Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
FTPD.CONF(5)		    BSD	File Formats Manual		  FTPD.CONF(5)

NAME
     ftpd.conf -- ftpd(8) configuration	file

DESCRIPTION
     The ftpd.conf file	specifies various configuration	options	for ftpd(8)
     that apply	once a user has	authenticated their connection.

     ftpd.conf consists	of a series of lines, each of which may	contain	a con-
     figuration	directive, a comment, or a blank line.	Directives that	appear
     later in the file override	settings by previous directives.  This allows
     `wildcard'	entries	to define defaults, and	then have class-specific over-
     rides.

     A directive line has the format:
	   command class [arguments]

     A "\" is the escape character; it can be used to escape the meaning of
     the comment character, or if it is	the last character on a	line, extends
     a configuration directive across multiple lines.  A "#" is	the comment
     character,	and all	characters from	it to the end of line are ignored (un-
     less it is	escaped	with the escape	character).

     Each authenticated	user is	a member of a class, which is determined by
     ftpusers(5).  class is used to determine which ftpd.conf entries apply to
     the user.	The following special classes exist when parsing entries in :
	   all	   Matches any class.
	   none	   Matches no class.

     Each class	has a type, which may be one of:

	   GUEST   Guests (as per the "anonymous" and "ftp" logins).  A
		   chroot(2) is	performed after	login.

	   CHROOT  chroot(2) ed	users (as per ftpchroot(5)).  A	chroot(2) is
		   performed after login.

	   REAL	   Normal users.

     The ftpd(8) STAT command will return the class settings for the current
     user as defined by	, unless the private directive is set for the class.

     Each configuration	line may be one	of:

     advertise class host

     advertize class host
	   Set the address to advertise	in the response	to the PASV and	LPSV
	   commands to the address for host (which may be either a host	name
	   or IP address).  This may be	useful in some firewall	configura-
	   tions, although many	ftp clients may	not work if the	address	being
	   advertised is different to the address that they've connected to.
	   If class is "none" or no argument is	given, disable this.

     checkportcmd class	[off]
	   Check the PORT command for validity.	 The PORT command will fail if
	   the IP address specified does not match the FTP command connection,
	   or if the remote TCP	port number is less than IPPORT_RESERVED.  It
	   is strongly encouraged that this option be used, espcially for
	   sites concerned with	potential security problems with FTP bounce
	   attacks.  If	class is "none"	or off is given, disable this feature,
	   otherwise enable it.

     chroot class [pathformat]
	   If pathformat is not	given or class is "none", use the default be-
	   haviour (see	below).	 Otherwise, pathformat is parsed to create a
	   directory to	create as the root directory with chroot(2) into upon
	   login.

	   pathformat can contain the following	escape strings:
		 Escape	 Description
		 %c	 Class name.
		 %d	 Home directory	of user.
		 %u	 User name.
		 %%	 A "%" character.

	   The default root directory is:
		 CHROOT	 The user's home directory.
		 GUEST	 If -a anondir is given, use anondir, otherwise	the
			 home directory	of the `ftp' user.
		 REAL	 By default no chroot(2) is performed.

     classtype class type
	   Set the class type of class to type (see above).

     conversion	class suffix [type disable command]
	   Define an automatic in-line file conversion.	 If a file to retrieve
	   ends	in suffix, and a real file (sans suffix) exists, then the out-
	   put of command is returned instead of the contents of the file.

		 suffix	  The suffix to	initiate the conversion.

		 type	  A list of valid filetypes for	the conversion.	 Valid
			  types	are: `f' (file), and `d' (directory).

		 disable  The name of file that	will prevent conversion	if it
			  exists.  A file name of "." will prevent this	dis-
			  abling action	(i.e., the conversion is always	per-
			  mitted.)

		 command  The command to run for the conversion.  The first
			  word should be the full path name of the command, as
			  execv(3) is used to execute the command.  All	in-
			  stances of the word "%s" in command are replaced
			  with the requested file (sans	suffix).

	   Conversion directives specified later in the	file override earlier
	   conversions with the	same suffix.

     denyquick class [off]
	   Enforce ftpusers(5) rules after the USER command is received,
	   rather than after the PASS command is received.  Whilst enabling
	   this	feature	may allow information leakage about available accounts
	   (for	example, if you	allow some users of a REAL or CHROOT class but
	   not others),	it is useful in	preventing a denied user (such as
	   `root') from	entering their password	across an insecure connection.
	   This	option is strongly recommended for servers which run an	anony-
	   mous-only service.  If class	is "none" or off is given, disable
	   this	feature, otherwise enable it.

     display class [file]
	   If file is not given	or class is "none", disable this.  Otherwise,
	   each	time the user enters a new directory, check if file exists,
	   and if so, display its contents to the user.	 Escape	sequences are
	   supported; refer to Display file escape sequences in	ftpd(8)	for
	   more	information.

     homedir class [pathformat]
	   If pathformat is not	given or class is "none", use the default be-
	   haviour (see	below).	 Otherwise, pathformat is parsed to create a
	   directory to	change into upon login,	and to use as the `home' di-
	   rectory of the user for tilde expansion in pathnames, etc.
	   pathformat is parsed	as per the chroot directive.

