 |
» |
|
|
|
NAMEftpd — DARPA Internet File Transfer Protocol server SYNOPSIS/usr/lbin/ftpd
[-l]
[-p]
[-v]
[-t
timeout]
[-P]
[-T
maxtimeout]
[-u
umask]
[-U]
[-K]
[-B
size]
[-a|-A]
[-L]
[-i]
[-o]
[-m
number_of_tries]
[-n
nice_value]
[-q|-Q]
[-r
rootdir]
[-V]
[-w|-W]
[-X]
[-I]
[-s|-S]
[-c
ctrlport]
[-C
dataport] DESCRIPTIONftpd
is the
DARPA
Internet File Transfer Protocol server.
It expects to be run by the Internet daemon (see
inetd(1M)
and
inetd.conf(4)).
inetd
runs
ftpd
when a service request is received at the port indicated in the
ftp
service specification in
/etc/services
(see
services(4)). Optionsftpd
recognizes the following options and command-line arguments. - -a
Enables the use of the configuration file
/etc/ftpd/ftpaccess.
(see
ftpaccess(4)). - -A
Disables the use of the configuration file
/etc/ftpd/ftpaccess.
(see
ftpaccess(4)). - -B size
Sets the buffer size of the data socket to
size
blocks of 1024 bytes.
The valid range for
size
is from 1 to 2097151 (default is 56).
Note:
A large buffer size will improve the performance of
ftpd
on fast links, but may cause long connection times
on slow links (for example, X.25). Note:
If the buffer size needs to be set to any value other than multiples of
1024 bytes, use "B" immediately after
size
without any space.
The
size
value will be taken in terms of bytes.
For example, to set the buffer size to a value equal to "1500", use
-B
1500B. - -c ctrlport
- -C dataport
Overrides the control and the data port numbers respectively that is
used by the daemon.
Normally, the daemon determines the port numbers by looking in
/etc/services
(see
services(4))
for "ftp" and "ftp-data".
If there is no
/etc/services
entry for "ftp-data" and the
-C
option is not specified, the daemon uses the port just prior to the control
connection port.
The
-c
and
-C
options are both available if running as a standalone daemon.
Otherwise, only the
-C
option can be used. - -i
Logs all the files received by
ftpd
server to
xferlog
(see
xferlog(5)).
This option is overridden by the
/etc/ftpd/ftpaccess
file. (see
ftpaccess(4)). - -I
Enables the use of RFC931 (AUTH/ident) to attempt to determine the
username on the client. - -K
Applicable only in a secure environment based on Kerberos V5.
Causes access to be denied if network authentication fails.
See
sis(5). - -l
Causes each FTP session to be logged in the
syslog
file. - -L
Logs all commands sent to the
ftpd
server to be logged to the
syslog.
The
-L
option is overridden by the
/etc/ftpd/ftpaccess
file (see
ftpaccess(4)).
If the
-L
option is used, commands will be logged to
syslog
by default. - -m number_of_tries
Specifies the number of tries for a
bind()
socket call. - -n nice_value
Sets the nice value for an
ftpd
process.
When using this option, make sure that the
nice
clause in
/etc/ftpd/ftpaccess
file (see
ftpaccess(4))
is not set. - -o
Logs all files transmitted by
ftpd
to
xferlog
(see
xferlog(5)).
It logs outgoing files from the
ftpd
server.
This option is overridden by the
/etc/ftpd/ftpaccess
file (see
ftpaccess(4)). - -p
The default action of
ftpd
does not allow usage of reserved ports as
the originating port on the client's system; that is, the
PORT
command
cannot specify a reserved port.
This option allows the client to specify a reserved port.
Note, allowing usage of reserved ports can result in the misuse of
ftpd.
The security ramifications should
be understood before the option is turned on. - -P
Enables third party transfer. - -q | -Q
Determines whether the daemon uses the PID files.
These files are required by the
limit
directive to determine
the number of current users in each access class.
Disabling the use of the PID files disables user limits.
The default
(-q)
specifies to use the PID files.
Specify
-Q
to disable using the PID files.
The
-Q
option can be used
when testing the server as a normal user when access permissions prevent the
use of the PID files.
Large, busy sites which do not wish to impose limits on the number of concurrent
users may also consider disabling the PID files. - -r rootdir
Instructs the daemon to chroot (see
chroot(2))
to the specified rootdir immediately upon loading.
This can improve system security by limiting the files which may
be damaged should a break-in occur through the daemon.
This option is like anonymous FTP.
For this option to work properly additional files may be needed
under the specified
rootdir,
which can vary from system to system. - -s | -S
Runs the daemon in standalone operation mode.
