1 | .\" Copyright (c) 1985 Regents of the University of California. |
---|
2 | .\" All rights reserved. The Berkeley software License Agreement |
---|
3 | .\" specifies the terms and conditions for redistribution. |
---|
4 | .\" |
---|
5 | .\" @(#)ftpd.8c 6.4 (Berkeley) 5/28/86 |
---|
6 | .\" |
---|
7 | .TH FTPD 8C "May 1, 1992" |
---|
8 | .UC 5 |
---|
9 | .SH NAME |
---|
10 | ftpd \- DARPA Internet File Transfer Protocol server |
---|
11 | .SH SYNOPSIS |
---|
12 | .B /etc/athena/ftpd |
---|
13 | [ |
---|
14 | .B \-a |
---|
15 | ] [ |
---|
16 | .B \-d |
---|
17 | ] [ |
---|
18 | .B \-l |
---|
19 | ] [ |
---|
20 | .BR \-t timeout |
---|
21 | ] [ |
---|
22 | .BR \-b address |
---|
23 | ] |
---|
24 | .SH DESCRIPTION |
---|
25 | .I Ftpd |
---|
26 | is the DARPA Internet File Transfer Prototocol |
---|
27 | server process. The server uses the TCP protocol |
---|
28 | and listens at the port specified in the ``ftp'' |
---|
29 | service specification; see |
---|
30 | .IR services (5). |
---|
31 | .PP |
---|
32 | If the |
---|
33 | .B \-a |
---|
34 | option is specified, Athena enhancements to |
---|
35 | .I ftpd |
---|
36 | are enabled. See details about Athena enhancements below. |
---|
37 | .PP |
---|
38 | If the |
---|
39 | .B \-d |
---|
40 | option is specified, |
---|
41 | debugging information is written to the syslog. |
---|
42 | .PP |
---|
43 | If the |
---|
44 | .B \-l |
---|
45 | option is specified, |
---|
46 | each ftp session is logged in the syslog. |
---|
47 | .PP |
---|
48 | The ftp server |
---|
49 | will timeout an inactive session after 15 minutes. |
---|
50 | If the |
---|
51 | .B \-t |
---|
52 | option is specified, |
---|
53 | the inactivity timeout period will be set to |
---|
54 | .IR timeout . |
---|
55 | .PP |
---|
56 | When the client connected to the |
---|
57 | .I ftpd |
---|
58 | server asks for remote help, the server displays an electronic mail |
---|
59 | address to which comments should be directed. By default, this |
---|
60 | address is "ftp-bugs@ATHENA.MIT.EDU". |
---|
61 | If the |
---|
62 | .B \-b |
---|
63 | option is specified, then |
---|
64 | .I address |
---|
65 | will be used instead. |
---|
66 | .PP |
---|
67 | The ftp server currently supports the following ftp |
---|
68 | requests; case is not distinguished. |
---|
69 | .PP |
---|
70 | .nf |
---|
71 | .ta \w'Request 'u |
---|
72 | \fBRequest Description\fP |
---|
73 | ABOR abort previous command |
---|
74 | ACCT specify account (ignored) |
---|
75 | ALLO allocate storage (vacuously) |
---|
76 | APPE append to a file |
---|
77 | ATCH attach a filesystem |
---|
78 | CDUP change to parent of current working directory |
---|
79 | CWD change working directory |
---|
80 | DELE delete a file |
---|
81 | HELP give help information |
---|
82 | LIST give list files in a directory (``ls -lg'') |
---|
83 | MKD make a directory |
---|
84 | MODE specify data transfer \fImode\fP |
---|
85 | NLST give name list of files in directory (``ls'') |
---|
86 | NOOP do nothing |
---|
87 | PASS specify password |
---|
88 | PASV prepare for server-to-server transfer |
---|
89 | PORT specify data connection port |
---|
90 | PWD print the current working directory |
---|
91 | QUIT terminate session |
---|
92 | RETR retrieve a file |
---|
93 | RMD remove a directory |
---|
94 | RNFR specify rename-from file name |
---|
95 | RNTO specify rename-to file name |
---|
96 | STOR store a file |
---|
97 | STOU store a file with a unique name |
---|
98 | STRU specify data transfer \fIstructure\fP |
---|
99 | TYPE specify data transfer \fItype\fP |
---|
