HPlogo HP-UX Reference Volume 2 of 5 > f

ftpd(1M)

Kerberos
» 

Technical documentation

Complete book in PDF

 » Table of Contents

 » Index

NAME

ftpd — DARPA Internet File Transfer Protocol server

SYNOPSIS

/usr/lbin/ftpd [-l] [-p] [-v] [-t timeout] [-P] [-T maxtimeout] [-u umask] [-K] [-B size] [-a] [-A] [-L] [-i] [-o] [-m number_of_tries]

DESCRIPTION

ftpd is the DARPA Internet File Transfer Protocol server. It expects to be run by the Internet daemon (see inetd(1M) and inetd.conf(4)). inetd runs ftpd when a service request is received at the port indicated in the ftp service specification in /etc/services (see services(4)).

Options

ftpd recognizes the following options and command-line arguments.

-l

Causes each FTP session to be logged in the syslog file. For anonymous FTP sessions, other information is also logged in the syslog file. This information includes what files are stored and retrieved and what directories are created.

-p

The default action of ftpd does not allow usage of reserved ports as the originating port on the client's system i.e., the PORT command cannot specify a reserved port. This option allows the client to specify a reserved port. Note, allowing usage of reserved ports can result in the misuse of ftpd. The security ramifications should be understood before the option is turned on.

-v

Logs other information in the syslog file. This information is what is normally logged for anonymous FTP sessions. This information includes what files are stored and retrieved and what directories are created.

-t timeout

Causes ftpd to timeout inactive sessions after timeout seconds. By default, ftpd terminates an inactive session after 15 minutes.

-P

Enables third party transfer.

-T maxtimeout

A client can also request a different timeout period. The -T option sets to maxtimeout the maximum timeout that client can request, in seconds. By default, the maximum timeout is 2 hours.

-u umask

Change default ftpd umask from 027 to umask.

-K

Applicable only in a secure environment based on Kerberos V5. Causes access to be denied if network authentication fails. See sis(5).

-B size

Sets the buffer size of the data socket to size blocks of 1024 bytes. The valid range for size is from 1 to 64 (default is 56). NOTE: A large buffer size will improve the performance of ftpd on fast links (e.g. FDDI), but may cause long connection times on slow links (e.g. X.25).

-a

Enables the use of the configuration file /etc/ftpd/ftpaccess (see ftpaccess(4)).

-A

Disables the use of the configuration file /etc/ftpd/ftpaccess (see ftpaccess(4)).

-L

Logs all commands sent to the ftpd server to be logged to the syslog. The -L option is overridden by /etc/ftpd/ftpaccess file (see ftpaccess(4)). If the -L option is used, commands will be logged to syslog by default.

-i

Logs all the files received by ftpd server to xferlog. This option is overridden by the /etc/ftpd/ftpaccess file (see ftpaccess(4)).

-o

Logs all files transmitted by ftpd to xferlog. This option logs outgoing files from the ftpd server. This option is overridden by the /etc/ftpd/ftpaccess file (see ftpaccess(4)).

-m number_of_tries

Specifies the number of tries for a bind() socket call.

ftpd currently supports the following commands (uppercase and lowercase are interpreted as equivalent):

Command

Description

ABOR

Abort previous command

ACCT

Specify account (ignored)

ALLO

Allocate storage (vacuously)

APPE

Append to a file

CDUP

Change to parent of current working directory

CWD

Change working directory

DELE

Delete a file

HELP

Give help information

LIST

Give list files in a directory (ls -l)

MKD

Make a directory

MDTM

Show last modification time of file

MODE

Specify data transfer mode

NLST

Give name list of files in directory

NOOP

Do nothing

PASS

Specify password

PASV

Prepare for server-to-server transfer

PORT

Specify data connection port

PWD

Print the current working directory

QUIT

Terminate session

REST

Restart incomplete transfer

RETR

Retrieve a file

RMD

Remove a directory

RNFR

Specify rename-from file name

RNTO

Specify rename-to file name

SITE

Non-standard commands (see next section)

SIZE

Return size of file

STAT

Return status of server

STOR

Store a file

STOU

Store a file with a unique name

STRU

Specify data transfer structure

SYST

Show operating system type of server system

TYPE

Specify data transfer type

USER

Specify user name

XCUP

Change to parent of current working directory

XCWD

Change working directory

XMKD

Make a directory

XPWD

Print the current working directory

XRMD

Remove a directory

The following commands are supported when ftpd is operating in a secure environment which is based on Kerberos V5 (see sis(5)).

