Commit | Line | Data |
---|---|---|
984263bc MD |
1 | .\" Copyright (c) 1985, 1988, 1991, 1993 |
2 | .\" The Regents of the University of California. All rights reserved. | |
3 | .\" | |
4 | .\" Redistribution and use in source and binary forms, with or without | |
5 | .\" modification, are permitted provided that the following conditions | |
6 | .\" are met: | |
7 | .\" 1. Redistributions of source code must retain the above copyright | |
8 | .\" notice, this list of conditions and the following disclaimer. | |
9 | .\" 2. Redistributions in binary form must reproduce the above copyright | |
10 | .\" notice, this list of conditions and the following disclaimer in the | |
11 | .\" documentation and/or other materials provided with the distribution. | |
dc71b7ab | 12 | .\" 3. Neither the name of the University nor the names of its contributors |
984263bc MD |
13 | .\" may be used to endorse or promote products derived from this software |
14 | .\" without specific prior written permission. | |
15 | .\" | |
16 | .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND | |
17 | .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
18 | .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
19 | .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
20 | .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
21 | .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
22 | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
23 | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
24 | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
25 | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
26 | .\" SUCH DAMAGE. | |
27 | .\" | |
28 | .\" @(#)ftpd.8 8.2 (Berkeley) 4/19/94 | |
bf9ce431 | 29 | .\" $FreeBSD: src/libexec/ftpd/ftpd.8,v 1.74 2007/04/20 09:08:20 trhodes Exp $ |
984263bc | 30 | .\" |
25606b42 | 31 | .Dd September 11, 2019 |
984263bc MD |
32 | .Dt FTPD 8 |
33 | .Os | |
34 | .Sh NAME | |
35 | .Nm ftpd | |
36 | .Nd Internet File Transfer Protocol server | |
37 | .Sh SYNOPSIS | |
38 | .Nm | |
bf9ce431 | 39 | .Op Fl 468ADdEhMmOoRrSUvW |
984263bc MD |
40 | .Op Fl l Op Fl l |
41 | .Op Fl a Ar address | |
23bf8892 | 42 | .Op Fl H Ar host |
984263bc | 43 | .Op Fl P Ar port |
bf9ce431 | 44 | .Op Fl p Ar file |
984263bc | 45 | .Op Fl T Ar maxtimeout |
bf9ce431 | 46 | .Op Fl t Ar timeout |
984263bc MD |
47 | .Op Fl u Ar umask |
48 | .Sh DESCRIPTION | |
bf9ce431 PA |
49 | The |
50 | .Nm | |
51 | utility is the | |
984263bc | 52 | Internet File Transfer Protocol |
bf9ce431 PA |
53 | server process. |
54 | The server uses the | |
984263bc MD |
55 | .Tn TCP |
56 | protocol | |
57 | and listens at the port specified with the | |
58 | .Fl P | |
59 | option or in the | |
60 | .Dq ftp | |
61 | service specification; see | |
62 | .Xr services 5 . | |
63 | .Pp | |
64 | Available options: | |
65 | .Bl -tag -width indent | |
66 | .It Fl 4 | |
67 | When | |
68 | .Fl D | |
bf9ce431 | 69 | is specified, accept connections via |
984263bc MD |
70 | .Dv AF_INET |
71 | socket. | |
72 | .It Fl 6 | |
73 | When | |
74 | .Fl D | |
75 | is specified, accept connections via | |
76 | .Dv AF_INET6 | |
77 | socket. | |
bf9ce431 PA |
78 | .It Fl 8 |
79 | Enable transparent UTF-8 mode. | |
80 | RFC\ 2640 compliant clients will be told that the character encoding | |
81 | used by the server is UTF-8, which is the only effect of the option. | |
82 | .Pp | |
83 | This option does not enable any encoding conversion for server file names; | |
84 | it implies instead that the names of files on the server are encoded | |
85 | in UTF-8. | |
86 | As for files uploaded via FTP, it is the duty of the RFC\ 2640 compliant | |
87 | client to convert their names from the client's local encoding to UTF-8. | |
88 | FTP command names and own | |
89 | .Nm | |
90 | messages are always encoded in ASCII, which is a subset of UTF-8. | |
