in.ftpd man page on SmartOS

Man page or keyword search:  
man Server   16655 pages
apropos Keyword Search (all sections)
Output format
SmartOS logo
[printable version]

IN.FTPD(1M)							   IN.FTPD(1M)

       in.ftpd, ftpd - File Transfer Protocol Server

       in.ftpd [-4] [-A] [-a] [-C] [-d] [-I] [-i] [-K] [-L] [-l]
	    [-o] [-P dataport] [-p ctrlport] [-Q] [-q]
	    [-r rootdir] [-S] [-s] [-T maxtimeout] [-t timeout]
	    [-u umask] [-V] [-v] [-W] [-w] [-X]

       in.ftpd	is  the	 Internet File Transfer Protocol (FTP) server process.
       The server may be invoked by the Internet daemon inetd(1M) each time  a
       connection  to  the  FTP service is made or run as a standalone server.
       See services(4).

       in.ftpd supports the following options:

			When running in standalone mode,  listen  for  connec‐
			tions  on  an  AF_INET	type socket. The default is to
			listen on an AF_INET6 type socket.

			Enables use of the ftpaccess(4) file.

			Disables use of the ftpaccess(4) file. Use  of	ftpac‐
			cess is disabled by default.

			Non-anonymous  users need local credentials (for exam‐
			ple, to authenticate to remote fileservers).  So  they
			should	be  prompted  for  a password unless they for‐
			warded credentials as part of authentication.

			Writes debugging information to syslogd(1M).

			Logs the names of all files received by the FTP Server
			to  xferlog(4). You can override the -i option through
			use of the ftpaccess(4) file.

			Disables the use of AUTH and ident  to	determine  the
			username on the client. See RFC 931. The FTP Server is
			built not to use AUTH and ident.

			Connections are only allowed for users who can authen‐
			ticate	through the ftp AUTH mechanism. (Anonymous ftp
			may also be allowed if it is  configured.)  ftpd  will
			ask the user for a password if one is required.

			Logs each FTP session to syslogd(1M).

			Logs all commands sent to in.ftpd to syslogd(1M). When
			the -L option is used, command logging will be	on  by
			default,  once	the FTP Server is invoked. Because the
			FTP Server includes USER commands in those logged,  if
			a  user	 accidentally enters a password instead of the
			username, the password will be logged. You  can	 over‐
			ride  the  -L  option  through use of the ftpaccess(4)

			Logs the names of all files  transmitted  by  the  FTP
			Server	to xferlog(4).	You can override the -o option
			through use of the ftpaccess(4) file.

       -P dataport
			The FTP Server determines the port number  by  looking
			in  the services(4) file for an entry for the ftp-data
			service. If there is no entry,	the  daemon  uses  the
			port  just  prior  to the control connection port. Use
			the -P option to specify the data port number.

       -p ctrlport
			When run in standalone mode, the FTP Server determines
			the  control port number by looking in the services(4)
			file for an entry for the  ftp	service.  Use  the  -p
			option to specify the control port number.

			Disables  PID files. This disables user limits. Large,
			busy sites that do not want to impose  limits  on  the
			number of concurrent users can use this option to dis‐
			able PID files.

			Uses PID files. The limit directive uses PID files  to
			determine  the	number of current users in each access
			class. By default, PID files are used.

       -r rootdir
			chroot(2) to rootdir upon loading. Use this option  to
			improve	 system security. It limits the files that can
			be damaged should a break in occur through the daemon.
			This  option  is similar to anonymous FTP.  Additional
			files are needed, which vary from system to system.

			Places the daemon in standalone	 operation  mode.  The
			daemon	runs  in  the  background.  This is useful for
			startup scripts that run during system initialization.
			See init.d(4).

			Places	the  daemon  in standalone operation mode. The
			daemon runs in the foreground. This is useful when run
			from /etc/inittab by init(1M).

