head 1.38; access; symbols netbsd-8-3-RELEASE:1.37 netbsd-9-4-RELEASE:1.37 netbsd-10-0-RELEASE:1.38 netbsd-10-0-RC6:1.38 netbsd-10-0-RC5:1.38 netbsd-10-0-RC4:1.38 netbsd-10-0-RC3:1.38 netbsd-10-0-RC2:1.38 netbsd-10-0-RC1:1.38 netbsd-10:1.38.0.6 netbsd-10-base:1.38 netbsd-9-3-RELEASE:1.37 cjep_sun2x-base1:1.38 cjep_sun2x:1.38.0.4 cjep_sun2x-base:1.38 cjep_staticlib_x-base1:1.38 netbsd-9-2-RELEASE:1.37 cjep_staticlib_x:1.38.0.2 cjep_staticlib_x-base:1.38 netbsd-9-1-RELEASE:1.37 phil-wifi-20200421:1.37 phil-wifi-20200411:1.37 is-mlppp:1.37.0.50 is-mlppp-base:1.37 phil-wifi-20200406:1.37 netbsd-8-2-RELEASE:1.37 netbsd-9-0-RELEASE:1.37 netbsd-9-0-RC2:1.37 netbsd-9-0-RC1:1.37 phil-wifi-20191119:1.37 netbsd-9:1.37.0.48 netbsd-9-base:1.37 phil-wifi-20190609:1.37 netbsd-8-1-RELEASE:1.37 netbsd-8-1-RC1:1.37 pgoyette-compat-merge-20190127:1.37 pgoyette-compat-20190127:1.37 pgoyette-compat-20190118:1.37 pgoyette-compat-1226:1.37 pgoyette-compat-1126:1.37 pgoyette-compat-1020:1.37 pgoyette-compat-0930:1.37 pgoyette-compat-0906:1.37 netbsd-7-2-RELEASE:1.37 pgoyette-compat-0728:1.37 netbsd-8-0-RELEASE:1.37 phil-wifi:1.37.0.46 phil-wifi-base:1.37 pgoyette-compat-0625:1.37 netbsd-8-0-RC2:1.37 pgoyette-compat-0521:1.37 pgoyette-compat-0502:1.37 pgoyette-compat-0422:1.37 netbsd-8-0-RC1:1.37 pgoyette-compat-0415:1.37 pgoyette-compat-0407:1.37 pgoyette-compat-0330:1.37 pgoyette-compat-0322:1.37 pgoyette-compat-0315:1.37 netbsd-7-1-2-RELEASE:1.37 pgoyette-compat:1.37.0.44 pgoyette-compat-base:1.37 netbsd-7-1-1-RELEASE:1.37 matt-nb8-mediatek:1.37.0.42 matt-nb8-mediatek-base:1.37 perseant-stdc-iso10646:1.37.0.40 perseant-stdc-iso10646-base:1.37 netbsd-8:1.37.0.38 netbsd-8-base:1.37 prg-localcount2-base3:1.37 prg-localcount2-base2:1.37 prg-localcount2-base1:1.37 prg-localcount2:1.37.0.36 prg-localcount2-base:1.37 pgoyette-localcount-20170426:1.37 bouyer-socketcan-base1:1.37 pgoyette-localcount-20170320:1.37 netbsd-7-1:1.37.0.34 netbsd-7-1-RELEASE:1.37 netbsd-7-1-RC2:1.37 netbsd-7-nhusb-base-20170116:1.37 bouyer-socketcan:1.37.0.32 bouyer-socketcan-base:1.37 pgoyette-localcount-20170107:1.37 netbsd-7-1-RC1:1.37 pgoyette-localcount-20161104:1.37 netbsd-7-0-2-RELEASE:1.37 localcount-20160914:1.37 netbsd-7-nhusb:1.37.0.30 netbsd-7-nhusb-base:1.37 pgoyette-localcount-20160806:1.37 pgoyette-localcount-20160726:1.37 pgoyette-localcount:1.37.0.28 pgoyette-localcount-base:1.37 netbsd-7-0-1-RELEASE:1.37 netbsd-7-0:1.37.0.26 netbsd-7-0-RELEASE:1.37 netbsd-7-0-RC3:1.37 netbsd-7-0-RC2:1.37 netbsd-7-0-RC1:1.37 netbsd-5-2-3-RELEASE:1.36 netbsd-5-1-5-RELEASE:1.36 netbsd-6-0-6-RELEASE:1.37 netbsd-6-1-5-RELEASE:1.37 netbsd-7:1.37.0.24 netbsd-7-base:1.37 yamt-pagecache-base9:1.37 yamt-pagecache-tag8:1.37 netbsd-6-1-4-RELEASE:1.37 netbsd-6-0-5-RELEASE:1.37 tls-earlyentropy:1.37.0.22 tls-earlyentropy-base:1.37 riastradh-xf86-video-intel-2-7-1-pre-2-21-15:1.37 riastradh-drm2-base3:1.37 netbsd-6-1-3-RELEASE:1.37 netbsd-6-0-4-RELEASE:1.37 netbsd-5-2-2-RELEASE:1.36 netbsd-5-1-4-RELEASE:1.36 netbsd-6-1-2-RELEASE:1.37 netbsd-6-0-3-RELEASE:1.37 netbsd-5-2-1-RELEASE:1.36 netbsd-5-1-3-RELEASE:1.36 netbsd-6-1-1-RELEASE:1.37 riastradh-drm2-base2:1.37 riastradh-drm2-base1:1.37 riastradh-drm2:1.37.0.16 riastradh-drm2-base:1.37 netbsd-6-1:1.37.0.20 netbsd-6-0-2-RELEASE:1.37 netbsd-6-1-RELEASE:1.37 netbsd-6-1-RC4:1.37 netbsd-6-1-RC3:1.37 agc-symver:1.37.0.18 agc-symver-base:1.37 netbsd-6-1-RC2:1.37 netbsd-6-1-RC1:1.37 yamt-pagecache-base8:1.37 netbsd-5-2:1.36.0.2 netbsd-6-0-1-RELEASE:1.37 yamt-pagecache-base7:1.37 netbsd-5-2-RELEASE:1.36 netbsd-5-2-RC1:1.36 matt-nb6-plus-nbase:1.37 yamt-pagecache-base6:1.37 netbsd-6-0:1.37.0.14 netbsd-6-0-RELEASE:1.37 netbsd-6-0-RC2:1.37 tls-maxphys:1.37.0.12 tls-maxphys-base:1.37 matt-nb6-plus:1.37.0.10 matt-nb6-plus-base:1.37 netbsd-6-0-RC1:1.37 yamt-pagecache-base5:1.37 yamt-pagecache-base4:1.37 netbsd-6:1.37.0.8 netbsd-6-base:1.37 netbsd-5-1-2-RELEASE:1.36 netbsd-5-1-1-RELEASE:1.36 yamt-pagecache-base3:1.37 yamt-pagecache-base2:1.37 yamt-pagecache:1.37.0.6 yamt-pagecache-base:1.37 cherry-xenmp:1.37.0.4 cherry-xenmp-base:1.37 bouyer-quota2-nbase:1.37 bouyer-quota2:1.37.0.2 bouyer-quota2-base:1.37 matt-mips64-premerge-20101231:1.37 matt-nb5-mips64-premerge-20101231:1.36 matt-nb5-pq3:1.36.0.14 matt-nb5-pq3-base:1.36 netbsd-5-1:1.36.0.12 netbsd-5-1-RELEASE:1.36 netbsd-5-1-RC4:1.36 matt-nb5-mips64-k15:1.36 netbsd-5-1-RC3:1.36 netbsd-5-1-RC2:1.36 netbsd-5-1-RC1:1.36 netbsd-5-0-2-RELEASE:1.36 matt-nb5-mips64-premerge-20091211:1.36 matt-premerge-20091211:1.37 matt-nb5-mips64-u2-k2-k4-k7-k8-k9:1.36 matt-nb4-mips64-k7-u2a-k9b:1.36 matt-nb5-mips64-u1-k1-k5:1.36 matt-nb5-mips64:1.36.0.10 netbsd-5-0-1-RELEASE:1.36 jym-xensuspend-nbase:1.37 netbsd-5-0:1.36.0.8 netbsd-5-0-RELEASE:1.36 netbsd-5-0-RC4:1.36 netbsd-5-0-RC3:1.36 netbsd-5-0-RC2:1.36 jym-xensuspend:1.36.0.6 jym-xensuspend-base:1.37 netbsd-5-0-RC1:1.36 netbsd-5:1.36.0.4 netbsd-5-base:1.36 matt-mips64-base2:1.36 matt-mips64:1.33.0.6 netbsd-4-0-1-RELEASE:1.32 wrstuden-revivesa-base-3:1.36 wrstuden-revivesa-base-2:1.35 wrstuden-fixsa-newbase:1.32 wrstuden-revivesa-base-1:1.35 yamt-pf42-base4:1.35 yamt-pf42-base3:1.35 hpcarm-cleanup-nbase:1.35 yamt-pf42-baseX:1.34 yamt-pf42-base2:1.35 wrstuden-revivesa:1.35.0.2 wrstuden-revivesa-base:1.35 yamt-pf42:1.34.0.6 yamt-pf42-base:1.34 keiichi-mipv6:1.34.0.4 keiichi-mipv6-base:1.34 matt-armv6-nbase:1.34 matt-armv6-prevmlocking:1.33 wrstuden-fixsa-base-1:1.32 netbsd-4-0:1.32.0.8 netbsd-4-0-RELEASE:1.32 cube-autoconf:1.34.0.2 cube-autoconf-base:1.34 netbsd-4-0-RC5:1.32 netbsd-4-0-RC4:1.32 netbsd-4-0-RC3:1.32 netbsd-4-0-RC2:1.32 netbsd-4-0-RC1:1.32 matt-armv6:1.33.0.4 matt-armv6-base:1.34 matt-mips64-base:1.33 hpcarm-cleanup:1.33.0.2 hpcarm-cleanup-base:1.34 netbsd-3-1-1-RELEASE:1.29 netbsd-3-0-3-RELEASE:1.29 wrstuden-fixsa:1.32.0.6 wrstuden-fixsa-base:1.32 abandoned-netbsd-4-base:1.32 abandoned-netbsd-4:1.32.0.2 netbsd-3-1:1.29.0.6 netbsd-3-1-RELEASE:1.29 netbsd-3-0-2-RELEASE:1.29 netbsd-3-1-RC4:1.29 netbsd-3-1-RC3:1.29 netbsd-3-1-RC2:1.29 netbsd-3-1-RC1:1.29 netbsd-4:1.32.0.4 netbsd-4-base:1.32 netbsd-3-0-1-RELEASE:1.29 netbsd-3-0:1.29.0.4 netbsd-3-0-RELEASE:1.29 netbsd-3-0-RC6:1.29 netbsd-3-0-RC5:1.29 netbsd-3-0-RC4:1.29 netbsd-3-0-RC3:1.29 netbsd-3-0-RC2:1.29 netbsd-3-0-RC1:1.29 netbsd-2-0-3-RELEASE:1.28 netbsd-2-1:1.28.0.6 netbsd-2-1-RELEASE:1.28 netbsd-2-1-RC6:1.28 netbsd-2-1-RC5:1.28 netbsd-2-1-RC4:1.28 netbsd-2-1-RC3:1.28 netbsd-2-1-RC2:1.28 netbsd-2-1-RC1:1.28 netbsd-2-0-2-RELEASE:1.28 netbsd-3:1.29.0.2 netbsd-3-base:1.29 netbsd-2-0-1-RELEASE:1.28 netbsd-2:1.28.0.4 netbsd-2-base:1.28 netbsd-2-0-RELEASE:1.28 netbsd-2-0-RC5:1.28 netbsd-2-0-RC4:1.28 netbsd-2-0-RC3:1.28 netbsd-2-0-RC2:1.28 netbsd-2-0-RC1:1.28 netbsd-2-0:1.28.0.2 netbsd-2-0-base:1.28 netbsd-1-6-PATCH002-RELEASE:1.19 netbsd-1-6-PATCH002:1.19 netbsd-1-6-PATCH002-RC4:1.19 netbsd-1-6-PATCH002-RC3:1.19 netbsd-1-6-PATCH002-RC2:1.19 netbsd-1-6-PATCH002-RC1:1.19 netbsd-1-6-PATCH001:1.19 netbsd-1-6-PATCH001-RELEASE:1.19 netbsd-1-6-PATCH001-RC3:1.19 netbsd-1-6-PATCH001-RC2:1.19 netbsd-1-6-PATCH001-RC1:1.19 fvdl_fs64_base:1.25 netbsd-1-6-RELEASE:1.19 netbsd-1-6-RC3:1.19 netbsd-1-6-RC2:1.19 netbsd-1-6-RC1:1.19 netbsd-1-6:1.19.0.2 netbsd-1-6-base:1.19 netbsd-1-5-PATCH003:1.8.4.3 netbsd-1-5-PATCH002:1.8.4.3 netbsd-1-5-PATCH001:1.8.4.3 netbsd-1-5-RELEASE:1.8.4.2 netbsd-1-5-BETA2:1.8.4.2 netbsd-1-5-BETA:1.8.4.2 netbsd-1-5-ALPHA2:1.8.4.2 netbsd-1-5:1.8.0.4 netbsd-1-5-base:1.8 minoura-xpg4dl:1.8.0.2 minoura-xpg4dl-base:1.8 wrstuden-devbsize-base:1.4 wrstuden-devbsize:1.5.0.2 wrstuden-devbsize-19991221:1.4; locks; strict; comment @.\" @; 1.38 date 2020.08.22.08.08.47; author lukem; state Exp; branches; next 1.37; commitid SDNJ2Xgq3txL82lC; 1.37 date 2009.04.09.02.25.45; author joerg; state Exp; branches; next 1.36; 1.36 date 2008.09.13.02.41.52; author lukem; state Exp; branches 1.36.6.1; next 1.35; 1.35 date 2008.04.30.13.10.52; author martin; state Exp; branches 1.35.2.1; next 1.34; 1.34 date 2007.12.02.19.15.07; author wiz; state Exp; branches 1.34.6.1; next 1.33; 1.33 date 2007.04.13.01.36.10; author lukem; state Exp; branches 1.33.4.1; next 1.32; 1.32 date 2005.09.11.23.31.46; author wiz; state Exp; branches; next 1.31; 1.31 date 2005.09.10.22.18.27; author wiz; state Exp; branches; next 1.30; 1.30 date 2005.08.24.15.51.41; author ginsbach; state Exp; branches; next 1.29; 1.29 date 2005.03.03.22.19.47; author ginsbach; state Exp; branches; next 1.28; 1.28 date 2003.06.27.18.59.54; author wiz; state Exp; branches; next 1.27; 1.27 date 2003.03.31.17.05.12; author perry; state Exp; branches; next 1.26; 1.26 date 2003.02.25.10.34.48; author wiz; state Exp; branches; next 1.25; 1.25 date 2002.11.29.19.22.01; author wiz; state Exp; branches; next 1.24; 1.24 date 2002.11.29.14.40.00; author lukem; state Exp; branches; next 1.23; 1.23 date 2002.10.02.11.10.38; author wiz; state Exp; branches; next 1.22; 1.22 date 2002.09.29.14.05.53; author wiz; state Exp; branches; next 1.21; 1.21 date 2002.05.31.09.56.12; author wiz; state Exp; branches; next 1.20; 1.20 date 2002.05.30.00.24.47; author enami; state Exp; branches; next 1.19; 1.19 date 2002.01.15.02.20.50; author wiz; state Exp; branches 1.19.2.1; next 1.18; 1.18 date 2001.12.04.13.54.13; author lukem; state Exp; branches; next 1.17; 1.17 date 2001.07.08.07.27.14; author lukem; state Exp; branches; next 1.16; 1.16 date 2001.06.26.19.30.45; author lukem; state