| blob | b527bd2426ca2af76750987cf02b982ad5440b06 |
1 .\" opieftpd.8: Manual page describing the FTP daemon.
2 .\"
3 .\" %%% portions-copyright-cmetz-98
4 .\" Portions of this software are Copyright 1998-1999 by Craig Metz, All Rights
5 .\" Reserved. The Inner Net License Version 2 applies to these portions of
6 .\" the software.
7 .\" You should have received a copy of the license with this software. If
8 .\" you didn't get a copy, you may request one from <license@inner.net>.
9 .\"
10 .\"
11 .\" Portions of this software are Copyright 1995 by Randall Atkinson and Dan
12 .\" McDonald, All Rights Reserved. All Rights under this copyright are assigned
13 .\" to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
14 .\" License Agreement applies to this software.
15 .\"
16 .\" History:
17 .\"
18 .\" Modified by cmetz for OPIE 2.4. Document -u option.
19 .\" Modified at NRL for OPIE 2.0.
20 .\" Originally from BSD.
21 .\"
22 .\" NOTE:
23 .\"
24 .\" This manual page uses the BSD >= Net/2 "mandoc" macros and may not
25 .\" format properly on all systems.
26 .\"
27 .\" Copyright (c) 1985, 1988, 1991 The Regents of the University of California.
28 .\" All rights reserved.
29 .\"
30 .\" Redistribution and use in source and binary forms, with or without
31 .\" modification, are permitted provided that the following conditions
32 .\" are met:
33 .\" 1. Redistributions of source code must retain the above copyright
34 .\" notice, this list of conditions and the following disclaimer.
35 .\" 2. Redistributions in binary form must reproduce the above copyright
36 .\" notice, this list of conditions and the following disclaimer in the
37 .\" documentation and/or other materials provided with the distribution.
38 .\" 3. All advertising materials mentioning features or use of this software
39 .\" must display the following acknowledgement:
40 .\" This product includes software developed by the University of
41 .\" California, Berkeley and its contributors.
42 .\" 4. Neither the name of the University nor the names of its contributors
43 .\" may be used to endorse or promote products derived from this software
44 .\" without specific prior written permission.
45 .\"
46 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
47 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
48 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
49 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
50 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
51 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
52 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
53 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
54 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
55 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
56 .\" SUCH DAMAGE.
57 .\"
58 .\" @(#)opieopieftpd.8 6.9 (Berkeley) 3/16/91
59 .\"
60 .TH OPIEFTPD 8 "10 January 1995"
62 .SH NAME
63 opieftpd \- File Transfer Protocol server that uses OPIE authentication
65 .SH SYNOPSIS
66 .B opieftpd
67 [\-d] [\-l] [\-t
68 .I timeout
69 ] [\-T
70 .I maxtimeout
71 ] [\-u
72 .I umask
73 ]
75 .SH DESCRIPTION
76 .I opieftpd
77 is the Internet File Transfer Protocol server process. The server uses the
78 TCP protocol and listens at the port specified in the ftp service
79 specification; see
80 .IR services (5).
82 .SH OPTIONS
83 .TP
84 .B \-d
85 Debugging information is written to the system logs.
86 .TP
87 .B \-l
88 Each
89 .IR ftp (1)
90 session is logged in the system logs.
91 .TP
92 .B \-t
93 The inactivity timeout period is set to
94 .I timeout
95 seconds (the default is 15 minutes).
96 .TP
97 .B \-T
98 A client may also request a different timeout period;
99 the maximum period allowed may be set to
100 .I maxtimeout
101 seconds with the
102 .B \-T
103 option. The default limit is 2 hours.
104 .B \-u
105 Set the default umask value to
106 .I umask.
107 .SH COMMANDS
108 The ftp server currently supports the following ftp
109 requests; case is not distinguished:
110 .PP
111 .nf
112 .ta \w'Request 'u
113 Request Description
114 ABOR abort previous command
115 ACCT specify account (ignored)
116 ALLO allocate storage (vacuously)
117 APPE append to a file
118 CDUP change to parent of current working directory
119 CWD change working directory
120 DELE delete a file
121 HELP give help information
122 LIST give a list of files in a directory
123 MKD make a directory
124 MDTM show last modification time of file
125 MODE specify data transfer mode
126 NLST give name list of files in directory
127 NOOP do nothing
128 PASS specify password
129 PASV prepare for server-to-server transfer
130 PORT specify data connection port
131 PWD print the current working directory
132 QUIT terminate session
133 REST restart incomplete transfer
134 RETR retrieve a file
135 RMD remove a directory
136 RNFR specify rename-from file name
137 RNTO specify rename-to file name
138 SITE non-standard commands (see next section)
139 SIZE return size of file
140 STAT return status of server
141 STOR store a file
142 STOU store a file with a unique name
143 STRU specify data transfer structure
144 SYST show operating system type of server system
145 TYPE specify data transfer type
146 USER specify user name
147 XCUP change to parent of current working directory (deprecated)
148 XCWD change working directory (deprecated)
149 XMKD make a directory (deprecated)
150 XPWD print the current working directory (deprecated)
151 XRMD remove a directory (deprecated)
152 .fi
154 The following non-standard or UNIX-specific commands are supported
155 by the SITE request:
156 .PP
157 .nf
158 .ta \w'Request 'u
159 Request Description
160 UMASK change umask (e.g. SITE UMASK 002)
161 IDLE set idle-timer (e.g. SITE IDLE 60)
162 CHMOD change mode of a file (e.g. SITE CHMOD 755 file)
163 HELP give help information (e.g. SITE HELP)
164 .fi
165 .sp
166 The remaining ftp requests specified in Internet RFC-959 are
167 recognized, but not implemented.
