Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
in.ftpd(1M)		System Administration Commands		   in.ftpd(1M)

       in.ftpd,	ftpd - File Transfer Protocol Server

       in.ftpd [-A] [-a] [-d] [-I] [-i]	[-L] [-l] [-o] [-P dataport] [-p ctrl-
       port] [-Q] [-q] [-r rootdir] [-S] [-s] [-T maxtimeout] [-t timeout] [-u
       umask] [-V] [-v]	[-W] [-w] [-X]

       in.ftpd	is  the	 Internet File Transfer	Protocol (FTP) server process.
       The server may be invoked by the	Internet daemon	inetd(1M) each time  a
       connection  to  the  FTP	service	is made	or run as a standalone server.
       See services(4).

       in.ftpd supports	the following options:

       -A    Disable use of the	ftpaccess(4) file. Use of  ftpaccess  is  dis-
	     abled by default.

       -a    Enable use	of the ftpaccess(4) file.

       -d    Write debugging information to syslogd(1M).

       -I    Disable  the  use	of AUTH	and ident to determine the username on
	     the client. See RFC 931. The FTP Server is	built not to use  AUTH
	     and ident.

       -i    Log  the  names  of all files received by the FTP Server to xfer-
	     log(4). You can override the -i option through use	of the	ftpac-
	     cess(4) file.

       -L    Log  all commands sent to in.ftpd to syslogd(1M). When the	-L op-
	     tion is used, command logging will	be on by default, once the FTP
	     Server  is	invoked. Because the FTP Server	includes USER commands
	     in	those logged, if a user	accidentally enters a password instead
	     of	 the  username,	 the password will be logged. You can override
	     the -L option through use of the ftpaccess(4) file.

       -l    Log each FTP session to syslogd(1M).

       -o    Log the names of all files	transmitted by the FTP Server to xfer-
	     log(4).  You can override the -o option through use of the	ftpac-
	     cess(4) file.

       -P dataport
	     The FTP Server determines the port	number by looking in the  ser-
	     vices(4)  file for	an entry for the ftp-data service. If there is
	     no	entry, the daemon uses the port	just prior to the control con-
	     nection port. Use the -P option to	specify	the data port number.

       -p ctrlport
	     When  run	in standalone mode, the	FTP Server determines the con-
	     trol port number by looking in the	services(4) file for an	 entry
	     for  the  ftp  service.  Use the -p option	to specify the control
	     port number.

       -Q    Disable PID files.	This disables user limits. Large,  busy	 sites
	     that  do  not  want  to impose limits on the number of concurrent
	     users can use this	option to disable PID files.

       -q    Use PID files. The	limit directive	uses PID  files	 to  determine
	     the number	of current users in each access	class. By default, PID
	     files are used.

       -r rootdir
	      chroot(2)	to rootdir upon	loading. Use this  option  to  improve
	     system security. It limits	the files that can be damaged should a
	     break in occur through the	daemon.	 This  option  is  similar  to
	     anonymous	FTP. Additional	files are needed, which	vary from sys-
	     tem to system.

       -S    Place the daemon in standalone operation mode. The	daemon runs in
	     the  background. This is useful for startup scripts that run dur-
	     ing system	initialization.	See init.d(4).

       -s    Place the daemon in standalone operation mode. The	daemon runs in
	     the  foreground.  This  is	 useful	 when run from /etc/inittab by

       -T maxtimeout
	     Set the maximum allowable timeout period to  maxtimeout  seconds.
	     The default maximum timeout limit is 7200 second (two hours). You
	     can override the -T option	through	use of the ftpaccess(4)	file.

       -t timeout
	     Set the inactivity	timeout	period to timeout seconds. The default
	     timeout  period is	900 seconds (15	minutes). You can override the
	     -t	option through use of the ftpaccess(4) file.

       -u umask
	     Set the default umask to umask.

       -V    Display copyright and version information,	then terminate.

       -v    Write debugging information to syslogd(1M).

       -W    Do	not record user	login and logout in the	wtmpx(4) file.

       -w    Record each user login and	logout in the wtmpx(4)	file.  By  de-
	     fault, logins and logouts are recorded.

       -X    Write  the	 output	 from the -i and -o options to the syslogd(1M)
	     file instead of xferlog(4). This allows the collection of	output
	     from  several  hosts on one central loghost. You can override the
	     -X	option through use of the ftpaccess(4) file.

       The FTP Server currently	supports the following FTP requests;  case  is
       not distinguished.

       ABOR  Abort previous command.

       ALLO  Allocate storage (vacuously).

       APPE  Append to a file.

       CDUP  Change to parent of current working directory.

