FTPD(8) | System Manager's Manual | FTPD(8) |
ftpd
—
ftpd |
[-46DdfHlnQqrsUuWwX ] [-a
anondir] [-C
user[@host]]
[-c confdir]
[-e emailaddr]
[-h hostname]
[-L xferlogfile]
[-P dataport]
[-V version] |
ftpd
is the Internet File Transfer Protocol server
process. The server uses the TCP protocol and listens at the port specified in
the “ftp” service specification; see
services(5).
Available options:
-4
-D
is specified, bind to IPv4 addresses
only.-6
-D
is specified, bind to IPv6 addresses
only.-a
anondir-C
user[@host]ftpd
exits with
an exit code of 0 if access would be granted, or 1 otherwise. This can be
useful for testing configurations.-c
confdir-D
ftpd
will listen on the default FTP
port for incoming connections and fork a child for each connection. This
is lower overhead than starting ftpd
from
inetd(8) and thus might be
useful on busy servers to reduce load.-d
LOG_FTP
.-e
emailaddr-f
-D
flag from detaching from the tty and
going into the background.-H
-h
hostnameftpd
is listening on.
This ability (with or without -h
), in conjunction
with -c
confdir, is useful
when configuring ‘virtual’ FTP servers, each listening on
separate addresses as separate names. Refer to
inetd.conf(5) for more
information on starting services to listen on specific IP addresses.-L
xferlogfile-l
LOG_FTP
. If this option is specified
more than once, the retrieve (get), store (put), append, delete, make
directory, remove directory and rename operations and their file name
arguments are also logged.-n
-P
dataportftpd
is listening on.-Q
-q
-r
RFC 959
specification, but in
practice very few clients rely upon this behaviour. See
SECURITY CONSIDERATIONS
below for more details.-s
-U
-u
-V
version-W
-w
-X
LOG_FTP
. These syslog entries can be converted to
a wu-ftpd style xferlog file suitable for input
into a third-party log analysis tool with a command similar to:
sed -ne 's/^.*xferlog: //p'
/var/log/xferlog > wuxferlog
The file /etc/nologin can be used to
disable FTP access. If the file exists, ftpd
displays it and exits. If the file /etc/ftpwelcome
exists, ftpd
prints it before issuing the
“ready” message. If the file /etc/motd
exists (under the chroot directory if applicable),
ftpd
prints it after a successful login. This may be
changed with the
ftpd.conf(5) directive
motd.
The ftpd
server currently supports the
following FTP requests. The case of the requests is ignored.
Request | Description |
ABOR | abort previous command |
ACCT | specify account (ignored) |
ALLO | allocate storage (vacuously) |
APPE | append to a file |
CDUP | change to parent of current working directory |
CWD | change working directory |
DELE | delete a file |
EPSV | prepare for server-to-server transfer |
EPRT | specify data connection port |
FEAT | list extra features that are not defined in RFC
959 |
HELP | give help information |
LIST | give list files in a directory (“ls
-lA ”) |
LPSV | prepare for server-to-server transfer |
LPRT | specify data connection port |
MLSD | list contents of directory in a machine-processable form |
MLST | show a pathname in a machine-processable form |
MKD | make a directory |
MDTM | show last modification time of file |
MODE | specify data transfer mode |
NLST | give name list of files in directory |
NOOP | do nothing |
OPTS | define persistent options for a given command |
PASS | specify password |
PASV | prepare for server-to-server transfer |
PORT | specify data connection port |
PWD | print the current working directory |
QUIT | terminate session |
REST | restart incomplete transfer |
RETR | retrieve a file |
RMD | remove a directory |
RNFR | specify rename-from file name |
RNTO | specify rename-to file name |
SITE | non-standard commands (see next section) |
SIZE | return size of file |
STAT | return status of server |
STOR | store a file |
STOU | store a file with a unique name |
STRU | specify data transfer structure |
SYST | show operating system type of server system |
TYPE | specify data transfer type |
USER | specify user name |
XCUP | change to parent of current working directory (deprecated) |
XCWD | change working directory (deprecated) |
XMKD | make a directory (deprecated) |
XPWD | print the current working directory (deprecated) |
XRMD | remove a directory (deprecated) |
The following non-standard or UNIX specific commands are supported by the SITE request.
Request | Description |
CHMOD | change mode of a file, e.g. ``SITE CHMOD 755 filename'' |
HELP | give help information. |
IDLE | set idle-timer, e.g. ``SITE IDLE 60'' |
RATEGET | set maximum get rate throttle in bytes/second, e.g. ``SITE RATEGET 5k'' |
RATEPUT | set maximum put rate throttle in bytes/second, e.g. ``SITE RATEPUT 5k'' |
UMASK | change umask, e.g. ``SITE UMASK 002'' |
The following FTP requests (as specified in RFC
959
and RFC 2228
) are recognized, but are not
implemented: ACCT, ADAT,
AUTH, CCC, CONF,
ENC, MIC, PBSZ,
PROT, REIN, and
SMNT.
