diff options
Diffstat (limited to 'crypto/heimdal/appl/ftp/ftpd/ftpd.cat8')
-rw-r--r-- | crypto/heimdal/appl/ftp/ftpd/ftpd.cat8 | 296 |
1 files changed, 296 insertions, 0 deletions
diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpd.cat8 b/crypto/heimdal/appl/ftp/ftpd/ftpd.cat8 new file mode 100644 index 0000000..d4af02e --- /dev/null +++ b/crypto/heimdal/appl/ftp/ftpd/ftpd.cat8 @@ -0,0 +1,296 @@ + +FTPD(8) UNIX System Manager's Manual FTPD(8) + +NNAAMMEE + ffttppdd - Internet File Transfer Protocol server + +SSYYNNOOPPSSIISS + ffttppdd [--aa _a_u_t_h_m_o_d_e] [--ddiillvv] [--gg _u_m_a_s_k] [--pp _p_o_r_t] [--TT _m_a_x_t_i_m_e_o_u_t] [--tt + _t_i_m_e_o_u_t] [--uu _d_e_f_a_u_l_t _u_m_a_s_k] [--BB | ----bbuuiillttiinn--llss] [----ggoooodd--cchhaarrss==_s_t_r_i_n_g] + +DDEESSCCRRIIPPTTIIOONN + FFttppdd is the Internet File Transfer Protocol server process. The server + uses the TCP protocol and listens at the port specified in the ``ftp'' + service specification; see services(5). + + Available options: + + --aa Select the level of authentication required. Kerberised login + can not be turned off. The default is to only allow kerberised + login. Other possibilities can be turned on by giving a string + of comma separated flags as argument to --aa. Recognised flags are: + + _p_l_a_i_n Allow logging in with plaintext password. The password can + be a(n) OTP or an ordinary password. + + _o_t_p Same as _p_l_a_i_n, but only OTP is allowed. + + _f_t_p Allow anonymous login. + + The following combination modes exists for backwards compatibili- + ty: + + _n_o_n_e Same as _p_l_a_i_n_,_f_t_p. + + _s_a_f_e Same as _f_t_p. + + _u_s_e_r Ignored. + + --dd Debugging information is written to the syslog using LOG_FTP. + + --gg Anonymous users will get a umask of _u_m_a_s_k. + + --ii Open a socket and wait for a connection. This is mainly used for + debugging when ftpd isn't started by inetd. + + --ll Each successful and failed ftp(1) session is logged using syslog + with a facility of LOG_FTP. If this option is specified twice, + the retrieve (get), store (put), append, delete, make directory, + remove directory and rename operations and their filename argu- + ments are also logged. + + --pp Use _p_o_r_t (a service name or number) instead of the default + _f_t_p_/_t_c_p. + + --TT A client may also request a different timeout period; the maximum + period allowed may be set to _t_i_m_e_o_u_t seconds with the --TT option. + The default limit is 2 hours. + + --tt The inactivity timeout period is set to _t_i_m_e_o_u_t seconds (the de- + fault is 15 minutes). + + --uu Set the initial umask to something else than the default 027. + + + + --vv Verbose mode. + + --BB, ----bbuuiillttiinn--llss + use built-in ls to list files + + ----ggoooodd--cchhaarrss==_s_t_r_i_n_g + allowed anonymous upload filename chars + + The file _/_e_t_c_/_n_o_l_o_g_i_n can be used to disable ftp access. If the file ex- + ists, ffttppdd displays it and exits. If the file _/_e_t_c_/_f_t_p_w_e_l_c_o_m_e exists, + ffttppdd prints it before issuing the ``ready'' message. If the file + _/_e_t_c_/_m_o_t_d exists, ffttppdd prints it after a successful login. + + The ftp server currently supports the following ftp requests. The case + of the requests is ignored. + + Request Description + ABOR abort previous command + ACCT specify account (ignored) + ALLO allocate storage (vacuously) + APPE append to a file + CDUP change to parent of current working directory + CWD change working directory + DELE delete a file + HELP give help information + LIST give list files in a directory (``ls -lgA'') + MKD make a directory + MDTM show last modification time of file + MODE specify data transfer _m_o_d_e + NLST give name list of files in directory + NOOP do nothing + PASS specify password + PASV prepare for server-to-server transfer + PORT specify data connection