Exp; branches; next 1.15; 1.15 date 2000.12.18.02.32.51; author lukem; state Exp; branches; next 1.14; 1.14 date 2000.11.16.13.15.14; author lukem; state Exp; branches; next 1.13; 1.13 date 2000.11.07.06.58.08; author lukem; state Exp; branches; next 1.12; 1.12 date 2000.11.07.06.51.13; author lukem; state Exp; branches; next 1.11; 1.11 date 2000.07.23.14.40.48; author lukem; state Exp; branches; next 1.10; 1.10 date 2000.07.17.02.30.55; author lukem; state Exp; branches; next 1.9; 1.9 date 2000.06.20.07.39.48; author lukem; state Exp; branches; next 1.8; 1.8 date 2000.01.12.22.39.29; author lukem; state Exp; branches 1.8.4.1; next 1.7; 1.7 date 2000.01.09.10.08.45; author lukem; state Exp; branches; next 1.6; 1.6 date 2000.01.08.11.09.56; author lukem; state Exp; branches; next 1.5; 1.5 date 99.12.26.09.42.18; author lukem; state Exp; branches 1.5.2.1; next 1.4; 1.4 date 99.12.18.05.51.35; author lukem; state Exp; branches; next 1.3; 1.3 date 99.12.16.07.05.19; author lukem; state Exp; branches; next 1.2; 1.2 date 99.12.16.06.56.49; author lukem; state Exp; branches; next 1.1; 1.1 date 99.12.16.01.16.04; author lukem; state Exp; branches; next ; 1.36.6.1 date 2009.05.13.19.18.37; author jym; state Exp; branches; next ; 1.35.2.1 date 2008.09.24.16.35.51; author wrstuden; state Exp; branches; next ; 1.34.6.1 date 2008.05.18.12.30.44; author yamt; state Exp; branches; next ; 1.33.4.1 date 2008.01.09.01.37.10; author matt; state Exp; branches; next ; 1.19.2.1 date 2004.08.31.01.35.40; author jmc; state Exp; branches; next ; 1.8.4.1 date 2000.06.22.08.46.21; author lukem; state Exp; branches; next 1.8.4.2; 1.8.4.2 date 2000.07.25.08.38.40; author lukem; state Exp; branches; next 1.8.4.3; 1.8.4.3 date 2001.03.29.14.14.18; author lukem; state Exp; branches; next 1.8.4.4; 1.8.4.4 date 2004.08.26.05.00.23; author jmc; state Exp; branches; next ; 1.5.2.1 date 99.12.26.09.42.18; author wrstuden; state dead; branches; next 1.5.2.2; 1.5.2.2 date 99.12.27.18.30.12; author wrstuden; state Exp; branches; next ; desc @@ 1.38 log @ftpd.conf(5): remove duplicate "be" Two be or not two be. Noted by SAITOH Masanobu in private mail. @ text @.\" $NetBSD: ftpd.conf.5,v 1.37 2009/04/09 02:25:45 joerg Exp $ .\" .\" Copyright (c) 1997-2020 The NetBSD Foundation, Inc. .\" All rights reserved. .\" .\" This code is derived from software contributed to The NetBSD Foundation .\" by Luke Mewburn. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" .Dd August 22, 2020 .Dt FTPD.CONF 5 .Os .Sh NAME .Nm ftpd.conf .Nd .Xr ftpd 8 configuration file .Sh DESCRIPTION The .Nm file specifies various configuration options for .Xr ftpd 8 that apply once a user has authenticated their connection. .Pp .Nm consists of a series of lines, each of which may contain a configuration directive, a comment, or a blank line. Directives that appear later in the file override settings by previous directives. This allows .Sq wildcard entries to define defaults, and then have class-specific overrides. .Pp A directive line has the format: .Dl command class [arguments] .Pp A .Dq \e is the escape character; it can be used to escape the meaning of the comment character, or if it is the last character on a line, extends a configuration directive across multiple lines. A .Dq # is the comment character, and all characters from it to the end of line are ignored (unless it is escaped with the escape character). .Pp Each authenticated user is a member of a .Em class , which is determined by .Xr ftpusers 5 . .Em class is used to determine which .Nm entries apply to the user. The following special classes exist when parsing entries in .Nm : .Bl -tag -width "chroot" -compact -offset indent .It Sy all Matches any class. .It Sy none Matches no class. .El .Pp Each class has a type, which may be one of: .Bl -tag -width "CHROOT" -offset indent .It Sy GUEST Guests (as per the .Dq anonymous and .Dq ftp logins). A .Xr chroot 2 is performed after login. .It Sy CHROOT .Xr chroot 2 Ns ed users (as per .Xr ftpchroot 5 ) . A .Xr chroot 2 is performed after login. .It Sy REAL Normal users. .El .Pp The .Xr ftpd 8 .Sy STAT command will return the class settings for the current user as defined by .Nm , unless the .Sy private directive is set for the class. .Pp Each configuration line may be one of: .Bl -tag -width 4n .It Sy advertize Ar class Op Ar host Set the address to advertise in the response to the .Sy PASV and .Sy LPSV commands to the address for .Ar host (which may be either a host name or IP address). This may be useful in some firewall configurations, although many ftp clients may not work if the address being advertised is different to the address that they've connected to. If .Ar class is .Dq none or .Ar host not is specified, disable this. .It Sy checkportcmd Ar class Op Sy off Check the .Sy PORT command for validity. The .Sy PORT command will fail if the IP address specified does not match the .Tn FTP command connection, or if the remote TCP port number is less than .Dv IPPORT_RESERVED . It is .Em strongly encouraged that this option be used, especially for sites concerned with potential security problems with .Tn FTP bounce attacks. If .Ar class is .Dq none or .Sy off is specified, disable this feature, otherwise enable it. .It Sy chroot Ar class Op Sy pathformat If .Ar pathformat is not specified or .Ar class is .Dq none , use the default behavior (see below). Otherwise, .Ar pathformat is parsed to create a directory to create as the root directory with .Xr chroot 2 into upon login. .Pp .Ar pathformat can contain the following escape strings: .Bl -tag -width "Escape" -offset indent -compact .It Sy "Escape" .Sy Description .It "\&%c" Class name. .It "\&%d" Home directory of user. .It "\&%u" User name. .It "\&%\&%" A .Dq \&% character. .El .Pp The default root directory is: .Bl -tag -width "CHROOT" -offset indent -compact .It Sy CHROOT The user's home directory. .It Sy GUEST If .Fl a Ar anondir is specified, use .Ar anondir , otherwise the home directory of the .Sq ftp user. .It Sy REAL By default no .Xr chroot 2 is performed. .El .It Sy classtype Ar class Ar type Set the class type of .Ar class to .Ar type (see above). .It Sy conversion Ar class Ar suffix Op Ar "type disable command" Define an automatic in-line file conversion. If a file to retrieve ends in .Ar suffix , and a real file (sans .Ar suffix ) exists, then the output of .Ar command is returned instead of the contents of the file. .Pp .Bl -tag -width "disable" -offset indent .It Ar suffix The suffix to initiate the conversion. .It Ar type A list of valid file types for the conversion. Valid types are: .Sq f (file), and .Sq d (directory). .It Ar disable The name of file that will prevent conversion if it exists. A file name of .Dq Pa \&. will prevent this disabling action (i.e., the conversion is always permitted.) .It Ar command The command to run for the conversion. The first word should be the full path name of the command, as .Xr execv 3 is used to execute the command. All instances of the word .Dq %s in .Ar command are replaced with the requested file (sans .Ar suffix ) . .El .Pp Conversion directives specified later in the file override earlier conversions with the same suffix. .It Sy denyquick Ar class Op Sy off Enforce .Xr ftpusers 5 rules after the .Sy USER command is received, rather than after the .Sy PASS command is received. Whilst enabling this feature may allow information leakage about available accounts (for example, if you allow some users of a .Sy REAL or .Sy CHROOT class but not others), it is useful in preventing a denied user (such as .Sq root ) from entering their password across an insecure connection. This option is .Em strongly recommended for servers which run an anonymous-only service. If .Ar class is .Dq none or .Sy off is specified, disable this feature, otherwise enable it. .It Sy display Ar class Op Ar file If .Ar file is not specified or .Ar class is .Dq none , disable this. Otherwise, each time the user enters a new directory, check if .Ar file exists, and if so, display its contents to the user. Escape sequences are supported; refer to .Sx Display file escape sequences in .Xr ftpd 8 for more information. .It Sy hidesymlinks Ar class Op Sy off If .Ar class is .Dq none or .Sy off is specified, disable this feature. Otherwise, the .Sy LIST command lists symbolic links as the file or directory the link references .Pq Dq Li "ls -LlA" . Servers which run an anonymous service may wish to enable this feature for .Sy GUEST users, so that symbolic links do not leak names in directories that are not searchable by .Sy GUEST users. .It Sy homedir Ar class Op Sy pathformat If .Ar pathformat is not specified or .Ar class is .Dq none , use the default behavior (see below). Otherwise, .Ar pathformat is parsed to create a directory to change into upon login, and to use as the .Sq home directory of the user for tilde expansion in pathnames, etc. .Ar pathformat is parsed as per the .Sy chroot directive. .Pp The default home directory is the home directory of the user for .Sy REAL users, and .Pa / for .Sy GUEST and .Sy CHROOT users. .It Sy limit Ar class Op Ar count Op Ar file Limit the maximum number of concurrent connections for .Ar class to .Ar count , with .Sq \-1 meaning unlimited connections. If the limit is exceeded and .Ar file is specified, display its contents to the user. If .Ar class is .Dq none or .Ar count is