1 '\" te
   2 .\" Copyright (C) 2004, Sun Microsystems, Inc. All Rights Reserved
   3 .\" Copyright 1989 AT&T
   4 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
   5 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
   6 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
   7 .TH IN.FTPD 1M "Nov 10, 2005"
   8 .SH NAME
   9 in.ftpd, ftpd \- File Transfer Protocol Server
  10 .SH SYNOPSIS
  11 .LP
  12 .nf
  13 \fBin.ftpd\fR [\fB-4\fR] [\fB-A\fR] [\fB-a\fR] [\fB-C\fR] [\fB-d\fR] [\fB-I\fR] [\fB-i\fR] [\fB-K\fR] [\fB-L\fR] [\fB-l\fR]
  14      [\fB-o\fR] [\fB-P\fR \fIdataport\fR] [\fB-p\fR \fIctrlport\fR] [\fB-Q\fR] [\fB-q\fR]
  15      [\fB-r\fR \fIrootdir\fR] [\fB-S\fR] [\fB-s\fR] [\fB-T\fR \fImaxtimeout\fR] [\fB-t\fR \fItimeout\fR]
  16      [\fB-u\fR \fIumask\fR] [\fB-V\fR] [\fB-v\fR] [\fB-W\fR] [\fB-w\fR] [\fB-X\fR]
  17 .fi
  18 
  19 .SH DESCRIPTION
  20 .sp
  21 .LP
  22 \fBin.ftpd\fR is the Internet File Transfer Protocol (FTP) server process. The
  23 server may be invoked by the Internet daemon \fBinetd\fR(1M) each time a
  24 connection to the FTP service is made or run as a standalone server. See
  25 \fBservices\fR(4).
  26 .SH OPTIONS
  27 .sp
  28 .LP
  29 \fBin.ftpd\fR supports the following options:
  30 .sp
  31 .ne 2
  32 .na
  33 \fB\fB-4\fR\fR
  34 .ad
  35 .RS 17n
  36 When running in standalone mode, listen for connections on an \fBAF_INET\fR
  37 type socket. The default is to listen on an \fBAF_INET6\fR type socket.
  38 .RE
  39 
  40 .sp
  41 .ne 2
  42 .na
  43 \fB\fB-a\fR\fR
  44 .ad
  45 .RS 17n
  46 Enables use of the \fBftpaccess\fR(4) file.
  47 .RE
  48 
  49 .sp
  50 .ne 2
  51 .na
  52 \fB\fB-A\fR\fR
  53 .ad
  54 .RS 17n
  55 Disables use of the \fBftpaccess\fR(4) file. Use of \fBftpaccess\fR is disabled
  56 by default.
  57 .RE
  58 
  59 .sp
  60 .ne 2
  61 .na
  62 \fB\fB-C\fR\fR
  63 .ad
  64 .RS 17n
  65 Non-anonymous users need local credentials (for example, to authenticate to
  66 remote fileservers). So they should be prompted for a password unless they
  67 forwarded credentials as part of authentication.
  68 .RE
  69 
  70 .sp
  71 .ne 2
  72 .na
  73 \fB\fB-d\fR\fR
  74 .ad
  75 .RS 17n
  76 Writes debugging information to \fBsyslogd\fR(1M).
  77 .RE
  78 
  79 .sp
  80 .ne 2
  81 .na
  82 \fB\fB-i\fR\fR
  83 .ad
  84 .RS 17n
  85 Logs the names of all files received by the \fBFTP\fR Server to
  86 \fBxferlog\fR(4). You can override the \fB-i\fR option through use of the
  87 \fBftpaccess\fR(4) file.
  88 .RE
  89 
  90 .sp
  91 .ne 2
  92 .na
  93 \fB\fB-I\fR\fR
  94 .ad
  95 .RS 17n
  96 Disables the use of \fBAUTH\fR and \fBident\fR to determine the username on the
  97 client. See \fIRFC 931\fR. The \fBFTP\fR Server is built not to use \fBAUTH\fR
  98 and \fBident\fR.
  99 .RE
 100 
 101 .sp
 102 .ne 2
 103 .na
 104 \fB\fB-K\fR\fR
 105 .ad
 106 .RS 17n
 107 Connections are only allowed for users who can authenticate through the
 108 \fBftp\fR \fBAUTH\fR mechanism. (Anonymous \fBftp\fR may also be allowed if it
 109 is configured.) \fBftpd\fR will ask the user for a password if one is required.
 110 .RE
 111 
 112 .sp
 113 .ne 2
 114 .na
 115 \fB\fB-l\fR\fR
 116 .ad
 117 .RS 17n
 118 Logs each \fBFTP\fR session to \fBsyslogd\fR(1M).
 119 .RE
 120 
 121 .sp
 122 .ne 2
 123 .na
 124 \fB\fB-L\fR\fR
 125 .ad
 126 .RS 17n
 127 Logs all commands sent to \fBin.ftpd\fR to \fBsyslogd\fR(1M). When the \fB-L\fR
 128 option is used, command logging will be on by default, once the FTP Server is
 129 invoked. Because the \fBFTP\fR Server includes \fBUSER\fR commands in those
 130 logged, if a user accidentally enters a password instead of the username, the
 131 password will be logged. You can override the \fB-L\fR option through use of
 132 the \fBftpaccess\fR(4) file.
