head 1.8; access; symbols NetBSD-20230930:1.1.1.11 NetBSD-20230922:1.1.1.11 NetBSD-20200615:1.1.1.10 NetBSD-20190129:1.1.1.10 NetBSD:1.1.1 NetBSD-20130321:1.1.1.10 tnftpd-20091122:1.7 NetBSD-20091107:1.1.1.10 tnftpd-20081009:1.6 tnftpd-20080929:1.6 NetBSD-20080921:1.1.1.8 tnftpd-20080609:1.5 NetBSD-20080609:1.1.1.7 NetBSD-20080504:1.1.1.7 tnftpd-20061217:1.4 tnftpd-20061204:1.4 NetBSD-20060923:1.1.1.5 NetBSD-20041201:1.1.1.4 tnftpd-20040810:1.3 NetBSD-20040809:1.1.1.4 tnftpd-20031217:1.3 tnftpd-20031210:1.3 NetBSD-20031210:1.1.1.4 tnftpd-2-0-beta3:1.1.1.3 NetBSD-20030226:1.1.1.3 NetBSD-20030223:1.1.1.2 tnftpd-2-0-beta2:1.1.1.2 NetBSD-20021208:1.1.1.2 tnftpd-2-0-beta1:1.1.1.1 NetBSD-20021026:1.1.1.1 TNF:1.1.1; locks; strict; comment @.\" @; 1.8 date 2010.01.04.05.42.35; author lukem; state dead; branches; next 1.7; 1.7 date 2009.11.07.03.26.21; author lukem; state Exp; branches; next 1.6; 1.6 date 2008.09.21.14.23.39; author lukem; state Exp; branches; next 1.5; 1.5 date 2008.06.01.03.43.30; author lukem; state Exp; branches; next 1.4; 1.4 date 2006.09.26.06.38.38; author lukem; state Exp; branches; next 1.3; 1.3 date 2003.12.10.01.52.50; author lukem; state Exp; branches; next 1.2; 1.2 date 2003.02.28.03.50.10; author lukem; state Exp; branches; next 1.1; 1.1 date 2002.10.03.02.02.20; author lukem; state Exp; branches 1.1.1.1; next ; 1.1.1.1 date 2002.10.03.02.02.20; author lukem; state Exp; branches; next 1.1.1.2; 1.1.1.2 date 2002.11.30.03.30.00; author lukem; state Exp; branches; next 1.1.1.3; 1.1.1.3 date 2003.02.26.06.59.52; author lukem; state Exp; branches; next 1.1.1.4; 1.1.1.4 date 2003.07.01.22.23.20; author lukem; state Exp; branches; next 1.1.1.5; 1.1.1.5 date 2005.09.14.02.14.07; author lukem; state Exp; branches; next 1.1.1.6; 1.1.1.6 date 2008.04.30.13.10.52; author lukem; state Exp; branches; next 1.1.1.7; 1.1.1.7 date 2008.06.01.03.26.12; author lukem; state Exp; branches; next 1.1.1.8; 1.1.1.8 date 2008.09.21.14.12.35; author lukem; state Exp; branches; next 1.1.1.9; 1.1.1.9 date 2009.04.09.02.25.45; author lukem; state Exp; branches; next 1.1.1.10; 1.1.1.10 date 2009.11.07.03.13.49; author lukem; state Exp; branches; next 1.1.1.11; 1.1.1.11 date 2023.09.23.05.26.58; author lukem; state Exp; branches; next ; commitid HXbfxKFYXNz82RFE; desc @@ 1.8 log @Remove unnecessary files; we use "@@subst@@" versions of the ftpd manuals, and the (internal) ls manual isn't installed. @ text @.\" $NetBSD: ftpd.conf.5,v 1.7 2009/11/07 03:26:21 lukem Exp $ .\" from NetBSD: ftpd.conf.5,v 1.37 2009/04/09 02:25:45 joerg Exp .\" .\" Copyright (c) 1997-2008 The NetBSD Foundation, Inc. .\" All rights reserved. .\" .\" This code is derived from software contributed to The NetBSD Foundation .\" by Luke Mewburn. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" .Dd April 13, 2007 .Dt FTPD.CONF 5 .Os .Sh NAME .Nm ftpd.conf .Nd .Xr tnftpd 8 configuration file .Sh DESCRIPTION The .Nm file specifies various configuration options for .Xr tnftpd 8 that apply once a user has authenticated their connection. .Pp .Nm consists of a series of lines, each of which may contain a configuration directive, a comment, or a blank line. Directives that appear later in the file override settings by previous directives. This allows .Sq wildcard entries to define defaults, and then have class-specific overrides. .Pp A directive line has the format: .Dl command class [arguments] .Pp A .Dq \e is the escape character; it can be used to escape the meaning of the comment character, or if it is the last character on a line, extends a configuration directive across multiple lines. A .Dq # is the comment character, and all characters from it to the end of line are ignored (unless it is escaped with the escape character). .Pp Each authenticated user is a member of a .Em class , which is determined by .Xr ftpusers 5 . .Em class is used to determine which .Nm entries apply to the user. The following special classes exist when parsing entries in .Nm : .Bl -tag -width "chroot" -compact -offset indent .It Sy all Matches any class. .It Sy none Matches no class. .El .Pp Each class has a type, which may be one of: .Bl -tag -width "CHROOT" -offset indent .It Sy GUEST Guests (as per the .Dq anonymous and .Dq ftp logins). A .Xr chroot 2 is performed after login. .It Sy CHROOT .Xr chroot 2 Ns ed