HPUX ftpd[1m]
ftpd(1M) ftpd(1M)
Requires Optional ARPA Services Software
NAME
ftpd - DARPA Internet File Transfer Protocol server
SYNOPSIS
/etc/ftpd [-l] [-t timeout] [-T maxtimeout] [-u umask]
DESCRIPTION
ftpd is the DARPA Internet File Transfer Protocol server. It expects
to be run by the Internet daemon; see inetd(1M) and inetd.conf(4).
inetd runs ftpd when a service request is received at the port
indicated in the ftp service specification in /etc/services; see
services(4).
The -l option causes each FTP session to be logged in the syslog.
The -t option causes ftpd to timeout inactive sessions after timeout
seconds. By default, ftpd will timeout an inactive session after 15
minutes.
A client can also request a different timeout period. The -T option
sets to timeout the maximum timeout that client can request. By
default, the maximum timeout is 2 hours.
By default, ftpd sets its umask to 027. To change this default umask,
use the -u option.
ftpd currently supports the following commands (uppercase and
lowercase are interpreted as equivalent):
Command Description
ABOR Abort previous command
ACCT Specify account (ignored)
ALLO Allocate storage (vacuously)
APPE Append to a file
CDUP Change to parent of current working directory
CWD Change working directory
DELE Delete a file
HELP Give help information
LIST Give list files in a directory (ls -l)
MKD Make a directory
MDTM Show last modification time of file
MODE Specify data transfer mode
NLST Give name list of files in directory
NOOP Do nothing
PASS Specify password
PASV Prepare for server-to-server transfer
PORT Specify data connection port
PWD Print the current working directory
QUIT Terminate session
REST Restart incomplete transfer
Hewlett-Packard Company - 1 - HP-UX Release 9.0: August 1992
ftpd(1M) ftpd(1M)
Requires Optional ARPA Services Software
RETR Retrieve a file
RMD Remove a directory
RNFR Specify rename-from file name
RNTO Specify rename-to file name
SITE Non-standard commands (see next section)
SIZE Return size of file
STAT Return status of server
STOR Store a file
STOU Store a file with a unique name
STRU Specify data transfer structure
SYST Show operating system type of server system
TYPE Specify data transfer type
USER Specify user name
XCUP Change to parent of current working directory
XCWD Change working directory
XMKD Make a directory
XPWD Print the current working directory
XRMD Remove a directory
The following non-standard or HP-UX specific commands are supported by
the SITE command:
Command Description
UMASK Change umask. (e.g., SITE UMASK 002)
IDLE Set idle-timer. (e.g., SITE IDLE 60)
CHMOD Change mode of a file. (e.g., SITE CHMOD 755
filename)
HELP Give help information. (e.g., SITE HELP)
The remaining ftp requests specified in Internet RFC 959 are
recognized, but not implemented. MDTM and SIZE are not specified in
RFC 959, but are expected in the next updated FTP RFC.
The FTP server aborts an active file transfer only when the ABOR
command is preceded by a Telnet "Interrupt Process" (IP) signal and a
Telnet "Synch" signal in the command Telnet stream, as described in
Internet RFC 959. If ftpd receives a STAT command during a data
transfer, preceded by a Telnet IP and Synch, it returns the status of
the transfer.
ftpd interprets file names according to the ``globbing'' conventions
used by csh(1). This allows users to utilize the metacharacters *, .,
[, ], {, }, ~, and ?.
ftpd authenticates users according to three rules:
o The user name must be in the password data base, /etc/passwd,
and not have a null password. The client must provide the
correct password for the user before any file operations can
be performed.
Hewlett-Packard Company - 2 - HP-UX Release 9.0: August 1992
ftpd(1M) ftpd(1M)
Requires Optional ARPA Services Software
o The user name must not appear in the file /etc/ftpusers (see
ftpusers(4)).
o The user must have a standard shell returned by
getusershell(3).
Optionally, a system administrator can permit public access or
``anonymous FTP.'' If this has been set up, users can access the
anonymous FTP account with the user name anonymous or ftp and any
non-null password (by convention, the client host's name). ftpd does
a chroot(2) to the home directory of the user ftp, thus limiting
anonymous FTP users' access to the system. If the user name is
anonymous or ftp, an anonymous FTP account must be present in the
password file (user ftp). In this case the user is allowed to log in
by specifying any password (by convention this is given as the client
host's name).
In order to permit anonymous FTP, there must be an entry in the
passwd(4) database for an account named ftp. The password field
should be *, the group membership should be guest, and the login shell
should be /bin/false. For example (assuming the guest group ID is
10):
ftp:*:500:10:anonymous ftp:/users/ftp:/bin/false
The anonymous ftp directory should be set up as follows:
~ftp The home directory of the ftp account should be owned by user
ftp and mode 555 (not writable). Since ftpd does a chroot to
this directory, it must have the following subdirectories and
files:
~ftp/bin This directory must be owned by root and mode 555
(not writable). It should contain a copy of
/bin/ls. This is needed to support directory
listing by ftpd. The command should be mode 111
(executable only). If the FTP account is on the
same file system as /bin, ~ftp/bin/ls can be hard
link, but it may not be a symbolic link, because of
the chroot. The command must be replaced when the
system is updated.
~ftp/etc This directory must be owned by root and mode 555
(not writable). It should contain versions of the
files passwd, group, and logingroup. See passwd(4)
and group(4). These files must be owned by root and
mode 444 (readable only). These are needed to map
user and group ids in the LIST command, and to
support (optional) sub-logins of anonymous FTP.