       -T maxtimeout
			Sets  the maximum allowable timeout period to maxtime‐
			out seconds. The default maximum timeout limit is 7200
			second	(two  hours).  You  can override the -T option
			through use of the ftpaccess(4) file.

       -t timeout
			Sets the inactivity timeout period to timeout seconds.
			The  default  timeout  period  is 900 seconds (15 min‐
			utes). You can override the -t option through  use  of
			the ftpaccess(4) file.

       -u umask
			Sets the default umask to umask.

			Displays  copyright and version information, then ter‐

			Writes debugging information to syslogd(1M).

			Does not record user login and logout in the  wtmpx(4)

			Records	 each  user  login  and logout in the wtmpx(4)
			file. By default, logins and logouts are recorded.

			Writes the output from the -i and -o  options  to  the
			syslogd(1M)  file  instead  of xferlog(4). This allows
			the collection of output from  several	hosts  on  one
			central	 loghost.  You	can  override  the  -X	option
			through use of the ftpaccess(4) file.

       The FTP Server currently supports the following FTP requests.  Case  is
       not distinguished.

	       Abort previous command.

	       Send an authentication protocol message.

	       Allocate storage (vacuously).

	       Specify	an  authentication protocol to be performed. Currently
	       only "GSSAPI" is supported.

	       Append to a file.

	       Set the command channel protection mode to "Clear" (no  protec‐
	       tion). Not allowed if data channel is protected.

	       Change to parent of current working directory.

	       Change working directory.

	       Delete a file.

	       Send  a privacy and integrity protected command (given in argu‐

	       Specify extended address for the transport connection.

	       Extended passive command request.

	       Give help information.

	       Give list files in a directory (ls -lA).

	       Specify long address for the transport connection.

	       Long passive command request.

	       Send an integrity protected command (given in argument).

	       Make a directory.

	       Show last time file modified.

	       Specify data transfer mode.

	       Give name list of files in directory (ls).

	       Do nothing.

	       Specify password.

	       Prepare for server-to-server transfer.

	       Specify a protection buffer size.

	       Specify a protection level under which to protect  data	trans‐
	       fers. Allowed arguments:

			  No protection.

			  Integrity protection

			  Integrity and encryption protection

	       Specify data connection port.

	       Print the current working directory.

	       Terminate session.

	       Restart incomplete transfer.

	       Retrieve a file.

	       Remove a directory.

	       Specify rename-from file name.

	       Specify rename-to file name.

	       Use nonstandard commands.

	       Return size of file.

	       Return status of server.

	       Store a file.

	       Store a file with a unique name.

	       Specify data transfer structure.

	       Show operating system type of server system.

	       Specify data transfer type.

	       Specify user name.

	       Change  to parent of current working directory. This request is

	       Change working directory. This request is deprecated.

	       Make a directory. This request is deprecated.

	       Print the current working directory.  This  request  is	depre‐

	       Remove a directory. This request is deprecated.

       The  following  nonstandard  or UNIX specific commands are supported by
       the SITE request:

		      List aliases.

		      List the search path used when changing directories.

		      List or set the checksum method.

		      Give the checksum of a file.

		      Change mode of a file. For example, SITE CHMOD 755 file‐

		      Execute a program. For example, SITE EXEC program params

		      Give  special  group  access password. For example, SITE
		      GPASS bar.

		      Request special group access. For	 example,  SITE	 GROUP

		      List supplementary group membership.

		      Give help information. For example, SITE HELP.

		      Set idle-timer. For example, SITE IDLE 60.

		      Change umask. For example, SITE UMASK 002.

       The remaining FTP requests specified in RFC 959 are recognized, but not

       The FTP server will abort an active file transfer only  when  the  ABOR
       command	is  preceded by a Telnet "Interrupt Process" (IP) signal and a
       Telnet "Synch" signal in the command Telnet stream, as described in RFC
       959. If a STAT command is received during a data transfer that has been
       preceded by a Telnet IP and Synch, transfer status will be returned.

       in.ftpd interprets file names according to the  "globbing"  conventions
       used  by csh(1). This allows users to utilize the metacharacters: * ? [
       ] { } ~

       in.ftpd authenticates users according to the following rules:

       First, the user name must be in the password data base, the location of
       which  is  specified  in	 nsswitch.conf(4).  An	encrypted password (an
       authentication token in PAM) must be present. A password must always be
       provided by the client before any file operations can be performed. For
       non-anonymous users, the PAM framework is used to verify that the  cor‐
       rect password was entered. See SECURITY below.