users (as per .Xr ftpchroot 5 ) . A .Xr chroot 2 is performed after login. .It Sy REAL Normal users. .El .Pp The .Xr tnftpd 8 .Sy STAT command will return the class settings for the current user as defined by .Nm , unless the .Sy private directive is set for the class. .Pp Each configuration line may be one of: .Bl -tag -width 4n .It Sy advertize Ar class Op Ar host Set the address to advertise in the response to the .Sy PASV and .Sy LPSV commands to the address for .Ar host (which may be either a host name or IP address). This may be useful in some firewall configurations, although many ftp clients may not work if the address being advertised is different to the address that they've connected to. If .Ar class is .Dq none or .Ar host not is specified, disable this. .It Sy checkportcmd Ar class Op Sy off Check the .Sy PORT command for validity. The .Sy PORT command will fail if the IP address specified does not match the .Tn FTP command connection, or if the remote TCP port number is less than .Dv IPPORT_RESERVED . It is .Em strongly encouraged that this option be used, especially for sites concerned with potential security problems with .Tn FTP bounce attacks. If .Ar class is .Dq none or .Sy off is specified, disable this feature, otherwise enable it. .It Sy chroot Ar class Op Sy pathformat If .Ar pathformat is not specified or .Ar class is .Dq none , use the default behavior (see below). Otherwise, .Ar pathformat is parsed to create a directory to create as the root directory with .Xr chroot 2 into upon login. .Pp .Ar pathformat can contain the following escape strings: .Bl -tag -width "Escape" -offset indent -compact .It Sy "Escape" .Sy Description .It "\&%c" Class name. .It "\&%d" Home directory of user. .It "\&%u" User name. .It "\&%\&%" A .Dq \&% character. .El .Pp The default root directory is: .Bl -tag -width "CHROOT" -offset indent -compact .It Sy CHROOT The user's home directory. .It Sy GUEST If .Fl a Ar anondir is specified, use .Ar anondir , otherwise the home directory of the .Sq ftp user. .It Sy REAL By default no .Xr chroot 2 is performed. .El .It Sy classtype Ar class Ar type Set the class type of .Ar class to .Ar type (see above). .It Sy conversion Ar class Ar suffix Op Ar "type disable command" Define an automatic in-line file conversion. If a file to retrieve ends in .Ar suffix , and a real file (sans .Ar suffix ) exists, then the output of .Ar command is returned instead of the contents of the file. .Pp .Bl -tag -width "disable" -offset indent .It Ar suffix The suffix to initiate the conversion. .It Ar type A list of valid file types for the conversion. Valid types are: .Sq f (file), and .Sq d (directory). .It Ar disable The name of file that will prevent conversion if it exists. A file name of .Dq Pa \&. will prevent this disabling action (i.e., the conversion is always permitted.) .It Ar command The command to run for the conversion. The first word should be the full path name of the command, as .Xr execv 3 is used to execute the command. All instances of the word .Dq %s in .Ar command are replaced with the requested file (sans .Ar suffix ) . .El .Pp Conversion directives specified later in the file override earlier conversions with the same suffix. .It Sy denyquick Ar class Op Sy off Enforce .Xr ftpusers 5 rules after the .Sy USER command is received, rather than after the .Sy PASS command is received. Whilst enabling this feature may allow information leakage about available accounts (for example, if you allow some users of a .Sy REAL or .Sy CHROOT class but not others), it is useful in preventing a denied user (such as .Sq root ) from entering their password across an insecure connection. This option is .Em strongly recommended for servers which run an anonymous-only service. If .Ar class is .Dq none or .Sy off is specified, disable this feature, otherwise enable it. .It Sy display Ar class Op Ar file If .Ar file is not specified or .Ar class is .Dq none , disable this. Otherwise, each time the user enters a new directory, check if .Ar file exists, and if so, display its contents to the user. Escape sequences are supported; refer to .Sx Display file escape sequences in .Xr tnftpd 8 for more information. .It Sy hidesymlinks Ar class Op Sy off If .Ar class is .Dq none or .Sy off is specified, disable this feature. Otherwise, the .Sy LIST command lists symbolic links as the file or directory the link references .Pq Dq Li "ls -LlA" . Servers which run an anonymous service may wish to enable this feature for .Sy GUEST users, so that symbolic links do not leak names in directories that are not searchable by .Sy GUEST users. .It Sy homedir Ar class Op Sy pathformat If .Ar pathformat is not specified or .Ar class is .Dq none , use the default behavior (see below). Otherwise, .Ar pathformat is parsed to create a directory to change into upon login, and to use as the .Sq home directory of the user for tilde expansion in pathnames, etc. .Ar pathformat is parsed as per the .Sy chroot directive. .Pp The default home directory is the home directory of the user for .Sy REAL users, and .Pa / for .Sy GUEST and .Sy CHROOT users. .It Sy limit Ar class Op Ar count Op Ar file Limit the maximum number of concurrent connections for .Ar class to .Ar count , with .Sq \-1 meaning unlimited connections. If the limit is exceeded and .Ar file is specified, display its contents to the user. If .Ar class is .Dq none or .Ar count is not specified, disable this. If .Ar file is a relative path, it will be searched for in .Pa /etc (which can be overridden with .Fl c Ar confdir ) . .It Sy maxfilesize Ar class Op Ar size Set the maximum size of an uploaded file to .Ar size , with .Sq \-1 meaning unlimited connections. If .Ar class is .Dq none or .Ar size is not specified, disable this. .It Sy maxtimeout Ar class Op Ar time Set the maximum timeout period that a client may request, defaulting to two hours. This cannot be less than 30 seconds, or the value for .Sy timeout . If .Ar class is .Dq none or .Ar time is not specified, use the default. .It Sy mmapsize Ar class Op Ar size Set the size of the sliding window to map a file using .Xr mmap 2 . If zero, .Xr tnftpd 8 will use .Xr read 2 instead. The default is zero. This option affects only binary transfers. If .Ar class is .Dq none or .Ar size is not specified, use the default. .It Sy modify Ar class Op Sy off If .Ar class is .Dq none or .Sy off is specified, disable the following commands: .Sy CHMOD , .Sy DELE , .Sy MKD , .Sy RMD , .Sy RNFR , and .Sy UMASK . Otherwise, enable them. .It Sy motd Ar class Op Ar file If .Ar file is not specified or .Ar class is .Dq none , disable this. Otherwise, use .Ar file as the message of the day file to display after login. Escape sequences are supported; refer to .Sx Display file escape sequences in .Xr tnftpd 8 for more information. If .Ar file is a relative path, it will be searched for in .Pa /etc (which can be overridden with .Fl c Ar confdir ) . .It Sy notify Ar class Op Ar fileglob If .Ar fileglob is not specified or .Ar class is .Dq none , disable this. Otherwise, each time the user enters a new directory, notify the user of any files matching .Ar fileglob . .It Sy passive Ar class Op Sy off If .Ar class is .Dq none or .Sy off is specified, prevent passive .Sy ( PASV , .Sy LPSV , and .Sy EPSV ) connections. Otherwise, enable them. .It Sy portrange Ar class Op Ar min Ar max Set the range of port number which will be used for the passive data port. .Ar max must be greater than .Ar min , and both numbers must be be between .Dv IPPORT_RESERVED (1024) and 65535. If .Ar class is .Dq none or no arguments are specified, disable this. .It Sy private Ar class Op Sy off If .Ar class is .Dq none or .Sy off is specified, do not display class information in the output of the .Sy STAT command. Otherwise, display the information. .It Sy rateget Ar class Op Ar rate Set the maximum get .Pq Sy RETR transfer rate throttle for .Ar class to .Ar rate bytes per second. If .Ar rate is 0, the throttle is disabled. If .Ar class is .Dq none or .Ar rate is not specified, disable this. .It Sy rateput Ar class Op Ar rate Set the maximum put .Pq Sy STOR transfer rate throttle for .Ar class to .Ar rate bytes per second. If .Ar rate is 0, the throttle is disabled. If .Ar class is .Dq none or .Ar rate is not specified, disable this. .It Sy readsize Ar class Op Ar size Set the size of the read buffer to .Xr read 2 a file. The default is the file system block size. This option affects only binary transfers. If .Ar class is .Dq none or .Ar size is not specified, use the default. .It Sy recvbufsize Ar class Op Ar size Set the size of the socket receive