summaryrefslogtreecommitdiffstats
path: root/crypto/heimdal/appl/ftp/ftpd/ftpd.cat8
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/heimdal/appl/ftp/ftpd/ftpd.cat8')
-rw-r--r--crypto/heimdal/appl/ftp/ftpd/ftpd.cat8296
1 files changed, 296 insertions, 0 deletions
diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpd.cat8 b/crypto/heimdal/appl/ftp/ftpd/ftpd.cat8
new file mode 100644
index 0000000..d4af02e
--- /dev/null
+++ b/crypto/heimdal/appl/ftp/ftpd/ftpd.cat8
@@ -0,0 +1,296 @@
+
+FTPD(8) UNIX System Manager's Manual FTPD(8)
+
+NNAAMMEE
+ ffttppdd - Internet File Transfer Protocol server
+
+SSYYNNOOPPSSIISS
+ ffttppdd [--aa _a_u_t_h_m_o_d_e] [--ddiillvv] [--gg _u_m_a_s_k] [--pp _p_o_r_t] [--TT _m_a_x_t_i_m_e_o_u_t] [--tt
+ _t_i_m_e_o_u_t] [--uu _d_e_f_a_u_l_t _u_m_a_s_k] [--BB | ----bbuuiillttiinn--llss] [----ggoooodd--cchhaarrss==_s_t_r_i_n_g]
+
+DDEESSCCRRIIPPTTIIOONN
+ FFttppdd is the Internet File Transfer Protocol server process. The server
+ uses the TCP protocol and listens at the port specified in the ``ftp''
+ service specification; see services(5).
+
+ Available options:
+
+ --aa Select the level of authentication required. Kerberised login
+ can not be turned off. The default is to only allow kerberised
+ login. Other possibilities can be turned on by giving a string
+ of comma separated flags as argument to --aa. Recognised flags are:
+
+ _p_l_a_i_n Allow logging in with plaintext password. The password can
+ be a(n) OTP or an ordinary password.
+
+ _o_t_p Same as _p_l_a_i_n, but only OTP is allowed.
+
+ _f_t_p Allow anonymous login.
+
+ The following combination modes exists for backwards compatibili-
+ ty:
+
+ _n_o_n_e Same as _p_l_a_i_n_,_f_t_p.
+
+ _s_a_f_e Same as _f_t_p.
+
+ _u_s_e_r Ignored.
+
+ --dd Debugging information is written to the syslog using LOG_FTP.
+
+ --gg Anonymous users will get a umask of _u_m_a_s_k.
+
+ --ii Open a socket and wait for a connection. This is mainly used for
+ debugging when ftpd isn't started by inetd.
+
+ --ll Each successful and failed ftp(1) session is logged using syslog
+ with a facility of LOG_FTP. If this option is specified twice,
+ the retrieve (get), store (put), append, delete, make directory,
+ remove directory and rename operations and their filename argu-
+ ments are also logged.
+
+ --pp Use _p_o_r_t (a service name or number) instead of the default
+ _f_t_p_/_t_c_p.
+
+ --TT A client may also request a different timeout period; the maximum
+ period allowed may be set to _t_i_m_e_o_u_t seconds with the --TT option.
+ The default limit is 2 hours.
+
+ --tt The inactivity timeout period is set to _t_i_m_e_o_u_t seconds (the de-
+ fault is 15 minutes).
+
+ --uu Set the initial umask to something else than the default 027.
+
+
+
+ --vv Verbose mode.
+
+ --BB, ----bbuuiillttiinn--llss
+ use built-in ls to list files
+
+ ----ggoooodd--cchhaarrss==_s_t_r_i_n_g
+ allowed anonymous upload filename chars
+
+ The file _/_e_t_c_/_n_o_l_o_g_i_n can be used to disable ftp access. If the file ex-
+ ists, ffttppdd displays it and exits. If the file _/_e_t_c_/_f_t_p_w_e_l_c_o_m_e exists,
+ ffttppdd prints it before issuing the ``ready'' message. If the file
+ _/_e_t_c_/_m_o_t_d exists, ffttppdd prints it after a successful login.
+
+ The ftp server currently supports the following ftp requests. The case
+ of the requests is ignored.
