diff options
Diffstat (limited to 'crypto/heimdal/appl/ftp/ftpd/ftpd.cat8')
-rw-r--r-- | crypto/heimdal/appl/ftp/ftpd/ftpd.cat8 | 297 |
1 files changed, 0 insertions, 297 deletions
diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpd.cat8 b/crypto/heimdal/appl/ftp/ftpd/ftpd.cat8 deleted file mode 100644 index 4951f6a..0000000 --- a/crypto/heimdal/appl/ftp/ftpd/ftpd.cat8 +++ /dev/null @@ -1,297 +0,0 @@ -FTPD(8) NetBSD System Manager's Manual FTPD(8) - -NNAAMMEE - ffttppdd - Internet File Transfer Protocol server - -SSYYNNOOPPSSIISS - ffttppdd [--aa _a_u_t_h_m_o_d_e] [--ddiillvvUU] [--gg _u_m_a_s_k] [--pp _p_o_r_t] [--TT _m_a_x_t_i_m_e_o_u_t] [--tt - _t_i_m_e_o_u_t] [--uu _d_e_f_a_u_l_t _u_m_a_s_k] [--BB | ----bbuuiillttiinn--llss] [----ggoooodd--cchhaarrss==_s_t_r_i_n_g] - -DDEESSCCRRIIPPTTIIOONN - FFttppdd is the Internet File Transfer Protocol server process. The server - uses the TCP protocol and listens at the port specified in the ``ftp'' - service specification; see services(5). - - Available options: - - --aa Select the level of authentication required. Kerberised login - can not be turned off. The default is to only allow kerberised - login. Other possibilities can be turned on by giving a string - of comma separated flags as argument to --aa. Recognised flags are: - - _p_l_a_i_n Allow logging in with plaintext password. The password can - be a(n) OTP or an ordinary password. - - _o_t_p Same as _p_l_a_i_n, but only OTP is allowed. - - _f_t_p Allow anonymous login. - - The following combination modes exists for backwards compatibili- - ty: - - _n_o_n_e Same as _p_l_a_i_n_,_f_t_p. - - _s_a_f_e Same as _f_t_p. - - _u_s_e_r Ignored. - - --dd Debugging information is written to the syslog using LOG_FTP. - - --gg Anonymous users will get a umask of _u_m_a_s_k. - - --ii Open a socket and wait for a connection. This is mainly used for - debugging when ftpd isn't started by inetd. - - --ll Each successful and failed ftp(1) session is logged using syslog - with a facility of LOG_FTP. If this option is specified twice, - the retrieve (get), store (put), append, delete, make directory, - remove directory and rename operations and their filename argu- - ments are also logged. - - --pp Use _p_o_r_t (a service name or number) instead of the default - _f_t_p_/_t_c_p. - - --TT A client may also request a different timeout period; the maximum - period allowed may be set to _t_i_m_e_o_u_t seconds with the --TT option. - The default limit is 2 hours. - - --tt The inactivity timeout period is set to _t_i_m_e_o_u_t seconds (the de- - fault is 15 minutes). - - --uu Set the initial umask to something else than the default 027. - - --UU In previous versions of ffttppdd, when a passive mode client request- - ed a data connection to the server, the server would use data - ports in the range 1024..4999. Now, by default, if the system - supports the IP_PORTRANGE socket option, the server will use data - ports in the range 49152..65535. Specifying this option will re- - vert to the old behavior. - - --vv Verbose mode. - - --BB, ----bbuuiillttiinn--llss - use built-in ls to list files - - ----ggoooodd--cchhaarrss==_s_t_r_i_n_g - allowed anonymous upload filename chars - - The file _/_e_t_c_/_n_o_l_o_g_i_n can be used to disable ftp access. If the file ex- - ists, ffttppdd displays it and exits. If the file _/_e_t_c_/_f_t_p_w_e_l_c_o_m_e exists, - ffttppdd prints it before issuing the ``ready'' message. If the file - _/_e_t_c_/_m_o_t_d exists, ffttppdd prints it after a successful login. - - The ftp server currently supports the following ftp requests. The case - of the requests is ignored. - - Request Description - ABOR abort previous command - ACCT specify account (ignored) - ALLO allocate storage (vacuously) - APPE append to a file - CDUP change to parent of current working directory - CWD change working directory - DELE delete a file - HELP give help information - LIST give list files in a directory (``ls -lgA'') - MKD make a