buffer. The default is zero and the system default value will be used. This option affects only passive transfers. If .Ar class is .Dq none or .Ar size is not specified, use the default. .It Sy sanenames Ar class Op Sy off If .Ar class is .Dq none or .Sy off is specified, allow uploaded file names to contain any characters valid for a file name. Otherwise, only permit file names which don't start with a .Sq \&. and only comprise of characters from the set .Dq [-+,._A-Za-z0-9] . .It Sy sendbufsize Ar class Op Ar size Set the size of the socket send buffer. The default is zero and the system default value will be used. This option affects only binary transfers. If .Ar class is .Dq none or .Ar size is not specified, use the default. .It Sy sendlowat Ar class Op Ar size Set the low water mark of socket send buffer. The default is zero and system default value will be used. This option affects only for binary transfer. If .Ar class is .Dq none or .Ar size is not specified, use the default. .It Sy template Ar class Op Ar refclass Define .Ar refclass as the .Sq template for .Ar class ; any reference to .Ar refclass in following directives will also apply to members of .Ar class . This is useful to define a template class so that other classes which are to share common attributes can be easily defined without unnecessary duplication. There can be only one template defined at a time. If .Ar refclass is not specified, disable the template for .Ar class . .It Sy timeout Ar class Op Ar time Set the inactivity timeout period. (the default is fifteen minutes). This cannot be less than 30 seconds, or greater than the value for .Sy maxtimeout . If .Ar class is .Dq none or .Ar time is not specified, use the default. .It Sy umask Ar class Op Ar umaskval Set the umask to .Ar umaskval . If .Ar class is .Dq none or .Ar umaskval is not specified, set to the default of .Li 027 . .It Sy upload Ar class Op Sy off If .Ar class is .Dq none or .Sy off is specified, disable the following commands: .Sy APPE , .Sy STOR , and .Sy STOU , as well as the modify commands: .Sy CHMOD , .Sy DELE , .Sy MKD , .Sy RMD , .Sy RNFR , and .Sy UMASK . Otherwise, enable them. .It Sy writesize Ar class Op Ar size Limit the number of bytes to .Xr write 2 at a time. The default is zero, which means all the data available as a result of .Xr mmap 2 or .Xr read 2 will be written at a time. This option affects only binary transfers. If .Ar class is .Dq none or .Ar size is not specified, use the default. .El .Ss Numeric argument suffix parsing Where command arguments are numeric, a decimal number is expected. Two or more numbers may be separated by an .Dq x to indicate a product. Each number may have one of the following optional suffixes: .Bl -tag -width 3n -offset indent -compact .It b Block; multiply by 512 .It k Kibi; multiply by 1024 (1 KiB) .It m Mebi; multiply by 1048576 (1 MiB) .It g Gibi; multiply by 1073741824 (1 GiB) .It t Tebi; multiply by 1099511627776 (1 TiB) .It w Word; multiply by the number of bytes in an integer .El .Pp See .Xr strsuftoll 3 for more information. .Sh DEFAULTS The following defaults are used: .Pp .Bd -literal -offset indent -compact checkportcmd all classtype chroot CHROOT classtype guest GUEST classtype real REAL display none limit all \-1 # unlimited connections maxtimeout all 7200 # 2 hours modify all motd all motd notify none passive all timeout all 900 # 15 minutes umask all 027 upload all modify guest off umask guest 0707 .Ed .Sh FILES .Bl -tag -width /usr/share/examples/ftpd/ftpd.conf -compact .It Pa /etc/ftpd.conf This file. .It Pa /usr/share/examples/ftpd/ftpd.conf A sample .Nm file. .El .Sh SEE ALSO .Xr strsuftoll 3 , .Xr ftpchroot 5 , .Xr ftpusers 5 , .Xr tnftpd 8 .Sh HISTORY The .Nm functionality was implemented in .Nx 1.3 and later releases by Luke Mewburn, based on work by Simon Burge. @ 1.7 log @Merge NetBSD-ftpd 20091107 @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.6 2008/09/21 14:23:39 lukem Exp $ @ 1.6 log @Merge NetBSD-20080921 @ text @d1 2 a2 2 .\" $NetBSD: ftpd.conf.5,v 1.5 2008/06/01 03:43:30 lukem Exp $ .\" from NetBSD: ftpd.conf.5,v 1.36 2008/09/13 02:41:52 lukem Exp d213 1 a213 3 .It Xo Sy conversion Ar class .Ar suffix Op Ar "type disable command" .Xc d346 1 a346 3 .It Xo Sy limit Ar class .Op Ar count Op Ar file .Xc d475 1 a475 3 .It Sy portrange Ar class Oo .Ar min Ar max .Oc @ 1.5 log @merge NetBSD-ftpd 20080504 @ text @d1 2 a2 2 .