port + PWD print the current working directory + QUIT terminate session + REST restart incomplete transfer + RETR retrieve a file + RMD remove a directory + RNFR specify rename-from file name + RNTO specify rename-to file name + SITE non-standard commands (see next section) + SIZE return size of file + STAT return status of server + STOR store a file + STOU store a file with a unique name + STRU specify data transfer _s_t_r_u_c_t_u_r_e + SYST show operating system type of server system + TYPE specify data transfer _t_y_p_e + USER specify user name + XCUP change to parent of current working directory + (deprecated) + XCWD change working directory (deprecated) + XMKD make a directory (deprecated) + XPWD print the current working directory (deprecated) + XRMD remove a directory (deprecated) + + The following commands are specified by RFC2228. + + AUTH authentication/security mechanism + ADAT authentication/security data + PROT data channel protection level + PBSZ protection buffer size + MIC integrity protected command + + + CONF confidentiality protected command + ENC privacy protected command + CCC clear command channel + + The following non-standard or UNIX specific commands are supported by the + SITE request. + + UMASK change umask, (e.g. SSIITTEE UUMMAASSKK 000022) + IDLE set idle-timer, (e.g. SSIITTEE IIDDLLEE 6600) + CHMOD change mode of a file (e.g. SSIITTEE CCHHMMOODD 775555 ffiilleennaammee) + FIND quickly find a specific file with GNU locate(1). + HELP give help information. + + The following Kerberos related site commands are understood. + + KAUTH obtain remote tickets. + KLIST show remote tickets + + The remaining ftp requests specified in Internet RFC 959 are recognized, + but not implemented. MDTM and SIZE are not specified in RFC 959, but + will appear in the next updated FTP RFC. + + The ftp server will abort an active file transfer only when the ABOR com- + mand is preceded by a Telnet "Interrupt Process" (IP) signal and a Telnet + "Synch" signal in the command Telnet stream, as described in Internet RFC + 959. If a STAT command is received during a data transfer, preceded by a + Telnet IP and Synch, transfer status will be returned. + + FFttppdd interprets file names according to the ``globbing'' conventions used + by csh(1). This allows users to utilize the metacharacters ``*?[]{}~''. + + FFttppdd authenticates users according to these rules. + + 1. If Kerberos authentication is used, the user must pass valid + tickets and the principal must be allowed to login as the re- + mote user. + + 2. The login name must be in the password data base, and not have + a null password (if kerberos is used the password field is not + checked). In this case a password must be provided by the + client before any file operations may be performed. If the + user has an OTP key, the response from a successful USER com- + mand will include an OTP challenge. The client may choose to + respond with a PASS command giving either a standard password + or an OTP one-time password. The server will automatically de- + termine which type of password it has been given and attempt + to authenticate accordingly. See otp(1) for more information + on OTP authentication. + + 3. The login name must not appear in the file _/_e_t_c_/_f_t_p_u_s_e_r_s. + + 4. The user must have a standard shell returned by + getusershell(3). + + 5. If the user name appears in the file _/_e_t_c_/_f_t_p_c_h_r_o_o_t the ses- + sion's root will be changed to the user's login directory by + chroot(2) as for an ``anonymous'' or ``ftp'' account (see next + item). However, the user must still supply a password. This + feature is intended as a compromise between a fully anonymous + account and a fully privileged account. The account should + also be set up as for an anonymous account. + + 6. If the user name is ``anonymous'' or ``ftp'', an anonymous