not specified, disable this. If .Ar file is a relative path, it will be searched for in .Pa /etc (which can be overridden with .Fl c Ar confdir ) . .It Sy maxfilesize Ar class Op Ar size Set the maximum size of an uploaded file to .Ar size , with .Sq \-1 meaning unlimited connections. If .Ar class is .Dq none or .Ar size is not specified, disable this. .It Sy maxtimeout Ar class Op Ar time Set the maximum timeout period that a client may request, defaulting to two hours. This cannot be less than 30 seconds, or the value for .Sy timeout . If .Ar class is .Dq none or .Ar time is not specified, use the default. .It Sy mmapsize Ar class Op Ar size Set the size of the sliding window to map a file using .Xr mmap 2 . If zero, .Xr ftpd 8 will use .Xr read 2 instead. The default is zero. This option affects only binary transfers. If .Ar class is .Dq none or .Ar size is not specified, use the default. .It Sy modify Ar class Op Sy off If .Ar class is .Dq none or .Sy off is specified, disable the following commands: .Sy CHMOD , .Sy DELE , .Sy MKD , .Sy RMD , .Sy RNFR , and .Sy UMASK . Otherwise, enable them. .It Sy motd Ar class Op Ar file If .Ar file is not specified or .Ar class is .Dq none , disable this. Otherwise, use .Ar file as the message of the day file to display after login. Escape sequences are supported; refer to .Sx Display file escape sequences in .Xr ftpd 8 for more information. If .Ar file is a relative path, it will be searched for in .Pa /etc (which can be overridden with .Fl c Ar confdir ) . .It Sy notify Ar class Op Ar fileglob If .Ar fileglob is not specified or .Ar class is .Dq none , disable this. Otherwise, each time the user enters a new directory, notify the user of any files matching .Ar fileglob . .It Sy passive Ar class Op Sy off If .Ar class is .Dq none or .Sy off is specified, prevent passive .Sy ( PASV , .Sy LPSV , and .Sy EPSV ) connections. Otherwise, enable them. .It Sy portrange Ar class Op Ar min Ar max Set the range of port number which will be used for the passive data port. .Ar max must be greater than .Ar min , and both numbers must be between .Dv IPPORT_RESERVED (1024) and 65535. If .Ar class is .Dq none or no arguments are specified, disable this. .It Sy private Ar class Op Sy off If .Ar class is .Dq none or .Sy off is specified, do not display class information in the output of the .Sy STAT command. Otherwise, display the information. .It Sy rateget Ar class Op Ar rate Set the maximum get .Pq Sy RETR transfer rate throttle for .Ar class to .Ar rate bytes per second. If .Ar rate is 0, the throttle is disabled. If .Ar class is .Dq none or .Ar rate is not specified, disable this. .It Sy rateput Ar class Op Ar rate Set the maximum put .Pq Sy STOR transfer rate throttle for .Ar class to .Ar rate bytes per second. If .Ar rate is 0, the throttle is disabled. If .Ar class is .Dq none or .Ar rate is not specified, disable this. .It Sy readsize Ar class Op Ar size Set the size of the read buffer to .Xr read 2 a file. The default is the file system block size. This option affects only binary transfers. If .Ar class is .Dq none or .Ar size is not specified, use the default. .It Sy recvbufsize Ar class Op Ar size Set the size of the socket receive buffer. The default is zero and the system default value will be used. This option affects only passive transfers. If .Ar class is .Dq none or .Ar size is not specified, use the default. .It Sy sanenames Ar class Op Sy off If .Ar class is .Dq none or .Sy off is specified, allow uploaded file names to contain any characters valid for a file name. Otherwise, only permit file names which don't start with a .Sq \&. and only comprise of characters from the set .Dq [-+,._A-Za-z0-9] . .It Sy sendbufsize Ar class Op Ar size Set the size of the socket send buffer. The default is zero and the system default value will be used. This option affects only binary transfers. If .Ar class is .Dq none or .Ar size is not specified, use the default. .It Sy sendlowat Ar class Op Ar size Set the low water mark of socket send buffer. The default is zero and system default value will be used. This option affects only for binary transfer. If .Ar class is .Dq none or .Ar size is not specified, use the default. .It Sy template Ar class Op Ar refclass Define .Ar refclass as the .Sq template for .Ar class ; any reference to .Ar refclass in following directives will also apply to members of .Ar class . This is useful to define a template class so that other classes which are to share common attributes can be easily defined without unnecessary duplication. There can be only one template defined at a time. If .Ar refclass is not specified, disable the template for .Ar class . .It Sy timeout Ar class Op Ar time Set the inactivity timeout period. (the default is fifteen minutes). This cannot be less than 30 seconds, or greater than the value for .Sy maxtimeout . If .Ar class is .Dq none or .Ar time is not specified, use the default. .It Sy umask Ar class Op Ar umaskval Set the umask to .Ar umaskval . If .Ar class is .Dq none or .Ar umaskval is not specified, set to the default of .Li 027 . .It Sy upload Ar class Op Sy off If .Ar class is .Dq none or .Sy off is specified, disable the following commands: .Sy APPE , .Sy STOR , and .Sy STOU , as well as the modify commands: .Sy CHMOD , .Sy DELE , .Sy MKD , .Sy RMD , .Sy RNFR , and .Sy UMASK . Otherwise, enable them. .It Sy writesize Ar class Op Ar size Limit the number of bytes to .Xr write 2 at a time. The default is zero, which means all the data available as a result of .Xr mmap 2 or .Xr read 2 will be written at a time. This option affects only binary transfers. If .Ar class is .Dq none or .Ar size is not specified, use the default. .El .Ss Numeric argument suffix parsing Where command arguments are numeric, a decimal number is expected. Two or more numbers may be separated by an .Dq x to indicate a product. Each number may have one of the following optional suffixes: .Bl -tag -width 3n -offset indent -compact .It b Block; multiply by 512 .It k Kibi; multiply by 1024 (1 KiB) .It m Mebi; multiply by 1048576 (1 MiB) .It g Gibi; multiply by 1073741824 (1 GiB) .It t Tebi; multiply by 1099511627776 (1 TiB) .It w Word; multiply by the number of bytes in an integer .El .Pp See .Xr strsuftoll 3 for more information. .Sh DEFAULTS The following defaults are used: .Pp .Bd -literal -offset indent -compact checkportcmd all classtype chroot CHROOT classtype guest GUEST classtype real REAL display none limit all \-1 # unlimited connections maxtimeout all 7200 # 2 hours modify all motd all motd notify none passive all timeout all 900 # 15 minutes umask all 027 upload all modify guest off umask guest 0707 .Ed .Sh FILES .Bl -tag -width /usr/share/examples/ftpd/ftpd.conf -compact .It Pa /etc/ftpd.conf This file. .It Pa /usr/share/examples/ftpd/ftpd.conf A sample .Nm file. .El .Sh SEE ALSO .Xr strsuftoll 3 , .Xr ftpchroot 5 , .Xr ftpusers 5 , .Xr ftpd 8 .Sh HISTORY The .Nm functionality was implemented in .Nx 1.3 and later releases by Luke Mewburn, based on work by Simon Burge. @ 1.37 log @Don't use .Xo/.Xc or .Oo/.Oc over .It lines to work around the macro argument limit in ancient groff versions. @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.36 2008/09/13 02:41:52 lukem Exp $ d3 1 a3 1 .\" Copyright (c) 1997-2008 The NetBSD Foundation, Inc. d30 1 a30 1 .Dd April 13, 2007 d479 1 a479 1 and both numbers must be be between @ 1.36 log @Crank copyright dates @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.35 2008/04/30 13:10:52 martin Exp $ d212 1 a212 3 .It Xo Sy conversion Ar class .Ar suffix Op Ar "type disable command" .Xc d345 1 a345 3 .It Xo Sy limit Ar class .Op Ar count Op Ar file .Xc d474 1 a474 3 .It Sy portrange Ar class Oo .Ar min Ar max .Oc @ 1.36.6.1 log @Sync with HEAD. Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.37 2009/04/09 02:25:45 joerg Exp $ d212 3 a214 1 .It Sy conversion Ar class Ar suffix Op Ar "type disable command" d347 3 a349 1 .It Sy limit Ar class Op Ar count Op Ar file d478 3 a480 1 .It Sy portrange Ar class Op Ar min Ar max @ 1.35 log @Convert TNF licenses to new 2 clause variant @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.34 2007/12/02 19:15:07 wiz Exp $ d3 1 a3 1 .\" Copyright (c) 1997-2001, 2005, 2007 The NetBSD Foundation, Inc. @ 1.35.2.1 log @Merge in changes between wrstuden-revivesa-base-2 and wrstuden-revivesa-base-3. @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.35 2008/04/30 13:10:52 martin Exp $ d3 1 a3 1 .\" Copyright (c) 1997-2008 The NetBSD Foundation, Inc. @ 1.34 log @filetypes -> file types. @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.33 2007/04/13 01:36:10 lukem Exp $ a16 7 .\" 3. All advertising materials mentioning features or use of this software .\" must display the following acknowledgement: .\" This product includes software developed by the NetBSD .\" Foundation, Inc. and its contributors. .\" 4. Neither the name of The NetBSD Foundation nor the names of its .\" contributors may be used to endorse or promote products derived .\" from this software without specific prior written permission. @ 1.34.6.1 log @sync with head. @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.34 2007/12/02 19:15:07 wiz Exp $ d17 7 @ 1.33 log @Expand documentation on numeric argument suffix parsing, and convert to IEC 60027-2 prefixes for 2^n multiples ("KiB" instead of "KB", etc.) @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.32 2005/09/11 23:31:46 wiz Exp $ d235 1 a235 1 A list of valid filetypes for the conversion. @ 1.33.4.1 log @sync with HEAD @ text @d1 1 a1 1 .