summaryrefslogtreecommitdiffstats
path: root/crypto/heimdal/appl/ftp/ftpd/ftpd.cat8
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/heimdal/appl/ftp/ftpd/ftpd.cat8')
-rw-r--r--crypto/heimdal/appl/ftp/ftpd/ftpd.cat8297
1 files changed, 0 insertions, 297 deletions
diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpd.cat8 b/crypto/heimdal/appl/ftp/ftpd/ftpd.cat8
deleted file mode 100644
index 4951f6a..0000000
--- a/crypto/heimdal/appl/ftp/ftpd/ftpd.cat8
+++ /dev/null
@@ -1,297 +0,0 @@
-FTPD(8) NetBSD System Manager's Manual FTPD(8)
-
-NNAAMMEE
- ffttppdd - Internet File Transfer Protocol server
-
-SSYYNNOOPPSSIISS
- ffttppdd [--aa _a_u_t_h_m_o_d_e] [--ddiillvvUU] [--gg _u_m_a_s_k] [--pp _p_o_r_t] [--TT _m_a_x_t_i_m_e_o_u_t] [--tt
- _t_i_m_e_o_u_t] [--uu _d_e_f_a_u_l_t _u_m_a_s_k] [--BB | ----bbuuiillttiinn--llss] [----ggoooodd--cchhaarrss==_s_t_r_i_n_g]
-
-DDEESSCCRRIIPPTTIIOONN
- FFttppdd is the Internet File Transfer Protocol server process. The server
- uses the TCP protocol and listens at the port specified in the ``ftp''
- service specification; see services(5).
-
- Available options:
-
- --aa Select the level of authentication required. Kerberised login
- can not be turned off. The default is to only allow kerberised
- login. Other possibilities can be turned on by giving a string
- of comma separated flags as argument to --aa. Recognised flags are:
-
- _p_l_a_i_n Allow logging in with plaintext password. The password can
- be a(n) OTP or an ordinary password.
-
- _o_t_p Same as _p_l_a_i_n, but only OTP is allowed.
-
- _f_t_p Allow anonymous login.
-
- The following combination modes exists for backwards compatibili-
- ty:
-
- _n_o_n_e Same as _p_l_a_i_n_,_f_t_p.
-
- _s_a_f_e Same as _f_t_p.
-
- _u_s_e_r Ignored.
-
- --dd Debugging information is written to the syslog using LOG_FTP.
-
- --gg Anonymous users will get a umask of _u_m_a_s_k.
-
- --ii Open a socket and wait for a connection. This is mainly used for
- debugging when ftpd isn't started by inetd.
-
- --ll Each successful and failed ftp(1) session is logged using syslog
- with a facility of LOG_FTP. If this option is specified twice,
- the retrieve (get), store (put), append, delete, make directory,
- remove directory and rename operations and their filename argu-
- ments are also logged.
-
- --pp Use _p_o_r_t (a service name or number) instead of the default
- _f_t_p_/_t_c_p.
-
- --TT A client may also request a different timeout period; the maximum
- period allowed may be set to _t_i_m_e_o_u_t seconds with the --TT option.
- The default limit is 2 hours.
-
- --tt The inactivity timeout period is set to _t_i_m_e_o_u_t seconds (the de-
- fault is 15 minutes).
-
- --uu Set the initial umask to something else than the default 027.
-
- --UU In previous versions of ffttppdd, when a passive mode client request-
- ed a data connection to the server, the server would use data
- ports in the range 1024..4999. Now, by default, if the system
- supports the IP_PORTRANGE socket option, the server will use data
- ports in the range 49152..65535. Specifying this option will re-
- vert to the old behavior.
-
- --vv Verbose mode.
-
- --BB, ----bbuuiillttiinn--llss
- use built-in ls to list files
-
- ----ggoooodd--cchhaarrss==_s_t_r_i_n_g
- allowed anonymous upload filename chars
-
- The file _/_e_t_c_/_n_o_l_o_g_i_n can be used to disable ftp access. If the file ex-
- ists, ffttppdd displays it and exits. If the file _/_e_t_c_/_f_t_p_w_e_l_c_o_m_e exists,
- ffttppdd prints it before issuing the ``ready'' message. If the file
- _/_e_t_c_/_m_o_t_d exists, ffttppdd prints it after a successful login.
