth.so.1
ftp account required pam_unix_roles.so.1
ftp account required pam_unix_projects.so.1
ftp account required pam_unix_account.so.1
ftp session required pam_unix_session.so.1
If there are no entries for the ftp service, then the entries for the
"other" service will be used. Unlike login, passwd, and other commands,
the ftp protocol will only support a single password. Using multiple
modules will prevent in.ftpd from working properly.
To use Kerberos for authentication, a host/<FQDN> Kerberos principal
must exist for each Fully Qualified Domain Name associated with the
in.ftpd server. Each of these host/<FQDN> principals must have a keytab
entry in the /etc/krb5/krb5.keytab file on the in.ftpd server. An exam‐
ple principal might be:
host/bigmachine.eng.example.com
See kadmin(1M) or gkadmin(1M) for instructions on adding a principal to
a krb5.keytab file. See for a discussion of Kerberos authentication.
For anonymous users, who by convention supply their email address as a
password, in.ftpd validates passwords according to the passwd-check
capability in the ftpaccess file.
USAGE
The in.ftpd command is IPv6-enabled. See ip6(7P).
FILES
/etc/ftpd/ftpaccess
FTP Server configuration file
/etc/ftpd/ftpconversions
FTP Server conversions database
/etc/ftpd/ftpgroups
FTP Server enhanced group access file
/etc/ftpd/ftphosts
FTP Server individual user host access file
/etc/ftpd/ftpservers
FTP Server virtual hosting configuration file.
/etc/ftpd/ftpusers
File listing users for whom FTP login privileges are disallowed.
/etc/ftpusers
File listing users for whom FTP login privileges are disallowed.
This use of this file is deprecated.
/var/log/xferlog
FTP Server transfer log file
/var/run/ftp.pids-classname
/var/adm/wtmpx
Extended database files that contain the history of user access and
accounting information for the wtmpx database.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
┌────────────────────┬─────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├────────────────────┼─────────────────┤
│Interface Stability │ External │
└────────────────────┴─────────────────┘
SEE ALSOcsh(1), ftp(1), ftpcount(1), ftpwho(1), ls(1), svcs(1), ftpaddhost(1M),
ftpconfig(1M), ftprestart(1M), ftpshut(1M), gkadmin(1M), inetadm(1M),
inetd(1M), kadmin(1M), svcadm(1M), syslogd(1M), chroot(2), umask(2),
getpwent(3C), getusershell(3C), syslog(3C), ftpaccess(4), ftpconver‐
sions(4), ftpgroups(4), ftphosts(4), ftpservers(4), ftpusers(4),
group(4), passwd(4), services(4), xferlog(4), wtmpx(4), attributes(5),
gss_auth_rules(5), pam_authtok_check(5), pam_authtok_get(5), pam_auth‐
tok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5),
pam_unix_auth(5), pam_unix_session(5), smf(5), ip6(7P)
Allman, M., Ostermann, S., and Metz, C. RFC 2428, FTP Extensions for
IPv6 and NATs. The Internet Society. September 1998.
Piscitello, D. RFC 1639, FTP Operation Over Big Address Records (FOO‐
BAR). Network Working Group. June 1994.
Postel, Jon, and Joyce Reynolds. RFC 959, File Transfer Protocol (FTP
). Network Information Center. October 1985.
St. Johns, Mike. RFC 931, Authentication Server. Network Working Group.
January 1985.
Linn, J., Generic Security Service Application Program Interface Ver‐
sion 2, Update 1, RFC 2743. The Internet Society, January 2000.
Horowitz, M., Lunt, S., FTP Security Extensions, RFC 2228. The Internet
Society, October 1997.
DIAGNOSTICSin.ftpd logs various errors to syslogd(1M), with a facility code of
daemon.
NOTES
The anonymous FTP account is inherently dangerous and should be avoided
when possible.
The FTP Server must perform certain tasks as the superuser, for exam‐
ple, the creation of sockets with privileged port numbers. It maintains
an effective user ID of the logged in user, reverting to the superuser
only when necessary.
The FTP Server no longer supports the /etc/default/ftpd file. Instead
of using UMASK=nnn to set the umask, use the defumask capability in the
ftpaccess file. The banner greeting text capability is also now set
through the ftpaccess file by using the greeting text capability
instead of by using BANNER="...". However, unlike the BANNER string,
the greeting text string is not passed to the shell for evaluation. See
ftpaccess(4).
The pam_unix(5) module is no longer supported. Similar functionality is
provided by pam_authtok_check(5), pam_authtok_get(5), pam_auth‐
tok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5),
pam_unix_auth(5), and pam_unix_session(5).
The in.ftpd service is managed by the service management facility,
smf(5), under the service identifier:
svc:/network/ftp
Administrative actions on this service, such as enabling, disabling, or
requesting restart, can be performed using svcadm(1M). Responsibility
for initiating and restarting this service is delegated to inetd(1M).
Use inetadm(1M) to make configuration changes and to view configuration
information for this service. The service's status can be queried using
the svcs(1) command.
Nov 10, 2005 IN.FTPD(1M)
