Home Man
Today's Posts

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:
Select Section of Man Page:
Select Man Page Repository:

RedHat 9 (Linux i386) - man page for ftpd (redhat section 8)

FTPD(8) 										  FTPD(8)

       ftpd - DARPA Internet File Transfer Protocol server

       ftpd  [-a  | -A] [-c] [-C] [-d] [-l] [-t timeout] [-T maxtimeout] [-p port] [-u umask] [-r
       realm-file] [-s srvtab] [-w[ip|maxhostlen[,[no]striplocal]]]

       Ftpd is the DARPA Internet File Transfer Protocol server process.  The server uses the TCP
       protocol  and listens at the port specified in the ``ftp'' service specification; see ser-

       Available options:

       -A     Connections are only allowed for users who can authenticate via the ftp AUTH mecha-
	      nism.  (Anonymous  ftp  may also be allowed if it is configured.) Ftpd will ask the
	      user for a password if one is required.

       -a     Connections are only allowed for users who can authenticate (via the ftp AUTH mech-
	      anism)  and  who are authorized to connect to the named account without a password.
	      (Anonymous ftp may also be allowed if it is configured.)

       -C     Non-anonymous users need local credentials (for example, to authenticate to  remote
	      fileservers),  and  so they should be prompted for a password unless they forwarded
	      credentials as part of authentication.

       -c     Allow the CCC (Clear Command Channel) command to be used. This allows  less  secure
	      connections, and should probably only be used when debugging.

       -d     Debugging information is written to the syslog.

       -l     Each ftp(1) session is logged in the syslog.

       -t     The  inactivity  timeout	period	is set to timeout seconds (the default is 15 min-

       -T     A client may also request a different timeout period; the  maximum  period  allowed
	      may be set to timeout seconds with the -T option.  The default limit is 2 hours.

       -p port
	      Run  as  a  server  and  accept  a  connection on port.  Normally the ftp server is
	      invoked by inetd(8).

       -u umask
	      Sets the umask for the ftpd process.  The default value is normally 027.

       -r realm-file
	      Sets the name of the krb.conf file to use.  The default value is	normally  set  by

       -s srvtab
	      Sets  the  name  of  the	srvtab	file  to use for Kerberos V4 authentication.  The
	      default value is normally /etc/srvtab.

       -w [ip|maxhostlen[,[no]striplocal]]
	      Controls the form of the remote hostname passed to login(1).  Specifying ip results
	      in  the  numeric	IP address always being passed to login(1).  Specifying a number,
	      maxhostlen, sets the maximum length of the hostname passed to  login(1)  before  it
	      will  be	passed	as  a  numeric	IP  address.  If maxhostlen is 0, then the system
	      default, as determined by the utmp or utmpx structures, is used.	The  nostriplocal
	      and  striplocal  options, which must be preceded by a comma, control whether or not
	      the local host domain is stripped from the remote hostname.  By default, the equiv-
	      alent of striplocal is in effect.

       The ftp server currently supports the following ftp requests; case is not distinguished.

       Request	Description
       ABOR	abort previous command
       ACCT	specify account (ignored)
       ADAT	send an authentication protocol message
       ALLO	allocate storage (vacuously)
       APPE	append to a file
       AUTH	specify an authentication protocol to be performed
       CCC	set  the command channel protection mode to "Clear" (no protection).  Only avail-
		able if the -c command-line option was given.
       CDUP	change to parent of current working directory
       CWD	change working directory
       DELE	delete a file
       ENC	send a privacy and integrity protected command (given in argument)
       HELP	give help information
       LIST	give list files in a directory (``ls -lgA'')
       MIC	send an integrity protected command (given in argument)
       MKD	make a directory
       MDTM	show last modification time of file
       MODE	specify data transfer mode
       NLST	give name list of files in directory
       NOOP	do nothing
       PASS	specify password
       PASV	prepare for server-to-server transfer
       PBSZ	specify a protection buffer size
       PORT	specify data connection port
       PROT	specify a protection level under which to protect data transfers
       PWD	print the current working directory
       QUIT	terminate session
       REST	restart incomplete transfer
       RETR	retrieve a file
       RMD	remove a directory
       RNFR	specify rename-from file name
       RNTO	specify rename-to file name
       SITE	non-standard commands (see next section)
       SIZE	return size of file
       STAT	return status of server
       STOR	store a file
       STOU	store a file with a unique name
       STRU	specify data transfer structure
       SYST	show operating system type of server system
       TYPE	specify data transfer type
       USER	specify user name
       XCUP	change to parent of current working directory (deprecated)
       XCWD	change working directory (deprecated)
       XMKD	make a directory (deprecated)
       XPWD	print the current working directory (deprecated)
       XRMD	remove a directory (deprecated)

       The following non-standard or UNIX specific commands are supported by the SITE request.