 133 .RE
 134 
 135 .sp
 136 .ne 2
 137 .na
 138 \fB\fB-o\fR\fR
 139 .ad
 140 .RS 17n
 141 Logs the names of all files transmitted by the FTP Server to \fBxferlog\fR(4).
 142 You can override the \fB-o\fR option through use of the \fBftpaccess\fR(4)
 143 file.
 144 .RE
 145 
 146 .sp
 147 .ne 2
 148 .na
 149 \fB\fB-P\fR \fIdataport\fR\fR
 150 .ad
 151 .RS 17n
 152 The FTP Server determines the port number by looking in the \fBservices\fR(4)
 153 file for an entry for the \fBftp-data\fR service. If there is no entry, the
 154 daemon uses the port just prior to the control connection port. Use the
 155 \fB-P\fR option to specify the data port number.
 156 .RE
 157 
 158 .sp
 159 .ne 2
 160 .na
 161 \fB\fB-p\fR \fIctrlport\fR\fR
 162 .ad
 163 .RS 17n
 164 When run in standalone mode, the \fBFTP\fR Server determines the control port
 165 number by looking in the \fBservices\fR(4) file for an entry for the \fBftp\fR
 166 service. Use the \fB-p\fR option to specify the control port number.
 167 .RE
 168 
 169 .sp
 170 .ne 2
 171 .na
 172 \fB\fB-Q\fR\fR
 173 .ad
 174 .RS 17n
 175 Disables \fBPID\fR files. This disables user limits. Large, busy sites that do
 176 not want to impose limits on the number of concurrent users can use this option
 177 to disable \fBPID\fR files.
 178 .RE
 179 
 180 .sp
 181 .ne 2
 182 .na
 183 \fB\fB-q\fR\fR
 184 .ad
 185 .RS 17n
 186 Uses \fBPID\fR files. The \fBlimit\fR directive uses \fBPID\fR files to
 187 determine the number of current users in each access class. By default,
 188 \fBPID\fR files are used.
 189 .RE
 190 
 191 .sp
 192 .ne 2
 193 .na
 194 \fB\fB-r\fR \fIrootdir\fR\fR
 195 .ad
 196 .RS 17n
 197 \fBchroot\fR(2) to \fIrootdir\fR upon loading. Use this option to improve
 198 system security. It limits the files that can be damaged should a break in
 199 occur through the daemon. This option is similar to anonymous \fBFTP\fR.
 200 Additional files are needed, which vary from system to system.
 201 .RE
 202 
 203 .sp
 204 .ne 2
 205 .na
 206 \fB\fB-S\fR\fR
 207 .ad
 208 .RS 17n
 209 Places the daemon in standalone operation mode. The daemon runs in the
 210 background. This is useful for startup scripts that run during system
 211 initialization. See \fBinit.d\fR(4).
 212 .RE
 213 
 214 .sp
 215 .ne 2
 216 .na
 217 \fB\fB-s\fR\fR
 218 .ad
 219 .RS 17n
 220 Places the daemon in standalone operation mode. The daemon runs in the
 221 foreground. This is useful when run from \fB/etc/inittab\fR by \fBinit\fR(1M).
 222 .RE
 223 
 224 .sp
 225 .ne 2
 226 .na
 227 \fB\fB-T\fR \fImaxtimeout\fR\fR
 228 .ad
 229 .RS 17n
 230 Sets the maximum allowable timeout period to \fImaxtimeout\fR seconds. The
 231 default maximum timeout limit is 7200 second (two hours). You can override the
 232 \fB-T\fR option through use of the \fBftpaccess\fR(4) file.
 233 .RE
 234 
 235 .sp
 236 .ne 2
 237 .na
 238 \fB\fB-t\fR \fItimeout\fR\fR
 239 .ad
 240 .RS 17n
 241 Sets the inactivity timeout period to \fItimeout\fR seconds. The default
 242 timeout period is 900 seconds (15 minutes). You can override the \fB-t\fR
 243 option through use of the \fBftpaccess\fR(4) file.
 244 .RE
 245 
 246 .sp
 247 .ne 2
 248 .na
 249 \fB\fB-u\fR \fIumask\fR\fR
 250 .ad
 251 .RS 17n
 252 Sets the default \fBumask\fR to \fIumask\fR.
 253 .RE
 254 
 255 .sp
 256 .ne 2
 257 .na
 258 \fB\fB-V\fR\fR
 259 .ad
 260 .RS 17n
 261 Displays copyright and version information, then terminate.
 262 .RE
 263 
 264 .sp
 265 .ne 2
 266 .na
 267 \fB\fB-v\fR\fR
 268 .ad
 269 .RS 17n
 270 Writes debugging information to \fBsyslogd\fR(1M).
 271 .RE
 272 
 273 .sp
 274 .ne 2
 275 .na
 276 \fB\fB-W\fR\fR
 277 .ad
 278 .RS 17n
 279 Does not record user \fBlogin\fR and \fBlogout\fR in the \fBwtmpx\fR(4) file.
 280 .RE
 281 
 282 .sp
 283 .ne 2
 284 .na
 285 \fB\fB-w\fR\fR
 286 .ad
 287 .RS 17n
 288 Records each user \fBlogin\fR and \fBlogout\fR in the \fBwtmpx\fR(4) file. By
 289 default, logins and logouts are recorded.