-
- The ftp server currently supports the following ftp requests. The case
- of the requests is ignored.
-
- Request Description
- ABOR abort previous command
- ACCT specify account (ignored)
- ALLO allocate storage (vacuously)
- APPE append to a file
- CDUP change to parent of current working directory
- CWD change working directory
- DELE delete a file
- HELP give help information
- LIST give list files in a directory (``ls -lgA'')
- MKD make a directory
- MDTM show last modification time of file
- MODE specify data transfer _m_o_d_e
- NLST give name list of files in directory
- NOOP do nothing
- PASS specify password
- PASV prepare for server-to-server transfer
- PORT specify data connection port
- PWD print the current working directory
- QUIT terminate session
- REST restart incomplete transfer
- RETR retrieve a file
- RMD remove a directory
- RNFR specify rename-from file name
- RNTO specify rename-to file name
- SITE non-standard commands (see next section)
- SIZE return size of file
- STAT return status of server
- STOR store a file
- STOU store a file with a unique name
- STRU specify data transfer _s_t_r_u_c_t_u_r_e
- SYST show operating system type of server system
- TYPE specify data transfer _t_y_p_e
- USER specify user name
- XCUP change to parent of current working directory
- (deprecated)
- XCWD change working directory (deprecated)
- XMKD make a directory (deprecated)
- XPWD print the current working directory (deprecated)
- XRMD remove a directory (deprecated)
-
- The following commands are specified by RFC2228.
-
- AUTH authentication/security mechanism
- ADAT authentication/security data
- PROT data channel protection level
- PBSZ protection buffer size
- MIC integrity protected command
- CONF confidentiality protected command
- ENC privacy protected command
- CCC clear command channel
-
- The following non-standard or UNIX specific commands are supported by the
- SITE request.
-
- UMASK change umask, (e.g. SSIITTEE UUMMAASSKK 000022)
- IDLE set idle-timer, (e.g. SSIITTEE IIDDLLEE 6600)
- CHMOD change mode of a file (e.g. SSIITTEE CCHHMMOODD 775555 ffiilleennaammee)
- FIND quickly find a specific file with GNU locate(1).
- HELP give help information.
-
- The following Kerberos related site commands are understood.
-
- KAUTH obtain remote tickets.
- KLIST show remote tickets
-
- The remaining ftp requests specified in Internet RFC 959 are recognized,
- but not implemented. MDTM and SIZE are not specified in RFC 959, but
- will appear in the next updated FTP RFC.
-
- The ftp server will abort an active file transfer only when the ABOR com-
- mand is preceded by a Telnet "Interrupt Process" (IP) signal and a Telnet
- "Synch" signal in the command Telnet stream, as described in Internet RFC
- 959. If a STAT command is received during a data transfer, preceded by a
- Telnet IP and Synch, transfer status will be returned.
-
- FFttppdd interprets file names according to the ``globbing'' conventions used
- by csh(1). This allows users to utilize the metacharacters ``*?[]{}~''.
-
- FFttppdd authenticates users according to these rules.
-
- 1. If Kerberos authentication is used, the user must pass valid
- tickets and the principal must be allowed to login as the re-
- mote user.
-
- 2. The login name must be in the password data base, and not have
- a null password (if kerberos is used the password field is not
- checked). In this case a password must be provided by the
- client before any file operations may be performed. If the
- user has an OTP key, the response from a successful USER com-
- mand will include an OTP challenge. The client may choose to
- respond with a PASS command giving either a standard password
- or an OTP one-time password. The server will automatically de-
- termine which type of password it has been given and attempt
- to authenticate accordingly. See otp(1) for more information
- on OTP authentication.
-
- 3. The login name must not appear in the file _/_e_t_c_/_f_t_p_u_s_e_r_s.
-
- 4. The user must have a standard shell returned by
- getusershell(3).
-
- 5. If the user name appears in the file _/_e_t_c_/_f_t_p_c_h_r_o_o_t the ses-
- sion's root will be changed to the user's login directory by
- chroot(2) as for an ``anonymous'' or ``ftp'' account (see next
- item). However, the user must still supply a password. This
- feature is intended as a compromise between a fully anonymous
- account and a fully privileged account. The account should
- also be set up as for an anonymous account.