91 | Hence no need for server-side conversion at all. | |
92 | .It Fl A | |
93 | Allow only anonymous ftp access. | |
984263bc MD |
94 | .It Fl a |
95 | When | |
96 | .Fl D | |
97 | is specified, accept connections only on the specified | |
98 | .Ar address . | |
984263bc MD |
99 | .It Fl D |
100 | With this option set, | |
101 | .Nm | |
102 | will detach and become a daemon, accepting connections on the FTP port and | |
103 | forking children processes to handle them. | |
104 | This is lower overhead than starting | |
105 | .Nm | |
106 | from | |
107 | .Xr inetd 8 | |
108 | and is thus useful on busy servers to reduce load. | |
bf9ce431 PA |
109 | .It Fl d |
110 | Debugging information is written to the syslog using | |
111 | .Dv LOG_FTP . | |
984263bc MD |
112 | .It Fl E |
113 | Disable the EPSV command. | |
114 | This is useful for servers behind older firewalls. | |
115 | .It Fl h | |
116 | Disable printing host-specific information, such as the | |
117 | server software version or hostname, in server messages. | |
23bf8892 JS |
118 | .It Fl H |
119 | Advertise the hostname as | |
120 | .Ar host | |
121 | instead of using the value of | |
122 | .Xr gethostname 3 . | |
984263bc MD |
123 | .It Fl l |
124 | Each successful and failed | |
125 | .Xr ftp 1 | |
126 | session is logged using syslog with a facility of | |
127 | .Dv LOG_FTP . | |
128 | If this option is specified twice, the retrieve (get), store (put), append, | |
129 | delete, make directory, remove directory and rename operations and | |
130 | their filename arguments are also logged. | |
bf9ce431 | 131 | By default, |
984263bc | 132 | .Xr syslogd 8 |
bf9ce431 PA |
133 | logs these to |
134 | .Pa /var/log/xferlog . | |
135 | .It Fl M | |
136 | Prevent anonymous users from creating directories. | |
984263bc MD |
137 | .It Fl m |
138 | Permit anonymous users to overwrite or modify | |
bf9ce431 | 139 | existing files if allowed by file system permissions. |
984263bc MD |
140 | By default, anonymous users cannot modify existing files; |
141 | in particular, files to upload will be created under a unique name. | |
984263bc MD |
142 | .It Fl O |
143 | Put server in write-only mode for anonymous users only. | |
144 | RETR is disabled for anonymous users, preventing anonymous downloads. | |
145 | This has no effect if | |
146 | .Fl o | |
147 | is also specified. | |
bf9ce431 PA |
148 | .It Fl o |
149 | Put server in write-only mode. | |
150 | RETR is disabled, preventing downloads. | |
984263bc MD |
151 | .It Fl P |
152 | When | |
153 | .Fl D | |
154 | is specified, accept connections at | |
155 | .Ar port , | |
156 | specified as a numeric value or service name, instead of at the default | |
157 | .Dq ftp | |
158 | port. | |
bf9ce431 PA |
159 | .It Fl p |
160 | When | |
161 | .Fl D | |
162 | is specified, write the daemon's process ID to | |
163 | .Ar file | |
164 | instead of the default pid file, | |
165 | .Pa /var/run/ftpd.pid . | |
984263bc MD |
166 | .It Fl R |
167 | With this option set, | |
168 | .Nm | |
169 | will revert to historical behavior with regard to security checks on | |
170 | user operations and restrictions on PORT requests. | |
171 | Currently, | |
172 | .Nm | |
173 | will only honor PORT commands directed to unprivileged ports on the | |
174 | remote user's host (which violates the FTP protocol specification but | |
175 | closes some security holes). | |
bf9ce431 PA |
176 | .It Fl r |
177 | Put server in read-only mode. | |
178 | All commands which may modify the local file system are disabled. | |
984263bc MD |
179 | .It Fl S |
180 | With this option set, | |
181 | .Nm | |
182 | logs all anonymous file downloads to the file | |
183 | .Pa /var/log/ftpd | |
184 | when this file exists. | |
984263bc MD |
185 | .It Fl T |
186 | A client may also request a different timeout period; | |
187 | the maximum period allowed may be set to | |
188 | .Ar timeout | |