\" $NetBSD: ftpd.conf.5,v 1.1.1.7 2008/06/01 03:26:12 lukem Exp $ .\" from NetBSD: ftpd.conf.5,v 1.35 2008/04/30 13:10:52 martin Exp d4 1 a4 1 .\" Copyright (c) 1997-2001, 2005, 2007 The NetBSD Foundation, Inc. @ 1.4 log @Merge NetBSD-20060923 @ text @d1 2 a2 1 .\" $NetBSD: ftpd.conf.5,v 1.3 2003/12/10 01:52:50 lukem Exp $ d4 1 a4 1 .\" Copyright (c) 1997-2001, 2005 The NetBSD Foundation, Inc. a17 7 .\" 3. All advertising materials mentioning features or use of this software .\" must display the following acknowledgement: .\" This product includes software developed by the NetBSD .\" Foundation, Inc. and its contributors. .\" 4. Neither the name of The NetBSD Foundation nor the names of its .\" contributors may be used to endorse or promote products derived .\" from this software without specific prior written permission. d31 1 a31 1 .Dd August 24, 2005 d229 1 a229 1 A list of valid filetypes for the conversion. a407 2 An optional suffix may be provided as per .Sy rateget . a522 17 .Pp An optional suffix may be provided, which changes the interpretation of .Ar rate as follows: .Bl -tag -width 3n -offset indent -compact .It b Causes no modification. (Default; optional) .It k Kilo; multiply the argument by 1024 .It m Mega; multiply the argument by 1048576 .It g Giga; multiply the argument by 1073741824 .It t Tera; multiply the argument by 1099511627776 .El d530 4 a533 3 bytes per second, which is parsed as per .Sy rateget Ar rate . a545 2 An optional suffix may be provided as per .Sy rateget . a555 2 An optional suffix may be provided as per .Sy rateget . a579 2 An optional suffix may be provided as per .Sy rateget . a590 2 An optional suffix may be provided as per .Sy rateget . a671 2 An optional suffix may be provided as per .Sy rateget . d681 24 @ 1.3 log @resolve conflicts (mainly RCSIDs) @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.1.1.4 2003/07/01 22:23:20 lukem Exp $ d3 1 a3 1 .\" Copyright (c) 1997-2001 The NetBSD Foundation, Inc. d37 1 a37 1 .Dd February 28, 2003 a123 1 .It Sy advertise Ar class Op Ar host d306 20 d580 13 @ 1.2 log @Rename to tnftpd. Crank dates. @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.1.1.3 2003/02/26 06:59:52 lukem Exp $ d103 1 a103 1 .Xr chroot 2 ed d173 1 a173 1 use the default behaviour (see below). d314 1 a314 1 use the default behaviour (see below). @ 1.1 log @Initial revision @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.23 2002/10/02 11:10:38 wiz Exp $ d37 1 a37 1 .Dd December 5, 2001 d43 1 a43 1 .Xr ftpd 8 d49 1 a49 1 .Xr ftpd 8 d83 1 a83 1 .Nm "" : d114 1 a114 1 .Xr ftpd 8 d117 1 a117 1 .Nm "" , d124 2 a125 2 .It Sy advertise Ar class Ar host .It Sy advertize Ar class Ar host d140 3 a142 1 or no argument is given, disable this. d165 1 a165 1 is given, disable this feature, otherwise enable it. d169 1 a169 1 is not given or d204 1 a204 1 is given, use d290 1 a290 1 is given, disable this feature, otherwise enable it. d294 1 a294 1 is not given or d305 1 a305 1 .Xr ftpd 8 d310 1 a310 1 is not given or d336 1 a336 1 .Ar count Op Ar file d343 1 a343 1 .Sq 0 d347 1 a347 1 is given, display its contents to the user. d361 1 a361 1 .It Sy maxfilesize Ar class Ar size d363 4 a366 1 .Ar size . d371 4 a374 2 or no argument is given, disable this. .It Sy maxtimeout Ar class Ar time d385 2 a386 2 is not specified, set to default of 2 hours. .It Sy mmapsize Ar class Ar size d390 1 a390 1 .Xr ftpd 8 d398 7 d412 1 a412 1 is given, disable the following commands: d424 1 a424 1 is not given or d435 1 a435 1 .Xr ftpd 8 d446 1 a446 1 is not given or d461 1 a461 1 is given, prevent passive d468 3 a470 1 .It Sy portrange Ar class Ar min Ar max d482 1 a482 1 or no arguments are given, disable this. d490 1 a490 1 is given, do not display class information in the output of the d494 1 a494 1 .It Sy rateget Ar class Ar rate d509 3 a511 1 or no arguments are given, disable this. d529 1 a529 1 .It Sy rateput Ar class Ar rate d543 4 a546 2 or no arguments are given, disable this. .It Sy readsize Ar class Ar size d554 7 d568 1 a568 1 is given, allow uploaded file names to contain any characters valid for a d574 1 a574 1 .It Sy sendbufsize Ar class Ar size d580 8 a587 1 .It Sy sendlowat Ar class Ar size d593 7 d617 1 