-
- 6. If the user name is ``anonymous'' or ``ftp'', an anonymous ftp
- account must be present in the password file (user ``ftp'').
- In this case the user is allowed to log in by specifying any
- password (by convention an email address for the user should
- be used as the password).
-
- In the last case, ffttppdd takes special measures to restrict the client's
- access privileges. The server performs a chroot(2) to the home directory
- of the ``ftp'' user. In order that system security is not breached, it
- is recommended that the ``ftp'' subtree be constructed with care, consid-
- er following these guidelines for anonymous ftp.
-
- In general all files should be owned by ``root'', and have non-write per-
- missions (644 or 755 depending on the kind of file). No files should be
- owned or writable by ``ftp'' (possibly with exception for the
- _~_f_t_p_/_i_n_c_o_m_i_n_g, as specified below).
-
- _~_f_t_p The ``ftp'' homedirectory should be owned by root.
-
- _~_f_t_p_/_b_i_n The directory for external programs (such as ls(1)).
- These programs must either be statically linked, or you
- must setup an environment for dynamic linking when run-
- ning chrooted. These programs will be used if present:
-
- ls Used when listing files.
-
- compress
- When retrieving a filename that ends in _._Z,
- and that file isn't present, ffttppdd will try
- to find the filename without _._Z and com-
- press it on the fly.
-
- gzip Same as compress, just with files ending in
- _._g_z.
-
- gtar Enables retrieval of whole directories as
- files ending in _._t_a_r. Can also be combined
- with compression. You must use GNU Tar (or
- some other that supports the --zz and --ZZ
- flags).
-
- locate Will enable ``fast find'' with the SSIITTEE
- FFIINNDD command. You must also create a
- _l_o_c_a_t_e_d_b file in _~_f_t_p_/_e_t_c.
-
- _~_f_t_p_/_e_t_c If you put copies of the passwd(5) and group(5) files
- here, ls will be able to produce owner names rather than
- numbers. Remember to remove any passwords from these
- files.
-
- The file _m_o_t_d, if present, will be printed after a suc-
- cessful login.
-
- _~_f_t_p_/_d_e_v Put a copy of /dev/null(7) here.
-
- _~_f_t_p_/_p_u_b Traditional place to put whatever you want to make pub-
- lic.
-
- If you want guests to be able to upload files, create a _~_f_t_p_/_i_n_c_o_m_i_n_g di-
- rectory owned by ``root'', and group ``ftp'' with mode 730 (make sure
- ``ftp'' is member of group ``ftp''). The following restrictions apply to
- anonymous users:
-
- ++oo Directories created will have mode 700.
-
- ++oo Uploaded files will be created with an umask of 777, if not changed
- with the --gg option.
-
- ++oo These command are not accessible: DDEELLEE, RRMMDD, RRNNTTOO, RRNNFFRR, SSIITTEE UUMMAASSKK,
- and SSIITTEE CCHHMMOODD.
-
- ++oo Filenames must start with an alpha-numeric character, and consist of
- alpha-numeric characters or any of the following: + (plus), - (mi-
- nus), = (equal), _ (underscore), . (period), and , (comma).
-
-FFIILLEESS
- /etc/ftpusers Access list for users.
- /etc/ftpchroot List of normal users who should be chroot'd.
- /etc/ftpwelcome Welcome notice.
- /etc/motd Welcome notice after login.
- /etc/nologin Displayed and access refused.
- ~/.klogin Login access for Kerberos.
-
-SSEEEE AALLSSOO
- ftp(1), otp(1), getusershell(3), ftpusers(5), syslogd(8)
-
-SSTTAANNDDAARRDDSS
- RRFFCC 995599 FTP PROTOCOL SPECIFICATION
- RRFFCC 11993388 OTP Specification
- RRFFCC 22222288 FTP Security Extensions.
-
-BBUUGGSS
- The server must run as the super-user to create sockets with privileged
- port numbers. It maintains an effective user id of the logged in user,
- reverting to the super-user only when binding addresses to sockets. The
- possible security holes have been extensively scrutinized, but are possi-
- bly incomplete.
-
-HHIISSTTOORRYY
- The ffttppdd command appeared in 4.2BSD.
-
-4.2 Berkeley Distribution April 19, 1997 5
OpenPOWER on IntegriCloud