Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
FTPD(8)			FreeBSD	System Manager's Manual		       FTPD(8)

     ftpd -- Internet File Transfer Protocol server

     ftpd [-dHlqQrsuUwWX] [-a anondir] [-c confdir] [-C	user] [-e emailaddr]
	  [-h hostname]	[-P dataport] [-V version]

     ftpd is the Internet File Transfer	Protocol server	process.  The server
     uses the TCP protocol and listens at the port specified in	the ``ftp''
     service specification; see	services(5).

     Available options:

     -a	anondir
	     Define anondir as the directory to	chroot(2) into for anonymous
	     logins.  Default is the home directory for	the ftp	user.  This
	     can also be specified with	the ftpd.conf(5) chroot	directive.

     -c	confdir
	     Change the	root directory of the configuration files from
	     ``/etc'' to confdir.  This	changes	the directory for the follow-
	     ing files:	/etc/ftpchroot,	/etc/ftpusers, /etc/ftpwelcome,
	     /etc/motd,	and the	file specified by the ftpd.conf(5) limit

     -C	user
	     Check whether user	would be granted access	under the restrictions
	     given in ftpusers(5) and exit without attempting a	connection.
	     ftpd exits	with an	exit code of 0 if access would be granted, or
	     1 otherwise.  This	can be useful for testing configurations.

     -d	     Debugging information is written to the syslog using a facility
	     of	LOG_FTP.

     -e	emailaddr
	     Use emailaddr for the ``%E'' escape sequence (see Display file
	     escape sequences)

     -h	hostname
	     Explicitly	set the	hostname to advertise as to hostname.  The
	     default is	the hostname associated	with the IP address that ftpd
	     is	listening on.  This ability (with or without -h), in conjunc-
	     tion with -c confdir, is useful when configuring `virtual'	FTP
	     servers, each listening on	separate addresses as separate names.
	     Refer to inetd.conf(5) for	more information on starting services
	     to	listen on specific IP addresses.

     -H	     Equivalent	to ``-h	`hostname`''.

     -l	     Each successful and failed	FTP session is logged using syslog
	     with a facility of	LOG_FTP.  If this option is specified more
	     than once,	the retrieve (get), store (put), append, delete, make
	     directory,	remove directory and rename operations and their file
	     name arguments are	also logged.

     -P	dataport
	     Use dataport as the data port, overriding the default of using
	     the port one less that the	port ftpd is listening on.

     -q	     Enable the	use of pid files for keeping track of the number of
	     logged-in users per class.	 This is the default.

     -Q	     Disable the use of	pid files for keeping track of the number of
	     logged-in users per class.	 This may reduce the load on heavily
	     loaded FTP	servers.

     -r	     Permanently drop root privileges once the user is logged in.  The
	     use of this option	may result in the server using a port other
	     than the (listening-port -	1) for PORT style commands, which is
	     contrary to the RFC 959 specification, but	in practice very few
	     clients rely upon this behaviour.	See SECURITY CONSIDERATIONS
	     below for more details.

     -s	     Require a secure authentication mechanism like Kerberos or	S/Key
	     to	be used.

     -u	     Log each concurrent FTP session to	/var/run/utmp, making them
	     visible to	commands such as who(1).

     -U	     Don't log each concurrent FTP session to /var/run/utmp.  This is
	     the default.

     -V	version
	     Use version as the	version	to advertise in	the login banner and
	     in	the output of STAT and SYST instead of the default version
	     information.  If version is empty or `-' then don't display any
	     version information.

     -w	     Log each FTP session to /var/log/wtmp, making them	visible	to
	     commands such as last(1).	This is	the default.

     -W	     Don't log each FTP	session	to /var/log/wtmp.

     -X	     Log wu-ftpd style `xferlog' entries to the	syslog,	prefixed with
	     ``xferlog:	'', using a facility of	LOG_FTP.  These	syslog entries
	     can be converted to a wu-ftpd style xferlog file suitable for
	     input into	a third-party log analysis tool	with a command similar
		   grep	'xferlog: ' /var/log/xferlog | \
		      sed -e 's/^.*xferlog: //'	> wuxferlog

     The file /etc/nologin can be used to disable FTP access.  If the file
     exists, ftpd displays it and exits.  If the file /etc/ftpwelcome exists,
     ftpd prints it before issuing the ``ready'' message.  If the file
     /etc/motd exists (under the chroot	directory if applicable), ftpd prints
     it	after a	successful login.  This	may be changed with the	ftpd.conf(5)
     directive motd.

