diff options
Diffstat (limited to 'upstream/debian-bookworm/man8/in.ftpd.8')
| -rw-r--r-- | upstream/debian-bookworm/man8/in.ftpd.8 | 526 |
1 files changed, 526 insertions, 0 deletions
diff --git a/upstream/debian-bookworm/man8/in.ftpd.8 b/upstream/debian-bookworm/man8/in.ftpd.8 new file mode 100644 index 00000000..0d211f93 --- /dev/null +++ b/upstream/debian-bookworm/man8/in.ftpd.8 @@ -0,0 +1,526 @@ +.\" +.\" Copyright (c) 1985, 1988, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by the University of +.\" California, Berkeley and its contributors. +.\" 4. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)ftpd.8 8.2 (Berkeley) 4/19/94 +.\" NetBSD: ftpd.8,v 1.8 1996/01/14 20:55:23 thorpej Exp +.\" OpenBSD: ftpd.8,v 1.9 1996/12/03 03:07:16 deraadt Exp +.\" OpenBSD: ftpd.8,v 1.12 1997/05/01 14:45:36 deraadt Exp +.\" OpenBSD: ftpd.8,v 1.22 1999/07/09 13:35:50 aaron Exp +.\" $Id: ftpd.8,v 1.17 2000/07/30 23:56:57 dholland Exp $ +.\" +.Dd September 14, 1999 +.Dt FTPD 8 +.Os "Linux NetKit (0.17)" +.Sh NAME +.Nm ftpd +.Nd +Internet File Transfer Protocol server +.Sh SYNOPSIS +.Nm ftpd +.Op Fl AdDhlMnPSU +.Op Fl T Ar maxtimeout +.Op Fl t Ar timeout +.Op Fl u Ar mask +.Op Fl z Ar debug +.Op Fl z Ar debug=file +.Op Fl z Ar certsok +.Op Fl z Ar certrequired +.Op Fl z Ar secure +.Op Fl z Ar ssl +.Op Fl z Ar verify=flags +.Op Fl z Ar cacert=cafile +.Op Fl z Ar cert=certfile +.Op Fl z Ar key=keyfile +.Op Fl z Ar cipher=list +.Op Fl z Ar legacy +.Sh DESCRIPTION +.Nm Ftpd +is the +Internet File Transfer Protocol +server process. The server uses the +.Tn TCP +protocol +and listens at the port specified in the +.Dq ftp +service specification; see +.Xr services 5 . +.Pp +Available options: +.Bl -tag -width Ds +.It Fl 4 +Use IPv4 addressing only. The default is to offer service for both families, IPv6 and IPv4. +.It Fl 6 +Only provide IPv6 addressing capability. +.It Fl A +Permit only anonymous ftp connections or accounts listed in +.Pa /etc/ftpchroot. +Other connection attempts are refused. This option is no longer effective if +PAM is enabled. Please refer to the README file for instructions to doing +this with PAM. +.It Fl d +Debugging information is written to the syslog using LOG_FTP. +.It Fl D +With this option set, +.Nm ftpd +will detach and become a daemon, accepting connections on the FTP port and +forking child processes to handle them. This has lower overhead than +starting +.Nm ftpd +from +.Xr inetd 8 +and is thus useful on busy servers to reduce load. +.It Fl h +The server will use data ports in the high port range for passive connections. +This range is defined by the +.Ev IPPORT_HIFIRSTAUTO +and +.Ev IPPORT_HILASTAUTO +defines in <netinet/in.h>. In +.Ox +they are set to 49152 and 65535 respectively. +.It Fl l +Each successful and failed +.Xr ftp 1 +session is logged using syslog with a facility of LOG_FTP. +If this option is specified twice, the retrieve (get), store (put), append, +delete, make directory, remove directory and rename operations and +their filename arguments are also logged. +.It Fl M +Enables multihomed mode. Instead of simply using +.Pa ~ftp +for anonymous transfers, a directory matching the fully qualified name of +the IP number the client connected to, and located inside +.Pa ~ftp +is used instead. +.It Fl n +Use numeric IP addresses in logs instead of doing hostname lookup. +.It Fl P +Permit illegal port numbers or addresses for PORT command initiated connects. +By default +.Xr ftpd 8 +violates the RFC and thus constrains the PORT command to non-reserved ports +and requires it use the same source address as the connection came from. +This prevents the "FTP bounce attack" against services on both the local +machine and other local machines. +.It Fl S +With this option set, +.Nm ftpd +logs all anonymous transfers to the file +.Pa /var/log/ftpd +when this file exists. +.It Fl U +Each concurrent +.Xr ftp 1 +session is logged to the file +.Pa /var/run/utmp , +making them visible to commands such as +.Xr who 1 . +This option at present is unsupporte and will always silently fail. +.It Fl T +A client may also request a different timeout period; +the maximum period allowed may be set to +.Ar timeout +seconds with the +.Fl T +option. +The default limit is 2 hours. +.It Fl t +The inactivity timeout period is set to +.Ar timeout +seconds (the default is 15 minutes). +.It Fl u +Change the default umask from 027 to +.Ar mask . +.It Fl z Ar SSL-parameter +This option is only valid if +.Nm ftpd +has been built with SSL (Secure Socket Layer) support. +.Bl -tag -width Fl +.It Ic secure +Don't fall back to unencrypted mode, that is without SSL, if the client +is not explicitly asking for SSL mode. In this server mode +.Nm ftpd +only accepts connections from SSL enhanced +.Ar FTP clients +with an option similar to +.Ic -z secure +in active use. +.It Ic ssl +Negotiate SSL at first, then fall back to legacy FTP protocol. +.It Ic nossl, !ssl +switch off SSL negotiation +.It Ic debug +Enable SSL related debugging. Useless in non-daemon mode. +.It Ic debug=file +Direct the debugging output to +.Ar file . +.It Ic certsok +Look username up in +.Pa /etc/ssl.users . +The format of this file is lines of this form: +.Ar user1,user2:/C=US/... +.br +where +.Ar user1 +and +.Ar user2 +are usernames. If the client certificate is valid, +authenticate with any password. Use a command +.Ar openssl x509 -noout -subject +to extract the needed fields, all of which are needed. +.It Ic certrequired +Client certificate is mandatory and the user must be matched to the +corresponding subject identifier listed in +.Pa /etc/ssl.users . +.It Ic verify=int +Set the SSL verify flags (use combinations of SSL_VERIFY_* from +.Ar openssl/ssl.h +). +.It Ic cacert=ca_file +Use the CA certificates stored in +.Ar ca_file +to verify the identity of the peer client. +The subject names found herein are given to the client for +whatever use they may present. A clever client software is able +to choose its identity hinted by this list. +.It Ic cert=cert_file +Use the certificate(s) in +.Ar cert_file +instead of the default location +.Pa /etc/ftpd-ssl/ftpd.pem . +This is a PEM formatted file. The first certificate identifies the +server and the rest of the chain is used for verification purposes +while talking to the peer client. +.It Ic key=key_file +Use the key stored in +.Ar key_file , +should the certificate file not contain the required private key. +.It Ic cipher=ciph_list +Set the preferred ciphers to +.Ar ciph_list . +See +.Ar openssl/ssl.h +for more information). +.It Ic legacy +This is a compatibility option, which activates a work around during +verification, which the legacy code depended on. +It should not be used now that chains and CA lists are available, +but is introduced to ease the transition to the better implementation. +.El +.El +.Pp +The file +.Pa /etc/nologin +can be used to disable ftp access. +If the file exists, +.Nm +displays it and exits. +If the file +.Pa /etc/ftpwelcome +exists, +.Nm +prints it before issuing the +.Dq ready +message. +If the file +.Pa /etc/motd +exists, +.Nm +prints it after a successful login. If the file +.Pa .message +exists in a directory, +.Nm +prints it when that directory is entered. +.Pp +The ftp server currently supports the following ftp requests. +The case of the requests is ignored. +.Bl -column "Request" -offset indent +.It Request Ta "Description" +.It ABOR Ta "abort previous command" +.It ACCT Ta "specify account (ignored)" +.It ALLO Ta "allocate storage (vacuously)" +.It APPE Ta "append to a file" +.It CDUP Ta "change to parent of current working directory" +.It CWD Ta "change working directory" +.It DELE Ta "delete a file" +.It EPRT Ta "specify data connection port, either IPv4 or IPv6" +.It EPSV Ta "ask for a server port for fetching data" +.It HELP Ta "give help information" +.It LIST Ta "give list files in a directory" Pq Dq Li "ls -lgA" +.It MKD Ta "make a directory" +.It MDTM Ta "show last modification time of file" +.It MODE Ta "specify data transfer" Em mode +.It NLST Ta "give name list of files in directory" +.It NOOP Ta "do nothing" +.It PASS Ta "specify password" +.It PASV Ta "prepare for server-to-server transfer" +.It PORT Ta "specify data connection port" +.It PWD Ta "print the current working directory" +.It QUIT Ta "terminate session" +.It REST Ta "restart incomplete transfer" +.It RETR Ta "retrieve a file" +.It RMD Ta "remove a directory" +.It RNFR Ta "specify rename-from file name" +.It RNTO Ta "specify rename-to file name" +.It SITE Ta "non-standard commands (see next section)" +.It SIZE Ta "return size of file" +.It STAT Ta "return status of server" +.It STOR Ta "store a file" +.It STOU Ta "store a file with a unique name" +.It STRU Ta "specify data transfer" Em structure +.It SYST Ta "show operating system type of server system" +.It TYPE Ta "specify data transfer" Em type +.It USER Ta "specify user name" +.It XCUP Ta "change to parent of current working directory (deprecated)" +.It XCWD Ta "change working directory (deprecated)" +.It XMKD Ta "make a directory (deprecated)" +.It XPWD Ta "print the current working directory (deprecated)" +.It XRMD Ta "remove a directory (deprecated)" +.El +.Pp +The following non-standard or +.Tn UNIX +specific commands are supported +by the +SITE request. +.Pp +.Bl -column Request -offset indent +.It Sy Request Ta Sy Description +.It UMASK Ta change umask, e.g. ``SITE UMASK 002'' +.It IDLE Ta set idle-timer, e.g. ``SITE IDLE 60'' +.It CHMOD Ta change mode of a file, e.g. ``SITE CHMOD 755 filename'' +.It HELP Ta give help information. +.El +.Pp +The remaining ftp requests specified in Internet RFC 959 +are +recognized, but not implemented. +MDTM and SIZE are not specified in RFC 959, but will appear in the +next updated FTP RFC. +.Pp +The ftp server will abort an active file transfer only when the +ABOR +command is preceded by a Telnet "Interrupt Process" (IP) +signal and a Telnet "Synch" signal in the command Telnet stream, +as described in Internet RFC 959. +If a +STAT +command is received during a data transfer, preceded by a Telnet IP +and Synch, transfer status will be returned. +.Pp +.Nm Ftpd +interprets file names according to the +.Dq globbing +conventions used by +.Xr csh 1 . +This allows users to utilize the metacharacters +.Dq Li \&*?[]{}~ . +.Pp +.Nm Ftpd +authenticates users according to five rules. +.Pp +.Bl -enum -offset indent +.It +The login name must be in the password data base, +.\" .Pa /etc/pwd.db , +.Pa /etc/passwd , +and not have a null password. +In this case a password must be provided by the client before any +file operations may be performed. +If the user has an S/Key key, the response from a successful USER +command will include an S/Key challenge. The client may choose to respond +with a PASS command giving either a standard password or an S/Key +one-time password. The server will automatically determine which type of +password it has been given and attempt to authenticate accordingly. See +.Xr skey 1 +for more information on S/Key authentication. S/Key is a Trademark of +Bellcore. +.It +The login name must not appear in the file +.Pa /etc/ftpusers . +.It +The user must have a standard shell returned by +.Xr getusershell 3 . +.It +If the user name appears in the file +.Pa /etc/ftpchroot +the session's root will be changed to the user's login directory by +.Xr chroot 2 +as for an +.Dq anonymous +or +.Dq ftp +account (see next