The
-S
option runs the daemon in the background and is useful in startup scripts
during system initialization (that is, in
rc.local).
The
-s
option leaves the daemon in foreground and is useful when running from
init
(see
init(1M)). - -t timeout
Causes
ftpd
to timeout inactive sessions after
timeout
seconds.
By default,
ftpd
terminates an inactive session after 15 minutes.
A
timeout
value of
0
implies that there is no timeout value and
ftpd
is set to an infinite
timeout period.
If
timeout
is set to a value more than
maxtimeout
(see the
-T maxtimeout
option),
timeout
will be set to the
maxtimeout
value. - -T maxtimeout
A client can also request a different timeout period.
The
-T
option sets to
maxtimeout
the maximum timeout that client can request, in seconds.
By default, the maximum timeout is 2 hours.
A
maxtimeout
value of
0
implies that there is no timeout value and
ftpd
is set to an infinite timeout period. - -u umask
Change default
ftpd
umask from 027 to
umask. - -U
Disables the use of
sendfile()
and uses
send()
for sending data.
Use this option if the link cannot handle more than one buffer per
packet (for example, Gigabit Ethernet). - -v
The debugging information is written to the
syslog
file. - -V
Causes the program to display copyright and version information, then terminate. - -w | -W
Determines whether the user logins are to be recorded in the
wtmps
and
btmps
files.
If the
-W
option is specified, user logins are not recorded in the wtmps or btmps file.
The default
(-w)
is used to record every login, logout, and bad login attempts. - -X
Specifies that the output created by the
-i
and
-o
options is not saved to the
xferlog
file but saved via
syslog
so that the output can be collected from several hosts on one central loghost.
ftpd
currently supports the following commands
(uppercase and lowercase are interpreted as equivalent): - Command
Description - ABOR
Abort previous command - ACCT
Specify account (ignored) - ALLO
Allocate storage (vacuously) - APPE
Append to a file - CDUP
Change to parent of current working directory - CWD
Change working directory - DELE
Delete a file - EPSV
Sets the server to listen on a data port and wait for a connection - EPRT
Use extended address for data connection - HELP
Give help information - LIST
Give list files in a directory
(ls -l) - LPRT
Use long address for data connection - LPSV
Sets the server to listen on a data port and wait for a connection - MKD
Make a directory - MDTM
Show last modification time of file - MODE
Specify data transfer
mode - NLST
Give name list of files in directory - NOOP
Do nothing - PASS
Specify password - PASV
Prepare for server-to-server transfer - PORT
Specify data connection port - PWD
Print the current working directory - QUIT
Terminate session - REST
Restart incomplete transfer - RETR
Retrieve a file - RMD
Remove a directory - RNFR
Specify rename-from file name - RNTO
Specify rename-to file name - SITE
Non-standard commands (see next section) - SIZE
Return size of file - STAT
Return status of server - STOR
Store a file - STOU
Store a file with a unique name - STRU
Specify data transfer
structure - SYST
Show operating system type of server system - TYPE
Specify data transfer
type - USER
Specify user name - XCUP
Change to parent of current working directory - XCWD
Change working directory - XMKD
Make a directory - XPWD
Print the current working directory - XRMD
Remove a directory
The following commands are supported when
ftpd
is operating in a secure environment which is based
on Kerberos V5 (see
sis(5)). - Command
Description - AUTH
Authentication/security mechanism - ADAT
Authentication/security data - CCC
Clear command channel - ENC
Privacy protected command - MIC
Integrity protected command - PROT
Data channel protection level (level "C" only) - PBSZ
Protection buffer size (has no effect)
These commands are described in draft 8 of the FTP security extensions. The following non-standard or HP-UX
specific commands are supported by the
SITE
command: - Command
Description - UMASK
Change umask (for example,
SITE UMASK 002). - IDLE
Set idle-timer (for example,
SITE IDLE
60). - CHMOD
Change mode of a file (for example,
SITE CHMOD 755
filename). - HELP
Give help information (for example,
SITE HELP). - NEWER
List files newer than a particular date. - MINFO
Works like
SITE NEWER,
but gives extra information. - GROUP
Request for special group access (for example,
SITE GROUP foo). - GPASS
Give special group access password (for example,
SITE GPASS bar). - EXEC
Execute a program (for example,
SITE EXEC program params).
For the
SITE EXEC
command, in order to execute a program it has to be placed in the
/etc/ftpd/ftp-exec
directory.
The program to be executed must be either a binary program file or a
valid shell.
For example for the following program: cat /etc/ftpd/ftp-exec/hi.sh
#!/usr/bin/sh
echo hello When we give the following
SITE EXEC
command:
The output will be as follows: 200-hi.sh
200-hello
200 (end of 'hi.sh') Note:
The security of the system will entirely be dependent on what binaries
or shell programs that the administrator has placed in the directory
/etc/ftpd/ftp-exec.