The ftpd
server will abort an active file
transfer only when the ABOR command is preceded by a
Telnet "Interrupt Process" (IP) signal and a Telnet
"Synch" signal in the command Telnet stream, as described in
Internet RFC 959
. If a STAT
command is received during a data transfer, preceded by a Telnet IP and
Synch, transfer status will be returned.
ftpd
interprets file names according to
the “globbing” conventions used by
csh(1). This allows users to use
the metacharacters “*?[]{}~
”.
ftpd
authenticates users according to five rules.
The server performs a
chroot(2) to the directory
specified in the
ftpd.conf(5)
chroot directive (if set), the
-a
anondir directory (if
set), or to the home directory of the “ftp” user.
The server then performs a chdir(2) to the directory specified in the ftpd.conf(5) homedir directive (if set), otherwise to /.
If other restrictions are required (such as disabling of certain commands and the setting of a specific umask), then appropriate entries in ftpd.conf(5) are required.
If the first character of the password supplied by an anonymous user is “-”, then the verbose messages displayed at login and upon a CWD command are suppressed.
ftpd
displays various files back to the client
(such as /etc/ftpwelcome and
/etc/motd), various escape strings are replaced with
information pertinent to the current connection.
The supported escape strings are:
-e
.1
”, print an
“s”.1
”, print an
“S”.The following ftpd.conf(5) directives should be used:
modify guest off
umask guest 0707
upload guest on
This will result in anonymous users being able to upload files to this directory, but they will not be able to download them, delete them, or overwrite them, due to the umask and disabling of the commands mentioned above.
If you don't enable conversion commands, or don't want anonymous users uploading files here (see ~ftp/incoming above), then don't create this directory. However, error messages from conversion or LIST commands won't be returned to the user. (This is the traditional behaviour.) Note that the ftpd.conf(5) directive upload can be used to prevent users uploading here.
To set up "ftp-only" accounts that provide only FTP, but no valid shell login, you can copy/link /sbin/nologin to /sbin/ftplogin, and enter /sbin/ftplogin to /etc/shells to allow logging-in via FTP into the accounts, which must have /sbin/ftplogin as login shell.
ftpd
class ‘CLASS’.ftpd
recognizes all commands in RFC
959
, follows the guidelines in RFC 1123
,
recognizes all commands in RFC 2228
(although they are
not supported yet), and supports the extensions from RFC
2389
, RFC 2428
, and RFC
3659
.
ftpd
command appeared in
4.2BSD.
Various features such as the
ftpd.conf(5) functionality,
RFC 2389
, and RFC 3659
support was implemented in NetBSD 1.3 and later
releases by Luke Mewburn.
IPPORT_RESERVED
, which
is 1024). If ftpd
is listening on a privileged port it
maintains an effective user id of the logged in user, reverting to the
super-user only when binding addresses to privileged sockets. The
-r
option can be used to override this behaviour and
force privileges to be permanently revoked; see
SECURITY CONSIDERATIONS
below for more details.
ftpd
may have trouble handling connections
from scoped IPv6 addresses, or IPv4 mapped addresses (IPv4 connection on
AF_INET6
socket). For the latter case, running two
daemons, one for IPv4 and one for IPv6, will avoid the problem.
RFC 959
provides no restrictions on the
PORT command, and this can lead to security problems, as
ftpd
can be fooled into connecting to any service on
any host. With the “checkportcmd” feature of the
ftpd.conf(5),
PORT commands with different host addresses, or TCP ports
lower than IPPORT_RESERVED
will be rejected. This also
prevents ‘third-party proxy ftp’ from working. Use of this
option is strongly recommended, and enabled by default.
By default ftpd
uses a port that is one
less than the port it is listening on to communicate back to the client for
the EPRT, LPRT, and
PORT commands, unless overridden with
-P
dataport. As the default
port for ftpd
(21) is a privileged port below
IPPORT_RESERVED
, ftpd
retains the ability to switch back to root privileges to bind these ports.
In order to increase security by reducing the potential for a bug in
ftpd
providing a remote root compromise,
ftpd
will permanently drop root privileges if one of
the following is true:
ftpd
is running on a port greater than
IPPORT_RESERVED
and the user has logged in as a
‘guest’ or ‘chroot’ user.ftpd
was invoked with
-r
.Don't create ~ftp/tmp if you don't want anonymous users to upload files there. That directory is only necessary if you want to display the error messages of conversion commands to the user. Note that if uploads are disabled with the ftpd.conf(5) directive upload, then this directory cannot be abused by the user in this way, so it should be safe to create.
To avoid possible denial-of-service attacks,
SIZE requests against files larger than 10240 bytes will
be denied if the current transfer TYPE is
‘A
’ (ASCII).
May 1, 2009 | NetBSD 9.4 |