       CWD   Change working directory.

       DELE  Delete a file.

       EPRT  Specify extended address for the transport	connection.

       EPSV  Extended passive command request.

       HELP  Give help information.

       LIST  Give list files in	a directory (ls	-lA).

       LPRT  Specify long address for the transport connection.

       LPSV  Long passive command request.

       MKD   Make a directory.

       MDTM  Show last time file modified.

       MODE  Specify data transfer mode.

       NLST  Give name list of files in	directory (ls).

       NOOP  Do	nothing.

       PASS  Specify password.

       PASV  Prepare for server-to-server transfer.

       PORT  Specify data connection port.

       PWD   Print the current working directory.

       QUIT  Terminate session.

       REST  Restart incomplete	transfer.

       RETR  Retrieve a	file.

       RMD   Remove a directory.

       RNFR  Specify rename-from file name.

       RNTO  Specify rename-to file name.

       SITE  Use nonstandard commands.

       SIZE  Return size of file.

       STAT  Return status of server.

       STOR  Store a file.

       STOU  Store a file with a unique	name.

       STRU  Specify data transfer structure.

       SYST  Show operating system type	of server system.

       TYPE  Specify data transfer type.

       USER  Specify user name.

       XCUP  Change  to	 parent	 of current working directory. This request is

       XCWD  Change working directory. This request is deprecated.

       XMKD  Make a directory. This request is deprecated.

       XPWD  Print the current working directory. This request is deprecated.

       XRMD  Remove a directory. This request is deprecated.

       The following nonstandard or UNIX specific commands  are	 supported  by
       the SITE	request:

       ALIAS List aliases.

	     List the search path used when changing directories.

	     List or set the checksum method.

	     Give the checksum of a file.

       CHMOD Change mode of a file. For	example, SITE CHMOD 755	filename.

       EXEC  Execute a program.	For example, SITE EXEC program params

       GPASS Give special group	access password. For example, SITE GPASS bar.

       GROUP Request special group access. For example,	SITE GROUP foo.

	     List supplementary	group membership.

       HELP  Give help information. For	example, SITE HELP.

       IDLE  Set idle-timer. For example, SITE IDLE 60.

       UMASK Change umask. For example,	SITE UMASK 002.

       The  remaining  FTP  requests specified in RFC 959  are recognized, but
       not implemented.

       The FTP server will abort an active file	transfer only  when  the  ABOR
       command	is  preceded by	a Telnet "Interrupt Process" (IP) signal and a
       Telnet "Synch" signal in	the command Telnet stream, as described	in RFC
       959. If a STAT command is received during a data	transfer that has been
       preceded	by a Telnet IP and Synch, transfer status will be returned.

       in.ftpd interprets file names according to the  "globbing"  conventions
       used by csh(1). This allows users to utilize the	 metacharacters: * ? [
       ] { } ~

       in.ftpd authenticates users according to	four rules.

       First, the user name must be in the password  data  base,  /etc/passwd.
       The  password  must  not	be null. A password must always	be provided by
       the client before any file operations may be performed. The PAM	frame-
       work is used to verify that the correct password	was entered. See SECU-
       RITY below.

       Second, the user	name must not appear in	either	the  /etc/ftpusers  or
       the   /etc/ftpd/ftpusers	file. Use of the /etc/ftpusers files is	depre-
       cated, although it is still supported.

       Third, the uses	must  have  a  standard	 shell	returned  by  getuser-

       Fourth,	if the user name is anonymous or ftp, an anonymous ftp account
       must be present in the password file for	user ftp. Use ftpconfig(1M) to
       create the anonymous ftp	account	and home directory tree.

       The FTP Server supports virtual hosting,	which can be configured	by us-
       ing ftpaddhost(1M).

       The FTP Server does not support sublogins.

   General FTP Extensions
       The FTP Server has certain extensions. If the user specifies a filename
       that  does  not	exist  with  a RETR (retrieve) command,	the FTP	Server
       looks for a conversion to change	a file or directory that does into the
       one requested. See ftpconversions(4).

       By convention, anonymous	users supply their email address when prompted
       for a password. The FTP Server attempts to  validate  these  email  ad-
       dresses.	 A user	whose FTP client hangs on a long reply,	for example, a
       multiline response, should use a	dash (-) as the	first character	of the
       user's password,	as this	disables the Server's lreply() function.

       The  FTP	 Server	 can also log all file transmission and	reception. See
       xferlog(4) for details of the log file format.