189 | seconds with the | |
190 | .Fl T | |
191 | option. | |
192 | The default limit is 2 hours. | |
bf9ce431 PA |
193 | .It Fl t |
194 | The inactivity timeout period is set to | |
195 | .Ar timeout | |
196 | seconds (the default is 15 minutes). | |
197 | .It Fl U | |
198 | This option instructs ftpd to use data ports in the range of | |
199 | .Dv IP_PORTRANGE_DEFAULT | |
200 | instead of in the range of | |
201 | .Dv IP_PORTRANGE_HIGH . | |
202 | Such a change may be useful for some specific firewall configurations; | |
203 | see | |
204 | .Xr ip 4 | |
205 | for more information. | |
206 | .Pp | |
207 | Note that option is a virtual no-op in | |
208 | .Fx 5.0 | |
209 | and above; both port | |
6b882c34 | 210 | ranges are identical by default. |
984263bc MD |
211 | .It Fl u |
212 | The default file creation mode mask is set to | |
213 | .Ar umask , | |
214 | which is expected to be an octal numeric value. | |
215 | Refer to | |
216 | .Xr umask 2 | |
217 | for details. | |
bf9ce431 PA |
218 | This option may be overridden by |
219 | .Xr login.conf 5 . | |
984263bc MD |
220 | .It Fl v |
221 | A synonym for | |
222 | .Fl d . | |
223 | .It Fl W | |
bf9ce431 | 224 | Do not log FTP sessions to |
25606b42 | 225 | .Pa /var/log/wtmpx . |
984263bc MD |
226 | .El |
227 | .Pp | |
228 | The file | |
229 | .Pa /var/run/nologin | |
230 | can be used to disable ftp access. | |
231 | If the file exists, | |
232 | .Nm | |
233 | displays it and exits. | |
234 | If the file | |
235 | .Pa /etc/ftpwelcome | |
236 | exists, | |
237 | .Nm | |
238 | prints it before issuing the | |
239 | .Dq ready | |
240 | message. | |
241 | If the file | |
242 | .Pa /etc/ftpmotd | |
243 | exists, | |
244 | .Nm | |
bf9ce431 PA |
245 | prints it after a successful login. |
246 | Note the motd file used is the one | |
247 | relative to the login environment. | |
248 | This means the one in | |
984263bc MD |
249 | .Pa ~ftp/etc |
250 | in the anonymous user's case. | |
251 | .Pp | |
252 | The ftp server currently supports the following ftp requests. | |
bf9ce431 PA |
253 | The case of the requests is ignored. |
254 | Requests marked [RW] are | |
984263bc MD |
255 | disabled if |
256 | .Fl r | |
257 | is specified. | |
258 | .Bl -column "Request" -offset indent | |
259 | .It Sy Request Ta Sy "Description" | |
260 | .It ABOR Ta "abort previous command" | |
261 | .It ACCT Ta "specify account (ignored)" | |
262 | .It ALLO Ta "allocate storage (vacuously)" | |
263 | .It APPE Ta "append to a file [RW]" | |
264 | .It CDUP Ta "change to parent of current working directory" | |
265 | .It CWD Ta "change working directory" | |
266 | .It DELE Ta "delete a file [RW]" | |
267 | .It EPRT Ta "specify data connection port, multiprotocol" | |
268 | .It EPSV Ta "prepare for server-to-server transfer, multiprotocol" | |
bf9ce431 | 269 | .It FEAT Ta "give information on extended features of server" |
984263bc MD |
270 | .It HELP Ta "give help information" |
271 | .It LIST Ta "give list files in a directory" Pq Dq Li "ls -lgA" | |
272 | .It LPRT Ta "specify data connection port, multiprotocol" | |
273 | .It LPSV Ta "prepare for server-to-server transfer, multiprotocol" | |
274 | .It MDTM Ta "show last modification time of file" | |
275 | .It MKD Ta "make a directory [RW]" | |
276 | .It MODE Ta "specify data transfer" Em mode | |
277 | .It NLST Ta "give name list of files in directory" | |
278 | .It NOOP Ta "do nothing" | |
279 | .It PASS Ta "specify password" | |
280 | .It PASV Ta "prepare for server-to-server transfer" | |
281 | .It PORT Ta "specify data connection port" | |
282 | .It PWD Ta "print the current working directory" | |
283 | .It QUIT Ta "terminate session" | |
284 | .It REST Ta "restart incomplete transfer" | |
285 | .It RETR Ta "retrieve a file" | |
286 | .It RMD Ta "remove a directory [RW]" | |
287 | .It RNFR Ta "specify rename-from file name [RW]" | |
