Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ ftpd(1M) — Reliant UNIX 5.44c4

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

ftp(1)

inetd(1M)

getsockopt(3N)

group(4)

netconfig(4)

passwd(4)

services(4)

ftpd(1M)                                                           ftpd(1M)

NAME
     ftpd, in.ftpd - file transfer protocol server

SYNOPSIS
     in.ftpd [-B|-S] [-bdl] [-u mask] [-t timeout] [-T max-timeout]
             [-F value] [-N value] [-W value] host.socket

DESCRIPTION
     ftpd is the Internet File Transfer Protocol (FTP) server process. The
     server is invoked by the Internet daemon inetd(1M) each time a connec-
     tion to the FTP service [see services(4)] is made, with the connection
     available as descriptor 0 and the host and socket from which the con-
     nection originated as argument.

OPTIONS
     -B   The -B option sets the LIBSOCKETBSD=YES environment variable for
          the ftpd command. This means that BSD sockets will be used.

     -S   The -S option sets the LIBSOCKETBSD=NO environment variable for
          the ftpd command. This means that STREAMS sockets will be used.

          Note:

          The -B or -S option overrides the current value of LIBSOCKETBSD
          in the shell environment. If neither -B nor -S is set, the
          behavior is determined at startup by setting LIBSOCKETBSD.

     -b   It is no longer possible to change the IP address of the FTP
          client using the PORT command. As a result, the "ftp bounce
          attack" can be prevented. However, this also means that ftpd will
          no longer behave in compliance with RFC. It is still possible to
          change the port on the client.

     -d   Activates debug mode. The debug information is sent to the syslog
          daemon [see syslog(3C)].

     -l   Logs every FTP session via the syslog daemon.

     -u mask
          Sets the protection bit mask for access permissions to files to
          mask. The protection bit mask is a three-digit octal number and
          is used to specify the access permissions which are not to be
          assigned (see also the umask command). The default setting for
          mask is 027, which corresponds to rw-r-----.

     -t timeout
          Set the inactivity timeout period to timeout, in seconds. The FTP
          server will timeout an inactive session after 15 minutes.







Page 1                       Reliant UNIX 5.44                Printed 11/98

ftpd(1M)                                                           ftpd(1M)

     -T max-timeout
          Sets the maximum timeout a client can request in the event of
          inactivity to the value specified in max-timeout (in seconds). By
          default, a value of 2 hours applies.

     -F value
          value determines the block size for file transfer. This means
          that the file being transferred will be read and written in
          blocks of this size.

          Values between 1 KB and 16 MB are permitted. The default is 32
          KB.

     -N value
          value determines the size of the internal ftp send/receive
          buffer.

          Values between 1 KB and 16 MB are permitted. The default is 32
          KB.

     -W value
          value is used as the socket option SOSNDBUF or SORCVBUF for
          data transfer.

          Values between 4 KB and 384 MB are permitted. The default is 24
          KB.

          In the case of all three options, i.e. -F, -N and -W, you can
          specify value as follows:

          nk or nK        The value is interpreted as n kilobytes.

          nm or nM        The value is interpreted as n megabytes.

          n (digit only)  The value is interpreted as n bytes.

   Requests

     The FTP server currently supports the following FTP requests; case is
     not distinguished.

     ABOR      abort previous command

     ACCT      specify account (ignored)

     ALLO      allocate storage (vacuously)

     APPE      append to a file

     CDUP      change to parent of current working directory

     CWD       change working directory


Page 2                       Reliant UNIX 5.44                Printed 11/98

ftpd(1M)                                                           ftpd(1M)

     DELE      delete a file

     HELP      give help information

     LIST      give list files in a directory (ls -lg)

     MKD       make a directory

     MODE      specify data transfer mode

     NLST      give name list of files in directory (ls)

     NOOP      do nothing

     PASS      specify password

     PASV      prepare for server-to-server transfer

     PORT      specify data connection port

     PWD       print the current working directory

     QUIT      terminate session

     RETR      retrieve a file

     RMD       remove a directory

     RNFR      specify rename-from file name

     RNTO      specify rename-to file name

     SITE      run non-standard commands

     STOR      store a file

     STOU      store a file with a unique name

     STRU      specify data transfer structure

     TYPE      specify data transfer type

     USER      specify user name

     XCUP      change to parent of current working directory

     XCWD      change working directory

     XMKD      make a directory

     XPWD      print the current working directory



Page 3                       Reliant UNIX 5.44                Printed 11/98

ftpd(1M)                                                           ftpd(1M)

     XRMD      remove a directory

     The following non-standard commands are supported by SITE:

     UMASK     Query and modify the protection bit mask. Query: SITE UMASK.
               Modify, stating the new protection bit mask, e. g. SITE
               UMASK 077.