     The ftpd server currently supports	the following FTP requests.  The case
     of	the requests is	ignored.

	   Request    Description
	   ABOR	      abort previous command
	   ACCT	      specify account (ignored)
	   ALLO	      allocate storage (vacuously)
	   APPE	      append to	a file
	   CDUP	      change to	parent of current working directory
	   CWD	      change working directory
	   DELE	      delete a file
	   EPSV	      prepare for server-to-server transfer
	   EPRT	      specify data connection port
	   FEAT	      list extra features that are not defined in RFC 959
	   HELP	      give help	information
	   LIST	      give list	files in a directory (``ls -lA'')
	   LPSV	      prepare for server-to-server transfer
	   LPRT	      specify data connection port
	   MLSD	      list contents of directory in a machine-processable form
	   MLST	      show a pathname in a machine-processable form
	   MKD	      make a directory
	   MDTM	      show last	modification time of file
	   MODE	      specify data transfer mode
	   NLST	      give name	list of	files in directory
	   NOOP	      do nothing
	   OPTS	      define persistent	options	for a given command
	   PASS	      specify password
	   PASV	      prepare for server-to-server transfer
	   PORT	      specify data connection port
	   PWD	      print the	current	working	directory
	   QUIT	      terminate	session
	   REST	      restart incomplete transfer
	   RETR	      retrieve a file
	   RMD	      remove a directory
	   RNFR	      specify rename-from file name
	   RNTO	      specify rename-to	file name
	   SITE	      non-standard commands (see next section)
	   SIZE	      return size of file
	   STAT	      return status of server
	   STOR	      store a file
	   STOU	      store a file with	a unique name
	   STRU	      specify data transfer structure
	   SYST	      show operating system type of server system
	   TYPE	      specify data transfer type
	   USER	      specify user name
	   XCUP	      change to	parent of current working directory
	   XCWD	      change working directory (deprecated)
	   XMKD	      make a directory (deprecated)
	   XPWD	      print the	current	working	directory (deprecated)
	   XRMD	      remove a directory (deprecated)

     The following non-standard	or UNIX	specific commands are supported	by the
     SITE request.

	   Request    Description
	   CHMOD      change mode of a file, e.g. ``SITE CHMOD 755 filename''
	   HELP	      give help	information.
	   IDLE	      set idle-timer, e.g. ``SITE IDLE 60''
	   RATEGET    set maximum get rate throttle in bytes/second, e.g.
		      ``SITE RATEGET 5k''
	   RATEPUT    set maximum put rate throttle in bytes/second, e.g.
		      ``SITE RATEPUT 5k''
	   UMASK      change umask, e.g. ``SITE	UMASK 002''

     The following FTP requests	(as specified in RFC 959) are recognized, but
     are not implemented: ACCT,	SMNT, and REIN.	 MDTM and SIZE are not speci-
     fied in RFC 959, but will appear in the next updated FTP RFC.

     The ftpd server will abort	an active file transfer	only when the ABOR
     command is	preceded by a Telnet "Interrupt	Process" (IP) signal and a
     Telnet "Synch" signal in the command Telnet stream, as described in
     Internet RFC 959.	If a STAT command is received during a data transfer,
     preceded by a Telnet IP and Synch,	transfer status	will be	returned.

     ftpd interprets file names	according to the ``globbing'' conventions used
     by	csh(1).	 This allows users to utilize the metacharacters ``*?[]{}~''.

   User	authentication
     ftpd authenticates	users according	to five	rules.

	   1.	The login name must be in the password data base, /etc/pwd.db,
		and not	have a null password.  In this case a password must be
		provided by the	client before any file operations may be per-
		formed.	 If the	user has an S/Key key, the response from a
		successful USER	command	will include an	S/Key challenge.  The
		client may choose to respond with a PASS command giving	either
		a standard password or an S/Key	one-time password.  The	server
		will automatically determine which type	of password it has
		been given and attempt to authenticate accordingly.  See
		skey(1)	for more information on	S/Key authentication.  S/Key
		is a Trademark of Bellcore.