\" $NetBSD$ d235 1 a235 1 A list of valid file types for the conversion. @ 1.32 log @Remove duplicate line. From YOMURA Masanori in private mail. @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.31 2005/09/10 22:18:27 wiz Exp $ d3 1 a3 1 .\" Copyright (c) 1997-2001, 2005 The NetBSD Foundation, Inc. d37 1 a37 1 .Dd August 24, 2005 a413 2 An optional suffix may be provided as per .Sy rateget . a528 17 .Pp An optional suffix may be provided, which changes the interpretation of .Ar rate as follows: .Bl -tag -width 3n -offset indent -compact .It b Causes no modification. (Default; optional) .It k Kilo; multiply the argument by 1024 .It m Mega; multiply the argument by 1048576 .It g Giga; multiply the argument by 1073741824 .It t Tera; multiply the argument by 1099511627776 .El d536 4 a539 3 bytes per second, which is parsed as per .Sy rateget Ar rate . a551 2 An optional suffix may be provided as per .Sy rateget . a561 2 An optional suffix may be provided as per .Sy rateget . a585 2 An optional suffix may be provided as per .Sy rateget . a596 2 An optional suffix may be provided as per .Sy rateget . a677 2 An optional suffix may be provided as per .Sy rateget . d687 24 @ 1.31 log @Fix typo. @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.30 2005/08/24 15:51:41 ginsbach Exp $ a123 1 .It Sy advertise Ar class Op Ar host @ 1.30 log @* Add recvbufsize configuration option This allows for setting the passive socket's SO_RCVBUF. Option works similarly to the current sendbufsize configuration option. * Change how recveive_data() works When reading data from the socket for passive transfers to the server, receive_data() now works very similar to send_data_with_read(). Reads from the network are now done using either the filesystem block size or the configuration option readsize chunks. * Crank version.h [Changes discussed with lukem.] @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.29 2005/03/03 22:19:47 ginsbach Exp $ d582 1 a582 1 Set the size of the socket recveive buffer. @ 1.29 log @* Add hidesymlinks configuration option This adds a -L to all ls command arguments so that the file or directory the link references is listed rather than the link itself. This was inspired by IRIX ftpd's -S option. [Discussed with lukem some time ago.] * Crank version.h [right Luke? :-)] @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.28 2003/06/27 18:59:54 wiz Exp $ d37 1 a37 1 .Dd March 3, 2005 d581 13 @ 1.28 log @Add Ns. @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.27 2003/03/31 17:05:12 perry Exp $ d3 1 a3 1 .\" Copyright (c) 1997-2001 The NetBSD Foundation, Inc. d37 1 a37 1 .Dd November 30, 2002 d307 20 @ 1.27 log @behaviour->behavior I actually really like the UK spelling on this, but consistency among our man pages is also a virtue. @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.26 2003/02/25 10:34:48 wiz Exp $ d103 1 a103 1 .Xr chroot 2 ed @ 1.26 log @.Nm does not need a dummy argument ("") before punctuation or for correct formatting of the SYNOPSIS any longer. @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.25 2002/11/29 19:22:01 wiz Exp $ d173 1 a173 1 use the default behaviour (see below). d314 1 a314 1 use the default behaviour (see below). @ 1.25 log @-1 -> \-1. @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.24 2002/11/29 14:40:00 lukem Exp $ d83 1 a83 1 .Nm "" : d117 1 a117 1 .Nm "" , @ 1.24 log @- convert to using libc's strsuftoll(3) - use LLT (aka 'long long type') for all numeric class parameters - improve description of various ftpd.conf(5) options - statcmd(): print out: mmapsize readsize writesize sendbufsize sendlowat @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.23 2002/10/02 11:10:38 wiz Exp $ d343 1 a343 1 .Sq -1 d365 1 a365 1 .Sq -1 d692 1 a692 1 limit all -1 # unlimited connections @ 1.23 log @especially and interpretation instead of espcially and intrepretation. By Adrian Mrva. @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.22 2002/09/29 14:05:53 wiz Exp $ d37 1 a37 1 .Dd December 5, 2001 d124 2 a125 2 .It Sy advertise Ar class Ar host .It Sy advertize Ar class Ar host d140 3 a142 1 or no argument is given, disable this. d165 1 a165 1 is given, disable this feature, otherwise enable it. d169 1 a169 1 is not given or d204 1 a204 1 is given, use d290 1 a290 1 is given, disable this feature, otherwise enable it. d294 1 a294 1 is not given or d310 1 a310 1 is not given or d336 1 a336 1 .Ar count Op Ar file d343 1 a343 1 .Sq 0 d347 1 a347 1 is given, display its contents to the user. d361 1 a361 1 .It Sy maxfilesize Ar class Ar size d363 4 a366 1 .Ar size . d371 4 a374 2 or no argument is given, disable this. .It Sy maxtimeout Ar class Ar time d385 2 a386 2 is not specified, set to default of 2 hours. .It Sy mmapsize Ar class Ar size d398 7 d412 1 a412 1 is given, disable the following commands: d424 1 a424 1 is not given or d446 1 a446 1 is not given or d461 1 a461 1 is given, prevent passive d468 3 a470 1 .It Sy portrange Ar class Ar min Ar max d482 1 a482 1 or no arguments are given, disable this. d490 1 a490 1 is given, do not display class information in the output of the d494 1 a494 1 .It Sy rateget Ar class Ar rate d509 3 a511 1 or no arguments are given, disable this. d529 1 a529 1 .It Sy rateput Ar class Ar rate d543 4 a546 2 or no arguments are given, disable this. .It Sy readsize Ar class Ar size d554 7 d568 1 a568 1 is given, allow uploaded file names to contain any characters valid for a d574 1 a574 1 .It Sy sendbufsize Ar class Ar size d580 8 a587 1 .It Sy sendlowat Ar class Ar size d593 7 d617 1 a617 1 is not given, disable the template for d619 1 a619 1 .It Sy timeout Ar class Ar time d630 2 a631 2 is not specified, set to the default of 15 minutes. .It Sy umask Ar class Ar umaskval d649 1 a649 1 is given, disable the following commands: d663 1 a663 1 .It Sy writesize Ar class Ar size d675 7 d714 1 @ 1.22 log @Begin new sentences on new lines. Patch from Robert Elz (kre at munnari oz au). @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.21 2002/05/31 09:56:12 wiz Exp $ d153 1 a153 1 encouraged that this option be used, espcially for sites concerned d495 1 a495 1 An optional suffix may be provided, which changes the intrepretation of @ 1.21 log @Grammar fixes in last. @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.20 2002/05/30 00:24:47 enami Exp $ d386 2 a387 1 instead. The default is zero. d500 2 a501 1 Causes no modification. (Default; optional) d625 2 a626 2 at a time. The default is zero, which means all the data available as a result of @ 1.20 log @Add optional mmap(2)/write(2) support for binary file transfer. The default is read(2)/write(2). Note that the sosend_loan needs some more work for better performance when a file isn't cached. @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.19 2002/01/15 02:20:50 wiz Exp $ d380 1 a380 1 Set the size of sliding window to map a file using d389 1 a389 1 This option affects only for binary transfer. d525 1 a525 1 Set the size of read buffer to d528 1 a528 1 The default is file system block size. d531 1 a531 1 This option affects only for binary transfer. d546 1 a546 1 Set the size of socket send buffer. d549 2 a550 2 The default is zero and system default value will be used. This option affects only for binary transfer. d623 2 a624 2 at a time. The default is zero and whole data available as a resul of d631 1 a631 1 This option affects only for binary transfer. @ 1.19 log @Whitespace nits. @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.18 2001/12/04 13:54:13 lukem Exp $ d379 11 d524 8 d545 12 d620 12 @ 1.19.2.1 log @Pullup rev 1.20-1.28 (requested by he in ticket #1739) Update to NetBSD ftpd 20040809. Fixes SA#2004-009. @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.19 2002/01/15 02:20:50 wiz Exp $ d37 1 a37 1 .Dd November 30, 2002 d83 1 a83 1 .Nm : d103 1 a103 1 .Xr chroot 2 Ns ed d117 1 a117 1 .Nm , d124 2 a125 2 .It Sy advertise Ar class Op Ar host .It Sy advertize Ar class Op Ar host d140 1 a140 3 or .Ar host not is specified, disable this. d153 1 a153 1 encouraged that this option be used, especially for sites concerned d163 1 a163 1 is specified, disable this feature, otherwise enable it. d167 1 a167 1 is not specified or d171 1 a171 1 use the default behavior (see below). d202 1 a202 1 is specified, use d288 1 a288 1 is specified, disable this feature, otherwise enable it. d292 1 a292 1 is not specified or d308 1 a308 1 is not specified or d312 1 a312 1 use the default behavior (see below). d334 1 a334 1 .Op Ar count Op Ar file d341 1 a341 1 .Sq \-1 d345 1 a345 1 is specified, display its contents to the user. d359 1 a359 1 .It Sy maxfilesize Ar class Op Ar size d361 1 a361 4 .Ar size , with .Sq \-1 meaning unlimited connections. d366 2 a367 4 or .Ar size is not specified, disable this. .It Sy maxtimeout Ar class Op Ar time d378 1 a378 20 is not specified, use the default. .It Sy mmapsize Ar class Op Ar size Set the size of the sliding window to map a file using .Xr mmap 2 . If zero, .Xr ftpd 8 will use .Xr read 2 instead. The default is zero. An optional suffix may be provided as per .Sy rateget . This option affects only binary transfers. If .Ar class is .Dq none or .Ar size is not specified, use the default. d386 1 a386 1 is specified, disable the following commands: d398 1 a398 1 is not specified or d420 1 a420 1 is not specified or d435 1 a435 1 is specified, prevent passive d442 1 a442 3 .It Sy portrange Ar class Oo .Ar min Ar max .Oc d454 1 a454 1 or no arguments are specified, disable this. d462 1 a462 1 is specified, do not display class information in the output of the d466 1 a466 1 .It Sy rateget Ar class Op Ar rate d481 1 a481 3 or .Ar rate is not specified, disable this. d483 1 a483 1 An optional suffix may be provided, which changes the interpretation of d488 1 a488 2 Causes no modification. (Default; optional) d498 1 a498 1 .It Sy rateput Ar class Op Ar rate d512 1 a512 18 or .Ar rate is not specified, disable this. .It Sy readsize Ar class Op Ar size Set the size of the read buffer to .Xr read 2 a file. The default is the file system block size. An optional suffix may be provided as per .Sy rateget . This option affects only binary transfers. If .Ar class is .Dq none or .Ar size is not specified, use the default. d520 1 a520 1 is specified, allow uploaded file names to contain any characters valid for a a525 26 .It Sy sendbufsize Ar class Op Ar size Set the size of the socket send buffer. An optional suffix may be provided as per .Sy rateget . The default is zero and the system default value will be used. This option affects only binary transfers. If .Ar class is .Dq none or .Ar size is not specified, use the default. .It Sy sendlowat Ar class Op Ar size Set the low water mark of socket send buffer. An optional suffix may be provided as per .Sy rateget . The default is zero and system default value will be used. This option affects only for binary transfer. If .Ar class is .Dq none or .Ar size is not specified, use the default. d543 1 a543 1 is not specified, disable the template for d545 1 a545 1 .It Sy timeout Ar class Op Ar time d556 2 a557 2 is not specified, use the default. .It Sy umask Ar class Op Ar umaskval d575 1 a575 1 is specified, disable the following commands: a588 19 .It Sy writesize Ar class Op Ar size Limit the number of bytes to .Xr write 2 at a time. The default is zero, which means all the data available as a result of .Xr mmap 2 or .Xr read 2 will be written at a time. An optional suffix may be provided as per .Sy rateget . This option affects only binary transfers. If .Ar class is .Dq none or .Ar size is not specified, use the default. d599 1 a599 1 limit all \-1 # unlimited connections a620 1 .Xr strsuftoll 3 , @ 1.18 log @Add two new ftpd.conf(5) directives: - 'denyquick'; deny a connection so tagged by ftpusers(5) after the USER command instead of the PASS command. whilst this might provide some info leakage of accounts names if you have some `real' or `chroot' users enabled and not others, it does prevent accidental entering of such passwords if you have all such users denied. This option is strongly recommended on anonymous-only servers. Functionality requested by Rob Windsor in [bin/12602] - 'private'; don't display class related information in the output of STAT. For paranoid admins. @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.17 2001/07/08 07:27:14 lukem Exp $ d216 1 a216 1 .Ar type d448 1 a448 1 .Dv IPPORT_RESERVED d504 1 a504 1 .Ar rate d566 1 a566 1 is not specified, set to the default of @ 1.17 log @Alan Barrett informs me that "advertise" (instead of "advertize") is the norm even in American English. @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.16 2001/06/26 19:30:45 lukem Exp $ d37 1 a37 1 .Dd July 8, 2001 d117 4 a120 1 .Nm "" . d262 27 d435 1 a435 1 is given, disallow passive d455 11 @ 1.16 log @s/tise/tize/ in docco, add "advertize" as synonym for "advertise" @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.15 2000/12/18 02:32:51 lukem Exp $ d37 1 a37 1 .Dd June 27, 2001 d123 1 a123 1 Set the address to advertize in the response to the d131 1 a131 1 ftp clients may not work if the address being advertized is different @ 1.15 log @Features: * Add ftpd.conf(5) directive `advertise'; change the address that is advertised to the client for PASV transfers. this may be useful in certain firewall/NAT environments. Feature requested in [bin/9606] by Scott Presnell. * Add -X option; syslog wu-ftpd style xferlog messages, prefixed with `xferlog: '. An example line from syslog (wrapped): Dec 16 18:50:24 odysseus ftpd[571]: xferlog: Sat Dec 16 18:50:24 2000 2 localhost 3747328 /pub/WLW2K601.EXE b _ o a lukem@@ FTP 0 * c These messages can be converted to a wu-ftpd style xferlog file suitable for parsing with third-party tools with something like: grep 'xferlog: ' /var/log/xferlog | \ sed -e 's/^.*xferlog: //' >wuxferlog The format is the same as the wu-ftpd xferlog entries (with the leading syslog stuff), but different from the wu-ftpd syslogged xferlog entries because the latter is not as easy to convert into the standard xferlog file format. The choice to only syslog the xferlog messages rather than append to a /var/log/xferlog file was made because the latter doesn't work to well in the situation where the logfile is rotated and compressed and a long-running ftpd still has a file-descriptor to the now nonexistant xferlog file, and the log message will then get lost. Feature requested in [bin/11651] by Hubert Feyrer. Fixes: * In ftpd(8), clarify the -a and -c options. * More clarifications in ftpd.conf(5). * Ensure that all ftpd.conf commands set a parameter back to sane defaults if an argument of `none' or bad settings are given. * Support the `chroot' directive for `REAL' users too (for consistency). * For `GUEST' users, store the supplied password in pw->pw_passwd for use later in the xferlog. * If show_chdir_messages() is given a code of -1, flush the cache of visited directories. Invoke show_chdir_messages(-1) in end_login(). * Only syslog session stats if logging is requested. * Rename logcmd() -> logxfer(), and dolog() -> logremotehost(). * Use cprintf() instead of fprintf() where appropriate. * Minor KNF, and make a couple of functions static that were declared static. @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.14 2000/11/16 13:15:14 lukem Exp $ d3 1 a3 1 .\" Copyright (c) 1997-2000 The NetBSD Foundation, Inc. d37 1 a37 1 .Dd December 18, 2000 d122 2 a123 1 Set the address to advertise in the response to the d131 1 a131 1 ftp clients may not work if the address being advertised is different @ 1.14 log @- new ftpd.conf directives: maxfilesize set the maximum size of uploaded files sanenames if set, only permit uploaded filenames that contain characters from the set "-+,._A-Za-z0-9" and that don't start with `.' - new/changed command line options: -e emailaddr define email address for %E (see below) -P dataport use dataport as the dataport (instead of ctrlport-1) -q use pid files to count users [default] -Q don't use pid files to count users -u write entries to utmp -U don't write entries to utmp [default] -w write entries to wtmp [default] -W don't write entries to wtmp NOTE: -U used to mean `write utmp entries'. Its meaning has changed so that it's orthogonal with -q/-Q and -w/-W. This isn't considered a major problem, because using -U isn't going to enable something you don't want, but will disable something you did want (which is safer). - new display file escape sequences: %E email address %s literal `s' if the previous %M or %N wasn't ``1''. %S literal `S' if the previous %M or %N wasn't ``1''. - expand the description of building ~ftp/incoming to cover the appropriate ftpd.conf(5) directives (which are defaults, but it pays to explicitly explain them) - replace strsuftoi() with strsuftoll(), which returns a long long if supported, otherwise a long - rework the way that check_modify and check_upload are done in the yacc parser; they're merged into a common check_write() function which is called explicitly - merge all ftpclass `flag variables' into a single bitfield-based flag element - move various common bits of parse_conf() into a couple of macros - clean up some comments @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.13 2000/11/07 06:58:08 lukem Exp $ d37 1 a37 1 .Dd November 16, 2000 d121 16 d139 1 a139 1 PORT d142 1 a142 1 PORT d191 17 a207 9 The default root directory is .Pa / for .Sy REAL users, and the user's home directory for .Sy GUEST and .Sy CHROOT users. a273 20 .It Xo Sy limit Ar class .Ar count Op Ar file .Xc Limit the maximum number of concurrent connections for .Ar class to .Ar count , with .Sq 0 meaning unlimited connections. If the limit is exceeded and .Ar file is given, display its contents to the user. Ignored if .Ar class is .Dq none or .Ar count is not specified. d302 26 d331 5 d341 1 a341 1 Ignored if d347 1 a347 1 is not specified. d356 7 a362 1 CHMOD, DELE, MKD, RMD, RNFR, and UMASK. d380 6 d404 6 a409 1 is given, disallow passive (PASV/LPSV/EPSV) connections. d419 5 d425 3 a427 1 Set the maximum get (RETR) transfer rate throttle for d435 5 d446 1 a446 1 Causes no modification. (Optional) d453 2 d457 3 a459 1 Set the maximum put (STOR) transfer rate throttle for d466 5 d508 1 a508 1 Ignored if d514 1 a514 1 is not specified. d518 1 a518 1 Ignored if d524 2 a525 1 is not specified. d534 4 a537 1 APPE, STOR, and STOU, d539 7 a545 1 CHMOD, DELE, MKD, RMD, RNFR, and UMASK. @ 1.13 log @slight rework @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.12 