ftpd

DARPA internet file transfer protocol daemon

Syntax:

ftpd [-d] [-l] [-t timeout] [-T maxtimeout]

Options:

-d
Write debugging info to the syslog.
-l
Log each ftp session in the syslog.
-t timeout
Set the inactivity timeout period to the specified number of seconds (default is 900 seconds, i.e. 15 minutes).
-T maxtimeout
Set the maximum timeout period allowed to the specified number of seconds (default limit is 7200 seconds, i.e. 2 hours). You should find this option useful since a client may also request a timeout period other than the one specified by the -t option.

Description:

The ftpd daemon is a DARPA Internet File Transfer Protocol server. It uses the TCP protocol and listens at the port specified in the FTP entry of the services file.

Supported ftp requests

The ftpd daemon currently supports the following ftp requests; case isn't distinguished.

Request:Description:
ABORabort previous command
ALLOallocate storage
APPEappend to a file
CDUPchange to parent of current working directory
CWDchange working directory
DELEdelete a file
HELPgive help information
LISTlist files in a directory (ls -l)
MKDmake a directory
MDTMshow last modification time of file
MODEspecify data transfer mode
NLSTgive name list of files in directory
NOOPdo nothing
PASSspecify password
PASVprepare for server-to-server transfer
PORTspecify data connection port
PWDprint the current working directory
QUITterminate a session
RESTrestart incomplete transfer
RETRretrieve a file
RMDremove a directory
RNFRspecify rename-from filename
RNTOspecify rename-to filename
SITEnonstandard commands (see next section)
SIZEreturn size of file
STATreturn status of server
STORstore a file
STOUstore a file with a unique name
STRUspecify data transfer structure
SYSTshow operating system type of server system
TYPEspecify data transfer type
USERspecify username
XCUPchange to parent of current working directory (deprecated)
XCWDchange working directory (deprecated)
XMKDmake a directory (deprecated)
XPWDprint the current working directory (deprecated)
XRMDremove a directory (deprecated)

Nonstandard commands

The following nonstandard or UNIX-specific commands are supported by the SITE request.

Request:Description:
UMASKchange umask (e.g. SITE UMASK 002)
IDLEset idle-timer (e.g. SITE IDLE 60)
CHMODchange mode of a file (e.g. SITE CHMOD 755 filename)
HELPgive help information (e.g. SITE HELP)

ABOR command

The ftp daemon will abort an active file transfer only when the ABOR command is preceded by a Telnet “Interrupt Process” (IP) signal and by a Telnet “Synch” signal in the command Telnet stream, as described in Internet RFC 959. If a STAT command is received during a data transfer, preceded by a Telnet IP and Synch, transfer status will be returned.

Metacharacters

Because the ftpd daemon interprets filenames according to the globbing conventions used by sh, users can employ these metacharacters:

*
?
[
]
{
}
~

User authorization

The ftpd daemon authenticates users according to these rules:

  1. The username must be in the password database /etc/passwd and must not have a null password. The client must provide a password before any file operations may be performed.
  2. The username must not appear in the file /etc/ftpusers, which contains a list of users who aren't allowed to use of ftp. One username is listed per line. If this file is missing, anyone on the local system may access ftp.
  3. The user must have a standard shell (i.e. one listed in /etc/shells).
  4. If the username is anonymous or ftp, an anonymous ftp account must be present in the password file (user ftp). In this case, the user can log in by giving any password (by convention, users give the name of the client host).

In the last case, it's recommended that the ftp subtree be constructed with care; the following rules are recommended:

~ftp
Make the home directory owned by ftp and unwritable by anyone.
~ftp/bin
Make this directory owned by the superuser and unwritable by anyone. The ls utility, which must be present to support the LIST command, should have mode 111.
~ftp/etc
Make this directory owned by the superuser and unwritable by anyone. The files passwd and group must be present for the ls command to be able to produce owner names rather than numbers. The password field in passwd isn't used and shouldn't contain real encrypted passwords. The passwd and group files should be mode 444.
~ftp/pub
Make this directory mode 777 and owned by ftp. If any files are to be accessed via the anonymous account, the user should place them in this directory.

Caveats:

To restrict outbound network access to the QNX network, you can specify the -L option to Proc (see Utilities Reference).

The server must run as the superuser to create sockets with privileged port numbers. It maintains an effective user ID of the logged-in user, reverting to the superuser only when binding addresses to sockets. The possible security holes have been extensively scrutinized, but are possibly incomplete.

See also:

ftp, tftpd

RFC 959, RFC 1123