	   2.	The login name must be allowed based on	the information	in

	   3.	The user must have a standard shell returned by
		getusershell(3).  If the user's	shell field in the password
		database is empty, the shell is	assumed	to be /bin/sh.	As per
		shells(5), the user's shell must be listed with	full path in

	   4.	If directed by the file	ftpchroot(5) the session's root	direc-
		tory will be changed by	chroot(2) to the directory specified
		in the ftpd.conf(5) chroot directive (if set), or to the home
		directory of the user.	However, the user must still supply a
		password.  This	feature	is intended as a compromise between a
		fully anonymous	account	and a fully privileged account.	 The
		account	should also be set up as for an	anonymous account.

	   5.	If the user name is ``anonymous'' or ``ftp'', an anonymous FTP
		account	must be	present	in the password	file (user ``ftp'').
		In this	case the user is allowed to log	in by specifying any
		password (by convention	an email address for the user should
		be used	as the password).

		The server performs a chroot(2)	to the directory specified in
		the ftpd.conf(5) chroot	directive (if set), the	-a anondir
		directory (if set), or to the home directory of	the ``ftp''

		The server then	performs a chdir(2) to the directory specified
		in the ftpd.conf(5) homedir directive (if set),	otherwise to

		If other restrictions are required (such as disabling of cer-
		tain commands and the setting of a specific umask), then
		appropriate entries in ftpd.conf(5) are	required.

		If the first character of the password supplied	by an anony-
		mous user is ``-'', then the verbose messages displayed	at
		login and upon a CWD command are suppressed.

   Display file	escape sequences
     When ftpd displays	various	files back to the client (such as
     /etc/ftpwelcome and /etc/motd), various escape strings are	replaced with
     information pertinent to the current connection.

     The supported escape strings are:
	   Escape  Description
	   %c	   Class name.
	   %C	   Current working directory.
	   %E	   Email address given with -e.
	   %L	   Local hostname.
	   %M	   Maximum number of users for this class.  Displays
		   ``unlimited'' if there's no limit.
	   %N	   Current number of users for this class.
	   %R	   Remote hostname.
	   %s	   If the result of the	most recent ``%M'' or ``%N'' was not
		   ``1'', print	an ``s''.
	   %S	   If the result of the	most recent ``%M'' or ``%N'' was not
		   ``1'', print	an ``S''.
	   %T	   Current time.
	   %U	   User	name.
	   %%	   A ``%'' character.

   Setting up a	restricted ftp subtree
     In	order that system security is not breached, it is recommended that the
     subtrees for the ``ftp'' and ``chroot'' accounts be constructed with
     care, following these rules (replace ``ftp'' in the following directory
     names with	the appropriate	account	name for `chroot' users):

	   ~ftp		  Make the home	directory owned	by ``root'' and
			  unwritable by	anyone.

	   ~ftp/bin	  Make this directory owned by ``root''	and unwritable
			  by anyone (mode 555).	 Generally any conversion com-
			  mands	should be installed here (mode 111).

	   ~ftp/etc	  Make this directory owned by ``root''	and unwritable
			  by anyone (mode 555).	 The files pwd.db (see
			  passwd(5)) and group (see group(5)) must be present
			  for the LIST command to be able to display owner and
			  group	names instead of numbers.  The password	field
			  in passwd(5) is not used, and	should not contain
			  real passwords.  The file motd, if present, will be
			  printed after	a successful login.  These files
			  should be mode 444.

	   ~ftp/pub	  This directory and the subdirectories	beneath	it
			  should be owned by the users and groups responsible
			  for placing files in them, and be writable only by
			  them (mode 755 or 775).  They	should not be owned or
			  writable by ftp or its group.

	   ~ftp/incoming  This directory is where anonymous users place	files
			  they upload.	The owners should be the user ``ftp''
			  and an appropriate group.  Members of	this group
			  will be the only users with access to	these files
			  after	they have been uploaded; these should be peo-
			  ple who know how to deal with	them appropriately.
			  If you wish anonymous	FTP users to be	able to	see
			  the names of the files in this directory the permis-
			  sions	should be 770, otherwise they should be	370.

			  The following	ftpd.conf(5) directives	should be
				modify guest off
				umask  guest 0707
				upload guest on

			  This will result in anonymous	users being able to
			  upload files to this directory, but they will	not be
			  able to download them, delete	them, or overwrite
			  them,	due to the umask and disabling of the commands
			  mentioned above.

