Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ ftpd(1M) — UnixWare 2.01

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

ftp(1)

getsockopt(3N)

passwd(4)

services(4)

syslog(3G)






       ftpd(1M)                                                    ftpd(1M)


       NAME
             ftpd - Internet file transfer protocol server

       SYNOPSIS
             in.ftpd [-dlv] [-u mask] [-t timeout] [-T maxtimeout]

       DESCRIPTION
             The ftpd command is the DARPA Internet File Transfer Protocol
             server process.  The server uses the TCP protocol and listens
             at the port specified in the ftp service name specification
             [see services(4)].

          Files
             /etc/ftpusers       restricted user list
             /etc/shells         allowed shell list
             /etc/passwd         the user database
             /etc/group          the group database

       USAGE
             ftpd is started by the ``super-server'' inetd, and therefore
             must have an entry in inetd's configuration file,
             /etc/inetd.conf [see inetd(1M) and inetd.conf(4)].

          Options
             ftpd takes the following options:

             -d    Enable debugging.  Debugging information is written to
                   the syslog.

             -l    Log each FTP session to the syslog.

             -v    Enables debugging in verbose mode.

             -u mask
                   Set the file creation mask to mask.

             -t timeout
                   Set the inactivity timeout period to timeout seconds.
                   By default, the FTP server will timeout an inactive
                   session after 15 minutes.

             -T maxtimeout
                   Limit the maximum timeout period which can be requested
                   by a client to maxtimeout seconds.  The default limit is
                   2 hours.



                           Copyright 1994 Novell, Inc.               Page 1













      ftpd(1M)                                                    ftpd(1M)


         FTP Requests
            The FTP server currently supports the following FTP requests;
            case is not distinguished.

                  ABOR      abort previous command
                  ACCT      specify account (ignored)
                  ALLO      allocate storage (vacuously)
                  APPE      append to a file
                  CDUP      change to parent of current working directory
                  CWD       change working directory
                  DELE      delete a file
                  HELP      give help information
                  LIST      give list files in a directory (ls -lg)
                  MKD       make a directory
                  MODE      specify data transfer mode
                  NLST      give name list of files in directory (ls)
                  NOOP      do nothing
                  PASS      specify password
                  PASV      prepare for server-to-server transfer
                  PORT      specify data connection port
                  PWD       print the current working directory
                  QUIT      terminate session
                  REST      restart a file transfer
                  RETR      retrieve a file
                  RMD       remove a directory
                  RNFR      specify rename-from file name
                  RNTO      specify rename-to file name
                  SITE      non-standard commands (see next section)
                  SIZE      return size of file
                  STAT      return status of server
                  STOR      store a file
                  STOU      store a file with a unique name
                  STRU      specify data transfer structure
                  TYPE      specify data transfer type
                  USER      specify user name
                  XCUP      change to parent of current working directory
                  XCWD      change working directory
                  XMKD      make a directory
                  XPWD      print the current working directory
                  XRMD      remove a directory

            The following non-standard or UNIX-specific commands are
            supported by the SITE request.
                  UMASK     change umask, for example, SITE UMASK 002




                          Copyright 1994 Novell, Inc.               Page 2













       ftpd(1M)                                                    ftpd(1M)


                   IDLE      set idle-timer, for example, SITE IDLE 60
                   CHMOD     change mode of a file, for example, SITE CHMOD
                             755 filename
                   HELP      give help information, for example, SITE HELP

             The remaining FTP requests specified in RFC 959 are
             recognized, but not implemented.  MDTM and SIZE are not
             specified in RFC 959, but will appear in the next updated FTP
             RFC.

             The FTP server will abort an active file transfer only when
             the ABOR command is preceded by a Telnet Interrupt Process
             (IP) signal and a Telnet Synch signal in the command Telnet
             stream, as described in RFC 959.  If a STAT command is
             received during a data transfer, preceded by a Telnet IP and
             Synch, transfer status will be returned.

             ftpd interprets file names according to the globbing
             conventions used by sh(1).  This allows users to utilize the
             metacharacters: * ? [] { } ~

             ftpd authenticates users according to four rules.

             1. The user name must be in the password data base,
                /etc/passwd, and not have a null password.  In this case a
                password must be provided by the client before any file
                operations may be performed.

             2. The user name must not appear in the file /etc/ftpusers.
                This file is checked on each non-anonymous ftp connection
                request.  If the requested user name is located in the
                file, the request is denied.  It is suggested that this
                file contain at least the following names: uucp, root.

             3. The FTP server will not allow FTP logins to accounts whose
                shell is not listed in /etc/shells.  This typically
                restricts access by UUCP sign-ons, etc.

             4. If the user name is anonymous or ftp, an anonymous ftp
                account must be present in the password file (user ftp).
                In this case the user is allowed to log in by specifying
                any password (by convention this is given as the client
                host's name.





                           Copyright 1994 Novell, Inc.               Page 3













      ftpd(1M)                                                    ftpd(1M)


            In the last case, ftpd takes special measures to restrict the
            client's access privileges.  The server performs a chroot(2)
            command to the home directory of the ftp user.  In order that
            system security is not breached, it is recommended that the
            ftp subtree be constructed with care; the following rules are
            recommended.

            home_directory
                    Make the home directory owned by ftp and unwritable by
                    anyone.

            home_directory/bin
                    Make this directory owned by a privileged user and
                    unwritable by anyone.  The program ls(1) must be
                    present to support the list commands.  This program
                    should have mode 111.

            home_directory/usr/lib
                    Make this directory owned by a privileged user and
                    unwritable by anyone.  The libraries libc.so.1 and
                    libc.so.1.1 must be present to support the list
                    commands (they can be copied from your system's
                    /usr/lib).  These files should have mode 111.

            home_directory/etc
                    Make this directory owned by a privileged user and
                    unwritable by anyone.  Copies of the files passwd(4),
                    group(4), and netconfig must be present for the ls
                    command to work properly.  These files should be mode
                    444.

            home_directory/pub
                    Make this directory mode 777 and owned by ftp.  Users
                    should then place files which are to be accessible via
                    the anonymous account in this directory.

            home_directory/dev
                    Make this directory owned by a privileged user and
                    unwritable by anyone.  Change directories to this
                    directory and do the following:
            FTP="`grep ^ftp: /etc/passwd | cut -d: -f6`"
            MAJORMINOR="`ls -l /dev/tcp | nawk '{ gsub(/,/, ""); print $5, $6}'`
            mknod $FTP/dev/tcp c $MAJORMINOR
            chmod 666 $FTP/dev/tcp




                          Copyright 1994 Novell, Inc.               Page 4













       ftpd(1M)                                                    ftpd(1M)


          General Considerations
             /etc/ftpusers contains a list of users who cannot access the
             system; the format of the file is one username per line.

             If a remote user does not have a home directory, the root
             directory (/) becomes the user's current directory.

          Warnings
             The anonymous account is inherently dangerous and should be
             avoided when possible.

             The server must run as a privileged process to create sockets
             with privileged port numbers.  It maintains an effective user
             ID of the logged-in user, changing to user ID 0 only when
             binding addresses to sockets.  The possible security holes
             have been extensively scrutinized, but are possibly
             incomplete.

       REFERENCES
             ftp(1), getsockopt(3N), passwd(4), services(4), syslog(3G)
             RFC 959



























                           Copyright 1994 Novell, Inc.               Page 5








Typewritten Software • bear@typewritten.org • Edmonds, WA 98026