Making this functionality available to
real
users who have shell access does not have any major security
ramifications, but for
anonymous
and
guest
users who do not have shell access, it does. The remaining
FTP
requests specified in Internet RFC 959 are recognized, but not implemented.
MDTM
and
SIZE
are not specified in RFC 959, but are expected in the next updated
FTP RFC. The
FTP
server aborts an active file transfer only when the
ABOR
command is preceded by a Telnet "Interrupt Process"
(IP)
signal and a Telnet "Synch" signal in the command Telnet stream,
as described in Internet RFC 959.
If
ftpd
receives a
STAT
command during a data transfer, preceded by a Telnet IP
and Synch, it returns the status of the transfer. ftpd
interprets file names according to the "globbing" conventions used by
csh.
This allows users to utilize the metacharacters
*,
.,
[,
],
{,
},
~,
and
?. ftpd
authenticates users according to three rules:
The user name must be in the password data base,
/etc/passwd,
and not have a null password.
The client must provide the correct password for the user
before any file operations can be performed. The user name must not appear in the file
/etc/ftpd/ftpusers
(see
ftpusers(4)). The user must have a standard shell returned by
getusershell().
Optionally, a system administrator can permit public access
or "anonymous FTP."
If this has been set up, users can access the anonymous FTP
account with the user name
anonymous
or
ftp
and any non-null password (by convention, the client host's name).
ftpd
does a
chroot()
to the home directory of user
ftp,
thus limiting anonymous FTP users' access to the system.
If the user name is
anonymous
or
ftp,
an anonymous FTP account must be present in the password file (user
ftp).
In this case the user is allowed to log in
by specifying any password (by convention this
is given as the user's e-mail address). In order to permit anonymous FTP,
there must be an entry in the
passwd
database for an account named
ftp.
The password field should be
*,
the group membership should be
guest,
and the login shell should be
/usr/bin/false.
For example (assuming the
guest
group ID is
10): ftp:*:500:10:anonymous ftp:/home/ftp:/usr/bin/false The anonymous FTP directory should be set up as follows:
- ~ftp
The home directory of the FTP account should be owned by user
root
and mode 555 (not writable).
Since
ftpd
does a
chroot()
to this directory, it must have the following subdirectories and files:
- ~ftp/usr/bin
This directory must be owned by root and mode 555 (not writable).
The file
/sbin/ls
should be copied to
~ftp/usr/bin.
This is needed to support directory listing by
ftpd.
The command should be mode 111 (executable only).
If the FTP account is on the same file system as
/sbin,
~ftp/usr/bin/ls
can be hard link, but it may not be a symbolic link,
because of the
chroot().
The command must be replaced when the system is updated. Note:
The file
/usr/bin/ls
can also be copied to the directory
~ftp/usr/bin
in place of
/sbin/ls.
However, if this is done, a set of relevant libraries must also be
copied under the directory
~ftp/usr/lib.
See the
HP-UX Remote Access Services Administrator's Guide
for details of required libraries.
The directory
~ftp/usr/lib
must be owned by root and mode 555 (not writable).
All the libraries
copied under this directory must be mode 555 (not writable). - ~ftp/etc
This directory must be owned by root and mode 555 (not writable).
It should contain versions of the files
passwd
and
group.
See
passwd(4)
and
group(4).
These files must be owned by root and mode 444 (readable only).
These files must be present for the
LIST
command to be able to produce owner names rather than numbers. - ~ftp/etc/passwd
This file should contain entries for the
ftp
user and any other users who own files under the anonymous
ftp
directory.
Such entries should have
*
for passwords.
Group IDs must be listed in the anonymous FTP group file,
~ftp/etc/group.
The path names of home directories in
~ftp/etc/passwd
must be with respect to the anonymous FTP home directory. - ~ftp/etc/group
This file should contain the group names associated with
any group IDs in file
~ftp/etc/passwd
and any group IDs of files in the anonymous FTP subdirectories. - ~ftp/pub (optional)
This directory is used by anonymous FTP users to deposit files
on the system.
It should be owned by user
ftp
and should be mode 777 (readable and writable by all). - ~ftp/dist (optional)
Directories used to make files available to anonymous FTP users
should be mode 555 (not writable),
and any files to be distributed should be owned by root and mode 444
(readable only) so that they cannot be modified or removed by anonymous
FTP users.
Note:
The steps that are followed to create an anonymous account are
used to create a guest account also.
DIAGNOSTICSftpd
replies to FTP
commands to ensure synchronization of requests and actions during
file transfers, and to indicate the status of
ftpd.