a617 1 is not given, disable the template for d619 1 a619 1 .It Sy timeout Ar class Ar time d630 2 a631 2 is not specified, set to the default of 15 minutes. .It Sy umask Ar class Ar umaskval d649 1 a649 1 is given, disable the following commands: d663 1 a663 1 .It Sy writesize Ar class Ar size d675 7 d692 1 a692 1 limit all -1 # unlimited connections d714 1 d717 1 a717 1 .Xr ftpd 8 @ 1.1.1.1 log @NetBSD's libexec/ftpd from 20021026 @ text @@ 1.1.1.2 log @import libexec/ftpd from NetBSD as at 20021208 @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.25 2002/11/29 19:22:01 wiz Exp $ d37 1 a37 1 .Dd November 30, 2002 d124 2 a125 2 .It Sy advertise Ar class Op Ar host .It Sy advertize Ar class Op Ar host d140 1 a140 3 or .Ar host not is specified, disable this. d163 1 a163 1 is specified, disable this feature, otherwise enable it. d167 1 a167 1 is not specified or d202 1 a202 1 is specified, use d288 1 a288 1 is specified, disable this feature, otherwise enable it. d292 1 a292 1 is not specified or d308 1 a308 1 is not specified or d334 1 a334 1 .Op Ar count Op Ar file d341 1 a341 1 .Sq \-1 d345 1 a345 1 is specified, display its contents to the user. d359 1 a359 1 .It Sy maxfilesize Ar class Op Ar size d361 1 a361 4 .Ar size , with .Sq \-1 meaning unlimited connections. d366 2 a367 4 or .Ar size is not specified, disable this. .It Sy maxtimeout Ar class Op Ar time d378 2 a379 2 is not specified, use the default. .It Sy mmapsize Ar class Op Ar size a390 7 If .Ar class is .Dq none or .Ar size is not specified, use the default. d398 1 a398 1 is specified, disable the following commands: d410 1 a410 1 is not specified or d432 1 a432 1 is not specified or d447 1 a447 1 is specified, prevent passive d454 1 a454 3 .It Sy portrange Ar class Oo .Ar min Ar max .Oc d466 1 a466 1 or no arguments are specified, disable this. d474 1 a474 1 is specified, do not display class information in the output of the d478 1 a478 1 .It Sy rateget Ar class Op Ar rate d493 1 a493 3 or .Ar rate is not specified, disable this. d511 1 a511 1 .It Sy rateput Ar class Op Ar rate d525 2 a526 4 or .Ar rate is not specified, disable this. .It Sy readsize Ar class Op Ar size a533 7 If .Ar class is .Dq none or .Ar size is not specified, use the default. d541 1 a541 1 is specified, allow uploaded file names to contain any characters valid for a d547 1 a547 1 .It Sy sendbufsize Ar class Op Ar size d553 1 a553 8 If .Ar class is .Dq none or .Ar size is not specified, use the default. .It Sy sendlowat Ar class Op Ar size a558 7 If .Ar class is .Dq none or .Ar size is not specified, use the default. d576 1 a576 1 is not specified, disable the template for d578 1 a578 1 .It Sy timeout Ar class Op Ar time d589 2 a590 2 is not specified, use the default. .It Sy umask Ar class Op Ar umaskval d608 1 a608 1 is specified, disable the following commands: d622 1 a622 1 .It Sy writesize Ar class Op Ar size a633 7 If .Ar class is .Dq none or .Ar size is not specified, use the default. d644 1 a644 1 limit all \-1 # unlimited connections a665 1 .Xr strsuftoll 3 , @ 1.1.1.3 log @update to 20030226 @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.26 2003/02/25 10:34:48 wiz Exp $ d83 1 a83 1 .Nm : d117 1 a117 1 .Nm , @ 1.1.1.4 log @Sync to NetBSD ftpd 20031210. Notable changes: * Move UCB-licensed code from 4-clause to 3-clause licence. Patches provided by Joel Baker in PR 22284 * Add ftpd_loginx() and ftpd_logwtmpx() and use them to hold wtmpx file open while a session. Close bin/21692 by bqt@@Krille.Update.UU.SE. * Fix typos accidentally introduced in rev 1.70 as part of the large number support. (NetBSD yacc didn't barf on these, although Solaris and HP/UX's did...) * Don't declare "yylex()" static; AFAICT it shouldn't be, and it causes build problems with the output of some versions of yacc. * Use sysconf(_SC_LOGIN_NAME_MAX) to determine the length of login names, rather than assuming LOGIN_NAME_MAX. Based on patch from Garrett Wollman via David O'Brien (both at FreeBSD.org) * netbsd.org->NetBSD.org * Move Jason Downs's code from a 4-clause to a 3-clause licence by removing the advertising clause. Diffs provided in PR 22410 by Joel Baker, confirmed to the board by Jason Downs. With additional thanks to Jason Thorpe. @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.28 2003/06/27 18:59:54 wiz