The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

Интерактивная система просмотра системных руководств (man-ов)

 ТемаНаборКатегория 
 
 [Cписок руководств | Печать]

in.ftpd (1)
  • >> in.ftpd (1) ( Solaris man: Команды и прикладные программы пользовательского уровня )
  •  

    NAME

    in.ftpd, ftpd - File Transfer Protocol Server
     
    

    SYNOPSIS

    in.ftpd [-4] [-A] [-a] [-C] [-d] [-I] [-i] [-K] [-L] [-l] 
        [-o] [-P dataport] [-p ctrlport] [-Q] [-q] 
        [-r rootdir] [-S] [-s] [-T maxtimeout] [-t timeout] 
        [-u umask] [-V] [-v] [-W] [-w] [-X]
    

     

    DESCRIPTION

    in.ftpd is the Internet File Transfer Protocol (FTP) server process. The server may be invoked by the Internet daemon inetd(1M) each time a connection to the FTP service is made or run as a standalone server. See services(4).  

    OPTIONS

    in.ftpd supports the following options:

    -4

    When running in standalone mode, listen for connections on an AF_INET type socket. The default is to listen on an AF_INET6 type socket.

    -a

    Enables use of the ftpaccess(4) file.

    -A

    Disables use of the ftpaccess(4) file. Use of ftpaccess is disabled by default.

    -C

    Non-anonymous users need local credentials (for example, to authenticate to remote fileservers). So they should be prompted for a password unless they forwarded credentials as part of authentication.

    -d

    Writes debugging information to syslogd(1M).

    -i

    Logs the names of all files received by the FTP Server to xferlog(4). You can override the -i option through use of the ftpaccess(4) file.

    -I

    Disables the use of AUTH and ident to determine the username on the client. See RFC 931. The FTP Server is built not to use AUTH and ident.

    -K

    Connections are only allowed for users who can authenticate through the ftp AUTH mechanism. (Anonymous ftp may also be allowed if it is configured.) ftpd will ask the user for a password if one is required.

    -l

    Logs each FTP session to syslogd(1M).

    -L

    Logs all commands sent to in.ftpd to syslogd(1M). When the -L option is used, command logging will be on by default, once the FTP Server is invoked. Because the FTP Server includes USER commands in those logged, if a user accidentally enters a password instead of the username, the password will be logged. You can override the -L option through use of the ftpaccess(4) file.

    -o

    Logs the names of all files transmitted by the FTP Server to xferlog(4). You can override the -o option through use of the ftpaccess(4) file.

    -P dataport

    The FTP Server determines the port number by looking in the services(4) file for an entry for the ftp-data service. If there is no entry, the daemon uses the port just prior to the control connection port. Use the -P option to specify the data port number.

    -p ctrlport

    When run in standalone mode, the FTP Server determines the control port number by looking in the services(4) file for an entry for the ftp service. Use the -p option to specify the control port number.

    -Q

    Disables PID files. This disables user limits. Large, busy sites that do not want to impose limits on the number of concurrent users can use this option to disable PID files.

    -q

    Uses PID files. The limit directive uses PID files to determine the number of current users in each access class. By default, PID files are used.

    -r rootdir

    chroot(2) to rootdir upon loading. Use this option to improve system security. It limits the files that can be damaged should a break in occur through the daemon. This option is similar to anonymous FTP. Additional files are needed, which vary from system to system.

    -S

    Places the daemon in standalone operation mode. The daemon runs in the background. This is useful for startup scripts that run during system initialization. See init.d(4).

    -s

    Places the daemon in standalone operation mode. The daemon runs in the foreground. This is useful when run from /etc/inittab by init(1M).

    -T maxtimeout

    Sets the maximum allowable timeout period to maxtimeout seconds. The default maximum timeout limit is 7200 second (two hours). You can override the -T option through use of the ftpaccess(4) file.

    -t timeout

    Sets the inactivity timeout period to timeout seconds. The default timeout period is 900 seconds (15 minutes). You can override the -t option through use of the ftpaccess(4) file.

    -u umask

    Sets the default umask to umask.