Every command produces at least one reply, although there may be more than one.
A reply consists of a three-digit number, a space, some text,
and an end of line.
The number is useful for programs; the text is useful for users.
The number must conform to this standard, but the text can vary. The first digit of the message indicates whether the reply is good,
bad, or incomplete.
Five values exist for the first digit.
The values and the interpretations of the values are:
- 1
The requested action is being initiated;
expect another reply before proceeding with a new command. - 2
The requested action is complete.
The server is ready for a new request. - 3
The command has been accepted,
but the requested action requires more information. - 4
The command was not accepted, the requested action failed,
but the error condition is temporary and the action can be requested again. - 5
The command was not accepted, the requested action failed,
and the error condition would most likely occur again if
the same command sequence is repeated.
The second digit indicates the functional area that the message addresses.
The values of the second digit and the interpretations of these values are:
- 0
Syntax.
A message with a 0 for the second digit
indicates that a syntax error occurred. - 1
Information.
A message with a 1 as the second digit
indicates that the message is in reply to a request for information. - 2
Connections.
A message with a 2 as the second digit indicates
that the message is a reply to a request
for control and data connection information. - 3
Authentication and accounting.
A message with a 3 as the second digit
indicates that the message is a reply to a login or accounting procedure. - 4
Not currently specified. - 5
File system.
A message with a 5 as the second digit
indicates that the text following the number
contains information concerning the status of the server file system.
The third digit provides a further clarification
of the information supplied by the second digit.
Following are several examples of messages.
Note that
ftpd's
replies match the number but not the text.
- 110
Restart marker reply.
MARK
yyyy=mmmm
where
yyyy
is a user process data stream marker, and
mmmm
is
ftpd's
equivalent marker - 120
Service ready in
nnn
minutes - 200
Command okay - 211
System status, or system help reply - 212
Directory status - 230
User logged in, proceed - 250
Requested file action okay, completed - 331
User name okay, need password - 350
Requested file action pending further information - 425
Cannot open data connection - 451
Requested action aborted: local error in processing - 500
Syntax error, command unrecognized or command line too long - 530
Not logged in - 550
Requested action not taken; file unavailable, not found, no access
GENERAL FTP EXTENSIONSThere are some extensions to the FTP server such that if the user
specifies a filename (when using a RETRIEVE command),
the following actions will occur: Also, the FTP server will attempt to check for valid e-mail addresses and
notify the user if invalid e-mail addresses are found.
For users whose FTP client
will hang on "long replies" (that is, multiline responses),
using a dash as
the first character of the password will disable this "long replies" feature. Note:
Users whose password starts with a dash, have to use an extra
dash in the beginning of the password for login to succeed.
However, the
"long replies" feature will be disabled in this case. The FTP server can also log all file transmission and reception,
keeping the following information for each file transmission that takes
place.
%.24s %d %s %d %s %c %s %c %c %s %s %d %s
1 2 3 4 5 6 7 8 9 10 11 12 13
- 1
current time in the form DDD MMM dd hh:mm:ss YYYY - 2
transfer time in seconds - 3
remote host name - 4
file size in bytes - 5
name of file - 6
transfer type (a>scii, b>inary) - 7
special action flags (concatenated as needed):
C file was compressed
U file was uncompressed
T file was tar'ed
_ no action taken - 8
file was sent to user (o>utgoing) or
received from user (i>ncoming) - 9
accessed anonymously (r>eal, a>nonymous, g>uest) - 10
local username or, if guest, ID string given
(anonymous FTP password) - 11
service name ("ftp", other) - 12
authentication method (bitmask)
0 none
1 RFC931 Authentication - 13
authenticated user id (if available, "*" otherwise)
WARNINGSThe password is sent unencrypted through the socket connection. Anonymous FTP is inherently dangerous to system security. DEPENDENCIESPluggable Authentication Modules (PAM)PAM is an Open Group standard for user authentication,
password modification, and validation of accounts.
In particular,
pam_authenticate()
is invoked to perform all functions related to
login.
This includes retrieving the password, validating the account,
and displaying error messages. ftpd
supports only a single password, unlike the
login
and
passwd
commands.
ftpd
will not work properly if it uses multiple modules in the
/etc/pam.conf
file. AUTHORftpd
was developed by the University of California, Berkeley and the
Washington University, St. Louis, Missouri. SEE ALSOftp(1),
inetd(1M),
chroot(2),
send(2),
sendfile(2),
pam_authenticate(3),
getusershell(3C),
ftpaccess(4),
ftpusers(4),
group(4),
inetd.conf(4),
passwd(4),
sis(5),
xferlog(5). |
Printable version