       Second,	the  user  name must not appear in either the /etc/ftpusers or
       the /etc/ftpd/ftpusers file. Use of the /etc/ftpusers files  is	depre‐
       cated, although it is still supported.

       Third,  the  users  must	 have  a  standard  shell returned by getuser‐

       Fourth, if the user name is anonymous or ftp, an anonymous ftp  account
       must be present in the password file for user ftp. Use ftpconfig(1M) to
       create the anonymous ftp account and home directory tree.

       Fifth,  if  the	GSS-API	 is  used  to  authenticate  the  user,	  then
       gss_auth_rules(5) determines user access without a password needed.

       The  FTP	 Server	 supports  virtual hosting, which can be configured by
       using ftpaddhost(1M).

       The FTP Server does not support sublogins.

   General FTP Extensions
       The FTP Server has certain extensions. If the user specifies a filename
       that  does  not	exist  with  a RETR (retrieve) command, the FTP Server
       looks for a conversion to change a file or directory that does into the
       one requested. See ftpconversions(4).

       By convention, anonymous users supply their email address when prompted
       for a password.	The  FTP  Server  attempts  to	validate  these	 email
       addresses.  A user whose FTP client hangs on a long reply, for example,
       a multiline response, should use a dash (-) as the first	 character  of
       the user's password, as this disables the Server's lreply() function.

       The  FTP	 Server	 can also log all file transmission and reception. See
       xferlog(4) for details of the log file format.

       The SITE EXEC command may be used to execute commands in the  /bin/ftp-
       exec directory. Take care that you understand the security implications
       before copying any command into the /bin/ftp-exec directory.  For exam‐
       ple,  do	 not  copy  in	/bin/sh. This would enable the user to execute
       other commands through the use of sh -c. If you have doubts about  this
       feature, do not create the /bin/ftp-exec directory.

       For  non-anonymous  users,  in.ftpd  uses pam(3PAM) for authentication,
       account management, and session management, and can use Kerberos v5 for

       The  PAM	 configuration policy, listed through /etc/pam.conf, specifies
       the module to be used for in.ftpd. Here is a partial pam.conf file with
       entries	for the in.ftpd command using the UNIX authentication, account
       management, and session management module.

	 ftp  auth	  requisite
	 ftp  auth	  required
	 ftp  auth	  required

	 ftp  account	  required
	 ftp  account	  required
	 ftp  account	  required

	 ftp  session	  required

       If there are no entries for the ftp service, then the entries  for  the
       "other" service will be used. Unlike login, passwd, and other commands,
       the ftp protocol will only support a single  password.  Using  multiple
       modules will prevent in.ftpd from working properly.

       To  use	Kerberos  for authentication, a host/<FQDN> Kerberos principal
       must exist for each Fully Qualified Domain  Name	 associated  with  the
       in.ftpd server. Each of these host/<FQDN> principals must have a keytab
       entry in the /etc/krb5/krb5.keytab file on the in.ftpd server. An exam‐
       ple principal might be:


       See kadmin(1M) or gkadmin(1M) for instructions on adding a principal to
       a krb5.keytab file. See	for a discussion of Kerberos authentication.

       For anonymous users, who by convention supply their email address as  a
       password,  in.ftpd  validates  passwords	 according to the passwd-check
       capability in the ftpaccess file.

       The in.ftpd command is IPv6-enabled. See ip6(7P).


	   FTP Server configuration file


	   FTP Server conversions database


	   FTP Server enhanced group access file


	   FTP Server individual user host access file


	   FTP Server virtual hosting configuration file.