288 | .It RNTO Ta "specify rename-to file name [RW]" | |
289 | .It SITE Ta "non-standard commands (see next section)" | |
290 | .It SIZE Ta "return size of file" | |
291 | .It STAT Ta "return status of server" | |
292 | .It STOR Ta "store a file [RW]" | |
293 | .It STOU Ta "store a file with a unique name [RW]" | |
294 | .It STRU Ta "specify data transfer" Em structure | |
295 | .It SYST Ta "show operating system type of server system" | |
296 | .It TYPE Ta "specify data transfer" Em type | |
297 | .It USER Ta "specify user name" | |
298 | .It XCUP Ta "change to parent of current working directory (deprecated)" | |
299 | .It XCWD Ta "change working directory (deprecated)" | |
300 | .It XMKD Ta "make a directory (deprecated) [RW]" | |
301 | .It XPWD Ta "print the current working directory (deprecated)" | |
302 | .It XRMD Ta "remove a directory (deprecated) [RW]" | |
303 | .El | |
304 | .Pp | |
305 | The following non-standard or | |
6e61cee1 | 306 | .Ux |
984263bc MD |
307 | specific commands are supported |
308 | by the | |
309 | SITE request. | |
984263bc MD |
310 | .Bl -column Request -offset indent |
311 | .It Sy Request Ta Sy Description | |
312 | .It UMASK Ta change umask, e.g. ``SITE UMASK 002'' | |
313 | .It IDLE Ta set idle-timer, e.g. ``SITE IDLE 60'' | |
314 | .It CHMOD Ta "change mode of a file [RW], e.g. ``SITE CHMOD 755 filename''" | |
315 | .It MD5 Ta "report the files MD5 checksum, e.g. ``SITE MD5 filename''" | |
316 | .It HELP Ta give help information | |
317 | .El | |
318 | .Pp | |
319 | Note: SITE requests are disabled in case of anonymous logins. | |
320 | .Pp | |
321 | The remaining ftp requests specified in Internet RFC 959 | |
322 | are | |
323 | recognized, but not implemented. | |
324 | MDTM and SIZE are not specified in RFC 959, but will appear in the | |
325 | next updated FTP RFC. | |
326 | To avoid possible denial-of-service attacks, SIZE requests against | |
327 | files larger than 10240 bytes will be denied if the current transfer | |
328 | type is ASCII. | |
329 | .Pp | |
330 | The ftp server will abort an active file transfer only when the | |
331 | ABOR | |
332 | command is preceded by a Telnet "Interrupt Process" (IP) | |
333 | signal and a Telnet "Synch" signal in the command Telnet stream, | |
334 | as described in Internet RFC 959. | |
335 | If a | |
336 | STAT | |
337 | command is received during a data transfer, preceded by a Telnet IP | |
338 | and Synch, transfer status will be returned. | |
339 | .Pp | |
bf9ce431 PA |
340 | The |
341 | .Nm | |
342 | utility interprets file names according to the | |
984263bc MD |
343 | .Dq globbing |
344 | conventions used by | |
345 | .Xr csh 1 . | |
346 | This allows users to utilize the metacharacters | |
347 | .Dq Li \&*?[]{}~ . | |
348 | .Pp | |
bf9ce431 PA |
349 | The |
350 | .Nm | |
351 | utility authenticates users according to six rules. | |
984263bc MD |
352 | .Bl -enum -offset indent |
353 | .It | |
354 | The login name must be in the password data base | |
355 | and not have a null password. | |
356 | In this case a password must be provided by the client before any | |
357 | file operations may be performed. | |
984263bc MD |
358 | .It |
359 | The login name must not appear in the file | |
360 | .Pa /etc/ftpusers . | |
361 | .It | |
362 | The login name must not be a member of a group specified in the file | |
363 | .Pa /etc/ftpusers . | |
364 | Entries in this file interpreted as group names are prefixed by an "at" | |
365 | .Ql \&@ | |
366 | sign. | |
367 | .It | |
368 | The user must have a standard shell returned by | |
369 | .Xr getusershell 3 . | |
370 | .It | |
371 | If the user name appears in the file | |
372 | .Pa /etc/ftpchroot , | |
373 | or the user is a member of a group with a group entry in this file, | |
bf9ce431 | 374 | i.e., one prefixed with |
984263bc MD |
375 | .Ql \&@ , |
