1 .\" $NetBSD: ftpd.conf.5,v 1.19 2002/01/15 02:20:50 wiz Exp $
3 .\" Copyright (c) 1997-2001 The NetBSD Foundation, Inc.
4 .\" All rights reserved.
6 .\" This code is derived from software contributed to The NetBSD Foundation
9 .\" Redistribution and use in source and binary forms, with or without
10 .\" modification, are permitted provided that the following conditions
12 .\" 1. Redistributions of source code must retain the above copyright
13 .\" notice, this list of conditions and the following disclaimer.
14 .\" 2. Redistributions in binary form must reproduce the above copyright
15 .\" notice, this list of conditions and the following disclaimer in the
16 .\" documentation and/or other materials provided with the distribution.
17 .\" 3. All advertising materials mentioning features or use of this software
18 .\" must display the following acknowledgement:
19 .\" This product includes software developed by the NetBSD
20 .\" Foundation, Inc. and its contributors.
21 .\" 4. Neither the name of The NetBSD Foundation nor the names of its
22 .\" contributors may be used to endorse or promote products derived
23 .\" from this software without specific prior written permission.
25 .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
26 .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
27 .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
28 .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
29 .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
30 .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
31 .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
32 .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
33 .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
34 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
35 .\" POSSIBILITY OF SUCH DAMAGE.
48 file specifies various configuration options for
50 that apply once a user has authenticated their connection.
53 consists of a series of lines, each of which may contain a
54 configuration directive, a comment, or a blank line.
55 Directives that appear later in the file override settings by previous
59 entries to define defaults, and then have class-specific overrides.
61 A directive line has the format:
62 .Dl command class [arguments]
66 is the escape character; it can be used to escape the meaning of the
67 comment character, or if it is the last character on a line, extends
68 a configuration directive across multiple lines.
71 is the comment character, and all characters from it to the end of
72 line are ignored (unless it is escaped with the escape character).
74 Each authenticated user is a member of a
76 which is determined by
79 is used to determine which
81 entries apply to the user.
82 The following special classes exist when parsing entries in
84 .Bl -tag -width "chroot" -compact -offset indent
91 Each class has a type, which may be one of:
92 .Bl -tag -width "CHROOT" -offset indent
101 is performed after login.
108 is performed after login.
116 command will return the class settings for the current user as defined by
120 directive is set for the class.
122 Each configuration line may be one of:
124 .It Sy advertise Ar class Ar host
125 .It Sy advertize Ar class Ar host
126 Set the address to advertise in the response to the
130 commands to the address for
132 (which may be either a host name or IP address).
133 This may be useful in some firewall configurations, although many
134 ftp clients may not work if the address being advertised is different
135 to the address that they've connected to.
140 or no argument is given, disable this.
141 .It Sy checkportcmd Ar class Op Sy off
144 command for validity.
147 command will fail if the IP address specified does not match the
149 command connection, or if the remote TCP port number is less than
150 .Dv IPPORT_RESERVED .
153 encouraged that this option be used, espcially for sites concerned
154 with potential security problems with
163 is given, disable this feature, otherwise enable it.
164 .It Sy chroot Ar class Op Sy pathformat
171 use the default behaviour (see below).
174 is parsed to create a directory to create as the root directory with
179 can contain the following escape strings:
180 .Bl -tag -width "Escape" -offset indent -compact
186 Home directory of user.
195 The default root directory is:
196 .Bl -tag -width "CHROOT" -offset indent -compact
198 The user's home directory.
204 otherwise the home directory of the
212 .It Sy classtype Ar class Ar type
213 Set the class type of
218 .It Xo Sy conversion Ar class
219 .Ar suffix Op Ar "type disable command"
221 Define an automatic in-line file conversion.
222 If a file to retrieve ends in
224 and a real file (sans
226 exists, then the output of
228 is returned instead of the contents of the file.
230 .Bl -tag -width "disable" -offset indent
232 The suffix to initiate the conversion.
234 A list of valid filetypes for the conversion.
241 The name of file that will prevent conversion if it exists.
244 will prevent this disabling action
245 (i.e., the conversion is always permitted.)
247 The command to run for the conversion.
248 The first word should be the full path name
251 is used to execute the command.
252 All instances of the word
256 are replaced with the requested file (sans
260 Conversion directives specified later in the file override earlier
261 conversions with the same suffix.
262 .It Sy denyquick Ar class Op Sy off
267 command is received, rather than after the
270 Whilst enabling this feature may allow information leakage about
271 available accounts (for example, if you allow some users of a
275 class but not others), it is useful in preventing a denied user
278 from entering their password across an insecure connection.