directory - MDTM show last modification time of file - MODE specify data transfer _m_o_d_e - NLST give name list of files in directory - NOOP do nothing - PASS specify password - PASV prepare for server-to-server transfer - PORT specify data connection port - PWD print the current working directory - QUIT terminate session - REST restart incomplete transfer - RETR retrieve a file - RMD remove a directory - RNFR specify rename-from file name - RNTO specify rename-to file name - SITE non-standard commands (see next section) - SIZE return size of file - STAT return status of server - STOR store a file - STOU store a file with a unique name - STRU specify data transfer _s_t_r_u_c_t_u_r_e - SYST show operating system type of server system - TYPE specify data transfer _t_y_p_e - USER specify user name - XCUP change to parent of current working directory - (deprecated) - XCWD change working directory (deprecated) - XMKD make a directory (deprecated) - XPWD print the current working directory (deprecated) - XRMD remove a directory (deprecated) - - The following commands are specified by RFC2228. - - AUTH authentication/security mechanism - ADAT authentication/security data - PROT data channel protection level - PBSZ protection buffer size - MIC integrity protected command - CONF confidentiality protected command - ENC privacy protected command - CCC clear command channel - - The following non-standard or UNIX specific commands are supported by the - SITE request. - - UMASK change umask, (e.g. SSIITTEE UUMMAASSKK 000022) - IDLE set idle-timer, (e.g. SSIITTEE IIDDLLEE 6600) - CHMOD change mode of a file (e.g. SSIITTEE CCHHMMOODD 775555 ffiilleennaammee) - FIND quickly find a specific file with GNU locate(1). - HELP give help information. - - The following Kerberos related site commands are understood. - - KAUTH obtain remote tickets. - KLIST show remote tickets - - The remaining ftp requests specified in Internet RFC 959 are recognized, - but not implemented. MDTM and SIZE are not specified in RFC 959, but - will appear in the next updated FTP RFC. - - The ftp server will abort an active file transfer only when the ABOR com- - mand is preceded by a Telnet "Interrupt Process" (IP) signal and a Telnet - "Synch" signal in the command Telnet stream, as described in Internet RFC - 959. If a STAT command is received during a data transfer, preceded by a - Telnet IP and Synch, transfer status will be returned. - - FFttppdd interprets file names according to the ``globbing'' conventions used - by csh(1). This allows users to utilize the metacharacters ``*?[]{}~''. - - FFttppdd authenticates users according to these rules. - - 1. If Kerberos authentication is used, the user must pass valid - tickets and the principal must be allowed to login as the re- - mote user. - - 2. The login name must be in the password data base, and not have - a null password (if kerberos is used the password field is not - checked). In this case a password must be provided by the - client before any file operations may be performed. If the - user has an OTP key, the response from a successful USER com- - mand will include an OTP challenge. The client may choose to - respond with a PASS command giving either a standard password - or an OTP one-time password. The server will automatically de- - termine which type of password it has been given and attempt - to authenticate accordingly. See otp(1) for more information - on OTP authentication. - - 3. The login name must not appear in the file _/_e_t_c_/_f_t_p_u_s_e_r_s. - - 4. The user must have a standard shell returned by - getusershell(3). - - 5. If the user name appears in the file _/_e_t_c_/_f_t_p_c_h_r_o_o_t the ses- - sion's root will be changed to the user's login directory by - chroot(2) as for an ``anonymous'' or ``ftp'' account (see next - item). However, the user must still supply a password. This - feature is intended as a compromise between a fully anonymous - account and a fully privileged account. The