Command

Description

AUTH

Authentication/security mechanism

ADAT

Authentication/security data

CCC

Clear command channel

ENC

Privacy protected command

MIC

Integrity protected command

PROT

Data channel protection level (level 'C' only)

PBSZ

Protection buffer size (has no effect)

These commands are described in draft 8 of the FTP security extensions.

The following non-standard or HP-UX specific commands are supported by the SITE command:

Command

Description

UMASK

Change umask. (e.g., SITE UMASK 002)

IDLE

Set idle-timer. (e.g., SITE IDLE 60)

CHMOD

Change mode of a file. (e.g., SITE CHMOD 755 filename)

HELP

Give help information. (e.g., SITE HELP)

NEWER

List files newer than a particular date.

MINFO

Works like SITE NEWER, but gives extra information.

GROUP

Request for special group access. (e.g. , SITE GROUP foo)

GPASS

Give special group access password. (e.g. , SITE GPASS bar)

EXEC

Execute a program. (e.g. , SITE EXEC program params)

The remaining FTP requests specified in Internet RFC 959 are recognized, but not implemented. MDTM and SIZE are not specified in RFC 959, but are expected in the next updated FTP RFC.

The FTP server aborts an active file transfer only when the ABOR command is preceded by a Telnet "Interrupt Process" (IP) signal and a Telnet ``Synch'' signal in the command Telnet stream, as described in Internet RFC 959. If ftpd receives a STAT command during a data transfer, preceded by a Telnet IP and Synch, it returns the status of the transfer.

ftpd interprets file names according to the ``globbing'' conventions used by csh. This allows users to utilize the metacharacters *, ., [, ], {, }, ~, and ?.

ftpd authenticates users according to three rules:

  • The user name must be in the password data base, /etc/passwd, and not have a null password. The client must provide the correct password for the user before any file operations can be performed.

  • The user name must not appear in the file /etc/ftpd/ftpusers (see ftpusers(4)).

  • The user must have a standard shell returned by getusershell().

Optionally, a system administrator can permit public access or ``anonymous FTP.'' If this has been set up, users can access the anonymous FTP account with the user name anonymous or ftp and any non-null password (by convention, the client host's name). ftpd does a chroot() to the home directory of user ftp, thus limiting anonymous FTP users' access to the system. If the user name is anonymous or ftp, an anonymous FTP account must be present in the password file (user ftp). In this case the user is allowed to log in by specifying any password (by convention this is given as the user's e-mail address).

In order to permit anonymous FTP, there must be an entry in the passwd(4) database for an account named ftp. The password field should be *, the group membership should be guest, and the login shell should be /usr/bin/false. For example (assuming the guest group ID is 10):

ftp:*:500:10:anonymous ftp:/home/ftp:/usr/bin/false

The anonymous FTP directory should be set up as follows:

~ftp

The home directory of the FTP account should be owned by user root and mode 555 (not writable). Since ftpd does a chroot() to this directory, it must have the following subdirectories and files:

~ftp/usr/bin

This directory must be owned by root and mode 555 (not writable). The file /sbin/ls should be copied to ~ftp/usr/bin. This is needed to support directory listing by ftpd. The command should be mode 111 (executable only). If the FTP account is on the same file system as /sbin, ~ftp/usr/bin/ls can be hard link, but it may not be a symbolic link, because of the chroot(). The command must be replaced when the system is updated.

~ftp/etc

This directory must be owned by root and mode 555 (not writable). It should contain versions of the files passwd, group, and logingroup. See passwd(4) and group(4). These files must be owned by root and mode 444 (readable only). These are needed to map user and group ids in the LIST command, and to support (optional) sub-logins of anonymous FTP. Sub-logins can sometimes be used to allow access to particular files by only specific remote users (who know the sub-login password) without giving those remote users logins on the system. A sub-login user would access the system via anonymous FTP, then use USER and PASS to change to the sub-login user.