2000/11/07 06:51:13 lukem Exp $ d37 1 a37 1 .Dd November 7, 2000 d61 1 a61 1 A directive line has the format d214 1 a214 1 A filename of d298 3 d398 13 @ 1.12 log @reorganise slightly to make it more obvious what the actual syntax of a configuration line is. @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.11 2000/07/23 14:40:48 lukem Exp $ d62 1 a62 1 .D1 Ic command Em class Op Ar \&... @ 1.11 log @* make checkportcmd the default. this breaks third-party proxy ftp but prevents the ftp bounce attack, and we should be secure out of the box, not require users to tweak obscure stuff. * allow the version string reported to clients to be changed with '-V vers'. if vers is empty or `-', don't report a version. * if -r is given, permanently drop root privs * if not a REAL user (i.e, GUEST or CHROOT), and ftpd is running on a port > IPPORT_RESERVED+1, permanently drop root privs * don't bother reverting to root privs to logout of wtmp/utmp; since the file descriptor is already open this isn't necessary. * fix the binding of the port for the PORT/LPRT/EPRT connection to be the ctrl_addr.su_port-1, not hardcoded to `20' (this was broken in the ipv6 merge). if root privs have been dropped, and this would be a port < IPPORT_RESERVED, use a random port instead (which isn't RFC959 compliant but it doesn't appear that many clients care). * prevent login of a new user if privs have been dropped and already logged in as a REAL user (existing check already stops GUEST & CHROOT users). * move the port check stuff into a separate port_check() function, and use for PORT, LPRT, and EPRT checks. inspired by freebsd * minor KNF * minor man page cleanup @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.10 2000/07/17 02:30:55 lukem Exp $ d37 1 a37 1 .Dd July 23, 2000 d52 22 d75 1 a75 1 .Sy class , d78 1 a78 1 .Sy class a112 19 .Nm consists of a series of lines, each of which may contain a configuration directive, a comment, or a blank line. Directives that appear later in the file override settings by previous directives. This allows .Sq wildcard entries to define defaults, and then have class-specific overrides. .Pp A .Dq \e is the escape character; it can be used to escape the meaning of the comment character, or if it is the last character on a line, extends a configuration directive across multiple lines. A .Dq # is the comment character, and all characters from it to the end of line are ignored (unless it is escaped with the escape character). .Pp d363 1 a363 3 (1024) and .Dv IPPORT_ANONMAX (65535). @ 1.10 log @* add two new ftpd.conf(5) directives: chroot specify dir to chroot to for GUEST and CHROOT users, to override -a anondir or the user's homedir. homedir specify dir to change to upon login; also used for ~ expansion and $HOME for subprocesses) both of these can take % escapes: %u (username), %d (homedir), %c (class). * fix NLST to take a pathname not a STRING, so that ~ expansion works * modify CWD to use the homedir parsed from curclass.homedir * implement format_path(dst, src), to parse src expanding % escapes (see above) into dst. * rename format_file() to display_file() @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.9 2000/06/20 07:39:48 lukem Exp $ d37 1 a37 1 .Dd July 17, 2000 d452 1 a452 1 checkportcmd none @ 1.9 log @fix problems noted by in [bin/10390] and private email: * fix RATE{GET,PUT} under some situations when the client is slower than the server (something i missed when migrating the rate limiting code i wrote in ftp(1) to ftpd(8)) * document what units RATE{GET,PUT} use @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.8 2000/01/12 22:39:29 lukem Exp $ d37 1 a37 1 .Dd June 20, 2000 d69 22 d141 40 d185 2 a186 23 .Ar type . .Ar type may be one of: .Bl -tag -width "CHROOT" -offset indent .It Sy GUEST Guests (as per the .Dq anonymous and .Dq ftp logins). A .Xr chroot 2 is performed after login. .It Sy CHROOT .Xr chroot 2 ed users (as per .Xr ftpchroot 5 ) . A .Xr chroot 2 is performed after login. .It Sy REAL Normal users. .El d267 28 @ 1.8 log @* add ftpd.conf directive `portrange class min max', which allows specification of the port range used by passive connections. based on work in [bin/9158] from Takahiro Kambe * change the way global variables are defined and extern-ed to be more consistent. @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.7 2000/01/09 10:08:45 lukem Exp $ d37 1 a37 1 .Dd January 11, 2000 d298 2 a299 1 .Ar rate . d321 2 a322 1 .Ar rate , @ 1.8.4.1 log @Pull up revision 1.9: - fix RATE{GET,PUT} when the client is slower than the rate limit - document units RATE{GET,PUT} use Fixes PR#10390 @ text @d1 1 a1 1 .\" $NetBSD$ d37 1 a37 1 .Dd June 20, 2000 d298 1 a298 2 .Ar rate bytes per second. d320 1 a320 2 .Ar rate bytes per second, @ 1.8.4.2 log @user visible changes (besides checking the cvs log): * make checkportcmd the default * add -r; force permanent drop of root privs after login * add -V vers; change version string to vers * add -H; act as -h `hostname` * permanently drop root privs if it makes sense to do so (e.g; logging in as guest/chroot user on a port > 1024) * fix reference to draft-ietf-ftpext-mlst-11 * add ftpd.conf directives: chroot, homedir * fix base64_encode() and generation of the unique fact * crank version to 20000723 @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.11 2000/07/23 14:40:48 lukem Exp $ d37 1 a37 1 .Dd July 23, 2000 a68 22 Each class has a type, which may be one of: .Bl -tag -width "CHROOT" -offset indent .It Sy GUEST Guests (as per the .Dq anonymous and .Dq ftp logins). A .Xr chroot 2 is performed after login. .It Sy CHROOT .Xr chroot 2 ed users (as per .Xr ftpchroot 5 ) . A .Xr chroot 2 is performed after login. .It Sy REAL Normal users. .El .Pp d119 2 a120 4 .It Sy chroot Ar class Op Sy pathformat If .Ar pathformat is not given or d122 12 a133 6 is .Dq none , use the default behaviour (see below). Otherwise, .Ar pathformat is parsed to create a directory to create as the root directory with d135 5 a139 14 into upon login. .Pp .Ar pathformat can contain the following escape strings: .Bl -tag -width "Escape" -offset indent -compact .It Sy "Escape" .Sy Description .It "\&%c" Class name. .It "\&%d" Home directory of user. .It "\&%u" User name. .It "\&%\&%" d141 4 a144 2 .Dq \&% character. a145 16 .Pp The default root directory is .Pa / for .Sy REAL users, and the user's home directory for .Sy GUEST and .Sy CHROOT users. .It Sy classtype Ar class Ar type Set the class type of .Ar class to .Ar type (see above). a225 28 .It Sy homedir Ar class Op Sy pathformat If .Ar pathformat is not given or .Ar class is .Dq none , use the default behaviour (see below). Otherwise, .Ar pathformat is parsed to create a directory to change into upon login, and to use as the .Sq home directory of the user for tilde expansion in pathnames, etc. .Ar pathformat is parsed as per the .Sy chroot directive. .Pp The default home directory is the home directory of the user for .Sy REAL users, and .Pa / for .Sy GUEST and .Sy CHROOT users. d383 1 a383 1 checkportcmd all @ 1.8.4.3 log @sync ftpd to -current with the following revisions (for lukem/christos): Makefile 1.43-1.44 cmds.c 1.7-1.8, 1.10-1.12 conf.c 1.35-1.40 extern.h 1.32-1.38 ftpcmd.y 1.53-1.59 ftpd.8 1.58-1.63 ftpd.c 1.102-1.104, 1.106-1.122 ftpd.conf.5 1.12-1.15 ftpusers.5 1.8 logwtmp.c 1.16 popen.c 1.23-1.25 version.h 1.28 a quick summary of user-visible changes; - fix glob DoS by using GLOB_LIMIT - add ftpd.conf directives `advertise', `maxfilesize', `sanenames' - add flags: -P dataport, -X - wuftpd style log entries, -q/-Q - (en|dis)able pidfiles, -u/-U - (en|dis)able utmp, -w/-W - (en|dis)able wtmp @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.15 2000/12/18 02:32:51 lukem Exp $ d37 1 a37 1 .Dd December 18, 2000 a51 22 .Nm consists of a series of lines, each of which may contain a configuration directive, a comment, or a blank line. Directives that appear later in the file override settings by previous directives. This allows .Sq wildcard entries to define defaults, and then have class-specific overrides. .Pp A directive line has the format: .Dl command class [arguments] .Pp A .Dq \e is the escape character; it can be used to escape the meaning of the comment character, or if it is the last character on a line, extends a configuration directive across multiple lines. A .Dq # is the comment character, and all characters from it to the end of line are ignored (unless it is escaped with the escape character). .Pp d53 1 a53 1 .Em class , d56 1 a56 1 .Em class d91 19 a117 16 .It Sy advertise Ar class Ar host Set the address to advertise in the response to the .Sy PASV and .Sy LPSV commands to the address for .Ar host (which may be either a host name or IP address). This may be useful in some firewall configurations, although many ftp clients may not work if the address being advertised is different to the address that they've connected to. If .Ar class is .Dq none or no argument is given, disable this. d120 1 a120 1 .Sy PORT d123 1 a123 1 .Sy PORT d172 9 a180 17 The default root directory is: .Bl -tag -width "CHROOT" -offset indent -compact .It Sy CHROOT The user's home directory. .It Sy GUEST If .Fl a Ar anondir is given, use .Ar anondir , otherwise the home directory of the .Sq ftp user. .It Sy REAL By default no .Xr chroot 2 is performed. .El d211 1 a211 1 A file name