account should - also be set up as for an anonymous account. - - 6. If the user name is ``anonymous'' or ``ftp'', an anonymous ftp - account must be present in the password file (user ``ftp''). - In this case the user is allowed to log in by specifying any - password (by convention an email address for the user should - be used as the password). - - In the last case, ffttppdd takes special measures to restrict the client's - access privileges. The server performs a chroot(2) to the home directory - of the ``ftp'' user. In order that system security is not breached, it - is recommended that the ``ftp'' subtree be constructed with care, consid- - er following these guidelines for anonymous ftp. - - In general all files should be owned by ``root'', and have non-write per- - missions (644 or 755 depending on the kind of file). No files should be - owned or writable by ``ftp'' (possibly with exception for the - _~_f_t_p_/_i_n_c_o_m_i_n_g, as specified below). - - _~_f_t_p The ``ftp'' homedirectory should be owned by root. - - _~_f_t_p_/_b_i_n The directory for external programs (such as ls(1)). - These programs must either be statically linked, or you - must setup an environment for dynamic linking when run- - ning chrooted. These programs will be used if present: - - ls Used when listing files. - - compress - When retrieving a filename that ends in _._Z, - and that file isn't present, ffttppdd will try - to find the filename without _._Z and com- - press it on the fly. - - gzip Same as compress, just with files ending in - _._g_z. - - gtar Enables retrieval of whole directories as - files ending in _._t_a_r. Can also be combined - with compression. You must use GNU Tar (or - some other that supports the --zz and --ZZ - flags). - - locate Will enable ``fast find'' with the SSIITTEE - FFIINNDD command. You must also create a - _l_o_c_a_t_e_d_b file in _~_f_t_p_/_e_t_c. - - _~_f_t_p_/_e_t_c If you put copies of the passwd(5) and group(5) files - here, ls will be able to produce owner names rather than - numbers. Remember to remove any passwords from these - files. - - The file _m_o_t_d, if present, will be printed after a suc- - cessful login. - - _~_f_t_p_/_d_e_v Put a copy of /dev/null(7) here. - - _~_f_t_p_/_p_u_b Traditional place to put whatever you want to make pub- - lic. - - If you want guests to be able to upload files, create a _~_f_t_p_/_i_n_c_o_m_i_n_g di- - rectory owned by ``root'', and group ``ftp'' with mode 730 (make sure - ``ftp'' is member of group ``ftp''). The following restrictions apply to - anonymous users: - - ++oo Directories created will have mode 700. - - ++oo Uploaded files will be created with an umask of 777, if not changed - with the --gg option. - - ++oo These command are not accessible: DDEELLEE, RRMMDD, RRNNTTOO, RRNNFFRR, SSIITTEE UUMMAASSKK, - and SSIITTEE CCHHMMOODD. - - ++oo Filenames must start with an alpha-numeric character, and consist of - alpha-numeric characters or any of the following: + (plus), - (mi- - nus), = (equal), _ (underscore), . (period), and , (comma). - -FFIILLEESS - /etc/ftpusers Access list for users. - /etc/ftpchroot List of normal users who should be chroot'd. - /etc/ftpwelcome Welcome notice. - /etc/motd Welcome notice after login. - /etc/nologin Displayed and access refused. - ~/.klogin Login access for Kerberos. - -SSEEEE AALLSSOO - ftp(1), otp(1), getusershell(3), ftpusers(5), syslogd(8) - -SSTTAANNDDAARRDDSS - RRFFCC 995599 FTP PROTOCOL SPECIFICATION - RRFFCC 11993388 OTP Specification - RRFFCC 22222288 FTP Security Extensions. - -BBUUGGSS - The server must run as the super-user to create sockets with privileged - port numbers. It maintains an effective user id of the logged in user, - reverting to the super-user only when binding addresses to sockets. The - possible security holes have been extensively scrutinized, but are possi- - bly incomplete. - -HHIISSTTOORRYY - The ffttppdd command appeared in 4.2BSD. - -4.2 Berkeley Distribution April 19, 1997 5 |