in.ftpd man page on Solaris

Man page or keyword search:  
man Server   20652 pages
apropos Keyword Search (all sections)
Output format
Solaris logo
[printable version]

in.ftpd(1M)		System Administration Commands		   in.ftpd(1M)

NAME
       in.ftpd, ftpd - File Transfer Protocol Server

SYNOPSIS
       in.ftpd [-4] [-A] [-a] [-C] [-d] [-I] [-i] [-K] [-L] [-l] [-o] [-P dat‐
       aport] [-p ctrlport] [-Q] [-q] [-r rootdir] [-S] [-s]  [-T  maxtimeout]
       [-t timeout] [-u umask] [-V] [-v] [-W] [-w] [-X]

DESCRIPTION
       in.ftpd	is  the	 Internet File Transfer Protocol (FTP) server process.
       The server may be invoked by the Internet daemon inetd(1M) each time  a
       connection  to  the  FTP service is made or run as a standalone server.
       See services(4).

OPTIONS
       in.ftpd supports the following options:

       -4	       When running in standalone mode, listen for connections
		       on  an AF_INET type socket. The default is to listen on
		       an AF_INET6 type socket.

       -a	       Enables use of the ftpaccess(4) file.

       -A	       Disables use of the ftpaccess(4) file. Use of ftpaccess
		       is disabled by default.

       -C	       Non-anonymous  users  need local credentials (for exam‐
		       ple, to authenticate to remote  fileservers).  So  they
		       should be prompted for a password unless they forwarded
		       credentials as part of authentication.

       -d	       Writes debugging information to syslogd(1M).

       -i	       Logs the names of all files received by the FTP	Server
		       to  xferlog(4).	You can override the -i option through
		       use of the ftpaccess(4) file.

       -I	       Disables the use of AUTH and  ident  to	determine  the
		       username	 on the client. See RFC 931. The FTP Server is
		       built not to use AUTH and ident.

       -K	       Connections are only allowed for users who can  authen‐
		       ticate  through	the ftp AUTH mechanism. (Anonymous ftp
		       may also be allowed if it is configured.) ftpd will ask
		       the user for a password if one is required.

       -l	       Logs each FTP session to syslogd(1M).

       -L	       Logs  all commands sent to in.ftpd to syslogd(1M). When
		       the -L option is used, command logging will  be	on  by
		       default,	 once  the  FTP Server is invoked. Because the
		       FTP Server includes USER commands in those logged, if a
		       user  accidentally  enters  a  password	instead of the
		       username, the password will be logged. You can override
		       the -L option through use of the ftpaccess(4) file.

       -o	       Logs  the  names	 of  all  files transmitted by the FTP
		       Server to xferlog(4). You can override  the  -o	option
		       through use of the ftpaccess(4) file.

       -P dataport     The FTP Server determines the port number by looking in
		       the services(4) file for an entry for the ftp-data ser‐
		       vice.  If  there	 is no entry, the daemon uses the port
		       just prior to the control connection port. Use  the  -P
		       option to specify the data port number.

       -p ctrlport     When  run in standalone mode, the FTP Server determines
		       the control port number by looking in  the  services(4)
		       file  for  an  entry  for  the  ftp service. Use the -p
		       option to specify the control port number.

       -Q	       Disables PID files. This disables user  limits.	Large,
		       busy  sites  that  do  not want to impose limits on the
		       number of concurrent users can use this option to  dis‐
		       able PID files.

       -q	       Uses  PID  files. The limit directive uses PID files to
		       determine the number of current users  in  each	access
		       class. By default, PID files are used.

       -r rootdir      chroot(2)  to  rootdir upon loading. Use this option to
		       improve system security. It limits the files  that  can
		       be  damaged should a break in occur through the daemon.
		       This option is similar  to  anonymous  FTP.  Additional
		       files are needed, which vary from system to system.

       -S	       Places  the  daemon  in	standalone operation mode. The
		       daemon runs in  the  background.	 This  is  useful  for
		       startup	scripts that run during system initialization.
		       See init.d(4).

       -s	       Places the daemon in  standalone	 operation  mode.  The
		       daemon  runs in the foreground. This is useful when run
		       from /etc/inittab by init(1M).

       -T maxtimeout   Sets the maximum allowable timeout period to maxtimeout
		       seconds. The default maximum timeout limit is 7200 sec‐
		       ond (two hours). You can override the -T option through
		       use of the ftpaccess(4) file.

       -t timeout      Sets  the inactivity timeout period to timeout seconds.
		       The default timeout period is 900 seconds (15 minutes).
		       You  can	 override  the	-t  option  through use of the
		       ftpaccess(4) file.