 290 .RE
 291 
 292 .sp
 293 .ne 2
 294 .na
 295 \fB\fB-X\fR\fR
 296 .ad
 297 .RS 17n
 298 Writes the output from the \fB-i\fR and \fB-o\fR options to the
 299 \fBsyslogd\fR(1M) file instead of \fBxferlog\fR(4). This allows the collection
 300 of output from several hosts on one central loghost. You can override the
 301 \fB-X\fR option through use of the \fBftpaccess\fR(4) file.
 302 .RE
 303 
 304 .SS "Requests"
 305 .sp
 306 .LP
 307 The FTP Server currently supports the following \fBFTP\fR requests. Case is not
 308 distinguished.
 309 .sp
 310 .ne 2
 311 .na
 312 \fB\fBABOR\fR\fR
 313 .ad
 314 .RS 8n
 315 Abort previous command.
 316 .RE
 317 
 318 .sp
 319 .ne 2
 320 .na
 321 \fB\fBADAT\fR\fR
 322 .ad
 323 .RS 8n
 324 Send an authentication protocol message.
 325 .RE
 326 
 327 .sp
 328 .ne 2
 329 .na
 330 \fB\fBALLO\fR\fR
 331 .ad
 332 .RS 8n
 333 Allocate storage (vacuously).
 334 .RE
 335 
 336 .sp
 337 .ne 2
 338 .na
 339 \fB\fBAUTH\fR\fR
 340 .ad
 341 .RS 8n
 342 Specify an authentication protocol to be performed. Currently only
 343 "\fBGSSAPI\fR" is supported.
 344 .RE
 345 
 346 .sp
 347 .ne 2
 348 .na
 349 \fB\fBAPPE\fR\fR
 350 .ad
 351 .RS 8n
 352 Append to a file.
 353 .RE
 354 
 355 .sp
 356 .ne 2
 357 .na
 358 \fB\fBCCC\fR\fR
 359 .ad
 360 .RS 8n
 361 Set the command channel protection mode to "\fBClear\fR" (no protection). Not
 362 allowed if data channel is protected.
