Convert STATS and PARANOID to run-time options.

Document the new -R (relax paranoia) option.

From NetBSD/Lite2: code and man page cleanups, Kerberos IV hooks
(relax, we're still exportable), and /etc/ftpchroot feature for
semi-anonymous accounts

1 files changed, 42 insertions, 5 deletions

diff --git a/libexec/ftpd/ftpd.8 b/libexec/ftpd/ftpd.8
index 8cd6902..195a154 100644
--- a/libexec/ftpd/ftpd.8
+++ b/libexec/ftpd/ftpd.8
@@ -42,6 +42,7 @@ Internet File Transfer Protocol server
 .Nm ftpd
 .Op Fl dl
 .Op Fl D
+.Op Fl R
 .Op Fl S
 .Op Fl U
 .Op Fl T Ar maxtimeout
@@ -79,6 +80,17 @@ starting
 from
 .Xr inetd 8
 and is thus useful on busy servers to reduce load.
+.It Fl R
+With this option set,
+.Nm ftpd
+will revert to historical behavior with regard to security checks on
+user operations and restrictions on PORT requests.
+Currently,
+.Nm ftpd
+will only honor PORT commands directed to unprivileged ports on the 
+remote user's host (which violates the FTP protocol specification but
+closes some security holes).
+.
 .It Fl S
 With this option set,
 .Nm ftpd
@@ -209,15 +221,23 @@ This allows users to utilize the metacharacters
 .Dq Li \&*?[]{}~ .
 .Pp
 .Nm Ftpd
-authenticates users according to three rules. 
+authenticates users according to five rules. 
 .Pp
 .Bl -enum -offset indent
 .It
 The login name must be in the password data base,
-.Pa /etc/passwd ,
+.Pa /etc/pwd.db ,
 and not have a null password.
 In this case a password must be provided by the client before any
 file operations may be performed.
+If the user has an S/Key key, the response from a successful USER
+command will include an S/Key challenge. The client may choose to respond
+with a PASS command giving either a standard password or an S/Key
+one-time password. The server will automatically determine which type of
+password it has been given and attempt to authenticate accordingly. See
+.Xr key 1
+for more information on S/Key authentication. S/Key is a Trademark of
+Bellcore.
 .It
 The login name must not appear in the file
 .Pa /etc/ftpusers .
@@ -225,6 +245,19 @@ The login name must not appear in the file
 The user must have a standard shell returned by 
 .Xr getusershell 3 .
 .It
+If the user name appears in the file
+.Pa /etc/ftpchroot
+the session's root will be changed to the user's login directory by
+.Xr chroot 2
+as for an
+.Dq anonymous
+or
+.Dq ftp
+account (see next item).  However, the user must still supply a password.
+This feature is intended as a compromise between a fully anonymous account
+and a fully privileged account.  The account should also be set up as for an
+anonymous account.
+.It
 If the user name is
 .Dq anonymous
 or
@@ -235,7 +268,8 @@ file (user
 .Dq ftp ) .
 In this case the user is allowed
 to log in by specifying any password (by convention an email address for
-the user should be used as the password). When the
+the user should be used as the password).
+When the
 .Fl S
 option is set, all transfers are logged as well.
 .El
@@ -269,8 +303,8 @@ This program should be mode 111.
 Make this directory owned by
 .Dq root
 and unwritable by anyone (mode 555).
-The files
-.Xr passwd 5
+The files pwd.db (see
+.Xr passwd 5 )
 and
 .Xr group 5
 must be present for the 
@@ -294,6 +328,8 @@ account in this directory.
 .Bl -tag -width /etc/ftpwelcome -compact
 .It Pa /etc/ftpusers
 List of unwelcome/restricted users.
+.It Pa /etc/ftpchroot
+List of normal users who should be chroot'd.
 .It Pa /etc/ftpwelcome
 Welcome notice.
 .It Pa /etc/ftpmotd
@@ -305,6 +341,7 @@ Log file for anonymous transfers.
 .El
 .Sh SEE ALSO
 .Xr ftp 1 ,
+.Xr key 1 ,
 .Xr getusershell 3 ,
 .Xr inetd 8 ,
 .Xr syslogd 8