    -V

    Displays copyright and version information, then terminate.

    -v

    Writes debugging information to syslogd(1M).

    -W

    Does not record user login and logout in the wtmpx(4) file.

    -w

    Records each user login and logout in the wtmpx(4) file. By default, logins and logouts are recorded.

    -X

    Writes the output from the -i and -o options to the syslogd(1M) file instead of xferlog(4). This allows the collection of output from several hosts on one central loghost. You can override the -X option through use of the ftpaccess(4) file.

     

    Requests

    The FTP Server currently supports the following FTP requests. Case is not distinguished.

    ABOR

    Abort previous command.

    ADAT

    Send an authentication protocol message.

    ALLO

    Allocate storage (vacuously).

    AUTH

    Specify an authentication protocol to be performed. Currently only "GSSAPI" is supported.

    APPE

    Append to a file.

    CCC

    Set the command channel protection mode to "Clear" (no protection). Not allowed if data channel is protected.

    CDUP

    Change to parent of current working directory.

    CWD

    Change working directory.

    DELE

    Delete a file.

    ENC

    Send a privacy and integrity protected command (given in argument).

    EPRT

    Specify extended address for the transport connection.

    EPSV

    Extended passive command request.

    HELP

    Give help information.

    LIST

    Give list files in a directory (ls -lA).

    LPRT

    Specify long address for the transport connection.

    LPSV

    Long passive command request.

    MIC

    Send an integrity protected command (given in argument).

    MKD

    Make a directory.

    MDTM

    Show last time file modified.

    MODE

    Specify data transfer mode.

    NLST

    Give name list of files in directory (ls).

    NOOP

    Do nothing.

    PASS

    Specify password.

    PASV

    Prepare for server-to-server transfer.

    PBSZ

    Specify a protection buffer size.

    PROT

    Specify a protection level under which to protect data transfers. Allowed arguments:

    clear

    No protection.

    safe

    Integrity protection

    private

    Integrity and encryption protection

    PORT

    Specify data connection port.

    PWD

    Print the current working directory.

    QUIT

    Terminate session.

    REST

    Restart incomplete transfer.

    RETR

    Retrieve a file.

    RMD

    Remove a directory.

    RNFR

    Specify rename-from file name.

    RNTO

    Specify rename-to file name.

    SITE

    Use nonstandard commands.

    SIZE

    Return size of file.

    STAT

    Return status of server.

    STOR

    Store a file.

    STOU

    Store a file with a unique name.

    STRU

    Specify data transfer structure.

    SYST

    Show operating system type of server system.

    TYPE

    Specify data transfer type.

    USER

    Specify user name.

    XCUP

    Change to parent of current working directory. This request is deprecated.

    XCWD

    Change working directory. This request is deprecated.

    XMKD

    Make a directory. This request is deprecated.

    XPWD

    Print the current working directory. This request is deprecated.

    XRMD

    Remove a directory. This request is deprecated.

    The following nonstandard or UNIX specific commands are supported by the SITE request:

    ALIAS

    List aliases.

    CDPATH

    List the search path used when changing directories.

    CHECKMETHOD

    List or set the checksum method.

    CHECKSUM

    Give the checksum of a file.

    CHMOD

    Change mode of a file. For example, SITE CHMOD 755 filename.

    EXEC

    Execute a program. For example, SITE EXEC program params

    GPASS

    Give special group access password. For example, SITE GPASS bar.

    GROUP

    Request special group access. For example, SITE GROUP foo.

    GROUPS

    List supplementary group membership.

    HELP

    Give help information. For example, SITE HELP.

    IDLE

    Set idle-timer. For example, SITE IDLE 60.

    UMASK

    Change umask. For example, SITE UMASK 002.

    The remaining FTP requests specified in RFC 959 are recognized, but not implemented.