 363 .RE
 364 
 365 .sp
 366 .ne 2
 367 .na
 368 \fB\fBCDUP\fR\fR
 369 .ad
 370 .RS 8n
 371 Change to parent of current working directory.
 372 .RE
 373 
 374 .sp
 375 .ne 2
 376 .na
 377 \fB\fBCWD\fR\fR
 378 .ad
 379 .RS 8n
 380 Change working directory.
 381 .RE
 382 
 383 .sp
 384 .ne 2
 385 .na
 386 \fB\fBDELE\fR\fR
 387 .ad
 388 .RS 8n
 389 Delete a file.
 390 .RE
 391 
 392 .sp
 393 .ne 2
 394 .na
 395 \fB\fBENC\fR\fR
 396 .ad
 397 .RS 8n
 398 Send a privacy and integrity protected command (given in argument).
 399 .RE
 400 
 401 .sp
 402 .ne 2
 403 .na
 404 \fB\fBEPRT\fR\fR
 405 .ad
 406 .RS 8n
 407 Specify extended address for the transport connection.
 408 .RE
 409 
 410 .sp
 411 .ne 2
 412 .na
 413 \fB\fBEPSV\fR\fR
 414 .ad
 415 .RS 8n
 416 Extended passive command request.
 417 .RE
 418 
 419 .sp
 420 .ne 2
 421 .na
 422 \fB\fBHELP\fR\fR
 423 .ad
 424 .RS 8n
 425 Give help information.
 426 .RE
 427 
 428 .sp
 429 .ne 2
 430 .na
 431 \fB\fBLIST\fR\fR
 432 .ad
 433 .RS 8n
 434 Give list files in a directory (\fBls\fR \fB-lA\fR).
 435 .RE
 436 
 437 .sp
 438 .ne 2
 439 .na
 440 \fB\fBLPRT\fR\fR
 441 .ad
 442 .RS 8n
 443 Specify long address for the transport connection.
 444 .RE
 445 
 446 .sp
 447 .ne 2
 448 .na
 449 \fB\fBLPSV\fR\fR
 450 .ad
 451 .RS 8n
 452 Long passive command request.
 453 .RE
 454 
 455 .sp
 456 .ne 2
 457 .na
 458 \fB\fBMIC\fR\fR
 459 .ad
 460 .RS 8n
 461 Send an integrity protected command (given in argument).
 462 .RE
 463 
 464 .sp
 465 .ne 2
 466 .na
 467 \fB\fBMKD\fR\fR
 468 .ad
 469 .RS 8n
 470 Make a directory.
 471 .RE
 472 
 473 .sp
 474 .ne 2
 475 .na
 476 \fB\fBMDTM\fR\fR
 477 .ad
 478 .RS 8n
 479 Show last time file modified.
 480 .RE
 481 
 482 .sp
 483 .ne 2
 484 .na
 485 \fB\fBMODE\fR\fR
 486 .ad
 487 .RS 8n
 488 Specify data transfer \fImode\fR.
 489 .RE
 490 
 491 .sp
 492 .ne 2
 493 .na
 494 \fB\fBNLST\fR\fR
 495 .ad
 496 .RS 8n
 497 Give name list of files in directory (\fBls\fR).
 498 .RE
 499 
 500 .sp
 501 .ne 2
 502 .na
 503 \fB\fBNOOP\fR\fR
 504 .ad
 505 .RS 8n
 506 Do nothing.
 507 .RE
 508 
 509 .sp
 510 .ne 2
 511 .na
 512 \fB\fBPASS\fR\fR
 513 .ad
 514 .RS 8n
 515 Specify password.
 516 .RE
 517 
 518 .sp
 519 .ne 2
 520 .na
 521 \fB\fBPASV\fR\fR
 522 .ad
 523 .RS 8n
 524 Prepare for server-to-server transfer.
 525 .RE
 526 
 527 .sp
 528 .ne 2
 529 .na
 530 \fB\fBPBSZ\fR\fR
 531 .ad
 532 .RS 8n
 533 Specify a protection buffer size.
 534 .RE
 535 
 536 .sp
 537 .ne 2
 538 .na
 539 \fB\fBPROT\fR\fR
 540 .ad
 541 .RS 8n
 542 Specify a protection level under which to protect data transfers. Allowed
 543 arguments:
 544 .sp
 545 .ne 2
 546 .na
 547 \fB\fBclear\fR\fR
 548 .ad
 549 .RS 11n
 550 No protection.
 551 .RE
 552 
 553 .sp
 554 .ne 2
 555 .na
 556 \fB\fBsafe\fR\fR
 557 .ad
 558 .RS 11n
 559 Integrity protection
 560 .RE
 561 
 562 .sp
 563 .ne 2
 564 .na
 565 \fB\fBprivate\fR\fR
 566 .ad
 567 .RS 11n
 568 Integrity and encryption protection
 569 .RE
 570 
 571 .RE
 572 
 573 .sp
 574 .ne 2
 575 .na
 576 \fB\fBPORT\fR\fR
 577 .ad
 578 .RS 8n
 579 Specify data connection port.
 580 .RE
 581 
 582 .sp
 583 .ne 2
 584 .na
 585 \fB\fBPWD\fR\fR
 586 .ad
 587 .RS 8n
 588 Print the current working directory.
 589 .RE
 590 
 591 .sp
 592 .ne 2
 593 .na
 594 \fB\fBQUIT\fR\fR
 595 .ad
 596 .RS 8n
 597 Terminate session.
 598 .RE
 599 
 600 .sp
 601 .ne 2
 602 .na
 603 \fB\fBREST\fR\fR
 604 .ad
 605 .RS 8n
 606 Restart incomplete transfer.
 607 .RE
 608 
 609 .sp
 610 .ne 2
 611 .na
 612 \fB\fBRETR\fR\fR
 613 .ad
 614 .RS 8n
 615 Retrieve a file.
 616 .RE
 617 
 618 .sp
 619 .ne 2
 620 .na
 621 \fB\fBRMD\fR\fR
 622 .ad
 623 .RS 8n
 624 Remove a directory.
 625 .RE
 626 
 627 .sp
 628 .ne 2
 629 .na
 630 \fB\fBRNFR\fR\fR
 631 .ad
 632 .RS 8n
 633 Specify rename-from file name.
 634 .RE
 635 
 636 .sp
 637 .ne 2
 638 .na
 639 \fB\fBRNTO\fR\fR
 640 .ad
 641 .RS 8n
 642 Specify rename-to file name.
 643 .RE
 644 
 645 .sp
 646 .ne 2
 647 .na
 648 \fB\fBSITE\fR\fR
 649 .ad
 650 .RS 8n
 651 Use nonstandard commands.
 652 .RE
 653 
 654 .sp
 655 .ne 2
 656 .na
 657 \fB\fBSIZE\fR\fR
 658 .ad
 659 .RS 8n
 660 Return size of file.
 661 .RE
 662 
 663 .sp
 664 .ne 2
 665 .na
 666 \fB\fBSTAT\fR\fR
 667 .ad
 668 .RS 8n
 669 Return status of server.
 670 .RE
 671 
 672 .sp
 673 .ne 2
 674 .na
 675 \fB\fBSTOR\fR\fR
 676 .ad
 677 .RS 8n
 678 Store a file.
 679 .RE
 680 
 681 .sp
 682 .ne 2
 683 .na
 684 \fB\fBSTOU\fR\fR
 685 .ad
 686 .RS 8n
 687 Store a file with a unique name.
 688 .RE
 689 
 690 .sp
 691 .ne 2
 692 .na
 693 \fB\fBSTRU\fR\fR
 694 .ad
 695 .RS 8n
 696 Specify data transfer \fIstructure\fR.
 697 .RE
 698 
 699 .sp
 700 .ne 2
 701 .na
 702 \fB\fBSYST\fR\fR
 703 .ad
 704 .RS 8n
 705 Show operating system type of server system.
 706 .RE
 707 
 708 .sp
 709 .ne 2
 710 .na
 711 \fB\fBTYPE\fR\fR
 712 .ad
 713 .RS 8n
 714 Specify data transfer \fBtype\fR.
 715 .RE
 716 
 717 .sp
 718 .ne 2
 719 .na
 720 \fB\fBUSER\fR\fR
 721 .ad
 722 .RS 8n
 723 Specify user name.
 724 .RE
 725 
 726 .sp
 727 .ne 2
 728 .na
 729 \fB\fBXCUP\fR\fR
 730 .ad
 731 .RS 8n
 732 Change to parent of current working directory. This request is deprecated.
 733 .RE
 734 
 735 .sp
 736 .ne 2
 737 .na
 738 \fB\fBXCWD\fR\fR
 739 .ad
 740 .RS 8n
 741 Change working directory. This request is deprecated.
 742 .RE
 743 
 744 .sp
 745 .ne 2
 746 .na
 747 \fB\fBXMKD\fR\fR
 748 .ad
 749 .RS 8n
 750 Make a directory. This request is deprecated.
 751 .RE
 752 
 753 .sp
 754 .ne 2
 755 .na
 756 \fB\fBXPWD\fR\fR
 757 .ad
 758 .RS 8n
 759 Print the current working directory. This request is deprecated.
 760 .RE
 761 
 762 .sp
 763 .ne 2
 764 .na
 765 \fB\fBXRMD\fR\fR
 766 .ad
 767 .RS 8n
 768 Remove a directory. This request is deprecated.
 769 .RE
 770 
 771 .sp
 772 .LP
 773 The following nonstandard or UNIX specific commands are supported by the
 774 \fBSITE\fR request:
 775 .sp
 776 .ne 2
 777 .na
 778 \fB\fBALIAS\fR\fR
 779 .ad
 780 .RS 15n
 781 List aliases.
 782 .RE
 783 
 784 .sp
 785 .ne 2
 786 .na
 787 \fB\fBCDPATH\fR\fR
 788 .ad
 789 .RS 15n
 790 List the search path used when changing directories.
 791 .RE
 792 
 793 .sp
 794 .ne 2
 795 .na
 796 \fB\fBCHECKMETHOD\fR\fR
 797 .ad
 798 .RS 15n
 799 List or set the \fBchecksum\fR method.
 800 .RE
 801 
 802 .sp
 803 .ne 2
 804 .na
 805 \fB\fBCHECKSUM\fR\fR
 806 .ad
 807 .RS 15n
 808 Give the \fBchecksum\fR of a file.
 809 .RE
 810 
 811 .sp
 812 .ne 2
 813 .na
 814 \fB\fBCHMOD\fR\fR
 815 .ad
 816 .RS 15n
 817 Change mode of a file. For example, \fBSITE CHMOD 755 \fIfilename\fR\fR.
 818 .RE
 819 
 820 .sp
 821 .ne 2
 822 .na
 823 \fB\fBEXEC\fR\fR
 824 .ad
 825 .RS 15n
 826 Execute a program. For example, \fBSITE EXEC program params\fR
 827 .RE
 828 
 829 .sp
 830 .ne 2
 831 .na
 832 \fB\fBGPASS\fR\fR
 833 .ad
 834 .RS 15n
 835 Give special group access password. For example, \fBSITE GPASS bar\fR.
 836 .RE
 837 
 838 .sp
 839 .ne 2
 840 .na
 841 \fB\fBGROUP\fR\fR
 842 .ad
 843 .RS 15n
 844 Request special group access. For example, \fBSITE GROUP foo\fR.
 845 .RE
 846 
 847 .sp
 848 .ne 2
 849 .na
 850 \fB\fBGROUPS\fR\fR
 851 .ad
 852 .RS 15n
 853 List supplementary group membership.
 854 .RE
 855 
 856 .sp
 857 .ne 2
 858 .na
 859 \fB\fBHELP\fR\fR
 860 .ad
 861 .RS 15n
 862 Give help information. For example, \fBSITE HELP\fR.
 863 .RE
 864 
 865 .sp
 866 .ne 2
 867 .na
 868 \fB\fBIDLE\fR\fR
 869 .ad
 870 .RS 15n
 871 Set idle-timer. For example, \fBSITE IDLE 60\fR.
 872 .RE
 873 
 874 .sp
 875 .ne 2
 876 .na
 877 \fB\fBUMASK\fR\fR
 878 .ad
 879 .RS 15n
 880 Change \fBumask\fR. For example, \fBSITE UMASK 002\fR.
 881 .RE
 882 
 883 .sp
 884 .LP
 885 The remaining FTP requests specified in \fIRFC 959\fR are recognized, but not
 886 implemented.