	   The default home directory is the home directory of the user	for
	   REAL	users, and / for GUEST and CHROOT users.

     limit class count [file]
	   Limit the maximum number of concurrent connections for class	to
	   count, with `0' meaning unlimited connections.  If the limit	is ex-
	   ceeded and file is given, display its contents to the user.	If
	   class is "none" or count is not specified, disable this.  If	file
	   is a	relative path, it will be searched for in /etc (which can be
	   overridden with -c confdir).

     maxfilesize class size
	   Set the maximum size	of an uploaded file to size.  If class is
	   "none" or no	argument is given, disable this.

     maxtimeout	class time
	   Set the maximum timeout period that a client	may request, default-
	   ing to two hours.  This cannot be less than 30 seconds, or the
	   value for timeout.  If class	is "none" or time is not specified,
	   set to default of 2 hours.

     modify class [off]
	   If class is "none" or off is	given, disable the following commands:
	   CHMOD, DELE,	MKD, RMD, RNFR,	and UMASK.  Otherwise, enable them.

     motd class	[file]
	   If file is not given	or class is "none", disable this.  Otherwise,
	   use file as the message of the day file to display after login.
	   Escape sequences are	supported; refer to Display file escape
	   sequences in	ftpd(8)	for more information.  If file is a relative
	   path, it will be searched for in /etc (which	can be overridden with
	   -c confdir).

     notify class [fileglob]
	   If fileglob is not given or class is	"none",	disable	this.  Other-
	   wise, each time the user enters a new directory, notify the user of
	   any files matching fileglob.

     passive class [off]
	   If class is "none" or off is	given, prevent passive (PASV, LPSV,
	   and EPSV) connections.  Otherwise, enable them.

     portrange class min max
	   Set the range of port number	which will be used for the passive
	   data	port.  max must	be greater than	min, and both numbers must be
	   be between IPPORT_RESERVED (1024) and 65535.	 If class is "none" or
	   no arguments	are given, disable this.

     private class [off]
	   If class is "none" or off is	given, do not display class informa-
	   tion	in the output of the STAT command.  Otherwise, display the in-
	   formation.

     rateget class rate
	   Set the maximum get (RETR) transfer rate throttle for class to rate
	   bytes per second.  If rate is 0, the	throttle is disabled.  If
	   class is "none" or no arguments are given, disable this.

	   An optional suffix may be provided, which changes the intrepreta-
	   tion	of rate	as follows:
		 b    Causes no	modification. (Default;	optional)
		 k    Kilo; multiply the argument by 1024
		 m    Mega; multiply the argument by 1048576
		 g    Giga; multiply the argument by 1073741824
		 t    Tera; multiply the argument by 1099511627776

     rateput class rate
	   Set the maximum put (STOR) transfer rate throttle for class to rate
	   bytes per second, which is parsed as	per rateget rate.  If class is
	   "none" or no	arguments are given, disable this.

     sanenames class [off]
	   If class is "none" or off is	given, allow uploaded file names to
	   contain any characters valid	for a file name.  Otherwise, only per-
	   mit file names which	don't start with a `.' and only	comprise of
	   characters from the set "[-+,._A-Za-z0-9]".

     template class [refclass]
	   Define refclass as the `template' for class;	any reference to
	   refclass in following directives will also apply to members of
	   class.  This	is useful to define a template class so	that other
	   classes which are to	share common attributes	can be easily defined
	   without unnecessary duplication.  There can be only one template
	   defined at a	time.  If refclass is not given, disable the template
	   for class.

     timeout class time
	   Set the inactivity timeout period.  (the default is fifteen min-
	   utes).  This	cannot be less than 30 seconds,	or greater than	the
	   value for maxtimeout.  If class is "none" or	time is	not specified,
	   set to the default of 15 minutes.

     umask class umaskval
	   Set the umask to umaskval.  If class	is "none" or umaskval is not
	   specified, set to the default of 027.

     upload class [off]
	   If class is "none" or off is	given, disable the following commands:
	   APPE, STOR, and STOU, as well as the	modify commands: CHMOD,	DELE,
	   MKD,	RMD, RNFR, and UMASK.  Otherwise, enable them.

DEFAULTS
     The following defaults are	used:

	   checkportcmd	 all
	   classtype	 chroot	CHROOT
	   classtype	 guest	GUEST
	   classtype	 real	REAL
	   display	 none
	   limit	 all	-1     # unlimited connections
	   maxtimeout	 all	7200   # 2 hours
	   modify	 all
	   motd		 all	motd
	   notify	 none
	   passive	 all
	   timeout	 all	900    # 15 minutes
	   umask	 all	027
	   upload	 all
	   modify	 guest	off
	   umask	 guest	0707

FILES
     /etc/ftpd.conf			 This file.
     /usr/share/examples/ftpd/ftpd.conf	 A sample ftpd.conf file.

SEE ALSO
     ftpchroot(5), ftpusers(5),	ftpd(8)

HISTORY
     The ftpd.conf functionality was implemented in NetBSD 1.3 and later re-
     leases by Luke Mewburn, based on work by Simon Burge.

BSD			       December	5, 2001				   BSD

NAME | DESCRIPTION | DEFAULTS | FILES | SEE ALSO | HISTORY

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=ftpd.conf&sektion=5&manpath=FreeBSD+4.7-RELEASE>

home | help