	   ~ftp/tmp	  This directory is used to create temporary files
			  which	contain	the error messages generated by	a con-
			  version or LIST command.  The	owner should be	the
			  user ``ftp''.	 The permissions should	be 300.

			  If you don't enable conversion commands, or don't
			  want anonymous users uploading files here (see
			  ~ftp/incoming	above),	then don't create this direc-
			  tory.	 However, error	messages from conversion or
			  LIST commands	won't be returned to the user.	(This
			  is the traditional behaviour.)  Note that the
			  ftpd.conf(5) directive upload	can be used to prevent
			  users	uploading here.

     To	set up "ftp-only" accounts that	provide	only FTP, but no valid shell
     login, you	can copy/link /sbin/nologin to /sbin/ftplogin, and enter
     /sbin/ftplogin to /etc/shells to allow logging-in via FTP into the
     accounts, which must have /sbin/ftplogin as login shell.

     /etc/ftpchroot   List of normal users whose root directory	should be
		      changed via chroot(2).
     /etc/ftpd.conf   Configure	file conversions and other settings.
     /etc/ftpusers    List of unwelcome/restricted users.
     /etc/ftpwelcome  Welcome notice before login.
     /etc/motd	      Welcome notice after login.
     /etc/nologin     If it exists, displayed and access is refused.
		      State file of logged-in processes	for the	ftpd class
     /var/run/utmp    List of logged-in	users on the system.
     /var/log/wtmp    Login history database.

     ftp(1), skey(1), who(1), getusershell(3), ftpchroot(5), ftpd.conf(5),
     ftpusers(5), syslogd(8)

     ftpd recognizes all commands in RFC 959, follows the guidelines in	RFC
     1123, recognizes all commands in RFC 2228 (although they are not sup-
     ported yet), and supports the extensions from RFC 2389, RFC 2428 and

     The ftpd command appeared in 4.2BSD.

     Various features such as the ftpd.conf(5) functionality, RFC 2389,	and
     draft-ietf-ftpext-mlst-11 support was implemented in NetBSD 1.3 and later
     releases by Luke Mewburn <>.

     The server	must run as the	super-user to create sockets with privileged
     port numbers (i.e,	those less than	IPPORT_RESERVED, which is 1024).  If
     ftpd is listening on a privileged port it maintains an effective user id
     of	the logged in user, reverting to the super-user	only when binding
     addresses to privileged sockets.  The -r option can be used to override
     this behaviour and	force privileges to be permanently revoked; see
     SECURITY CONSIDERATIONS below for more details.

     ftpd may have trouble handling connections	from scoped IPv6 addresses, or
     IPv4 mapped addresses (IPv4 connection on AF_INET6	socket).  For the lat-
     ter case, running two daemons, one	for IPv4 and one for IPv6, will	avoid
     the problem.

     RFC 959 provides no restrictions on the PORT command, and this can	lead
     to	security problems, as ftpd can be fooled into connecting to any	ser-
     vice on any host.	With the ``checkportcmd'' feature of the ftpd.conf(5),
     PORT commands with	different host addresses, or TCP ports lower than
     IPPORT_RESERVED will be rejected.	This also prevents `third-party	proxy
     ftp' from working.	 Use of	this option is strongly	recommended, and
     enabled by	default.

     By	default	ftpd uses a port that is one less than the port	it is listen-
     ing on to communicate back	to the client for the EPRT, LPRT, and PORT
     commands, unless overridden with -P dataport.  As the default port	for
     ftpd (21) is a privileged port below IPPORT_RESERVED, ftpd	retains	the
     ability to	switch back to root privileges to bind these ports.  In	order
     to	increase security by reducing the potential for	a bug in ftpd provid-
     ing a remote root compromise, ftpd	will permanently drop root privileges
     if	one of the following is	true:

	   1.	ftpd is	running	on a port greater than IPPORT_RESERVED and the
		user has logged	in as a	`guest'	or `chroot' user.

	   2.	ftpd was invoked with -r.

     Don't create ~ftp/tmp if you don't	want anonymous users to	upload files
     there.  That directory is only necessary if you want to display the error
     messages of conversion commands to	the user.  Note	that if	uploads	are
     disabled with the ftpd.conf(5) directive upload, then this	directory can-
     not be abused by the user in this way, so it should be safe to create.

FreeBSD	11.1		       October 13, 2001			  FreeBSD 11.1


Want to link to this manual page? Use this URL:

home | help