    The FTP server will abort an active file transfer only when the ABOR command is preceded by a Telnet "Interrupt Process" (IP) signal and a Telnet "Synch" signal in the command Telnet stream, as described in RFC 959. If a STAT command is received during a data transfer that has been preceded by a Telnet IP and Synch, transfer status will be returned.

    in.ftpd interprets file names according to the "globbing" conventions used by csh(1). This allows users to utilize the metacharacters: * ? [ ] { } ~

    in.ftpd authenticates users according to the following rules:

    First, the user name must be in the password data base, the location of which is specified in nsswitch.conf(4). An encrypted password (an authentication token in PAM) must be present. A password must always be provided by the client before any file operations can be performed. For non-anonymous users, the PAM framework is used to verify that the correct password was entered. See SECURITY below.

    Second, the user name must not appear in either the /etc/ftpusers or the /etc/ftpd/ftpusers file. Use of the /etc/ftpusers files is deprecated, although it is still supported.

    Third, the users must have a standard shell returned by getusershell(3C).

    Fourth, if the user name is anonymous or ftp, an anonymous ftp account must be present in the password file for user ftp. Use ftpconfig(1M) to create the anonymous ftp account and home directory tree.

    Fifth, if the GSS-API is used to authenticate the user, then gss_auth_rules(5) determines user access without a password needed.

    The FTP Server supports virtual hosting, which can be configured by using ftpaddhost(1M).

    The FTP Server does not support sublogins.  

    General FTP Extensions

    The FTP Server has certain extensions. If the user specifies a filename that does not exist with a RETR (retrieve) command, the FTP Server looks for a conversion to change a file or directory that does into the one requested. See ftpconversions(4).

    By convention, anonymous users supply their email address when prompted for a password. The FTP Server attempts to validate these email addresses. A user whose FTP client hangs on a long reply, for example, a multiline response, should use a dash (-) as the first character of the user's password, as this disables the Server's lreply() function.

    The FTP Server can also log all file transmission and reception. See xferlog(4) for details of the log file format.

    The SITE EXEC command may be used to execute commands in the /bin/ftp-exec directory. Take care that you understand the security implications before copying any command into the /bin/ftp-exec directory. For example, do not copy in /bin/sh. This would enable the user to execute other commands through the use of sh -c. If you have doubts about this feature, do not create the /bin/ftp-exec directory.  

    SECURITY

    For non-anonymous users, in.ftpd uses pam(3PAM) for authentication, account management, and session management, and can use Kerberos v5 for authentication.

    The PAM configuration policy, listed through /etc/pam.conf, specifies the module to be used for in.ftpd. Here is a partial pam.conf file with entries for the in.ftpd command using the UNIX authentication, account management, and session management module.

    ftp  auth        requisite   pam_authtok_get.so.1
    ftp  auth        required    pam_dhkeys.so.1
    ftp  auth        required    pam_unix_auth.so.1
    
    ftp  account     required    pam_unix_roles.so.1
    ftp  account     required    pam_unix_projects.so.1
    ftp  account     required    pam_unix_account.so.1
    
    ftp  session     required    pam_unix_session.so.1
    

    If there are no entries for the ftp service, then the entries for the "other" service will be used. Unlike login, passwd, and other commands, the ftp protocol will only support a single password. Using multiple modules will prevent in.ftpd from working properly.

    To use Kerberos for authentication, a host/<FQDN> Kerberos principal must exist for each Fully Qualified Domain Name associated with the in.ftpd server. Each of these host/<FQDN> principals must have a keytab entry in the /etc/krb5/krb5.keytab file on the in.ftpd server. An example principal might be:

    host/bigmachine.eng.example.com

    See kadmin(1M) or gkadmin(1M) for instructions on adding a principal to a krb5.keytab file. See for a discussion of Kerberos authentication.

    For anonymous users, who by convention supply their email address as a password, in.ftpd validates passwords according to the passwd-check capability in the ftpaccess file.  

    USAGE

    The in.ftpd command is IPv6-enabled. See ip6(7P).  

    FILES

    /etc/ftpd/ftpaccess

    FTP Server configuration file

    /etc/ftpd/ftpconversions

    FTP Server conversions database

    /etc/ftpd/ftpgroups

    FTP Server enhanced group access file

    /etc/ftpd/ftphosts

    FTP Server individual user host access file

    /etc/ftpd/ftpservers

    FTP Server virtual hosting configuration file.