Exp $ d103 1 a103 1 .Xr chroot 2 Ns ed d173 1 a173 1 use the default behavior (see below). d314 1 a314 1 use the default behavior (see below). @ 1.1.1.5 log @Import NetBSD-ftpd 20060923: * Rename debug -> ftpd_debug, xstrdup -> ftpd_strdup * Fix comment about DEFAULT_UMASK. Pointed out in private mail by Tetsuya Isaki and Dmitry Sivachenko. * Add recvbufsize configuration option. This allows for setting the passive socket's SO_RCVBUF. Option works similarly to the current sendbufsize configuration option. * Change how recveive_data() works. When reading data from the socket for passive transfers to the server, receive_data() now works very similar to send_data_with_read(). Reads from the network are now done using either the filesystem block size or the configuration option readsize chunks. * Add hidesymlinks configuration option. This adds a -L to all ls command arguments so that the file or directory the link references is listed rather than the link itself. This was inspired by IRIX ftpd's -S option. * Change _PATH_FOO to _NAME_FOO where FOO is not a path. * Reorder some declarations so that parsers generated by bison can compile. Fix from Michael Richardson. * Implement option "-D", for running ftpd in standalone mode (daemon). ftpd will listen on the default FTP port for incoming connections and fork a child for each connection. This is lower overhead than starting ftpd from inetd(8) and thus might be useful on busy servers to reduce load. Inspired by FreeBSD. * Change (mostly) int to socklen_t. GCC 4 doesn't like that int and socklen_t are different signness. * Remove unreachable code (res could never be NULL here). Fixes Coverity CID 712. * Set file to NULL after calling fclose(). Fixes Coverity CID 2669. * Make sure that "su" is initialized before dereferencing it. Fixes Coverity CID 1075. * Fix some typos. * NLST should return 450 instead of 550 upon error, per RFC 959. * logxfer(): don't use the same buffer to store the results of two separate concurrent realpath(3)s, otherwise we'll log the wrong information for a rename. Noted by Dmitry Sivachenko in private mail. * s/getpwnam/sgetpwnam/ Found by John Nemeth. * Add PAM and LOGIN_CAP support. Mostly from FreeBSD. If pam is defined, then we don't fall back to other authentications even if PAM fails due to a system error (e.g. configuration problem). * Fix inverted test for expired passwords. * Cleanup utmp and utmpx support. - make them symmetric - add a function to open the wtmp file explicitly very early in the game * Apply patch from PR bin/33261 sent by FUKAOMI Naoki: "ftpd does not update wtmpx". @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.32 2005/09/11 23:31:46 wiz Exp $ d3 1 a3 1 .\" Copyright (c) 1997-2001, 2005 The NetBSD Foundation, Inc. d37 1 a37 1 .Dd August 24, 2005 d124 1 a306 20 .It Sy hidesymlinks Ar class Op Sy off If .Ar class is .Dq none or .Sy off is specified, disable this feature. Otherwise, the .Sy LIST command lists symbolic links as the file or directory the link references .Pq Dq Li "ls -LlA" . Servers which run an anonymous service may wish to enable this feature for .Sy GUEST users, so that symbolic links do not leak names in directories that are not searchable by .Sy GUEST users. a560 13 .It Sy recvbufsize Ar class Op Ar size Set the size of the socket receive buffer. An optional suffix may be provided as per .Sy rateget . The default is zero and the system default value will be used. This option affects only passive transfers. If .Ar class is .Dq none or .Ar size is not specified, use the default. @ 1.1.1.6 log @Import NetBSD-ftpd from 20080504. Changes include: * Reorganize USE_PAM so that the PAM conversation has a chance to display a custom message in the 331 reply to USER. * Remove clause 3 and 4 from TNF licenses * Switch from lockf() to (more portable) fcntl() locking * Rename HAVE_SOCKADDR_SA_LEN to HAVE_STRUCT_SOCKADDR_SA_LEN. * Use defined(HAVE_foo) instead of just testing HAVE_foo. * Replace references from draft-ietf-ftpext-mlst-NN to RFC 3659. * Explicitly note the unsupported requests from RFC 2228. * Improvements from FreeBSD: - Document `ftp-chroot' from login.conf(5). - Document that SIZE is prevented for files > 10240 bytes via ASCII transfers. * Add -n option to display addresses in logs. * Rename cred_t to ftpd_cred_t; the former causes a nameclash on Solaris. * Expand documentation on numeric argument suffix parsing, and convert to IEC 60027-2 prefixes for 2^n multiples ("KiB" instead of "KB", etc.) @ text @d1 1 a1 1 .