       -u umask	       Sets the default umask to umask.

       -V	       Displays copyright and version information, then termi‐
		       nate.

       -v	       Writes debugging information to syslogd(1M).

       -W	       Does  not  record user login and logout in the wtmpx(4)
		       file.

       -w	       Records each user login	and  logout  in	 the  wtmpx(4)
		       file. By default, logins and logouts are recorded.

       -X	       Writes  the  output  from  the -i and -o options to the
		       syslogd(1M) file instead of xferlog(4). This allows the
		       collection  of output from several hosts on one central
		       loghost. You can override the -X option through use  of
		       the ftpaccess(4) file.

   Requests
       The  FTP	 Server currently supports the following FTP requests. Case is
       not distinguished.

       ABOR	Abort previous command.

       ADAT	Send an authentication protocol message.

       ALLO	Allocate storage (vacuously).

       AUTH	Specify an authentication protocol to be performed.  Currently
		only "GSSAPI" is supported.

       APPE	Append to a file.

       CCC	Set the command channel protection mode to "Clear" (no protec‐
		tion). Not allowed if data channel is protected.

       CDUP	Change to parent of current working directory.

       CWD	Change working directory.

       DELE	Delete a file.

       ENC	Send a privacy and integrity protected command (given in argu‐
		ment).

       EPRT	Specify extended address for the transport connection.

       EPSV	Extended passive command request.

       HELP	Give help information.

       LIST	Give list files in a directory (ls -lA).

       LPRT	Specify long address for the transport connection.

       LPSV	Long passive command request.

       MIC	Send an integrity protected command (given in argument).

       MKD	Make a directory.

       MDTM	Show last time file modified.

       MODE	Specify data transfer mode.

       NLST	Give name list of files in directory (ls).

       NOOP	Do nothing.

       PASS	Specify password.

       PASV	Prepare for server-to-server transfer.

       PBSZ	Specify a protection buffer size.

       PROT	Specify	 a protection level under which to protect data trans‐
		fers. Allowed arguments:

		clear		No protection.

		safe		Integrity protection

		private		Integrity and encryption protection

       PORT	Specify data connection port.

       PWD	Print the current working directory.

       QUIT	Terminate session.

       REST	Restart incomplete transfer.

       RETR	Retrieve a file.

       RMD	Remove a directory.

       RNFR	Specify rename-from file name.

       RNTO	Specify rename-to file name.

       SITE	Use nonstandard commands.

       SIZE	Return size of file.

       STAT	Return status of server.

       STOR	Store a file.

       STOU	Store a file with a unique name.

       STRU	Specify data transfer structure.

       SYST	Show operating system type of server system.

       TYPE	Specify data transfer type.

       USER	Specify user name.

       XCUP	Change to parent of current working directory. This request is
		deprecated.

       XCWD	Change working directory. This request is deprecated.

       XMKD	Make a directory. This request is deprecated.

       XPWD	Print  the  current  working directory. This request is depre‐
		cated.

       XRMD	Remove a directory. This request is deprecated.

       The following nonstandard or UNIX specific commands  are	 supported  by
       the SITE request:

       ALIAS	       List aliases.

       CDPATH	       List the search path used when changing directories.

       CHECKMETHOD     List or set the checksum method.

       CHECKSUM	       Give the checksum of a file.

       CHMOD	       Change  mode  of	 a  file.  For example, SITE CHMOD 755
		       filename.

       EXEC	       Execute a  program.  For	 example,  SITE	 EXEC  program
		       params

       GPASS	       Give  special  group access password. For example, SITE
		       GPASS bar.

       GROUP	       Request special group access. For example,  SITE	 GROUP
		       foo.

       GROUPS	       List supplementary group membership.

       HELP	       Give help information. For example, SITE HELP.

       IDLE	       Set idle-timer. For example, SITE IDLE 60.

       UMASK	       Change umask. For example, SITE UMASK 002.

       The remaining FTP requests specified in RFC 959 are recognized, but not
       implemented.

       The FTP server will abort an active file transfer only  when  the  ABOR
       command	is  preceded by a Telnet "Interrupt Process" (IP) signal and a
       Telnet "Synch" signal in the command Telnet stream, as described in RFC
       959. If a STAT command is received during a data transfer that has been
       preceded by a Telnet IP and Synch, transfer status will be returned.

       in.ftpd interprets file names according to the  "globbing"  conventions
       used  by csh(1). This allows users to utilize the metacharacters: * ? [
       ] { } ~

       in.ftpd authenticates users according to the following rules:

       First, the user name must be in the password data base, the location of
       which  is  specified  in	 nsswitch.conf(4).  An	encrypted password (an
       authentication token in PAM) must be present. A password must always be
       provided by the client before any file operations can be performed. For
       non-anonymous users, the PAM framework is used to verify that the  cor‐
       rect password was entered. See SECURITY below.