    /etc/ftpd/ftpusers

    File listing users for whom FTP login privileges are disallowed.

    /etc/ftpusers

    File listing users for whom FTP login privileges are disallowed. This use of this file is deprecated.

    /var/log/xferlog

    FTP Server transfer log file

    /var/run/ftp.pids-classname


     

    /var/adm/wtmpx

    Extended database files that contain the history of user access and accounting information for the wtmpx database.

     

    ATTRIBUTES

    See attributes(5) for descriptions of the following attributes:

    ATTRIBUTE TYPEATTRIBUTE VALUE

    AvailabilitySUNWftpu

    Interface Stability

     

    SEE ALSO

    csh(1), ftp(1), ftpcount(1), ftpwho(1), ls(1), svcs(1), ftpaddhost(1M), ftpconfig(1M), ftprestart(1M), ftpshut(1M), gkadmin(1M), inetadm(1M), inetd(1M), kadmin(1M), svcadm(1M), syslogd(1M), chroot(2), umask(2), getpwent(3C), getusershell(3C), syslog(3C), ftpaccess(4), ftpconversions(4), ftpgroups(4), ftphosts(4), ftpservers(4), ftpusers(4), group(4), passwd(4), services(4), xferlog(4), wtmpx(4), attributes(5), gss_auth_rules(5), pam_authtok_check(5), pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5), pam_unix_session(5), smf(5), ip6(7P)

    Allman, M., Ostermann, S., and Metz, C. RFC 2428, FTP Extensions for IPv6 and NATs. The Internet Society. September 1998.

    Piscitello, D. RFC 1639, FTP Operation Over Big Address Records (FOOBAR). Network Working Group. June 1994.

    Postel, Jon, and Joyce Reynolds. RFC 959, File Transfer Protocol (FTP ). Network Information Center. October 1985.

    St. Johns, Mike. RFC 931, Authentication Server. Network Working Group. January 1985.

    Linn, J., Generic Security Service Application Program Interface Version 2, Update 1, RFC 2743. The Internet Society, January 2000.

    Horowitz, M., Lunt, S., FTP Security Extensions, RFC 2228. The Internet Society, October 1997.  

    DIAGNOSTICS

    in.ftpd logs various errors to syslogd(1M), with a facility code of daemon.  

    NOTES

    The anonymous FTP account is inherently dangerous and should be avoided when possible.

    The FTP Server must perform certain tasks as the superuser, for example, the creation of sockets with privileged port numbers. It maintains an effective user ID of the logged in user, reverting to the superuser only when necessary.

    The FTP Server no longer supports the /etc/default/ftpd file. Instead of using UMASK=nnn to set the umask, use the defumask capability in the ftpaccess file. The banner greeting text capability is also now set through the ftpaccess file by using the greeting text capability instead of by using BANNER="...". However, unlike the BANNER string, the greeting text string is not passed to the shell for evaluation. See ftpaccess(4).

    The pam_unix(5) module is no longer supported. Similar functionality is provided by pam_authtok_check(5), pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5), and pam_unix_session(5).

    The in.ftpd service is managed by the service management facility, smf(5), under the service identifier:

    svc:/network/ftp
    

    Administrative actions on this service, such as enabling, disabling, or requesting restart, can be performed using svcadm(1M). Responsibility for initiating and restarting this service is delegated to inetd(1M). Use inetadm(1M) to make configuration changes and to view configuration information for this service. The service's status can be queried using the svcs(1) command.


     

    Index

    NAME
    SYNOPSIS
    DESCRIPTION
    OPTIONS
    Requests
    General FTP Extensions
    SECURITY
    USAGE
    FILES
    ATTRIBUTES
    SEE ALSO
    DIAGNOSTICS
    NOTES


    Поиск по тексту MAN-ов: 




    Партнёры:
    PostgresPro
    Inferno Solutions
    Hosting by Hoster.ru
    Хостинг:

    Закладки на сайте
    Проследить за страницей
    Created 1996-2024 by Maxim Chirkov
    Добавить, Поддержать, Вебмастеру