FTPD(1M) — Silicon Graphics
NAME
ftpd − DARPA Internet File Transfer Protocol server
SYNOPSIS
/etc/ftpd [ -ttimeout ]
DESCRIPTION
ftpd is the DARPA Internet File Transfer Prototocol server process. It uses the TCP protocol and listens at the port specified in the “ftp” service specification.
The ftp server times out an inactive session after 60 seconds if no −ttimeout is specified. If the −ttimeout option is specified, the inactivity timeout period is timeout seconds.
The ftp server supports the following ftp requests (Internet RFC 765); they can be entered in upper or lower case.
RequestDescription
ACCTspecify account (ignored)
ALLOallocate storage (vacuously)
APPEappend to a file
CWDchange working directory
DELEdelete a file
HELPget help
LISTlist directory files (“ls -lg”)
MODEspecify data transfer mode
NLSTlist file names (“ls”)
NOOPdo nothing
PASSspecify password
PORTspecify data connection port
QUITend session
RETRretrieve a file
RNFRspecify rename-from file name
RNTOspecify rename-to file name
STORstore a file
STRUspecify data transfer structure
TYPEspecify data transfer type
USERspecify user name
XCUPchange to parent directory
XCWDchange working directory
XMKDmake a directory
XPWDprint the current working directory
XRMDremove a directory
The remaining ftp Internet RFC 765 requests are recognized, but are not implemented at present.
Ftpd interprets file names according to the “globbing” conventions of csh(1). The metacharacters “*?[]{}~” can be used.
Ftpd authenticates users according to three rules.
1)The user name must be in the password data base, /etc/passwd, and not have a null password. The client must provide a password before any file operations can be performed.
2)The user name must not appear in the file /etc/ftpusers.
3)If the user name is “anonymous” or “ftp”, an anonymous ftp account must be present in the password file (user “ftp”). The user can log in by specifying any password (e.g. the client host’s name).
In the last case, ftpd restricts the client’s access privileges. The server does a chroot(2) on the “ftp” user’s home directory so system security is not breached; the “ftp” subtree should be constructed carefully. To do so, make the following changes.
~ftp“ftp” owns the home directory and no one has write-access.
~ftp/bin
The super user owns this directory and no one has write-access. The program ls(1) must be present to support the list commands. This program should have mode 111 set.
~ftp/etc
The super user owns this directory and no one has write-access. The files passwd(4) and group(4) must be present for the ls command to work properly. These files should have mode 444 set.
~ftp/pub
“ftp” owns this directory (mode 777). Users should then place files which the anonymous account can access in this directory.
FILES
/etc/ttpusers
SEE ALSO
BUGS
Autologout (after timeout) does not work.
Some password must be entered to login.
Commands can not be aborted.
The anonymous account is inherently dangerous and should be avoided whenever possible.
The server must run as the super-user to create sockets with privileged port numbers. The server maintains its logged in user-id, becoming the super user only when binding addresses to sockets. The security has been scrutinized, but may not be complete.
Version 2.3 — July 04, 1985