Sub-logins can sometimes be used to allow access to
particular files by only specific remote users (who
Hewlett-Packard Company - 3 - HP-UX Release 9.0: August 1992
ftpd(1M) ftpd(1M)
Requires Optional ARPA Services Software
know the sub-login password) without giving those
remote users logins on the system. A sub-login user
would access the system via anonymous ftp, and then
use USER and PASS to change to the sub-login user.
~ftp/etc/passwd
This file should contain entries for the ftp user
and any other users who own files under the
anonymous ftp directory. Such entries should have *
for passwords. ~ftp/etc/passwd should also contain
entries for any desired anonymous FTP sub-logins.
The sub-logins must have passwords, which must be
encrypted as in passwd(4). Group IDs must be listed
in the anonymous FTP group file, ~ftp/etc/group.
The path names of home directories in
~ftp/etc/passwd must be with respect to the
anonymous FTP home directory. A sub-login home
directory should be owned by the sub-login user ID.
The shell field is ignored, and can be empty.
For example, the anonymous FTP sub-login name subftp
would have an entry in the FTP passwd file that
resembles:
subftp:bAg6vI82aq5Yt:501:10:ftp sub-
login:/subftp:
FTP sub-login IDs do not need to be present in the
system /etc/passwd file. Assuming the anonymous FTP
directory is /users/ftp, the sub-login home
directory in the example would be created by user
root as follows:
cd /users/ftp
mkdir subftp
chmod 700 subftp
chown 501 subftp
chgrp guest subftp
File ~ftp/etc/group should contain the group names
associated with any group IDs in file
~ftp/etc/passwd and any group IDs of files in the
anonymous FTP subdirectories. In the above example,
~ftp/etc/group would require an entry for guest, and
the associated group ID would have to be the same as
in the system's /etc/group file.
~ftp/etc/logingroup
Permits anonymous ftp sub-logins to be members of
multiple groups. Can be a hard link to FTP
~ftp/etc/group.
Hewlett-Packard Company - 4 - HP-UX Release 9.0: August 1992
ftpd(1M) ftpd(1M)
Requires Optional ARPA Services Software
~ftp/pub (optional)
This directory is used by anonymous FTP users to
deposit files on the system. It should be owned by
user ftp and should be mode 777 (readable and
writable by all).
~ftp/dist (optional)
Directories used to make files available to
anonymous ftp users should be mode 555 (not
writable), and any files to be distributed should be
owned by root and mode 444 (readable only) so that
they cannot be modified or removed by anonymous FTP
users.
DIAGNOSTICS
ftpd replies to FTP commands to ensure synchronization of requests and
actions during file transfers, and to indicate the status of ftpd.
Every command produces at least one reply, although there may be more
than one. A reply consists of a three-digit number, a space, some
text, and an end of line. The number is useful for programs; the text
is useful for users. The number must conform to this standard, but
the text can vary.
The first digit of the message indicates whether the reply is good,
bad, or incomplete. Five values exist for the first digit. The
values and the interpretations of the values are:
1 The requested action is being initiated; expect another
reply before proceeding with a new command.
2 The requested action is complete. The server is ready
for a new request.
3 The command has been accepted, but the requested action
requires more information.
4 The command was not accepted, the requested action
failed, but the error condition is temporary and the
action can be requested again.
5 The command was not accepted, the requested action
failed, and the error condition would most likely occur
again if the same command sequence is repeated.
The second digit indicates the functional area that the message
addresses. The values of the second digit and the interpretations of
these values are:
0 Syntax. A message with a 0 for the second digit
indicates that a syntax error occurred.
Hewlett-Packard Company - 5 - HP-UX Release 9.0: August 1992
ftpd(1M) ftpd(1M)
Requires Optional ARPA Services Software
1 Information. A message with a 1 as the second digit
indicates that the message is in reply to a request for
information.
2 Connections. A message with a 2 as the second digit
indicates that the message is a reply to a request for
control and data connection information.
3 Authentication and accounting. A message with a 3 as the
second digit indicates that the message is a reply to a
login or accounting procedure.
4 Not currently specified.
5 File system. A message with a 5 as the second digit
indicates that the text following the number contains
information concerning the status of the server file
system.
The third digit provides a further clarification of the information
supplied by the second digit. Following are several examples of
messages. Note that ftpd's replies match the number but not the text.
110 Restart marker reply. MARK yyyy=mmmm where yyyy is a
user process data stream marker, and mmmm is ftpd's
equivalent marker
119 Terminal not available, will try mailbox
120 Service ready in nnn minutes
200 Command okay
211 System status, or system help reply
212 Directory status
230 User logged in, proceed
250 Requested file action okay, completed
331 User name okay, need password
350 Requested file action pending further information
425 Cannot open data connection
451 Requested action aborted: local error in processing
500 Syntax error, command unrecognized or command line too
long
530 Not logged in
550 Requested action not taken; file unavailable, not found,
no access
WARNINGS
The password is sent unencrypted through the socket connection.
Anonymous FTP is inherently dangerous to system security.
An error in the treatment of carriage returns in FTP clients and
servers based on the 4.2BSD implementation (specifically, any ftp(1)
or ftpd(1M) released prior to HP-UX 8.0) has been corrected. This
Hewlett-Packard Company - 6 - HP-UX Release 9.0: August 1992
ftpd(1M) ftpd(1M)
Requires Optional ARPA Services Software
correction may result in incorrect transfers of binary files when
using the ascii transfer type. Avoid this problem by using the image
(binary) transfer type.
AUTHOR
ftpd was developed by the University of California, Berkeley.
SEE ALSO
ftp(1), inetd(1M), chroot(2), getusershell(3), inetd.conf(4),
ftpusers(4), passwd(4), group(4).
Hewlett-Packard Company - 7 - HP-UX Release 9.0: August 1992