 887 .sp
 888 .LP
 889 The \fBFTP\fR server will abort an active file transfer only when the
 890 \fBABOR\fR command is preceded by a Telnet "Interrupt Process" (IP) signal and
 891 a Telnet "Synch" signal in the command Telnet stream, as described in \fIRFC
 892 959\fR. If a \fBSTAT\fR command is received during a data transfer that has
 893 been preceded by a Telnet IP and Synch, transfer status will be returned.
 894 .sp
 895 .LP
 896 \fBin.ftpd\fR interprets file names according to the "globbing" conventions
 897 used by \fBcsh\fR(1). This allows users to utilize the metacharacters: \fB* ? [
 898 ] { } ~\fR
 899 .sp
 900 .LP
 901 \fBin.ftpd\fR authenticates users according to the following rules:
 902 .sp
 903 .LP
 904 First, the user name must be in the password data base, the location of which
 905 is specified in \fBnsswitch.conf\fR(4). An encrypted password (an
 906 authentication token in PAM) must be present. A password must always be
 907 provided by the client before any file operations can be performed. For
 908 non-anonymous users, the PAM framework is used to verify that the correct
 909 password was entered. See \fBSECURITY\fR below.
 910 .sp
 911 .LP
 912 Second, the user name must not appear in either the \fB/etc/ftpusers\fR or the
 913 \fB/etc/ftpd/ftpusers\fR file. Use of the \fB/etc/ftpusers\fR files is
 914 deprecated, although it is still supported.
 915 .sp
 916 .LP
 917 Third, the users must have a standard shell returned by \fBgetusershell\fR(3C).
 918 .sp
 919 .LP
 920 Fourth, if the user name is \fBanonymous\fR or \fBftp\fR, an anonymous ftp
 921 account must be present in the password file for user \fBftp\fR. Use
 922 \fBftpconfig\fR(1M) to create the anonymous \fBftp\fR account and home
 923 directory tree.
 924 .sp
 925 .LP
 926 Fifth, if the GSS-API is used to authenticate the user, then
 927 \fBgss_auth_rules\fR(5) determines user access without a password needed.
 928 .sp
 929 .LP
 930 The FTP Server supports virtual hosting, which can be configured by using
 931 \fBftpaddhost\fR(1M).
 932 .sp
 933 .LP
 934 The FTP Server does not support sublogins.
 935 .SS "General FTP Extensions"
 936 .sp
 937 .LP
 938 The FTP Server has certain extensions. If the user specifies a filename that
 939 does not exist with a \fBRETR\fR (retrieve) command, the FTP Server looks for a
 940 conversion to change a file or directory that does into the one requested. See
 941 \fBftpconversions\fR(4).
 942 .sp
 943 .LP
 944 By convention, anonymous users supply their email address when prompted for a
 945 password. The FTP Server attempts to validate these email addresses. A user
 946 whose FTP client hangs on a long reply, for example, a multiline response,
 947 should use a dash (-) as the first character of the user's password, as this
 948 disables the Server's \fBlreply()\fR function.
 949 .sp
 950 .LP
 951 The FTP Server can also log all file transmission and reception. See
 952 \fBxferlog\fR(4) for details of the log file format.
 953 .sp
 954 .LP
 955 The \fBSITE EXEC\fR command may be used to execute commands in the
 956 \fB/bin/ftp-exec\fR directory. Take care that you understand the security
 957 implications before copying any command into the \fB/bin/ftp-exec\fR directory.
 958 For example, do not copy in \fB/bin/sh\fR. This would enable the user to
 959 execute other commands through the use of \fBsh -c\fR. If you have doubts about
 960 this feature, do not create the \fB/bin/ftp-exec\fR directory.
 961 .SH SECURITY
 962 .sp
 963 .LP
 964 For non-anonymous users, \fBin.ftpd\fR uses \fBpam\fR(3PAM) for authentication,
 965 account management, and session management, and can use Kerberos v5 for
 966 authentication.
 967 .sp
 968 .LP
 969 The \fBPAM\fR configuration policy, listed through \fB/etc/pam.conf\fR,
 970 specifies the module to be used for \fBin.ftpd\fR. Here is a partial
 971 \fBpam.conf\fR file with entries for the \fBin.ftpd\fR command using the UNIX
 972 authentication, account management, and session management module.
 973 .sp
 974 .in +2
 975 .nf
 976 ftp  auth        requisite   pam_authtok_get.so.1
 977 ftp  auth        required    pam_dhkeys.so.1
 978 ftp  auth        required    pam_unix_auth.so.1
 979 
 980 ftp  account     required    pam_unix_roles.so.1
 981 ftp  account     required    pam_unix_projects.so.1
 982 ftp  account     required    pam_unix_account.so.1
 983 
 984 ftp  session     required    pam_unix_session.so.1
 985 .fi
 986 .in -2
 987 
 988 .sp
 989 .LP
 990 If there are no entries for the \fBftp\fR service, then the entries for the
 991 "other" service will be used. Unlike \fBlogin\fR, \fBpasswd\fR, and other
 992 commands, the \fBftp\fR protocol will only support a single password. Using
 993 multiple modules will prevent \fBin.ftpd\fR from working properly.
