source: trunk/athena/etc/ftpd/ftpd.8c @ 7830

Revision 7830, 7.2 KB checked in by cfields, 29 years ago (diff)
Added /etc/nocrack support.
Line 
1.\" Copyright (c) 1985 Regents of the University of California.
2.\" All rights reserved.  The Berkeley software License Agreement
3.\" specifies the terms and conditions for redistribution.
4.\"
5.\"     @(#)ftpd.8c     6.4 (Berkeley) 5/28/86
6.\"
7.TH FTPD 8C "May 1, 1992"
8.UC 5
9.SH NAME
10ftpd \- DARPA Internet File Transfer Protocol server
11.SH SYNOPSIS
12.B /etc/athena/ftpd
13[
14.B \-a
15] [
16.B \-d
17] [
18.B \-l
19] [
20.BR \-t timeout
21] [
22.BR \-b address
23]
24.SH DESCRIPTION
25.I Ftpd
26is the DARPA Internet File Transfer Prototocol
27server process.  The server uses the TCP protocol
28and listens at the port specified in the ``ftp''
29service specification; see
30.IR services (5).
31.PP
32If the
33.B \-a
34option is specified, Athena enhancements to
35.I ftpd
36are enabled. See details about Athena enhancements below.
37.PP
38If the
39.B \-d
40option is specified,
41debugging information is written to the syslog.
42.PP
43If the
44.B \-l
45option is specified,
46each ftp session is logged in the syslog.
47.PP
48The ftp server
49will timeout an inactive session after 15 minutes.
50If the
51.B \-t
52option is specified,
53the inactivity timeout period will be set to
54.IR timeout .
55.PP
56When the client connected to the
57.I ftpd
58server asks for remote help, the server displays an electronic mail
59address to which comments should be directed.  By default, this
60address is "ftp-bugs@ATHENA.MIT.EDU".
61If the
62.B \-b
63option is specified, then
64.I address
65will be used instead.
66.PP
67The ftp server currently supports the following ftp
68requests;  case is not distinguished.
69.PP
70.nf
71.ta \w'Request        'u
72\fBRequest      Description\fP
73ABOR    abort previous command
74ACCT    specify account (ignored)
75ALLO    allocate storage (vacuously)
76APPE    append to a file
77ATCH    attach a filesystem
78CDUP    change to parent of current working directory
79CWD     change working directory
80DELE    delete a file
81HELP    give help information
82LIST    give list files in a directory (``ls -lg'')
83MKD     make a directory
84MODE    specify data transfer \fImode\fP
85NLST    give name list of files in directory (``ls'')
86NOOP    do nothing
87PASS    specify password
88PASV    prepare for server-to-server transfer
89PORT    specify data connection port
90PWD     print the current working directory
91QUIT    terminate session
92RETR    retrieve a file
93RMD     remove a directory
94RNFR    specify rename-from file name
95RNTO    specify rename-to file name
96STOR    store a file
97STOU    store a file with a unique name
98STRU    specify data transfer \fIstructure\fP
99TYPE    specify data transfer \fItype\fP
100USER    specify user name
101XCUP    change to parent of current working directory
102XCWD    change working directory
103XMKD    make a directory
104XPWD    print the current working directory
105XRMD    remove a directory
106.fi
107.PP
108The remaining ftp requests specified in Internet RFC 959 are
109recognized, but not implemented.
110.PP
111The ftp server will abort an active file transfer only when the
112ABOR command is preceded by a Telnet "Interrupt Process" (IP)
113signal and a Telnet "Synch" signal in the command Telnet stream,
114as described in Internet RFC 959.
115.PP
116.I Ftpd
117interprets file names according to the ``globbing''
118conventions used by
119.IR csh (1).
120This allows users to utilize the metacharacters ``*?[]{}~''.
121.PP
122.I Ftpd
123uses the following process for authentication.
124.IP 1)
125The user name must be in the
126.IR Hesiod
127data base and have a
128.IR Kerberos
129principal, or be in the password data base,
130.IR /etc/passwd ,
131and not have a null password.  In this case a password
132must be provided by the client before any file operations
133may be performed. (NOTE:
134.IR Kerberos
135and
136.IR Hesiod
137functionality is only enabled when
138.I ftpd
139is invoked with the -a option.)