     IDLE      Query and modify the inactivity timeout period, e.g. SITE
               IDLE 60.

     CHMOD     Modify the access permissions to a file, e.g. CHMOD 755
               file.

     HELP      Display help information of the SITE command, e.g. SITE
               HELP.

     The remaining FTP requests specified in RFC 959 are recognized, but
     not implemented.

     The FTP server will abort an active file transfer only when the ABOR
     command is preceded by a Telnet "Interrupt Process" (IP) signal and a
     Telnet "Synch" signal in the command Telnet stream, as described in
     RFC 959.

     ftpd interprets file names according to the "globbing" conventions
     used by sh(1). This allows users to utilize the metacharacters: *, ?,
     [, ], {, }, and ~.

     ftpd authenticates users according to three rules.

     1) The user name must be in the password database, /etc/passwd, and
        not have a null password. In this case a password must be provided
        by the client before any file operations may be performed.

     2) If the user name appears in the file /etc/ftpusers, ftp access is
        denied.

     3) If the file /etc/shells exists, and the user's shell (from
        /etc/passwd) is not listed in this file, access is denied. If
        /etc/shells does not exist, access is denied, unless the users
        shell is one of the following:

        /bin/sh
        /bin/ksh
        /bin/csh
        /usr/bin/sh
        /usr/bin/ksh
        /usr/bin/csh





Page 4                       Reliant UNIX 5.44                Printed 11/98

ftpd(1M)                                                           ftpd(1M)

     4) If the user name is "anonymous" or "ftp", an anonymous FTP account
        must be present in the password file (user "ftp"). In this case the
        user is allowed to log in by specifying any password (by convention
        this is given as the client host's name).

     In the last case, ftpd takes special measures to restrict the client's
     access privileges. The server performs a chroot(1M) command to the
     home directory of the "ftp" user. In order that system security is not
     breached, it is recommended that the "ftp" subtree be constructed with
     care; the following rules are recommended.

     $HOME
          ftp must be the owner of the home directory and nobody else
          should be permitted to write to it.

     $HOME/bin
          This directory should be owned by the superuser and nobody else
          should be permitted to write to it. The program ls(1) must be
          present to support the list commands. This program should have
          mode 111.

     $HOME/etc
          This directory should be owned by the superuser and nobody else
          should be permitted to write to it. Copies of the files
          passwd(4), group(4), and netconfig(4) must be present for the ls
          command to work properly. These files should be mode 444.

     $HOME/pub
          This directory should be changed to mode 777 and owned by ftp.
          Users should then place files which are to be accessible via the
          anonymous account in this directory.

     $HOME/dev
          This directory should be owned by the superuser and nobody else
          should be permitted to write to it. Change to this directory and
          enter the following:

          FTP="`grep '^ftp:' /etc/passwd | cut -d: -f6`"
          MAJORMINOR="`ls -l /dev/tcp | awk '{ gsub(/,/, \" \"); \
          print $5, $6}'`"
          mknod $FTP/dev/tcp c $MAJORMINOR
          chmod 666 $FTP/dev/tcp

     $HOME/usr/lib
          The superuser (root) should be the owner of this directory and
          nobody else should be permitted to write to it. The library
          lib.so.1 (from /usr/lib) must exist to support the commands for
          printing lists. The access permissions must be set to 555
          (r-xr-xr-x) for this program.





Page 5                       Reliant UNIX 5.44                Printed 11/98

ftpd(1M)                                                           ftpd(1M)

     $HOME/dev/zero
          The superuser (root) should be the owner of this directory and
          nobody else should be permitted to write to it. The device zero
          must exist to support the commands for printing lists. The access
          permissions must be set to 666 (rw-rw-rw-) for this program. The
          command ls -l /dev/zero can be used to establish its device
          driver numbers.

NOTES
     The anonymous account is inherently dangerous and should be avoided if
     possible.

     The server must run as the superuser to create sockets with privileged
     port numbers. It maintains an effective user id of the logged in user,
     reverting to the superuser only when binding addresses to sockets. Any
     gaps in security have been examined extensively, but all may not yet
     be eliminated.

     /etc/ftpusers contains a list of users who cannot access the system;
     the format of the file is one username per line.

SEE ALSO
     ftp(1), inetd(1M), getsockopt(3N), group(4), netconfig(4), passwd(4),
     services(4).

     Postel, Jon und Joyce Reynolds, File Transfer Protocol (FTP), RFC 959,
     Network Information Center, SRI International, Menlo Park, Calif.,
     October 1985.


























Page 6                       Reliant UNIX 5.44                Printed 11/98

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026