	   File listing users for whom FTP login privileges are disallowed.


	   File listing users for whom FTP login  privileges  are  disallowed.
	   This use of this file is deprecated.


	   FTP Server transfer log file



	   Extended database files that contain the history of user access and
	   accounting information for the wtmpx database.

       See attributes(5) for descriptions of the following attributes:

       │Interface Stability │ External	      │

       csh(1), ftp(1), ftpcount(1), ftpwho(1), ls(1), svcs(1), ftpaddhost(1M),
       ftpconfig(1M),  ftprestart(1M),	ftpshut(1M), gkadmin(1M), inetadm(1M),
       inetd(1M), kadmin(1M), svcadm(1M),  syslogd(1M),	 chroot(2),  umask(2),
       getpwent(3C),  getusershell(3C),	 syslog(3C),  ftpaccess(4), ftpconver‐
       sions(4),  ftpgroups(4),	  ftphosts(4),	 ftpservers(4),	  ftpusers(4),
       group(4),  passwd(4), services(4), xferlog(4), wtmpx(4), attributes(5),
       gss_auth_rules(5), pam_authtok_check(5), pam_authtok_get(5),  pam_auth‐
       tok_store(5),  pam_dhkeys(5),  pam_passwd_auth(5), pam_unix_account(5),
       pam_unix_auth(5), pam_unix_session(5), smf(5), ip6(7P)

       Allman, M., Ostermann, S., and Metz, C. RFC 2428,  FTP  Extensions  for
       IPv6 and NATs. The Internet Society. September 1998.

       Piscitello,  D.	RFC 1639, FTP Operation Over Big Address Records (FOO‐
       BAR).  Network Working Group. June 1994.

       Postel, Jon, and Joyce Reynolds. RFC 959, File Transfer	Protocol  (FTP
       ).  Network Information Center. October 1985.

       St. Johns, Mike. RFC 931, Authentication Server. Network Working Group.
       January 1985.

       Linn, J., Generic Security Service Application Program  Interface  Ver‐
       sion 2, Update 1, RFC 2743. The Internet Society, January 2000.

       Horowitz, M., Lunt, S., FTP Security Extensions, RFC 2228. The Internet
       Society, October 1997.

       in.ftpd logs various errors to syslogd(1M), with	 a  facility  code  of

       The anonymous FTP account is inherently dangerous and should be avoided
       when possible.

       The FTP Server must perform certain tasks as the superuser,  for	 exam‐
       ple, the creation of sockets with privileged port numbers. It maintains
       an effective user ID of the logged in user, reverting to the  superuser
       only when necessary.

       The  FTP Server no longer supports the /etc/default/ftpd file.  Instead
       of using UMASK=nnn to set the umask, use the defumask capability in the
       ftpaccess  file.	 The  banner  greeting text capability is also now set
       through the ftpaccess  file  by	using  the  greeting  text  capability
       instead	of  by	using BANNER="...". However, unlike the BANNER string,
       the greeting text string is not passed to the shell for evaluation. See

       The pam_unix(5) module is no longer supported. Similar functionality is
       provided	  by   pam_authtok_check(5),   pam_authtok_get(5),   pam_auth‐
       tok_store(5),  pam_dhkeys(5),  pam_passwd_auth(5), pam_unix_account(5),
       pam_unix_auth(5), and pam_unix_session(5).

       The in.ftpd service is managed  by  the	service	 management  facility,
       smf(5), under the service identifier:


       Administrative actions on this service, such as enabling, disabling, or
       requesting restart, can be performed using  svcadm(1M).	Responsibility
       for  initiating	and restarting this service is delegated to inetd(1M).
       Use inetadm(1M) to make configuration changes and to view configuration
       information for this service. The service's status can be queried using
       the svcs(1) command.

				 Nov 10, 2005			   IN.FTPD(1M)

List of man pages available for SmartOS

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
Vote for polarhome
Free Shell Accounts :: the biggest list on the net