140.IP 2)
141The user name must not appear in the file
142.IR /etc/ftpusers .
143.IP 3)
144The user must have a standard shell returned by
145.IR getusershell (3).
146.IP 4)
147If the user name is ``anonymous'' or ``ftp'', an
148anonymous ftp account must be present in the password
149file (user ``ftp'').  In this case the user is allowed
150to log in by specifying any password (by convention this
151is given as the client host's name).
152.PP
153In the last case,
154.I ftpd
155takes special measures to restrict the client's access privileges.
156The server performs a
157.IR chroot (2)
158command to the home directory of the ``ftp'' user.
159In order that system security is not breached, it is recommended
160that the ``ftp'' subtree be constructed with care;  the following
161rules are recommended.
162.IP ~ftp)
163Make the home directory owned by ``ftp'' and unwritable by anyone.
164.IP ~ftp/bin)
165Make this directory owned by the super-user and unwritable by
166anyone.  The program
167.IR ls (1)
168must be present to support the list commands.  This
169program should have mode 111.
170.IP ~ftp/etc)
171Make this directory owned by the super-user and unwritable by
172anyone.  The files
173.IR passwd (5)
174and
175.IR group (5)
176must be present for the
177.I ls
178command to work properly.  These files should be mode 444.
179.IP ~ftp/pub)
180Make this directory mode 777 and owned by ``ftp''.  Users
181should then place files which are to be accessible via the
182anonymous account in this directory.
183.SH "ENHANCEMENTS FOR THE ATHENA ENVIRONMENT"
184This
185.I ftpd
186has been enhanced to work properly in the Athena environment, when
187invoked with the -a option.
188
189It does a full login of the user much as
190.IR login,
191including
192.IR Kerberos
193authentication, attaching of the user's home directory, and entry into
194the password file and
195.IR /etc/utmp.
196It also honors
197.IR /etc/nologin,
198.IR /etc/nocreate,
199.IR /etc/noremote,
200.IR /etc/noattach,
201and
202.IR /etc/nocrack.
203.PP
204Upon closing of the ftp connection (or HUP and TERM signals),
205.I ftpd
206destroys the
207.IR Kerberos
208tickets it obtained (if any), and runs
209.I fsid
210-u on the user's home directory.
211.PP
212In addition, this
213.I ftpd
214also supports an attach command, ATCH.  Arguments following ATCH
215are passed directly to
216.IR attach.
217If
218.IR Kerberos
219authentication was not obtained,
220.I ftpd
221adds a "-n" to the attach command line, so that attaches don't
222attempt to use
223.IR Kerberos
224authentication.  Note that this may be overridden by specifying
225"-y" on the command line.
226.PP
227In clients that don't support the attach command, but do support
228the
229.IR quote
230command, a command line such as
231.PP
232        quote atch bitbucket
233.PP
234may be used to attach filesystems.
235.SH "SEE ALSO"
236ftp(1C), getusershell(3), syslogd(8), kerberos(1), attach(1), unlog(1)
237.SH BUGS
238The anonymous account is inherently dangerous and should
239avoided when possible.
240.PP
241The server must run as the super-user
242to create sockets with privileged port numbers.  It maintains
243an effective user id of the logged in user, reverting to
244the super-user only when binding addresses to sockets.  The
245possible security holes have been extensively
246scrutinized, but are possibly incomplete.
247.PP
248Some
249.IR ftp
250clients truncate the password the user types to eight characters.
251Since
252.IR Kerberos
253passwords don't have this limitation, if the user's password is
254longer than eight characters the user may not be able to log in.
255This is not, strictly speaking, a bug in
256.I ftpd,
257but
258.I ftpd
259will be the first suspect, so this is a good place to document
260the problem.
261.PP
262.I Ftpd
263adds an entry to
264.IR utmp
265to show the user as logged in.  Since it doesn't require a tty,
266it places "ftpN" (where N is an ftp line number) in its line entry in
267.IR utmp.
268This causes unpatched versions of
269.I finger
270to break trying to stat /dev/ftpN, which doesn't exist. A gross
271workaround for this (short of fixing finger) is to link
272/dev/ftp{0,1,2,3...} to /dev/null.
Note: See TracBrowser for help on using the repository browser.