+
+ Request Description
+ ABOR abort previous command
+ ACCT specify account (ignored)
+ ALLO allocate storage (vacuously)
+ APPE append to a file
+ CDUP change to parent of current working directory
+ CWD change working directory
+ DELE delete a file
+ HELP give help information
+ LIST give list files in a directory (``ls -lgA'')
+ MKD make a directory
+ MDTM show last modification time of file
+ MODE specify data transfer _m_o_d_e
+ NLST give name list of files in directory
+ NOOP do nothing
+ PASS specify password
+ PASV prepare for server-to-server transfer
+ PORT specify data connection port
+ PWD print the current working directory
+ QUIT terminate session
+ REST restart incomplete transfer
+ RETR retrieve a file
+ RMD remove a directory
+ RNFR specify rename-from file name
+ RNTO specify rename-to file name
+ SITE non-standard commands (see next section)
+ SIZE return size of file
+ STAT return status of server
+ STOR store a file
+ STOU store a file with a unique name
+ STRU specify data transfer _s_t_r_u_c_t_u_r_e
+ SYST show operating system type of server system
+ TYPE specify data transfer _t_y_p_e
+ USER specify user name
+ XCUP change to parent of current working directory
+ (deprecated)
+ XCWD change working directory (deprecated)
+ XMKD make a directory (deprecated)
+ XPWD print the current working directory (deprecated)
+ XRMD remove a directory (deprecated)
+
+ The following commands are specified by RFC2228.
+
+ AUTH authentication/security mechanism
+ ADAT authentication/security data
+ PROT data channel protection level
+ PBSZ protection buffer size
+ MIC integrity protected command
+
+
+ CONF confidentiality protected command
+ ENC privacy protected command
+ CCC clear command channel
+
+ The following non-standard or UNIX specific commands are supported by the
+ SITE request.
+
+ UMASK change umask, (e.g. SSIITTEE UUMMAASSKK 000022)
+ IDLE set idle-timer, (e.g. SSIITTEE IIDDLLEE 6600)
+ CHMOD change mode of a file (e.g. SSIITTEE CCHHMMOODD 775555 ffiilleennaammee)
+ FIND quickly find a specific file with GNU locate(1).
+ HELP give help information.
+
+ The following Kerberos related site commands are understood.
+
+ KAUTH obtain remote tickets.
+ KLIST show remote tickets
+
+ The remaining ftp requests specified in Internet RFC 959 are recognized,
+ but not implemented. MDTM and SIZE are not specified in RFC 959, but
+ will appear in the next updated FTP RFC.
+
+ The ftp server will abort an active file transfer only when the ABOR com-
+ mand is preceded by a Telnet "Interrupt Process" (IP) signal and a Telnet
+ "Synch" signal in the command Telnet stream, as described in Internet RFC
+ 959. If a STAT command is received during a data transfer, preceded by a
+ Telnet IP and Synch, transfer status will be returned.
+
+ FFttppdd interprets file names according to the ``globbing'' conventions used
+ by csh(1). This allows users to utilize the metacharacters ``*?[]{}~''.
+
+ FFttppdd authenticates users according to these rules.
+
+ 1. If Kerberos authentication is used, the user must pass valid
+ tickets and the principal must be allowed to login as the re-
+ mote user.
+
+ 2. The login name must be in the password data base, and not have
+ a null password (if kerberos is used the password field is not
+ checked). In this case a password must be provided by the
+ client before any file operations may be performed. If the
+ user has an OTP key, the response from a successful USER com-
+ mand will include an OTP challenge. The client may choose to
+ respond with a PASS command giving either a standard password
+ or an OTP one-time password. The server will automatically de-
+ termine which type of password it has been given and attempt
+ to authenticate accordingly. See otp(1) for more information
+ on OTP authentication.
+
+ 3. The login name must not appear in the file _/_e_t_c_/_f_t_p_u_s_e_r_s.
+
+ 4. The user must have a standard shell returned by
+ getusershell(3).
+
+ 5. If the user name appears in the file _/_e_t_c_/_f_t_p_c_h_r_o_o_t the ses-
+ sion's root will be changed to the user's login directory by
+ chroot(2) as for an ``anonymous'' or ``ftp'' account (see next
+ item). However, the user must still supply a password. This
+ feature is intended as a compromise between a fully anonymous
+ account and a fully privileged account. The account should
+ also be set up as for an anonymous account.
+
+ 6. If the user name is ``anonymous'' or ``ftp'', an anonymous ftp
+ account must be present in the password file (user ``ftp'').