of d247 20 a294 34 .It Xo Sy limit Ar class .Ar count Op Ar file .Xc Limit the maximum number of concurrent connections for .Ar class to .Ar count , with .Sq 0 meaning unlimited connections. If the limit is exceeded and .Ar file is given, display its contents to the user. If .Ar class is .Dq none or .Ar count is not specified, disable this. If .Ar file is a relative path, it will be searched for in .Pa /etc (which can be overridden with .Fl c Ar confdir ) . .It Sy maxfilesize Ar class Ar size Set the maximum size of an uploaded file to .Ar size . If .Ar class is .Dq none or no argument is given, disable this. d300 1 a300 1 If d306 1 a306 1 is not specified, set to default of 2 hours. d315 1 a315 7 .Sy CHMOD , .Sy DELE , .Sy MKD , .Sy RMD , .Sy RNFR , and .Sy UMASK . a332 6 If .Ar file is a relative path, it will be searched for in .Pa /etc (which can be overridden with .Fl c Ar confdir ) . d351 1 a351 6 is given, disallow passive .Sy ( PASV , .Sy LPSV , and .Sy EPSV ) connections. d360 3 a362 6 (1024) and 65535. If .Ar class is .Dq none or no arguments are given, disable this. d364 1 a364 3 Set the maximum get .Pq Sy RETR transfer rate throttle for a371 5 If .Ar class is .Dq none or no arguments are given, disable this. d378 1 a378 1 Causes no modification. (Default; optional) a384 2 .It t Tera; multiply the argument by 1099511627776 d387 1 a387 3 Set the maximum put .Pq Sy STOR transfer rate throttle for a393 18 If .Ar class is .Dq none or no arguments are given, disable this. .It Sy sanenames Ar class Op Sy off If .Ar class is .Dq none or .Sy off is given, allow uploaded file names to contain any characters valid for a file name. Otherwise, only permit file names which don't start with a .Sq \&. and only comprise of characters from the set .Dq [-+,._A-Za-z0-9] . d418 1 a418 1 If d424 1 a424 1 is not specified, set to the default of 15 minutes. d428 1 a428 1 If d434 1 a434 2 is not specified, set to the default of .Li 027 . d443 1 a443 4 .Sy APPE , .Sy STOR , and .Sy STOU , d445 1 a445 7 .Sy CHMOD , .Sy DELE , .Sy MKD , .Sy RMD , .Sy RNFR , and .Sy UMASK . @ 1.8.4.4 log @Pullup rev 1.16-1.28 (requested by he in ticket #158) Update to NetBSD ftpd 20040809. Fixes SA#2004-009. @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.8.4.3 2001/03/29 14:14:18 lukem Exp $ d3 1 a3 1 .\" Copyright (c) 1997-2001 The NetBSD Foundation, Inc. d37 1 a37 1 .Dd November 30, 2002 d83 1 a83 1 .Nm : d103 1 a103 1 .Xr chroot 2 Ns ed d117 1 a117 4 .Nm , unless the .Sy private directive is set for the class. d121 1 a121 2 .It Sy advertise Ar class Op Ar host .It Sy advertize Ar class Op Ar host d136 1 a136 3 or .Ar host not is specified, disable this. d149 1 a149 1 encouraged that this option be used, especially for sites concerned d159 1 a159 1 is specified, disable this feature, otherwise enable it. d163 1 a163 1 is not specified or d167 1 a167 1 use the default behavior (see below). d198 1 a198 1 is specified, use d212 1 a212 1 .Ar type a257 27 .It Sy denyquick Ar class Op Sy off Enforce .Xr ftpusers 5 rules after the .Sy USER command is received, rather than after the .Sy PASS command is received. Whilst enabling this feature may allow information leakage about available accounts (for example, if you allow some users of a .Sy REAL or .Sy CHROOT class but not others), it is useful in preventing a denied user (such as .Sq root ) from entering their password across an insecure connection. This option is .Em strongly recommended for servers which run an anonymous-only service. If .Ar class is .Dq none or .Sy off is specified, disable this feature, otherwise enable it. d261 1 a261 1 is not specified or d277 1 a277 1 is not specified or d281 1 a281 1 use the default behavior (see below). d303 1 a303 1 .Op Ar count Op Ar file d310 1 a310 1 .Sq \-1 d314 1 a314 1 is specified, display its contents to the user. d328 1 a328 1 .It Sy maxfilesize Ar class Op Ar size d330 1 a330 4 .Ar size , with .Sq \-1 meaning unlimited connections. d335 2 a336 4 or .Ar size is not specified, disable this. .It Sy maxtimeout Ar class Op Ar time d347 1 a347 20 is not specified, use the default. .It Sy mmapsize Ar class Op Ar size Set the size of the sliding window to map a file using .Xr mmap 2 . If zero, .Xr ftpd 8 will use .Xr read 2 instead. The default is zero. An optional suffix may be provided as per .Sy rateget . This option affects only binary transfers. If .Ar class is .Dq none or .Ar size is not specified, use the default. d355 1 a355 1 is specified, disable the following commands: d367 1 a367 1 is not specified or d389 1 a389 1 is not specified or d404 1 a404 1 is specified, prevent passive d411 1 a411 3 .It Sy portrange Ar class Oo .Ar min Ar max .Oc d417 1 a417 1 .Dv IPPORT_RESERVED d423 2 a424 13 or no arguments are specified, disable this. .It Sy private Ar class Op Sy off If .Ar class is .Dq none or .Sy off is specified, do not display class information in the output of the .Sy STAT command. Otherwise, display the information. .It Sy rateget Ar class Op Ar rate d439 1 a439 3 or .Ar rate is not specified, disable this. d441 1 a441 1 An optional suffix may be provided, which changes the interpretation of d446 1 a446 2 Causes no modification. (Default; optional) d456 1 a456 1 .It Sy rateput Ar class Op Ar rate d462 1 a462 1 .Ar rate d470 1 a470 18 or .Ar rate is not specified, disable this. .It Sy readsize Ar class Op Ar size Set the size of the read buffer to .Xr read 2 a file. The default is the file system block size. An optional suffix may be provided as per .Sy rateget . This option affects only binary transfers. If .Ar class is .Dq none or .Ar size is not specified, use the default. d478 1 a478 1 is specified, allow uploaded file names to contain any characters valid for a a483 26 .It Sy sendbufsize Ar class Op Ar size Set the size of the socket send buffer. An optional suffix may be provided as per .Sy rateget . The default is zero and the system default value will be used. This option affects only binary transfers. If .Ar class is .Dq none or .Ar size is not specified, use the default. .It Sy sendlowat Ar class Op Ar size Set the low water mark of socket send buffer. An optional suffix may be provided as per .Sy rateget . The default is zero and system default value will be used. This option affects only for binary transfer. If .Ar class is .Dq none or .Ar size is not specified, use the default. d501 1 a501 1 is not specified, disable the template for d503 1 a503 1 .It Sy timeout Ar class Op Ar time d514 2 a515 2 is not specified, use the default. .It Sy umask Ar class Op Ar umaskval d524 1 a524 1 is not specified, set to the default of d533 1 a533 1 is specified, disable the following commands: a546 19 .It Sy writesize Ar class Op Ar size Limit the number of bytes to .Xr write 2 at a time. The default is zero, which means all the data available as a result of .Xr mmap 2 or .Xr read 2 will be written at a time. An optional suffix may be provided as per .Sy rateget . This option affects only binary transfers. If .Ar class is .Dq none or .Ar size is not specified, use the default. d557 1 a557 1 limit all \-1 # unlimited connections a578 1 .Xr strsuftoll 3 , @ 1.7 log @* new ftpd.conf directive: template class [refclass] following directives for refclass will apply to class as well. this makes setting up a `template' class with many default settings easy, whilst allowing for class-specific overrides * prevent crash when the optional limitfile wasn't given to limit * document count_users() * document default setting of limit in ftpd.conf(5) * crank version @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.6 2000/01/08 11:09:56 lukem Exp $ d37 1 a37 1 .Dd January 9, 2000 d284 10 @ 1.6 log @features: * add connection limits (`limit' keyword in ftpd.conf) * move initialisation of curclass from parse_conf() to new function init_curclass() * implement count_users(), which determines the number of users in a given class. a file - /var/run/ftpd.pids- - is used to store a list of pids in use (effectively an array of pid_t's), and its size is reduced as necessary. * new % modifiers in format_file: %c class %M maximum connection count %N current connection count * always end_login()s, even for refused connections bugs fixed: * remove \n from %T output * fix some inconsistencies in the man pages * ensure that both `ftp' *and* `anonymous' are allowed in ftpusers. (this was accidently broken in a recent commit to be ``or'' not ``and'') * use MAXPATHLEN not MAXPATHLEN+1 * crank copyright date on modified files * crank version @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.5 1999/12/26 09:42:18 lukem Exp $ d37 1 a37 1 .Dd January 8, 2000 d203 1 a203 1 in d261 1 a261 1 in d293 1 a293 1 An optional suffix may be provided, which changes the intrepretation of d313 19 d376 1 @ 1.5 log @* document all classtype defaults * xref /usr/share/examples/ftpd/ftpd.conf @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.4 1999/12/18 05:51:35 lukem Exp $ d3 1 a3 1 .\" Copyright (c) 1997-1999 The NetBSD Foundation, Inc. d37 1 a37 1 .Dd December 26, 1999 d112 3 a114 1 If class is d206 20 d231 3 a233 1 Ignored if class is d239 3 a241 1 If class is d276 3 a278 1 If class is d284 4 a287 2 .It Sy rateget Ar rate Set the maximum get (RETR) transfer rate throttle to d306 4 a309 2 .It Sy rateput Ar class Set the maximum put (STOR) transfer rate throttle to d318 3 a320 1 Ignored if class is d328 3 a330 1 Ignored if class is d336 3 a338 1 If class is @ 1.5.2.1 log @file ftpd.conf.5 was added on branch wrstuden-devbsize on 1999-12-27 18:30:12 +0000 @ text @d1 348 @ 1.5.2.2 log @Pull up to last week's -current. @ text @a0 342 .