281 recommended for servers which run an anonymous-only service.
288 is given, disable this feature, otherwise enable it.
289 .It Sy display Ar class Op Ar file
297 Otherwise, each time the user enters a new directory, check if
299 exists, and if so, display its contents to the user.
300 Escape sequences are supported; refer to
301 .Sx Display file escape sequences
304 for more information.
305 .It Sy homedir Ar class Op Sy pathformat
312 use the default behaviour (see below).
315 is parsed to create a directory to change into upon login, and to use
318 directory of the user for tilde expansion in pathnames, etc.
324 The default home directory is the home directory of the user for
333 .It Xo Sy limit Ar class
336 Limit the maximum number of concurrent connections for
342 meaning unlimited connections.
343 If the limit is exceeded and
345 is given, display its contents to the user.
352 is not specified, disable this.
355 is a relative path, it will be searched for in
357 (which can be overridden with
359 .It Sy maxfilesize Ar class Ar size
360 Set the maximum size of an uploaded file to
366 or no argument is given, disable this.
367 .It Sy maxtimeout Ar class Ar time
368 Set the maximum timeout period that a client may request,
369 defaulting to two hours.
370 This cannot be less than 30 seconds, or the value for
378 is not specified, set to default of 2 hours.
379 .It Sy modify Ar class Op Sy off
386 is given, disable the following commands:
394 Otherwise, enable them.
395 .It Sy motd Ar class Op Ar file
405 as the message of the day file to display after login.
406 Escape sequences are supported; refer to
407 .Sx Display file escape sequences
410 for more information.
413 is a relative path, it will be searched for in
415 (which can be overridden with
417 .It Sy notify Ar class Op Ar fileglob
425 Otherwise, each time the user enters a new directory,
426 notify the user of any files matching
428 .It Sy passive Ar class Op Sy off
435 is given, prevent passive
441 Otherwise, enable them.
442 .It Sy portrange Ar class Ar min Ar max
443 Set the range of port number which will be used for the passive data port.
447 and both numbers must be be between
454 or no arguments are given, disable this.
455 .It Sy private Ar class Op Sy off
462 is given, do not display class information in the output of the
465 Otherwise, display the information.
466 .It Sy rateget Ar class Ar rate
469 transfer rate throttle for
476 is 0, the throttle is disabled.
481 or no arguments are given, disable this.
483 An optional suffix may be provided, which changes the intrepretation of
486 .Bl -tag -width 3n -offset indent -compact
488 Causes no modification. (Default; optional)
490 Kilo; multiply the argument by 1024
492 Mega; multiply the argument by 1048576
494 Giga; multiply the argument by 1073741824
496 Tera; multiply the argument by 1099511627776
498 .It Sy rateput Ar class Ar rate
501 transfer rate throttle for
506 which is parsed as per
507 .Sy rateget Ar rate .
512 or no arguments are given, disable this.
513 .It Sy sanenames Ar class Op Sy off
520 is given, allow uploaded file names to contain any characters valid for a
522 Otherwise, only permit file names which don't start with a
524 and only comprise of characters from the set
525 .Dq [-+,._A-Za-z0-9] .
526 .It Sy template Ar class Op Ar refclass
535 in following directives will also apply to members of
537 This is useful to define a template class so that other classes which are
538 to share common attributes can be easily defined without unnecessary
540 There can be only one template defined at a time.
543 is not given, disable the template for
545 .It Sy timeout Ar class Ar time
546 Set the inactivity timeout period.
547 (the default is fifteen minutes).
548 This cannot be less than 30 seconds, or greater than the value for
556 is not specified, set to the default of 15 minutes.
557 .It Sy umask Ar class Ar umaskval
566 is not specified, set to the default of
568 .It Sy upload Ar class Op Sy off
575 is given, disable the following commands:
580 as well as the modify commands:
588 Otherwise, enable them.
591 The following defaults are used:
593 .Bd -literal -offset indent -compact
595 classtype chroot CHROOT
596 classtype guest GUEST
599 limit all -1 # unlimited connections
600 maxtimeout all 7200 # 2 hours
605 timeout all 900 # 15 minutes
612 .Bl -tag -width /usr/share/examples/ftpd/ftpd.conf -compact
613 .It Pa /etc/ftpd.conf
615 .It Pa /usr/share/examples/ftpd/ftpd.conf
627 functionality was implemented in
629 and later releases by Luke Mewburn, based on work by Simon Burge.