       Second,	the  user  name must not appear in either the /etc/ftpusers or
       the /etc/ftpd/ftpusers file. Use of the /etc/ftpusers files  is	depre‐
       cated, although it is still supported.

       Third,  the  users  must	 have  a  standard  shell returned by getuser‐
       shell(3C).

       Fourth, if the user name is anonymous or ftp, an anonymous ftp  account
       must be present in the password file for user ftp. Use ftpconfig(1M) to
       create the anonymous ftp account and home directory tree.

       Fifth,  if  the	GSS-API	 is  used  to  authenticate  the  user,	  then
       gss_auth_rules(5) determines user access without a password needed.

       The  FTP	 Server	 supports  virtual hosting, which can be configured by
       using ftpaddhost(1M).

       The FTP Server does not support sublogins.

   General FTP Extensions
       The FTP Server has certain extensions. If the user specifies a filename
       that  does  not	exist  with  a RETR (retrieve) command, the FTP Server
       looks for a conversion to change a file or directory that does into the
       one requested. See ftpconversions(4).

       By convention, anonymous users supply their email address when prompted
       for a password.	The  FTP  Server  attempts  to	validate  these	 email
       addresses.  A user whose FTP client hangs on a long reply, for example,
       a multiline response, should use a dash (-) as the first	 character  of
       the user's password, as this disables the Server's lreply() function.

       The  FTP	 Server	 can also log all file transmission and reception. See
       xferlog(4) for details of the log file format.

       The SITE EXEC command may be used to execute commands in the  /bin/ftp-
       exec directory. Take care that you understand the security implications
       before copying any command into the /bin/ftp-exec directory. For	 exam‐
       ple,  do	 not  copy  in	/bin/sh. This would enable the user to execute
       other commands through the use of sh -c. If you have doubts about  this
       feature, do not create the /bin/ftp-exec directory.

SECURITY
       For  non-anonymous  users,  in.ftpd  uses pam(3PAM) for authentication,
       account management, and session management, and can use Kerberos v5 for
       authentication.

       The  PAM	 configuration policy, listed through /etc/pam.conf, specifies
       the module to be used for in.ftpd. Here is a partial pam.conf file with
       entries	for the in.ftpd command using the UNIX authentication, account
       management, and session management module.

       ftp  auth	requisite   pam_authtok_get.so.1
       ftp  auth	required    pam_dhkeys.so.1
       ftp  auth	required    pam_unix_auth.so.1

       ftp  account	required    pam_unix_roles.so.1
       ftp  account	required    pam_unix_projects.so.1
       ftp  account	required    pam_unix_account.so.1

       ftp  session	required    pam_unix_session.so.1

       If there are no entries for the ftp service, then the entries  for  the
       "other" service will be used. Unlike login, passwd, and other commands,
       the ftp protocol will only support a single  password.  Using  multiple
       modules will prevent in.ftpd from working properly.

       To  use	Kerberos  for authentication, a host/<FQDN> Kerberos principal
       must exist for each Fully Qualified Domain  Name	 associated  with  the
       in.ftpd server. Each of these host/<FQDN> principals must have a keytab
       entry in the /etc/krb5/krb5.keytab file on the in.ftpd server. An exam‐
       ple principal might be:

	      host/bigmachine.eng.example.com

       See kadmin(1M) or gkadmin(1M) for instructions on adding a principal to
       a krb5.keytab file. See System Administration Guide: Security  Services
       for a discussion of Kerberos authentication.

       For  anonymous users, who by convention supply their email address as a
       password, in.ftpd validates passwords  according	 to  the  passwd-check
       capability in the ftpaccess file.

USAGE
       The in.ftpd command is IPv6-enabled. See ip6(7P).

FILES
       /etc/ftpd/ftpaccess	       FTP Server configuration file

       /etc/ftpd/ftpconversions	       FTP Server conversions database

       /etc/ftpd/ftpgroups	       FTP Server enhanced group access file

       /etc/ftpd/ftphosts	       FTP  Server individual user host access
				       file

       /etc/ftpd/ftpservers	       FTP Server virtual  hosting  configura‐
				       tion file.