100 | USER specify user name |
---|
101 | XCUP change to parent of current working directory |
---|
102 | XCWD change working directory |
---|
103 | XMKD make a directory |
---|
104 | XPWD print the current working directory |
---|
105 | XRMD remove a directory |
---|
106 | .fi |
---|
107 | .PP |
---|
108 | The remaining ftp requests specified in Internet RFC 959 are |
---|
109 | recognized, but not implemented. |
---|
110 | .PP |
---|
111 | The ftp server will abort an active file transfer only when the |
---|
112 | ABOR command is preceded by a Telnet "Interrupt Process" (IP) |
---|
113 | signal and a Telnet "Synch" signal in the command Telnet stream, |
---|
114 | as described in Internet RFC 959. |
---|
115 | .PP |
---|
116 | .I Ftpd |
---|
117 | interprets file names according to the ``globbing'' |
---|
118 | conventions used by |
---|
119 | .IR csh (1). |
---|
120 | This allows users to utilize the metacharacters ``*?[]{}~''. |
---|
121 | .PP |
---|
122 | .I Ftpd |
---|
123 | uses the following process for authentication. |
---|
124 | .IP 1) |
---|
125 | The user name must be in the |
---|
126 | .IR Hesiod |
---|
127 | data base and have a |
---|
128 | .IR Kerberos |
---|
129 | principal, or be in the password data base, |
---|
130 | .IR /etc/passwd , |
---|
131 | and not have a null password. In this case a password |
---|
132 | must be provided by the client before any file operations |
---|
133 | may be performed. (NOTE: |
---|
134 | .IR Kerberos |
---|
135 | and |
---|
136 | .IR Hesiod |
---|
137 | functionality is only enabled when |
---|
138 | .I ftpd |
---|
139 | is invoked with the -a option.) |
---|
140 | .IP 2) |
---|
141 | The user name must not appear in the file |
---|
142 | .IR /etc/ftpusers . |
---|
143 | .IP 3) |
---|
144 | The user must have a standard shell returned by |
---|
145 | .IR getusershell (3). |
---|
146 | .IP 4) |
---|
147 | If the user name is ``anonymous'' or ``ftp'', an |
---|
148 | anonymous ftp account must be present in the password |
---|
149 | file (user ``ftp''). In this case the user is allowed |
---|
150 | to log in by specifying any password (by convention this |
---|
151 | is given as the client host's name). |
---|
152 | .PP |
---|
153 | In the last case, |
---|
154 | .I ftpd |
---|
155 | takes special measures to restrict the client's access privileges. |
---|
156 | The server performs a |
---|
157 | .IR chroot (2) |
---|
158 | command to the home directory of the ``ftp'' user. |
---|
159 | In order that system security is not breached, it is recommended |
---|
160 | that the ``ftp'' subtree be constructed with care; the following |
---|
161 | rules are recommended. |
---|
162 | .IP ~ftp) |
---|
163 | Make the home directory owned by ``ftp'' and unwritable by anyone. |
---|
164 | .IP ~ftp/bin) |
---|
165 | Make this directory owned by the super-user and unwritable by |
---|
166 | anyone. The program |
---|
167 | .IR ls (1) |
---|
168 | must be present to support the list commands. This |
---|
169 | program should have mode 111. |
---|
170 | .IP ~ftp/etc) |
---|
171 | Make this directory owned by the super-user and unwritable by |
---|
172 | anyone. The files |
---|
173 | .IR passwd (5) |
---|
174 | and |
---|
175 | .IR group (5) |
---|
176 | must be present for the |
---|
177 | .I ls |
---|
178 | command to work properly. These files should be mode 444. |
---|
179 | .IP ~ftp/pub) |
---|
180 | Make this directory mode 777 and owned by ``ftp''. Users |
---|
181 | should then place files which are to be accessible via the |
---|
182 | anonymous account in this directory. |