\" $NetBSD: ftpd.conf.5,v 1.35 2008/04/30 13:10:52 martin Exp $ d3 1 a3 1 .\" Copyright (c) 1997-2001, 2005, 2007 The NetBSD Foundation, Inc. d17 7 d37 1 a37 1 .Dd April 13, 2007 d235 1 a235 1 A list of valid file types for the conversion. d414 2 d531 17 d555 3 a557 4 bytes per second. If .Ar rate is 0, the throttle is disabled. d570 2 d582 2 d608 2 d621 2 d704 2 a714 24 .Ss Numeric argument suffix parsing Where command arguments are numeric, a decimal number is expected. Two or more numbers may be separated by an .Dq x to indicate a product. Each number may have one of the following optional suffixes: .Bl -tag -width 3n -offset indent -compact .It b Block; multiply by 512 .It k Kibi; multiply by 1024 (1 KiB) .It m Mebi; multiply by 1048576 (1 MiB) .It g Gibi; multiply by 1073741824 (1 GiB) .It t Tebi; multiply by 1099511627776 (1 TiB) .It w Word; multiply by the number of bytes in an integer .El .Pp See .Xr strsuftoll 3 for more information. @ 1.1.1.7 log @Import NetBSD-ftpd from 20080504. Changes include: * Reorganize USE_PAM so that the PAM conversation has a chance to display a custom message in the 331 reply to USER. * Remove clause 3 and 4 from TNF licenses * Switch from lockf() to (more portable) fcntl() locking * Rename HAVE_SOCKADDR_SA_LEN to HAVE_STRUCT_SOCKADDR_SA_LEN. * Use defined(HAVE_foo) instead of just testing HAVE_foo. * Replace references from draft-ietf-ftpext-mlst-NN to RFC 3659. * Explicitly note the unsupported requests from RFC 2228. * Improvements from FreeBSD: - Document `ftp-chroot' from login.conf(5). - Document that SIZE is prevented for files > 10240 bytes via ASCII transfers. * Add -n option to display addresses in logs. * Rename cred_t to ftpd_cred_t; the former causes a nameclash on Solaris. * Expand documentation on numeric argument suffix parsing, and convert to IEC 60027-2 prefixes for 2^n multiples ("KiB" instead of "KB", etc.) @ text @d1 1 a1 2 .\" $NetBSD$ .\" from NetBSD: ftpd.conf.5,v 1.35 2008/04/30 13:10:52 martin Exp @ 1.1.1.8 log @Sync to NetBSD-ftpd 20080921: * Don't split large commands into multiple commands; just fail on them. This prevents CSRF-like attacks, when a web browser is used to access an ftp server. Reported by Maksymilian Arciemowicz . Fix mostly derived from OpenBSD, written by Moritz Jodeit * Enhance -C to support an optional @@host ('-C user[@@host]'): checks whether user as connecting from host would be granted access by ftpusers(5). Support IPv6 in the host directive of ftpusers(5). Both features from Rudolf Cejka (FreeBSD's tnftpd port maintainer). @ text @d2 1 a2 1 .\" from NetBSD: ftpd.conf.5,v 1.36 2008/09/13 02:41:52 lukem Exp d4 1 a4 1 .\" Copyright (c) 1997-2008 The NetBSD Foundation, Inc. @ 1.1.1.9 log @Sync to NetBSD-ftpd 20091107: * Fix WARNS=4 issues (const & sign mismatches, etc) * Ensure various ftpd.conf values can't exceed their underlying types. * Fix for 64 bit time_t and dev_t * Rename internal getline() function to get_line() so it does conflict with the getline(3) libc function. * Log both the hostname and numeric address. * Improve man page mdoc formatting @ text @d1 2 a2 1 .\" $NetBSD: ftpd.conf.5,v 1.37 2009/04/09 02:25:45 joerg Exp $ d213 3 a215 1 .It Sy conversion Ar class Ar suffix Op Ar "type disable command" d348 3 a350 1 .It Sy limit Ar class Op Ar count Op Ar file d479 3 a481 1 .It Sy portrange Ar class Op Ar min Ar max @ 1.1.1.10 log @reimport; this time after munging the RCSIDs... @ text @d1 1 a1 2 .\" $NetBSD$ .\" from NetBSD: ftpd.conf.5,v 1.37 2009/04/09 02:25:45 joerg Exp @ 1.1.1.11 log @Import NetBSD-ftpd 20230922 Notable changes since import tag NetBSD-20200615: - Treat failed chdir/chroot for guest and chroot accounts as fatal. Also treat failed set{e,}(u,g}id calls as fatal. Addresses CVE-2020-7468, via FreeBSD. - Improve seteuid error handling, per suggestion by Simon Josefsson. - Add missing check_login checks for MLST and MLSD. @ text @d2 1 a2 1 .\" from NetBSD: ftpd.conf.5,v 1.38 2020/08/22 08:08:47 lukem Exp d4 1 a4 1 .\" Copyright (c) 1997-2020 The NetBSD Foundation, Inc. d31 1 a31 1 .Dd August 22, 2020 d480 1 a480 1 and both numbers must be between @