       The SITE	EXEC command may be used to execute commands in	the  /bin/ftp-
       exec directory. Take care that you understand the security implications
       before copying any command into the /bin/ftp-exec directory. For	 exam-
       ple,  do	 not  copy  in	/bin/sh. This would enable the user to execute
       other commands through the use of sh -c.	If you have doubts about  this
       feature,	do not create the /bin/ftp-exec	directory.

       in.ftpd uses pam(3PAM) for authentication, account management, and ses-
       sion  management.  The	PAM  configuration  policy,   listed   through
       /etc/pam.conf,  specifies  the module to	be used	for in.ftpd. Here is a
       partial pam.conf	file with entries for the in.ftpd  command  using  the
       UNIX authentication, account management,	and session management module.

       ftp  auth	requisite
       ftp  auth	required
       ftp  auth	required

       ftp  account	required
       ftp  account	required
       ftp  account	required

       ftp  session	required

       If  there  are no entries for the ftp service, then the entries for the
       "other" service will be used. Unlike login, passwd, and other commands,
       the  ftp	 protocol  will	only support a single password.	Using multiple
       modules will prevent in.ftpd from working properly.

       The in.ftpd command is IPv6-enabled. See	ip6(7P).

	     FTP Server	configuration file

	     FTP Server	conversions database

	     FTP Server	enhanced group access file

	     FTP Server	individual user	host access file

	     FTP Server	virtual	hosting	configuration file.

	     File listing users	for whom FTP login privileges are disallowed.

	     File listing users	for whom FTP login privileges are  disallowed.
	     This use of this file is deprecated.

	     FTP Server	transfer log file


	     Extended  database	 files that contain the	 history  of  user ac-
	     cess and accounting information for the  wtmpx database.

       See attributes (5) for descriptions of the following attributes:

       |      ATTRIBUTE	TYPE	     |	    ATTRIBUTE VALUE	   |
       |Availability		     |SUNWftpu			   |

       csh(1), ftp(1), ftpcount(1), ftpwho(1), ls(1), ftpaddhost(1M),  ftpcon-
       fig(1M),	  ftprestart(1M),  ftpshut(1M),	 inetd(1M),  syslogd(1M),  ch-
       root(2),	umask(2), getpwent(3C),	getusershell(3C),  syslog(3C),	ftpac-
       cess(4),	 ftpconversions(4),  ftpgroups(4), ftphosts(4),	ftpservers(4),
       ftpusers(4), group(4), passwd(4),  services(4),	xferlog(4),  wtmpx(4),
       attributes(5),	pam_authtok_check(5),	pam_authtok_get(5),  pam_auth-
       tok_store(5),	pam_dhkeys(5),	  pam_passwd_auth(5),	  pam_unix(5),
       pam_unix_account(5), pam_unix_auth(5), pam_unix_session(5)ip6(7P)

       Allman,	M.,  Ostermann,	 S., and Metz, C. RFC 2428, FTP	Extensions for
       IPv6 and	NATs. The Internet Society. September 1998.

       Piscitello, D. RFC 1639,	FTP Operation Over Big Address	Records	 (FOO-
       BAR). Network Working Group. June 1994.

       Postel,	Jon,  and Joyce	Reynolds. RFC 959, File	Transfer Protocol (FTP
       ). Network Information Center. October 1985.

       St. Johns, Mike.	RFC 931, Authentication	Server.	Network	Working	Group.
       January 1985.

	in.ftpd	 logs  various	errors to syslogd(1M), with a facility code of

       The anonymous FTP account is inherently dangerous and should be avoided
       when possible.

       The  FTP	 Server	must perform certain tasks as the superuser, for exam-
       ple, the	creation of sockets with privileged port  numbers.   It	 main-
       tains  an effective user	ID of the logged in user, reverting to the su-
       peruser only when necessary.

       The FTP Server no longer	supports the  /etc/default/ftpd	file.  Instead
       of  using  UMASK=nnn  to	set the	umask, use the	defumask capability in
       the ftpaccess file. The banner greeting text capability is also now set
       through	the  ftpaccess	file by	using the greeting text	capability in-
       stead of	by using BANNER="...".	However, unlike	the BANNER string, the
       greeting	 text  string  is  not passed to the shell for evaluation. See

       The pam_unix(5) module might not	be supported in	a future release. Sim-
       ilar  functionality  is	provided  by  pam_authtok_check(5),  pam_auth-
       tok_get(5),  pam_authtok_store(5),  pam_dhkeys(5),  pam_passwd_auth(5),
       pam_unix_account(5), pam_unix_auth(5), and pam_unix_session(5).

SunOS 5.9			  24 Jan 2002			   in.ftpd(1M)


Want to link to this manual page? Use this URL:

home | help