 994 .sp
 995 .LP
 996 To use Kerberos for authentication, a \fBhost/\fR\fI<FQDN>\fR Kerberos
 997 principal must exist for each Fully Qualified Domain Name associated with the
 998 \fBin.ftpd\fR server. Each of these \fBhost/\fR\fI<FQDN>\fR principals must
 999 have a \fBkeytab\fR entry in the \fB/etc/krb5/krb5.keytab\fR file on the
1000 \fBin.ftpd\fR server. An example principal might be:
1001 .sp
1002 .LP
1003 \fBhost/bigmachine.eng.example.com\fR
1004 .sp
1005 .LP
1006 See \fBkadmin\fR(1M) or \fBgkadmin\fR(1M) for instructions on adding a
1007 principal to a \fBkrb5.keytab\fR file. See \fI\fR for a discussion of Kerberos
1008 authentication.
1009 .sp
1010 .LP
1011 For anonymous users, who by convention supply their email address as a
1012 password, \fBin.ftpd\fR validates passwords according to the \fBpasswd-check\fR
1013 capability in the \fBftpaccess\fR file.
1014 .SH USAGE
1015 .sp
1016 .LP
1017 The \fBin.ftpd\fR command is IPv6-enabled. See \fBip6\fR(7P).
1018 .SH FILES
1019 .sp
1020 .ne 2
1021 .na
1022 \fB\fB/etc/ftpd/ftpaccess\fR\fR
1023 .ad
1024 .sp .6
1025 .RS 4n
1026 FTP Server configuration file
1027 .RE
1028 
1029 .sp
1030 .ne 2
1031 .na
1032 \fB\fB/etc/ftpd/ftpconversions\fR\fR
1033 .ad
1034 .sp .6
1035 .RS 4n
1036 FTP Server conversions database
1037 .RE
1038 
1039 .sp
1040 .ne 2
1041 .na
1042 \fB\fB/etc/ftpd/ftpgroups\fR\fR
1043 .ad
1044 .sp .6
1045 .RS 4n
1046 FTP Server enhanced group access file
1047 .RE
1048 
1049 .sp
1050 .ne 2
1051 .na
1052 \fB\fB/etc/ftpd/ftphosts\fR\fR
1053 .ad
1054 .sp .6
1055 .RS 4n
1056 FTP Server individual user host access file
1057 .RE
1058 
1059 .sp
1060 .ne 2
1061 .na
1062 \fB\fB/etc/ftpd/ftpservers\fR\fR
1063 .ad
1064 .sp .6
1065 .RS 4n
1066 FTP Server virtual hosting configuration file.
1067 .RE
1068 
1069 .sp
1070 .ne 2
1071 .na
1072 \fB\fB/etc/ftpd/ftpusers\fR\fR
1073 .ad
1074 .sp .6
1075 .RS 4n
1076 File listing users for whom FTP login privileges are disallowed.
1077 .RE
1078 
1079 .sp
1080 .ne 2
1081 .na
1082 \fB\fB/etc/ftpusers\fR\fR
1083 .ad
1084 .sp .6
1085 .RS 4n
1086 File listing users for whom FTP login privileges are disallowed. This use of
1087 this file is deprecated.
1088 .RE
1089 
1090 .sp
1091 .ne 2
1092 .na
1093 \fB\fB/var/log/xferlog\fR\fR
1094 .ad
1095 .sp .6
1096 .RS 4n
1097 FTP Server transfer log file
1098 .RE
1099 
1100 .sp
1101 .ne 2
1102 .na
1103 \fB\fB/var/run/ftp.pids-\fIclassname\fR\fR\fR
1104 .ad
1105 .sp .6
1106 .RS 4n
1107 
1108 .RE
1109 
1110 .sp
1111 .ne 2
1112 .na
1113 \fB\fB/var/adm/wtmpx\fR\fR
1114 .ad
1115 .sp .6
1116 .RS 4n
1117 Extended database files that contain the history of user access and accounting
1118 information for the \fBwtmpx\fR database.
1119 .RE
1120 
1121 .SH ATTRIBUTES
1122 .sp
1123 .LP
1124 See \fBattributes\fR(5) for descriptions of the following attributes:
1125 .sp
1126 
1127 .sp
1128 .TS
1129 box;
1130 c | c
1131 l | l .