       /etc/ftpd/ftpusers	       File  listing  users for whom FTP login
				       privileges are disallowed.

       /etc/ftpusers		       File listing users for whom  FTP	 login
				       privileges  are disallowed. This use of
				       this file is deprecated.

       /var/log/xferlog		       FTP Server transfer log file

       /var/run/ftp.pids-classname

       /var/adm/wtmpx		       Extended database  files	 that  contain
				       the history of user access and account‐
				       ing information for the wtmpx database.

ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:

       ┌─────────────────────────────┬─────────────────────────────┐
       │      ATTRIBUTE TYPE	     │	    ATTRIBUTE VALUE	   │
       ├─────────────────────────────┼─────────────────────────────┤
       │Availability		     │SUNWftpu			   │
       ├─────────────────────────────┼─────────────────────────────┤
       │Interface Stability	     │External			   │
       └─────────────────────────────┴─────────────────────────────┘

SEE ALSO
       csh(1), ftp(1), ftpcount(1), ftpwho(1), ls(1), svcs(1), ftpaddhost(1M),
       ftpconfig(1M),  ftprestart(1M),	ftpshut(1M), gkadmin(1M), inetadm(1M),
       inetd(1M), kadmin(1M), svcadm(1M),  syslogd(1M),	 chroot(2),  umask(2),
       getpwent(3C),  getusershell(3C),	 syslog(3C),  ftpaccess(4), ftpconver‐
       sions(4),  ftpgroups(4),	  ftphosts(4),	 ftpservers(4),	  ftpusers(4),
       group(4),  passwd(4), services(4), xferlog(4), wtmpx(4), attributes(5),
       gss_auth_rules(5), pam_authtok_check(5), pam_authtok_get(5),  pam_auth‐
       tok_store(5),  pam_dhkeys(5),  pam_passwd_auth(5), pam_unix_account(5),
       pam_unix_auth(5), pam_unix_session(5), smf(5), ip6(7P)

       System Administration Guide: Security Services

       Allman, M., Ostermann, S., and Metz, C. RFC 2428,  FTP  Extensions  for
       IPv6 and NATs. The Internet Society. September 1998.

       Piscitello,  D.	RFC 1639, FTP Operation Over Big Address Records (FOO‐
       BAR). Network Working Group. June 1994.

       Postel, Jon, and Joyce Reynolds. RFC 959, File Transfer	Protocol  (FTP
       ). Network Information Center. October 1985.

       St. Johns, Mike. RFC 931, Authentication Server. Network Working Group.
       January 1985.

       Linn, J., Generic Security Service Application Program  Interface  Ver‐
       sion 2, Update 1, RFC 2743. The Internet Society, January 2000.

       Horowitz, M., Lunt, S., FTP Security Extensions, RFC 2228. The Internet
       Society, October 1997.

DIAGNOSTICS
       in.ftpd logs various errors to syslogd(1M), with	 a  facility  code  of
       daemon.

NOTES
       The anonymous FTP account is inherently dangerous and should be avoided
       when possible.

       The FTP Server must perform certain tasks as the superuser,  for	 exam‐
       ple, the creation of sockets with privileged port numbers. It maintains
       an effective user ID of the logged in user, reverting to the  superuser
       only when necessary.

       The  FTP	 Server no longer supports the /etc/default/ftpd file. Instead
       of using UMASK=nnn to set the umask, use the defumask capability in the
       ftpaccess  file.	 The  banner  greeting text capability is also now set
       through the ftpaccess  file  by	using  the  greeting  text  capability
       instead	of  by	using BANNER="...". However, unlike the BANNER string,
       the greeting text string is not passed to the shell for evaluation. See
       ftpaccess(4).

       The pam_unix(5) module is no longer supported. Similar functionality is
       provided	  by   pam_authtok_check(5),   pam_authtok_get(5),   pam_auth‐
       tok_store(5),  pam_dhkeys(5),  pam_passwd_auth(5), pam_unix_account(5),
       pam_unix_auth(5), and pam_unix_session(5).

       The in.ftpd service is managed  by  the	service	 management  facility,
       smf(5), under the service identifier:

       svc:/network/ftp

       Administrative actions on this service, such as enabling, disabling, or
       requesting restart, can be performed using  svcadm(1M).	Responsibility
       for  initiating	and restarting this service is delegated to inetd(1M).
       Use inetadm(1M) to make configuration changes and to view configuration
       information for this service. The service's status can be queried using
       the svcs(1) command.

SunOS 5.10			  10 Nov 2005			   in.ftpd(1M)
[top]

List of man pages available for Solaris

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net