---|
183 | .SH "ENHANCEMENTS FOR THE ATHENA ENVIRONMENT" |
---|
184 | This |
---|
185 | .I ftpd |
---|
186 | has been enhanced to work properly in the Athena environment, when |
---|
187 | invoked with the -a option. |
---|
188 | |
---|
189 | It does a full login of the user much as |
---|
190 | .IR login, |
---|
191 | including |
---|
192 | .IR Kerberos |
---|
193 | authentication, attaching of the user's home directory, and entry into |
---|
194 | the password file and |
---|
195 | .IR /etc/utmp. |
---|
196 | It also honors |
---|
197 | .IR /etc/nologin, |
---|
198 | .IR /etc/nocreate, |
---|
199 | .IR /etc/noremote, |
---|
200 | .IR /etc/noattach, |
---|
201 | and |
---|
202 | .IR /etc/nocrack. |
---|
203 | .PP |
---|
204 | Upon closing of the ftp connection (or HUP and TERM signals), |
---|
205 | .I ftpd |
---|
206 | destroys the |
---|
207 | .IR Kerberos |
---|
208 | tickets it obtained (if any), and runs |
---|
209 | .I fsid |
---|
210 | -u on the user's home directory. |
---|
211 | .PP |
---|
212 | In addition, this |
---|
213 | .I ftpd |
---|
214 | also supports an attach command, ATCH. Arguments following ATCH |
---|
215 | are passed directly to |
---|
216 | .IR attach. |
---|
217 | If |
---|
218 | .IR Kerberos |
---|
219 | authentication was not obtained, |
---|
220 | .I ftpd |
---|
221 | adds a "-n" to the attach command line, so that attaches don't |
---|
222 | attempt to use |
---|
223 | .IR Kerberos |
---|
224 | authentication. Note that this may be overridden by specifying |
---|
225 | "-y" on the command line. |
---|
226 | .PP |
---|
227 | In clients that don't support the attach command, but do support |
---|
228 | the |
---|
229 | .IR quote |
---|
230 | command, a command line such as |
---|
231 | .PP |
---|
232 | quote atch bitbucket |
---|
233 | .PP |
---|
234 | may be used to attach filesystems. |
---|
235 | .SH "SEE ALSO" |
---|
236 | ftp(1C), getusershell(3), syslogd(8), kerberos(1), attach(1), unlog(1) |
---|
237 | .SH BUGS |
---|
238 | The anonymous account is inherently dangerous and should |
---|
239 | avoided when possible. |
---|
240 | .PP |
---|
241 | The server must run as the super-user |
---|
242 | to create sockets with privileged port numbers. It maintains |
---|
243 | an effective user id of the logged in user, reverting to |
---|
244 | the super-user only when binding addresses to sockets. The |
---|
245 | possible security holes have been extensively |
---|
246 | scrutinized, but are possibly incomplete. |
---|
247 | .PP |
---|
248 | Some |
---|
249 | .IR ftp |
---|
250 | clients truncate the password the user types to eight characters. |
---|
251 | Since |
---|
252 | .IR Kerberos |
---|
253 | passwords don't have this limitation, if the user's password is |
---|
254 | longer than eight characters the user may not be able to log in. |
---|
255 | This is not, strictly speaking, a bug in |
---|
256 | .I ftpd, |
---|
257 | but |
---|
258 | .I ftpd |
---|
259 | will be the first suspect, so this is a good place to document |
---|
260 | the problem. |
---|
261 | .PP |
---|
262 | .I Ftpd |
---|
263 | adds an entry to |
---|
264 | .IR utmp |
---|
265 | to show the user as logged in. Since it doesn't require a tty, |
---|
266 | it places "ftpN" (where N is an ftp line number) in its line entry in |
---|
267 | .IR utmp. |
---|
268 | This causes unpatched versions of |
---|
269 | .I finger |
---|
270 | to break trying to stat /dev/ftpN, which doesn't exist. A gross |
---|
271 | workaround for this (short of fixing finger) is to link |
---|
272 | /dev/ftp{0,1,2,3...} to /dev/null. |
---|