item). However, the user must still supply a password. +This feature is intended as a compromise between a fully anonymous account +and a fully privileged account. The account should also be set up as for an +anonymous account. +.It +If the user name is +.Dq anonymous +or +.Dq ftp , +an +anonymous ftp account must be present in the password +file (user +.Dq ftp ) . +In this case the user is allowed +to log in by specifying any password (by convention an email address for +the user should be used as the password). +.El +.Pp +In the last case, +.Nm ftpd +takes special measures to restrict the client's access privileges. +The server performs a +.Xr chroot 2 +to the home directory of the +.Dq ftp +user. +In order that system security is not breached, it is recommended +that the +.Dq ftp +subtree be constructed with care, following these rules: +.Bl -tag -width "~ftp/pub" -offset indent +.It Pa ~ftp +Make the home directory owned by +.Dq root +and unwritable by anyone (mode 555). +.It Pa ~ftp/bin +Make this directory owned by +.Dq root +and unwritable by anyone (mode 511). +.\"This directory is optional unless you have commands you wish +.\"the anonymous ftp user to be able to run (the +.\".Xr ls 1 +.\"command exists as a builtin). +.\" -- not in the Linux port (yet?) +This directory is required, and should contain at least a statically +linked copy of +.Xr ls 1. +Any programs in this directory should be mode 111 (executable only). +.It Pa ~ftp/etc +Make this directory owned by +.Dq root +and unwritable by anyone (mode 511). +The files +.\" pwd.db (see +.\" .Xr pwd_mkdb 8 ) +.Xr passwd 5 +and +.Xr group 5 +must be present for the +.Xr ls +command to be able to produce owner names rather than numbers. +The password field in +.\" .Xr pwd.db +.Pa passwd +is not used, and should not contain real passwords. +The file +.Pa motd , +if present, will be printed after a successful login. +These files should be mode 444. +.It Pa ~ftp/lib +Make this directory owned by +.Dq root +and unwritable by anyone (mode 511). +The libraries +.Xr ld-linux.so.2 +and +.Xr libc.so.6 +(or whatever your +.Xr ls +command is linked to) +must be present. +In order to read +.Xr passwd 5 +and +.Xr group 5 , +the library +.Xr libnss_files.so.2 +is also needed. +Note that if you're using a 2.2.* or later Linux kernel, +.Xr ld-linux.so.2 +must be executable as well as readable (555). All other files should be mode +444. +.It Pa ~ftp/pub +Make this directory mode 555 and owned by +.Dq root . +This is traditionally where publically accessible files are +stored for download. +.El +.Sh FILES +.Bl -tag -width /etc/ftpwelcome -compact +.It Pa /etc/ftpusers +List of unwelcome/restricted users. +.It Pa /etc/ftpchroot +List of normal users who should be chroot'd. +.It Pa /etc/ftpwelcome +Welcome notice. +.It Pa /etc/motd +Welcome notice after login. +.It Pa /etc/nologin +Displayed and access refused. +.It Pa /var/run/utmp +List of users on the system. +.It Pa /var/log/ftpd +Log file for anonymous transfers. +.It Pa /etc/ftpd-ssl/ftpd.pem +Default certificate and key for SSL authentication. +.It Pa /etc/ssl.users +List of trusted users and their subject identifiers. +.El +.Sh ENVIRONMENT +.Nm Ftpd +accesses a single environment variable: +.Bl -tag -width Fl +.It Ev SSL_CIPHER +containing a list of acceptable cipher combinations. +.El +.Sh SEE ALSO +.Xr ftp 1 , +.Xr skey 1 , +.Xr who 1 , +.Xr getusershell 3 , +.Xr ftpusers 5 , +.Xr syslogd 8 +.Sh BUGS +The server must run as the super-user +to create sockets with privileged port numbers. It maintains +an effective user ID of the logged in user, reverting to +the super-user only when binding addresses to sockets. The +possible security holes have been extensively +scrutinized, but are possibly incomplete. +.Sh HISTORY +The +.Nm +command appeared in +.Bx 4.2 . |