376 | the session's root will be changed to the directory specified | |
377 | in this file or to the user's login directory by | |
378 | .Xr chroot 2 | |
379 | as for an | |
380 | .Dq anonymous | |
381 | or | |
382 | .Dq ftp | |
383 | account (see next item). | |
384 | See | |
385 | .Xr ftpchroot 5 | |
386 | for a detailed description of the format of this file. | |
387 | This facility may also be triggered by enabling the boolean "ftp-chroot" | |
388 | capability in | |
389 | .Xr login.conf 5 . | |
390 | However, the user must still supply a password. | |
391 | This feature is intended as a compromise between a fully anonymous | |
392 | account and a fully privileged account. | |
393 | The account should also be set up as for an anonymous account. | |
394 | .It | |
395 | If the user name is | |
396 | .Dq anonymous | |
397 | or | |
398 | .Dq ftp , | |
399 | an | |
400 | anonymous ftp account must be present in the password | |
401 | file (user | |
402 | .Dq ftp ) . | |
403 | In this case the user is allowed | |
404 | to log in by specifying any password (by convention an email address for | |
405 | the user should be used as the password). | |
406 | When the | |
407 | .Fl S | |
408 | option is set, all transfers are logged as well. | |
409 | .El | |
410 | .Pp | |
411 | In the last case, | |
412 | .Nm | |
413 | takes special measures to restrict the client's access privileges. | |
414 | The server performs a | |
415 | .Xr chroot 2 | |
416 | to the home directory of the | |
417 | .Dq ftp | |
418 | user. | |
419 | As a special case if the | |
420 | .Dq ftp | |
421 | user's home directory pathname contains the | |
bf9ce431 | 422 | .Pa /./ |
984263bc MD |
423 | separator, |
424 | .Nm | |
425 | uses its left-hand side as the name of the directory to do | |
426 | .Xr chroot 2 | |
427 | to, and its right-hand side to change the current directory to afterwards. | |
428 | A typical example for this case would be | |
429 | .Pa /usr/local/ftp/./pub . | |
430 | In order that system security is not breached, it is recommended | |
431 | that the | |
432 | .Dq ftp | |
433 | subtree be constructed with care, following these rules: | |
434 | .Bl -tag -width "~ftp/pub" -offset indent | |
435 | .It Pa ~ftp | |
436 | Make the home directory owned by | |
437 | .Dq root | |
438 | and unwritable by anyone. | |
439 | .It Pa ~ftp/etc | |
440 | Make this directory owned by | |
441 | .Dq root | |
442 | and unwritable by anyone (mode 555). | |
443 | The files pwd.db (see | |
444 | .Xr passwd 5 ) | |
445 | and | |
446 | .Xr group 5 | |
447 | must be present for the | |
d52be284 | 448 | .Xr ls 1 |
984263bc MD |
449 | command to be able to produce owner names rather than numbers. |
450 | The password field in | |
d52be284 | 451 | .Xr passwd 5 |
984263bc MD |
452 | is not used, and should not contain real passwords. |
453 | The file | |
454 | .Pa ftpmotd , | |
455 | if present, will be printed after a successful login. | |
456 | These files should be mode 444. | |
457 | .It Pa ~ftp/pub | |
458 | This directory and the subdirectories beneath it should be owned | |
459 | by the users and groups responsible for placing files in them, | |
460 | and be writable only by them (mode 755 or 775). | |
461 | They should | |
462 | .Em not | |
463 | be owned or writable by | |
464 | .Dq ftp | |
465 | or its group, otherwise guest users | |
466 | can fill the drive with unwanted files. | |
467 | .El | |
468 | .Pp | |
469 | If the system has multiple IP addresses, | |
470 | .Nm | |
471 | supports the idea of virtual hosts, which provides the ability to | |
472 | define multiple anonymous ftp areas, each one allocated to a different | |
473 | internet address. | |
474 | The file | |
475 | .Pa /etc/ftphosts | |
476 | contains information pertaining to each of the virtual hosts. | |
477 | Each host is defined on its own line which contains a number of | |