1132 ATTRIBUTE TYPE  ATTRIBUTE VALUE
1133 _
1134 Interface Stability     External
1135 .TE
1136 
1137 .SH SEE ALSO
1138 .sp
1139 .LP
1140 \fBcsh\fR(1), \fBftp\fR(1), \fBftpcount\fR(1), \fBftpwho\fR(1), \fBls\fR(1),
1141 \fBsvcs\fR(1), \fBftpaddhost\fR(1M), \fBftpconfig\fR(1M), \fBftprestart\fR(1M),
1142 \fBftpshut\fR(1M), \fBgkadmin\fR(1M), \fBinetadm\fR(1M), \fBinetd\fR(1M),
1143 \fBkadmin\fR(1M), \fBsvcadm\fR(1M), \fBsyslogd\fR(1M), \fBchroot\fR(2),
1144 \fBumask\fR(2), \fBgetpwent\fR(3C), \fBgetusershell\fR(3C), \fBsyslog\fR(3C),
1145 \fBftpaccess\fR(4), \fBftpconversions\fR(4), \fBftpgroups\fR(4),
1146 \fBftphosts\fR(4), \fBftpservers\fR(4), \fBftpusers\fR(4), \fBgroup\fR(4),
1147 \fBpasswd\fR(4), \fBservices\fR(4), \fBxferlog\fR(4), \fBwtmpx\fR(4),
1148 \fBattributes\fR(5), \fBgss_auth_rules\fR(5), \fBpam_authtok_check\fR(5),
1149 \fBpam_authtok_get\fR(5), \fBpam_authtok_store\fR(5), \fBpam_dhkeys\fR(5),
1150 \fBpam_passwd_auth\fR(5), \fBpam_unix_account\fR(5), \fBpam_unix_auth\fR(5),
1151 \fBpam_unix_session\fR(5), \fBsmf\fR(5), \fBip6\fR(7P)
1152 .sp
1153 .LP
1154 \fI\fR
1155 .sp
1156 .LP
1157 Allman, M., Ostermann, S., and Metz, C. \fIRFC 2428, FTP Extensions for IPv6
1158 and NATs\fR. The Internet Society. September 1998.
1159 .sp
1160 .LP
1161 Piscitello, D. \fIRFC 1639, FTP Operation Over Big Address Records (FOOBAR)\fR.
1162 Network Working Group. June 1994.
1163 .sp
1164 .LP
1165 Postel, Jon, and Joyce Reynolds. \fIRFC 959, File Transfer Protocol (FTP )\fR.
1166 Network Information Center. October 1985.
1167 .sp
1168 .LP
1169 St. Johns, Mike. \fIRFC 931, Authentication Server\fR. Network Working Group.
1170 January 1985.
1171 .sp
1172 .LP
1173 Linn, J., \fIGeneric Security Service Application Program Interface Version 2,
1174 Update 1, RFC 2743.\fR The Internet Society, January 2000.
1175 .sp
1176 .LP
1177 Horowitz, M., Lunt, S., \fIFTP Security Extensions, RFC 2228\fR. The Internet
1178 Society, October 1997.
1179 .SH DIAGNOSTICS
1180 .sp
1181 .LP
1182 \fBin.ftpd\fR logs various errors to \fBsyslogd\fR(1M), with a facility code of
1183 daemon.
1184 .SH NOTES
1185 .sp
1186 .LP
1187 The anonymous \fBFTP\fR account is inherently dangerous and should be avoided
1188 when possible.
1189 .sp
1190 .LP
1191 The \fBFTP\fR Server must perform certain tasks as the superuser, for example,
1192 the creation of sockets with privileged port numbers. It maintains an effective
1193 user \fBID\fR of the logged in user, reverting to the superuser only when
1194 necessary.
1195 .sp
1196 .LP
1197 The \fBFTP\fR Server no longer supports the \fB/etc/default/ftpd\fR file.
1198 Instead of using \fBUMASK=nnn\fR to set the umask, use the \fBdefumask\fR
1199 capability in the \fBftpaccess\fR file. The banner greeting text capability is
1200 also now set through the \fBftpaccess\fR file by using the greeting text
1201 capability instead of by using \fBBANNER="..."\fR. However, unlike the
1202 \fBBANNER\fR string, the greeting text string is not passed to the shell for
1203 evaluation. See \fBftpaccess\fR(4).
1204 .sp
1205 .LP
1206 The \fBpam_unix\fR(5) module is no longer supported. Similar functionality is
1207 provided by \fBpam_authtok_check\fR(5), \fBpam_authtok_get\fR(5),
1208 \fBpam_authtok_store\fR(5), \fBpam_dhkeys\fR(5), \fBpam_passwd_auth\fR(5),
1209 \fBpam_unix_account\fR(5), \fBpam_unix_auth\fR(5), and
1210 \fBpam_unix_session\fR(5).
1211 .sp
1212 .LP
1213 The \fBin.ftpd\fR service is managed by the service management facility,
1214 \fBsmf\fR(5), under the service identifier:
1215 .sp
1216 .in +2
1217 .nf
1218 svc:/network/ftp
1219 .fi
1220 .in -2
1221 .sp
1222 
1223 .sp
1224 .LP
1225 Administrative actions on this service, such as enabling, disabling, or
1226 requesting restart, can be performed using \fBsvcadm\fR(1M). Responsibility for
1227 initiating and restarting this service is delegated to \fBinetd\fR(1M). Use
1228 \fBinetadm\fR(1M) to make configuration changes and to view configuration
1229 information for this service. The service's status can be queried using the
1230 \fBsvcs\fR(1) command.