168 .sp
169 MDTM and SIZE are not specified in RFC-959, but will appear
170 in the next updated FTP RFC.
172 The ftp server will abort an active file transfer only when the
173 ABOR command is preceded by a Telnet "Interrupt Process" (IP)
174 signal and a Telnet "Synch" signal in the command Telnet stream,
175 as described in Internet RFC-959.
176 If a STAT command is received during a data transfer, preceded by
177 a Telnet IP and Synch, transfer status will be returned.
178 .I opieftpd
179 interprets file names according to the globbing conventions used by
180 .IR csh (1).
181 This allows users to utilize the metacharacters
182 \&*?[]{}~.
183 .sp
184 .I opieftpd
185 authenticates users according to three rules:
186 .sp
187 The user name must be in the password data base,
188 .I /etc/passwd,
189 and not have a null password. In this case, a password
190 must be provided by the client before any file operations
191 may be performed.
192 .sp
193 The user name must not appear in the file
194 .I /etc/ftpusers.
195 .sp
196 The user must have a standard shell returned by
197 .IR getusershell (3).
198 .sp
199 If the user name is
200 .I anonymous
201 or
202 .I ftp,
203 an anonymous ftp account must be present in the password
204 file (user
205 .I ftp ).
206 In this case, the user is allowed to log in by specifying any
207 password (by convention, this is given as the client host's name).
209 In the last case,
210 .I opieftpd
211 takes special measures to restrict the client's access privileges.
212 The server performs a
213 .IR chroot (2)
214 command to the home directory of the
215 .I ftp
216 user.
217 In order that system security is not breached, it is recommended
218 that the
219 .I ftp
220 subtree be constructed with care; the following
221 rules are recommended:
222 .sp
223 .TP
224 .B ~ftp
225 Make the home directory owned by
226 .I ftp
227 and unwritable by anyone.
228 .TP
229 .B ~ftp/bin
230 Make this directory owned by the super-user and unwritable by
231 anyone. The program
232 .IR ls (1)
233 must be present to support the LIST command. This
234 program should have mode 111.
235 .TP
236 .B ~ftp/etc
237 Make this directory owned by the super-user and unwritable by
238 anyone. The files
239 .IR passwd (5)
240 and
241 .IR group (5)
242 must be present for the
243 .IR ls (1)
244 command to be able to produce owner names rather than numbers.
245 The password field in
246 .I passwd
247 is not used, and should not contain real encrypted passwords.
248 These files should be mode 444.
249 .TP
250 .B ~ftp/pub
251 Make this directory mode 777 and owned by
252 .I ftp.
253 Users should then place files which are to be accessible via the
254 anonymous account in this directory.
255 .SH SEE ALSO
256 .BR ftpd (8),
257 .BR ftp (1),
258 .BR opie (4),
259 .BR opiekey (1),
260 .BR opiepasswd (1),
261 .BR opieinfo (1),
262 .BR opiesu (1),
263 .BR opieftpd (8),
264 .BR opiekeys (5),
265 .BR opieaccess (5)
267 .SH BUGS
268 The anonymous account is inherently dangerous and should
269 avoided when possible. In
270 .I opieftpd,
271 it is a compile-time option that should be disabled if it is not
272 being used.
273 The server must run as the super-user
274 to create sockets with privileged port numbers. It maintains
275 an effective user id of the logged in user, reverting to
276 the super-user only when binding addresses to sockets. The
277 possible security holes have been scrutinized, but are possibly incomplete.
279 .SH HISTORY
280 The
281 .I ftpd
282 command appeared in 4.2BSD.
284 .SH AUTHOR
285 Originally written for BSD,
286 .I ftpd
287 was modified at NRL by Randall Atkinson, Dan McDonald, and Craig Metz to
288 support OTP authentication.
290 .SH CONTACT
291 OPIE is discussed on the Bellcore "S/Key Users" mailing list. To join,
292 send an email request to:
293 .sp
294 skey-users-request@thumper.bellcore.com