478 | fields separated by whitespace: | |
479 | .Bl -tag -offset indent -width hostname | |
480 | .It hostname | |
481 | Contains the hostname or IP address of the virtual host. | |
482 | .It user | |
483 | Contains a user record in the system password file. | |
484 | As with normal anonymous ftp, this user's access uid, gid and group | |
485 | memberships determine file access to the anonymous ftp area. | |
486 | The anonymous ftp area (to which any user is chrooted on login) | |
487 | is determined by the home directory defined for the account. | |
488 | User id and group for any ftp account may be the same as for the | |
489 | standard ftp user. | |
490 | .It statfile | |
491 | File to which all file transfers are logged, which | |
492 | defaults to | |
493 | .Pa /var/log/ftpd . | |
494 | .It welcome | |
495 | This file is the welcome message displayed before the server ready | |
496 | prompt. | |
497 | It defaults to | |
498 | .Pa /etc/ftpwelcome . | |
499 | .It motd | |
500 | This file is displayed after the user logs in. | |
501 | It defaults to | |
502 | .Pa /etc/ftpmotd . | |
503 | .El | |
504 | .Pp | |
505 | Lines beginning with a '#' are ignored and can be used to include | |
506 | comments. | |
507 | .Pp | |
508 | Defining a virtual host for the primary IP address or hostname | |
509 | changes the default for ftp logins to that address. | |
510 | The 'user', 'statfile', 'welcome' and 'motd' fields may be left | |
511 | blank, or a single hyphen '-' used to indicate that the default | |
512 | value is to be used. | |
513 | .Pp | |
514 | As with any anonymous login configuration, due care must be given | |
515 | to setup and maintenance to guard against security related problems. | |
516 | .Pp | |
bf9ce431 | 517 | The |
984263bc | 518 | .Nm |
bf9ce431 | 519 | utility has internal support for handling remote requests to list |
984263bc MD |
520 | files, and will not execute |
521 | .Pa /bin/ls | |
bf9ce431 PA |
522 | in either a chrooted or non-chrooted environment. |
523 | The | |
984263bc MD |
524 | .Pa ~/bin/ls |
525 | executable need not be placed into the chrooted tree, nor need the | |
526 | .Pa ~/bin | |
527 | directory exist. | |
528 | .Sh FILES | |
bf9ce431 | 529 | .Bl -tag -width ".Pa /var/run/ftpd.pid" -compact |
984263bc MD |
530 | .It Pa /etc/ftpusers |
531 | List of unwelcome/restricted users. | |
532 | .It Pa /etc/ftpchroot | |
533 | List of normal users who should be chroot'd. | |
534 | .It Pa /etc/ftphosts | |
535 | Virtual hosting configuration file. | |
536 | .It Pa /etc/ftpwelcome | |
537 | Welcome notice. | |
538 | .It Pa /etc/ftpmotd | |
539 | Welcome notice after login. | |
bf9ce431 PA |
540 | .It Pa /var/run/ftpd.pid |
541 | Default pid file for daemon mode. | |
984263bc MD |
542 | .It Pa /var/run/nologin |
543 | Displayed and access refused. | |
544 | .It Pa /var/log/ftpd | |
545 | Log file for anonymous transfers. | |
bf9ce431 PA |
546 | .It Pa /var/log/xferlog |
547 | Default place for session logs. | |
984263bc MD |
548 | .El |
549 | .Sh SEE ALSO | |
550 | .Xr ftp 1 , | |
984263bc MD |
551 | .Xr umask 2 , |
552 | .Xr getusershell 3 , | |
553 | .Xr ftpchroot 5 , | |
554 | .Xr login.conf 5 , | |
555 | .Xr inetd 8 , | |
556 | .Xr syslogd 8 | |
d600454b SW |
557 | .Sh HISTORY |
558 | The | |
559 | .Nm | |
bf9ce431 | 560 | utility appeared in |
d600454b SW |
561 | .Bx 4.2 . |
562 | IPv6 support was added in WIDE Hydrangea IPv6 stack kit. | |
984263bc MD |
563 | .Sh BUGS |
564 | The server must run as the super-user | |
bf9ce431 PA |
565 | to create sockets with privileged port numbers. |
566 | It maintains | |
984263bc | 567 | an effective user id of the logged in user, reverting to |
bf9ce431 PA |
568 | the super-user only when binding addresses to sockets. |
569 | The | |
984263bc MD |
570 | possible security holes have been extensively |
571 | scrutinized, but are possibly incomplete. |