+ In this case the user is allowed to log in by specifying any
+ password (by convention an email address for the user should
+ be used as the password).
+
+ In the last case, ffttppdd takes special measures to restrict the client's
+ access privileges. The server performs a chroot(2) to the home directory
+ of the ``ftp'' user. In order that system security is not breached, it
+ is recommended that the ``ftp'' subtree be constructed with care, consid-
+ er following these guidelines for anonymous ftp.
+
+ In general all files should be owned by ``root'', and have non-write per-
+ missions (644 or 755 depending on the kind of file). No files should be
+ owned or writable by ``ftp'' (possibly with exception for the
+ _~_f_t_p_/_i_n_c_o_m_i_n_g, as specified below).
+
+ _~_f_t_p The ``ftp'' homedirectory should be owned by root.
+
+ _~_f_t_p_/_b_i_n The directory for external programs (such as ls(1)).
+ These programs must either be statically linked, or you
+ must setup an environment for dynamic linking when run-
+ ning chrooted. These programs will be used if present:
+
+ ls Used when listing files.
+
+ compress
+ When retrieving a filename that ends in _._Z,
+ and that file isn't present, ffttppdd will try
+ to find the filename without _._Z and com-
+ press it on the fly.
+
+ gzip Same as compress, just with files ending in
+ _._g_z.
+
+ gtar Enables retrieval of whole directories as
+ files ending in _._t_a_r. Can also be combined
+ with compression. You must use GNU Tar (or
+ some other that supports the --zz and --ZZ
+ flags).
+
+ locate Will enable ``fast find'' with the SSIITTEE
+ FFIINNDD command. You must also create a
+ _l_o_c_a_t_e_d_b file in _~_f_t_p_/_e_t_c.
+
+ _~_f_t_p_/_e_t_c If you put copies of the passwd(5) and group(5) files
+ here, ls will be able to produce owner names rather than
+ numbers. Remember to remove any passwords from these
+ files.
+
+ The file _m_o_t_d, if present, will be printed after a suc-
+ cessful login.
+
+ _~_f_t_p_/_d_e_v Put a copy of /dev/null(7) here.
+
+ _~_f_t_p_/_p_u_b Traditional place to put whatever you want to make pub-
+ lic.
+
+ If you want guests to be able to upload files, create a _~_f_t_p_/_i_n_c_o_m_i_n_g di-
+ rectory owned by ``root'', and group ``ftp'' with mode 730 (make sure
+ ``ftp'' is member of group ``ftp''). The following restrictions apply to
+ anonymous users:
+
+ ++oo Directories created will have mode 700.
+
+ ++oo Uploaded files will be created with an umask of 777, if not changed
+ with the --gg option.
+
+ ++oo These command are not accessible: DDEELLEE, RRMMDD, RRNNTTOO, RRNNFFRR, SSIITTEE UUMMAASSKK,
+
+ and SSIITTEE CCHHMMOODD.
+
+ ++oo Filenames must start with an alpha-numeric character, and consist of
+ alpha-numeric characters or any of the following: + (plus), - (mi-
+ nus), = (equal), _ (underscore), . (period), and , (comma).
+
+FFIILLEESS
+ /etc/ftpusers Access list for users.
+ /etc/ftpchroot List of normal users who should be chroot'd.
+ /etc/ftpwelcome Welcome notice.
+ /etc/motd Welcome notice after login.
+ /etc/nologin Displayed and access refused.
+ ~/.klogin Login access for Kerberos.
+
+SSEEEE AALLSSOO
+ ftp(1), otp(1), getusershell(3), ftpusers(5), syslogd(8),
+
+SSTTAANNDDAARRDDSS
+ RRFFCC 995599 FTP PROTOCOL SPECIFICATION
+ RRFFCC 11993388 OTP Specification
+ RRFFCC 22222288 FTP Security Extensions.
+
+BBUUGGSS
+ The server must run as the super-user to create sockets with privileged
+ port numbers. It maintains an effective user id of the logged in user,
+ reverting to the super-user only when binding addresses to sockets. The
+ possible security holes have been extensively scrutinized, but are possi-
+ bly incomplete.
+
+HHIISSTTOORRYY
+ The ffttppdd command appeared in 4.2BSD.
+
+4.2 Berkeley Distribution April 19, 1997 5
OpenPOWER on IntegriCloud