ftp + account must be present in the password file (user ``ftp''). + In this case the user is allowed to log in by specifying any + password (by convention an email address for the user should + be used as the password). + + In the last case, ffttppdd takes special measures to restrict the client's + access privileges. The server performs a chroot(2) to the home directory + of the ``ftp'' user. In order that system security is not breached, it + is recommended that the ``ftp'' subtree be constructed with care, consid- + er following these guidelines for anonymous ftp. + + In general all files should be owned by ``root'', and have non-write per- + missions (644 or 755 depending on the kind of file). No files should be + owned or writable by ``ftp'' (possibly with exception for the + _~_f_t_p_/_i_n_c_o_m_i_n_g, as specified below). + + _~_f_t_p The ``ftp'' homedirectory should be owned by root. + + _~_f_t_p_/_b_i_n The directory for external programs (such as ls(1)). + These programs must either be statically linked, or you + must setup an environment for dynamic linking when run- + ning chrooted. These programs will be used if present: + + ls Used when listing files. + + compress + When retrieving a filename that ends in _._Z, + and that file isn't present, ffttppdd will try + to find the filename without _._Z and com- + press it on the fly. + + gzip Same as compress, just with files ending in + _._g_z. + + gtar Enables retrieval of whole directories as + files ending in _._t_a_r. Can also be combined + with compression. You must use GNU Tar (or + some other that supports the --zz and --ZZ + flags). + + locate Will enable ``fast find'' with the SSIITTEE + FFIINNDD command. You must also create a + _l_o_c_a_t_e_d_b file in _~_f_t_p_/_e_t_c. + + _~_f_t_p_/_e_t_c If you put copies of the passwd(5) and group(5) files + here, ls will be able to produce owner names rather than + numbers. Remember to remove any passwords from these + files. + + The file _m_o_t_d, if present, will be printed after a suc- + cessful login. + + _~_f_t_p_/_d_e_v Put a copy of /dev/null(7) here. + + _~_f_t_p_/_p_u_b Traditional place to put whatever you want to make pub- + lic. + + If you want guests to be able to upload files, create a _~_f_t_p_/_i_n_c_o_m_i_n_g di- + rectory owned by ``root'', and group ``ftp'' with mode 730 (make sure + ``ftp'' is member of group ``ftp''). The following restrictions apply to + anonymous users: + + ++oo Directories created will have mode 700. + + ++oo Uploaded files will be created with an umask of 777, if not changed + with the --gg option. + + ++oo These command are not accessible: DDEELLEE, RRMMDD, RRNNTTOO, RRNNFFRR, SSIITTEE UUMMAASSKK, + + and SSIITTEE CCHHMMOODD. + + ++oo Filenames must start with an alpha-numeric character, and consist of + alpha-numeric characters or any of the following: + (plus), - (mi- + nus), = (equal), _ (underscore), . (period), and , (comma). + +FFIILLEESS + /etc/ftpusers Access list for users. + /etc/ftpchroot List of normal users who should be chroot'd. + /etc/ftpwelcome Welcome notice. + /etc/motd Welcome notice after login. + /etc/nologin Displayed and access refused. + ~/.klogin Login access for Kerberos. + +SSEEEE AALLSSOO + ftp(1), otp(1), getusershell(3), ftpusers(5), syslogd(8), + +SSTTAANNDDAARRDDSS + RRFFCC 995599 FTP PROTOCOL SPECIFICATION + RRFFCC 11993388 OTP Specification + RRFFCC 22222288 FTP Security Extensions. + +BBUUGGSS + The server must run as the super-user to create sockets with privileged + port numbers. It maintains an effective user id of the logged in user, + reverting to the super-user only when binding addresses to sockets. The + possible security holes have been extensively scrutinized, but are possi- + bly incomplete. + +HHIISSTTOORRYY + The ffttppdd command appeared in 4.2BSD. + +4.2 Berkeley Distribution April 19, 1997 5 |