~ftp/etc/passwd

This file should contain entries for the ftp user and any other users who own files under the anonymous ftp directory. Such entries should have * for passwords. ~ftp/etc/passwd should also contain entries for any desired anonymous FTP sub-logins. The sub-logins must have passwords, which must be encrypted as in passwd(4). Group IDs must be listed in the anonymous FTP group file, ~ftp/etc/group. The path names of home directories in ~ftp/etc/passwd must be with respect to the anonymous FTP home directory. A sub-login home directory should be owned by the sub-login user ID. The shell field is ignored, and can be empty.

For example, the anonymous FTP sub-login name subftp would have an entry in the FTP passwd file that resembles:

subftp:bAg6vI82aq5Yt:501:10:ftp sub-login:/subftp:

FTP sub-login IDs do not need to be present in the system /etc/passwd file. Assuming the anonymous FTP directory is /home/ftp, the sub-login home directory in the example would be created by user root as follows:

cd /home/ftp mkdir subftp chmod 700 subftp chown 501 subftp chgrp guest subftp

File ~ftp/etc/group should contain the group names associated with any group IDs in file ~ftp/etc/passwd and any group IDs of files in the anonymous FTP subdirectories. In the above example, ~ftp/etc/group would require an entry for guest, and the associated group ID would have to be the same as in the system's /etc/group file.

~ftp/etc/logingroup

Permits anonymous ftp sub-logins to be members of multiple groups. Can be a hard link to FTP ~ftp/etc/group.

~ftp/pub (optional)

This directory is used by anonymous FTP users to deposit files on the system. It should be owned by user ftp and should be mode 777 (readable and writable by all).

~ftp/dist (optional)

Directories used to make files available to anonymous ftp users should be mode 555 (not writable), and any files to be distributed should be owned by root and mode 444 (readable only) so that they cannot be modified or removed by anonymous FTP users.

Note: The steps that are followed to create an anonymous account is used to create a guest account also.

DIAGNOSTICS

ftpd replies to FTP commands to ensure synchronization of requests and actions during file transfers, and to indicate the status of ftpd. Every command produces at least one reply, although there may be more than one. A reply consists of a three-digit number, a space, some text, and an end of line. The number is useful for programs; the text is useful for users. The number must conform to this standard, but the text can vary.

The first digit of the message indicates whether the reply is good, bad, or incomplete. Five values exist for the first digit. The values and the interpretations of the values are:

1

The requested action is being initiated; expect another reply before proceeding with a new command.

2

The requested action is complete. The server is ready for a new request.

3

The command has been accepted, but the requested action requires more information.

4

The command was not accepted, the requested action failed, but the error condition is temporary and the action can be requested again.

5

The command was not accepted, the requested action failed, and the error condition would most likely occur again if the same command sequence is repeated.

The second digit indicates the functional area that the message addresses. The values of the second digit and the interpretations of these values are:

0

Syntax. A message with a 0 for the second digit indicates that a syntax error occurred.

1

Information. A message with a 1 as the second digit indicates that the message is in reply to a request for information.

2

Connections. A message with a 2 as the second digit indicates that the message is a reply to a request for control and data connection information.

3

Authentication and accounting. A message with a 3 as the second digit indicates that the message is a reply to a login or accounting procedure.

4

Not currently specified.

5

File system. A message with a 5 as the second digit indicates that the text following the number contains information concerning the status of the server file system.

The third digit provides a further clarification of the information supplied by the second digit. Following are several examples of messages. Note that ftpd's replies match the number but not the text.

110

Restart marker reply. MARK yyyy=mmmm where yyyy is a user process data stream marker, and mmmm is ftpd's equivalent marker

120

Service ready in nnn minutes

200

Command okay

211

System status, or system help reply

212

Directory status

230

User logged in, proceed

250

Requested file action okay, completed

331

User name okay, need password

350

Requested file action pending further information

425

Cannot open data connection

451

Requested action aborted: local error in processing

500

Syntax error, command unrecognized or command line too long

530

Not logged in

550

Requested action not taken; file unavailable, not found, no access

WARNINGS

The password is sent unencrypted through the socket connection.

Anonymous FTP is inherently dangerous to system security.

DEPENDENCIES

Pluggable Authentication Modules (PAM)

PAM is an Open Group standard for user authentication, password modification, and validation of accounts. In particular, pam_authenticate() is invoked to perform all functions related to login. This includes retrieving the password, validating the account, and displaying error messages.

AUTHOR

ftpd was developed by the University of California, Berkeley.

© Hewlett-Packard Development Company, L.P.