\" $NetBSD: ftpd.conf.5,v 1.5.2.1 1999/12/27 18:30:12 wrstuden Exp $ .\" .\" Copyright (c) 1997-1999 The NetBSD Foundation, Inc. .\" All rights reserved. .\" .\" This code is derived from software contributed to The NetBSD Foundation .\" by Luke Mewburn. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. All advertising materials mentioning features or use of this software .\" must display the following acknowledgement: .\" This product includes software developed by the NetBSD .\" Foundation, Inc. and its contributors. .\" 4. Neither the name of The NetBSD Foundation nor the names of its .\" contributors may be used to endorse or promote products derived .\" from this software without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" .Dd December 16, 1999 .Dt FTPD.CONF 5 .Os .Sh NAME .Nm ftpd.conf .Nd .Xr ftpd 8 configuration file .Sh DESCRIPTION The .Nm file specifies various configuration options for .Xr ftpd 8 that apply once a user has authenticated their connection. .Pp Each authenticated user is a member of a .Sy class , which is determined by .Xr ftpusers 5 . .Sy class is used to determine which .Nm entries apply to the user. The following special classes exist when parsing entries in .Nm "" : .Bl -tag -width "chroot" -compact -offset indent .It Sy all Matches any class. .It Sy none Matches no class. .El .Pp .Nm consists of a series of lines, each of which may contain a configuration directive, a comment, or a blank line. Directives that appear later in the file override settings by previous directives. This allows .Sq wildcard entries to define defaults, and then have class-specific overrides. .Pp A .Dq \e is the escape character; it can be used to escape the meaning of the comment character, or if it is the last character on a line, extends a configuration directive across multiple lines. A .Dq # is the comment character, and all characters from it to the end of line are ignored (unless it is escaped with the escape character). .Pp The .Xr ftpd 8 .Sy STAT command will return the class settings for the current user as defined by .Nm "" . .Pp Each configuration line may be one of: .Bl -tag -width 4n .It Sy checkportcmd Ar class Op Sy off Check the PORT command for validity. The PORT command will fail if the IP address specified does not match the .Tn FTP command connection, or if the remote TCP port number is less than .Dv IPPORT_RESERVED . It is .Em strongly encouraged that this option be used, espcially for sites concerned with potential security problems with .Tn FTP bounce attacks. If class is .Dq none or .Sy off is given, disable this feature, otherwise enable it. .It Sy classtype Ar class Ar type Set the class type of .Ar class to .Ar type . .Ar type may be one of: .Bl -tag -width "CHROOT" -offset indent .It Sy GUEST Guests (as per the .Dq anonymous and .Dq ftp logins). A .Xr chroot 2 is performed after login. .It Sy CHROOT .Xr chroot 2 ed users (as per .Xr ftpchroot 5 ) . A .Xr chroot 2 is performed after login. .It Sy REAL Normal users. .El .It Xo Sy conversion Ar class .Ar suffix Op Ar "type disable command" .Xc Define an automatic in-line file conversion. If a file to retrieve ends in .Ar suffix , and a real file (sans .Ar suffix ) exists, then the output of .Ar command is returned instead of the contents of the file. .Pp .Bl -tag -width "disable" -offset indent .It Ar suffix The suffix to initiate the conversion. .It Ar type A list of valid filetypes for the conversion. Valid types are: .Sq f (file), and .Sq d (directory). .It Ar disable The name of file that will prevent conversion if it exists. A filename of .Dq Pa \&. will prevent this disabling action (i.e., the conversion is always permitted.) .It Ar command The command to run for the conversion. The first word should be the full path name of the command, as .Xr execv 3 is used to execute the command. All instances of the word .Dq %s in .Ar command are replaced with the requested file (sans .Ar suffix ) . .El .Pp Conversion directives specified later in the file override earlier conversions with the same suffix. .It Sy display Ar class Op Ar file If .Ar file is not given or .Ar class is .Dq none , disable this. Otherwise, each time the user enters a new directory, check if .Ar file exists, and if so, display its contents to the user. Escape sequences are supported; refer to .Sx Display file escape sequences in .Xr ftpd 8 for more information. .It Sy maxtimeout Ar class Ar time Set the maximum timeout period that a client may request, defaulting to two hours. This cannot be less than 30 seconds, or the value for .Sy timeout . Ignored if class is .Dq none or .Ar time is not specified. .It Sy modify Ar class Op Sy off If class is .Dq none or .Sy off is given, disable the following commands: CHMOD, DELE, MKD, RMD, RNFR, and UMASK. Otherwise, enable them. .It Sy motd Ar class Op Ar file If .Ar file is not given or .Ar class is .Dq none , disable this. Otherwise, use .Ar file as the message of the day file to display after login. Escape sequences are supported; refer to .Sx Display file escape sequences in .Xr ftpd 8 for more information. .It Sy notify Ar class Op Ar fileglob If .Ar fileglob is not given or .Ar class is .Dq none , disable this. Otherwise, each time the user enters a new directory, notify the user of any files matching .Ar fileglob . .It Sy passive Ar class Op Sy off If class is .Dq none or .Sy off is given, disallow passive (PASV/LPSV/EPSV) connections. Otherwise, enable them. .It Sy rateget Ar rate Set the maximum get (RETR) transfer rate throttle to .Ar rate . If .Ar rate is 0, the throttle is disabled. .Pp An optional suffix may be provided, which changes the intrepretation of .Ar rate as follows: .Bl -tag -width 3n -offset indent -compact .It b Causes no modification. (Optional) .It k Kilo; multiply the argument by 1024 .It m Mega; multiply the argument by 1048576 .It g Giga; multiply the argument by 1073741824 .El .It Sy rateput Ar class Set the maximum put (STOR) transfer rate throttle to .Ar rate , which is parsed as per .Sy rateget Ar rate . .It Sy timeout Ar class Ar time Set the inactivity timeout period. (the default is fifteen minutes). This cannot be less than 30 seconds, or greater than the value for .Sy maxtimeout . Ignored if class is .Dq none or .Ar time is not specified. .It Sy umask Ar class Ar umaskval Set the umask to .Ar umaskval . Ignored if class is .Dq none or .Ar umaskval is not specified. .It Sy upload Ar class Op Sy off If class is .Dq none or .Sy off is given, disable the following commands: APPE, STOR, and STOU, as well as the modify commands: CHMOD, DELE, MKD, RMD, RNFR, and UMASK. Otherwise, enable them. .El .Sh DEFAULTS The following defaults are used: .Pp .Bd -literal -offset indent -compact checkportcmd none display none maxtimeout all 7200 # 2 hours modify all motd all motd notify none passive all timeout all 900 # 15 minutes umask all 027 upload all classtype guest GUEST modify guest off umask guest 0707 .Ed .Sh FILES .Bl -tag -width /etc/ftpd.conf -compact .It Pa /etc/ftpd.conf This file. .El .Sh SEE ALSO .Xr ftpchroot 5 , .Xr ftpusers 5 , .Xr ftpd 8 .Sh HISTORY The .Nm functionality was implemented in .Nx 1.3 and later releases by Luke Mewburn, based on work by Simon Burge. @ 1.4 log @* move version to separate header file * use .Dv and .Tn in the man pages as appropriate * KNF a bit The following were inspired by similar changes in openbsd, but may have additional improvements by me: * add more check_login tests to the parser rules * nuke a few memory leaks in the parser rules * clear passwords before free()ing them, for safety * don't display \r\n in setproctitle() output * add support for -U, which enables managing /var/run/utmp entries for connections. solves [bin/2217] by Jason Downs * fix oob handling for STAT command * use SIG_ERR instead of -1 @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.3 1999/12/16 07:05:19 lukem Exp $ d37 1 a37 1 .Dd December 16, 1999 d315 3 a326 1 classtype guest GUEST d331 1 a331 1 .Bl -tag -width /etc/ftpd.conf -compact d334 4 @ 1.3 log @install ftpusers(5) as ftpchroot(5). more cleanups @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.2 1999/12/16 06:56:49 lukem Exp $ d102 2 a103 1 command will fail if the IP address specified does not match the ftp d109 3 a111 1 with potential security problems with ftp bounce attacks. @ 1.2 log @cleanup @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.1 1999/12/16 01:16:04 lukem Exp $ d134 1 a134 3 .Xr ftpusers 5 and .Pa /etc/ftpchroot ) . d331 1 @ 1.1 log @separate ftpd.conf(5) and ftpusers(5) out from ftpd(8). xxx: still needs a bit of work @ text @d1 1 a1 1 .\" $NetBSD$ d37 1 a37 1 .Dd December 13, 1999 d50 1 a50 1 that applies once a user has authenticated their connection. d60 2 a61 1 The following special classes exist: d71 1 a71 1 configuration directive, a comment, or be a blank line. d121 1 a121 1 .Bl -tag -width "chroot" -offset indent d132 4 a135 1 Chroot-ed users (as per d168 3 a170 2 .Pa \&. will prevent this disabling action. d177 2 a178 2 The first instance of .Sq %s d181 1 a181 1 is replaced with the requested file (sans d198 5 d232 5 @