FTPD(8)                   BSD System Manager's Manual
FTPD(8)

NNAAMMEE
     ffttppdd — Internet File Transfer Protocol server

SSYYNNOOPPSSIISS
     ffttppdd [--ddllAADDqq]
     [--TT _m_a_x_t_i_m_e_o_u_t]
     [--tt _t_i_m_e_o_u_t] [--aa
     _l_o_g_i_n_-_n_a_m_e]

DDEESSCCRRIIPPTTIIOONN
     FFttppdd is the Internet File Transfer Protocol
     server process.  The server uses the TCP protocol and
     listens at the port specified in the “ftp” ser‐
     vice specification; see services(5).

     Available options:

     --dd      Debugging information is written to the
     syslog using LOG_FTP.

     --ll      Each successful and failed ftp(1) session
     is logged using syslog
             with a facility of LOG_FTP.  If this option is
             specified twice, the retrieve (get), store (put),
             append, delete, make directory, remove directory
             and rename operations and their filename argu‐
             ments are also logged.

     --AA      Only anonymous login is allowed.

     --DD      ftpd enters daemon-mode. That allows ftpd
     to be run without
             inetd.

     --qq      Quiet mode. No information about the version
     of the ftpd is given
             to the client.

     --TT      A client may also request a different timeout
     period; the maximum
             period allowed may be set to _t_i_m_e_o_u_t
             seconds with the --TT option.  The default
             limit is 2 hours.

     --tt      The inactivity timeout period is set to
     _t_i_m_e_o_u_t seconds (the
             default is 15 minutes).

     --aa      Give anonymous an other
     _l_o_g_i_n_-_n_a_m_e (anonymous and ftpd
     will still
             work).

     The file _/_e_t_c_/_n_o_l_o_g_i_n can
     be used to disable ftp access.  If the file exists,
     ffttppdd displays it and exits.  If the file
     _/_e_t_c_/_f_t_p_w_e_l_c_o_m_e exists,
     ffttppdd prints it before issuing the “ready”
     message.  If the file _/_e_t_c_/_m_o_t_d exists,
     ffttppdd prints it after a successful login.

     The ftp server currently supports the following ftp
     requests.  The case of the requests is ignored.

           Request    Description ABOR       abort previous
           command ACCT       specify account (ignored) ALLO
           allocate storage (vacuously) APPE       append to a
           file CDUP       change to parent of current working
           directory CWD        change working directory DELE
           delete a file HELP       give help information LIST
           give list files in a directory (“ls -lgA”) MKD
           make a directory MDTM       show last modification
           time of file MODE       specify data transfer
           _m_o_d_e NLST       give name list of files in
           directory NOOP       do nothing PASS       specify
           password PASV       prepare for server-to-server
           transfer PORT       specify data connection port
           PWD        print the current working directory
           QUIT       terminate session REST       restart
           incomplete transfer RETR       retrieve a file
           RMD        remove a directory RNFR       specify
           rename-from file name RNTO       specify rename-to
           file name SITE       non-standard commands (see
           next section) SIZE       return size of file STAT
           return status of server STOR       store a file
           STOU       store a file with a unique name STRU
           specify data transfer _s_t_r_u_c_t_u_r_e
           SYST       show operating system type of server
           system TYPE       specify data transfer _t_y_p_e
           USER       specify user name XCUP       change to
           parent of current working directory
                      (deprecated)
           XCWD       change working directory (deprecated)
           XMKD       make a directory (deprecated) XPWD
           print the current working directory (deprecated)
           XRMD       remove a directory (deprecated)

     The following non-standard or UNIX specific commands
     are supported by the SITE request.

           RReeqquueesstt
           DDeessccrriippttiioonn UMASK      change
           umask, e.g. ``SITE UMASK 002'' IDLE       set
           idle-timer, e.g. ``SITE IDLE 60'' CHMOD      change
           mode of a file, e.g. ``SITE CHMOD 755 filename''
           HELP       give help information.

     The remaining ftp requests specified in Internet RFC 959
     are recognized, but not implemented.  MDTM and SIZE are
     not specified in RFC 959, but will appear in the next
     updated FTP RFC.

     The ftp server will abort an active file transfer
     only when the ABOR com‐ mand is preceded by a Telnet
     "Interrupt Process" (IP) signal and a Telnet "Synch"
     signal in the command Telnet stream, as described in
     Internet RFC 959.  If a STAT command is received during
     a data transfer, preceded by a Telnet IP and Synch,
     transfer status will be returned.

     FFttppdd interprets file names according to the
     “globbing” conventions used by csh(1).  This allows
     users to utilize the metacharacters “*?[]{}~”.

     FFttppdd authenticates users according to three rules.

           1.   The login name must be in the password data
           base, _/_e_t_c_/_p_a_s_s_w_d,
                and not have a null password.  In this case a
                password must be provided by the client before
                any file operations may be per‐ formed.

           2.   The login name must not appear in the file
           _/_e_t_c_/_f_t_p_u_s_e_r_s.

           3.   The user must have a standard shell returned by
                getusershell(3).

           4.   If the user name is “anonymous” or
           “ftp”, an anonymous ftp
                account must be present in the password file
                (user “ftp”).  In this case the user is
                allowed to log in by specifying any password
                (by convention an email address for the user
                should be used as the password).

     In the last case, ffttppdd takes special measures to
     restrict the client's access privileges.  The server
     performs a chroot(2) to the home directory of the
     “ftp” user.  In order that system security is not
     breached, it is recommended that the “ftp” subtree
     be constructed with care, following these rules:

           _~_f_t_p      Make the home directory owned
           by “root” and unwritable by
                     anyone.

           _~_f_t_p_/_b_i_n  Make this directory
           owned by “root” and unwritable by
                     anyone (mode 555).  The program ls(1) must
                     be present to support the list command.
                     This program should be mode 111.

           _~_f_t_p_/_e_t_c  Make this directory
           owned by “root” and unwritable by
                     anyone (mode 555).  The files passwd(5)
                     and group(5) must be present for the
                     ls command to be able to produce owner
                     names rather than numbers.  The password
                     field in passwd is not used, and should
                     not contain real passwords.  The file
                     _m_o_t_d, if present, will be printed
                     after a successful login.  These files
                     should be mode 444.

           _~_f_t_p_/_p_u_b  Make this directory mode
           777 and owned by “ftp”.  Guests
                     can then place files which are to be
                     accessible via the anonymous account in
                     this directory.

FFIILLEESS
     /etc/ftpusers    List of unwelcome/restricted users.
     /etc/ftpwelcome  Welcome notice.  /etc/motd        Welcome
     notice after login.  /etc/nologin     Displayed and
     access refused.

SSEEEE AALLSSOO
     ftp(1), getusershell(3), syslogd(8)

BBUUGGSS
     The server must run as the super-user to create sockets
     with privileged port numbers.  It maintains an effective
     user id of the logged in user, reverting to the super-user
     only when binding addresses to sockets.  The possible
     security holes have been extensively scrutinized, but
     are possi‐ bly incomplete.

HHIISSTTOORRYY
     The ffttppdd command appeared in 4.2BSD.

4.2 Berkeley Distribution        June 1, 1994        4.2
Berkeley Distribution