       Request	Description
       UMASK	change umask.  E.g., SITE UMASK 002
       IDLE	set idle-timer.  E.g., SITE IDLE 60
       CHMOD	change mode of a file.	E.g., SITE CHMOD 755 filename
       HELP	give help information.	E.g., SITE HELP

       The remaining ftp requests specified in Internet RFC 959 are recognized,  but  not  imple-
       mented.	 MDTM  and SIZE are not specified in RFC 959, but will appear in the next updated
       FTP RFC.

       The ftp server will abort an active file transfer only when the ABOR command  is  preceded
       by  a  Telnet  "Interrupt  Process" (IP) signal and a Telnet "Synch" signal in the command
       Telnet stream, as described in Internet RFC 959.  If a STAT command is received	during	a
       data transfer, preceded by a Telnet IP and Synch, transfer status will be returned.

       Ftpd interprets file names according to the ``globbing'' conventions used by csh(1).  This
       allows users to utilize the metacharacters ``*?[]{}~''.

       Ftpd authenticates users according to the following rules:

	 1.   The user name must be in the password data base, /etc/passwd.

	 2.   An AUTH command must be accepted, the ensuing  authentication  protocol  (conducted
	      via  ADAT  commands  and replies) must successfully complete, and the authenticated
	      user must permitted access.  Otherwise, a valid password which is not null must  be
	      provided by the client.

	 3.   The user name must not appear in the file /etc/ftpusers.

	 4.   The user must have a standard shell returned by getusershell(3).

	 5.   If  the  user  name  is  ``anonymous'' or ``ftp'', an anonymous ftp account must be
	      present in the password file (user ``ftp'').  In this case the user is  allowed  to
	      log in by specifying any password (by convention this is given as the client host's

       In the last case, ftpd takes special measures to restrict the client's access  privileges.
       The  server  performs  a  chroot(2) command to the home directory of the ``ftp'' user.  In
       order that system security is not breached, it is recommended that the ``ftp'' subtree  be
       constructed with care; the following rules are recommended.

       ~ftp   Make the home directory owned by ``ftp'' and unwritable by anyone.

	      Make  this directory owned by the super-user and unwritable by anyone.  The program
	      ls(1) must be present to support the list command.  This program should  have  mode

	      Make  this  directory  owned by the super-user and unwritable by anyone.	The files
	      passwd(5) and group(5) must be present for the ls command to  be	able  to  produce
	      owner  names  rather  than  numbers.  The password field in passwd is not used, and
	      should not contain real encrypted passwords.  These files should be mode 444.

	      Make this directory mode 777 and owned by ``ftp''.  Users should then  place  files
	      which are to be accessible via the anonymous account in this directory.

       If  an ADAT command succeeds, the control channel must be either integrity or privacy pro-
       tected.	In this case, the MIC and ENC commands are the only  commands  allowed	over  the
       control	channel.  The argument to the MIC command is a base 64 encoded string which, when
       decoded, is an ftp command integrity protected with a cryptographic checksum.   The  argu-
       ment to the ENC command is a base 64 encoded string which, when decoded, is an ftp command
       privacy and integrity protected with encryption.

       If an ADAT command succeeds, ftp replies will also be either  integrity	or  privacy  pro-

       If  an ADAT command succeeds, the data channel can also be integrity or privacy protected.
       The PROT command accepts S for integrity and P for privacy  protection.	 Unless  an  ADAT
       command succeeds, the only protection level accepted by the PROT command is C (clear).

       ftp(1), getusershell(3), syslogd(8)

       Lunt, S. J., FTP Security Extensions, Internet Draft, November 1993.

       The anonymous account is inherently dangerous and should avoided when possible.

       The  server must run as the super-user to create sockets with privileged port numbers.  It
       maintains an effective user id of the logged in user, reverting	to  the  super-user  only
       when  binding  addresses  to  sockets.	The possible security holes have been extensively
       scrutinized, but are possibly incomplete.

       The ftpd command appeared in 4.2BSD.


All times are GMT -4. The time now is 10:09 AM.

Unix & Linux Forums Content Copyrightę1993-2018. All Rights Reserved.
Show Password