Provided by: heimdal-servers_1.6~git20120311.dfsg.1-2_amd64 bug


     ftpd — Internet File Transfer Protocol server


     ftpd [-a authmode] [-dilvU] [-g umask] [-p port] [-T maxtimeout] [-t timeout]
          [--gss-bindings] [-I | --no-insecure-oob] [-u default umask] [-B | --builtin-ls]


     Ftpd is the Internet File Transfer Protocol server process.  The server uses the TCP
     protocol and listens at the port specified in the “ftp” service specification; see

     Available options:

     -a      Select the level of authentication required.  Kerberised login can not be turned
             off. The default is to only allow kerberised login.  Other possibilities can be
             turned on by giving a string of comma separated flags as argument to -a.  Recognised
             flags are:

             plain  Allow logging in with plaintext password. The password can be a(n) OTP or an
                    ordinary password.

             otp    Same as plain, but only OTP is allowed.

             ftp    Allow anonymous login.

             The following combination modes exists for backwards compatibility:

             none   Same as plain,ftp.

             safe   Same as ftp.

             user   Ignored.

     -d      Debugging information is written to the syslog using LOG_FTP.

     -g      Anonymous users will get a umask of umask.

             require the peer to use GSS-API bindings (ie make sure IP addresses match).

     -i      Open a socket and wait for a connection. This is mainly used for debugging when ftpd
             isn't started by inetd.

     -l      Each successful and failed ftp(1) session is logged using syslog with a facility of
             LOG_FTP.  If this option is specified twice, the retrieve (get), store (put),
             append, delete, make directory, remove directory and rename operations and their
             filename arguments are also logged.

     -p      Use port (a service name or number) instead of the default ftp/tcp.

     -T      A client may also request a different timeout period; the maximum period allowed may
             be set to timeout seconds with the -T option.  The default limit is 2 hours.

     -t      The inactivity timeout period is set to timeout seconds (the default is 15 minutes).

     -u      Set the initial umask to something else than the default 027.

     -U      In previous versions of ftpd, when a passive mode client requested a data connection
             to the server, the server would use data ports in the range 1024..4999.  Now, by
             default, if the system supports the IP_PORTRANGE socket option, the server will use
             data ports in the range 49152..65535.  Specifying this option will revert to the old

     -v      Verbose mode.

     -B, --builtin-ls
             use built-in ls to list files

             allowed anonymous upload filename chars

     -I --no-insecure-oob
             don't allow insecure out of band.  Heimdal ftp clients before 0.6.3 doesn't support
             secure oob, so turning on this option makes them no longer work.

     The file /etc/nologin can be used to disable ftp access.  If the file exists, ftpd displays
     it and exits.  If the file /etc/ftpwelcome exists, ftpd prints it before issuing the “ready”
     message.  If the file /etc/motd exists, ftpd prints it after a successful login.

     The ftp server currently supports the following ftp requests.  The case of the requests is

           Request    Description
           ABOR       abort previous command
           ACCT       specify account (ignored)
           ALLO       allocate storage (vacuously)
           APPE       append to a file
           CDUP       change to parent of current working directory
           CWD        change working directory
           DELE       delete a file
           HELP       give help information
           LIST       give list files in a directory (“ls -lgA”)
           MKD        make a directory
           MDTM       show last modification time of file
           MODE       specify data transfer mode
           NLST       give name list of files in directory
           NOOP       do nothing
           PASS       specify password
           PASV       prepare for server-to-server transfer
           PORT       specify data connection port
           PWD        print the current working directory
           QUIT       terminate session
           REST       restart incomplete transfer
           RETR       retrieve a file
           RMD        remove a directory
           RNFR       specify rename-from file name
           RNTO       specify rename-to file name
           SITE       non-standard commands (see next section)
           SIZE       return size of file
           STAT       return status of server
           STOR       store a file
           STOU       store a file with a unique name
           STRU       specify data transfer structure
           SYST       show operating system type of server system
           TYPE       specify data transfer type
           USER       specify user name
           XCUP       change to parent of current working directory (deprecated)
           XCWD       change working directory (deprecated)
           XMKD       make a directory (deprecated)
           XPWD       print the current working directory (deprecated)
           XRMD       remove a directory (deprecated)

     The following commands are specified by RFC2228.

           AUTH       authentication/security mechanism
           ADAT       authentication/security data
           PROT       data channel protection level
           PBSZ       protection buffer size
           MIC        integrity protected command
           CONF       confidentiality protected command
           ENC        privacy protected command
           CCC        clear command channel

     The following non-standard or UNIX specific commands are supported by the SITE request.

           UMASK      change umask, (e.g. SITE UMASK 002)
           IDLE       set idle-timer, (e.g. SITE IDLE 60)
           CHMOD      change mode of a file (e.g. SITE CHMOD 755 filename)
           FIND       quickly find a specific file with GNU locate(1).
           HELP       give help information.

     The following Kerberos related site commands are understood.

           KAUTH      obtain remote tickets.
           KLIST      show remote tickets

     The remaining ftp requests specified in Internet RFC 959 are recognized, but not
     implemented.  MDTM and SIZE are not specified in RFC 959, but will appear in the next
     updated FTP RFC.

     The ftp server will abort an active file transfer only when the ABOR command is preceded by
     a Telnet "Interrupt Process" (IP) signal and a Telnet "Synch" signal in the command Telnet
     stream, as described in Internet RFC 959.  If a STAT command is received during a data
     transfer, preceded by a Telnet IP and Synch, transfer status will be returned.

     Ftpd interprets file names according to the “globbing” conventions used by csh(1).  This
     allows users to use the metacharacters “*?[]{}~”.

     Ftpd authenticates users according to these rules.

           1.   If Kerberos authentication is used, the user must pass valid tickets and the
                principal must be allowed to login as the remote user.

           2.   The login name must be in the password data base, and not have a null password
                (if Kerberos is used the password field is not checked).  In this case a password
                must be provided by the client before any file operations may be performed.  If
                the user has an OTP key, the response from a successful USER command will include
                an OTP challenge. The client may choose to respond with a PASS command giving
                either a standard password or an OTP one-time password. The server will
                automatically determine which type of password it has been given and attempt to
                authenticate accordingly. See otp(1) for more information on OTP authentication.

           3.   The login name must not appear in the file /etc/ftpusers.

           4.   The user must have a standard shell returned by getusershell(3).

           5.   If the user name appears in the file /etc/ftpchroot the session's root will be
                changed to the user's login directory by chroot(2) as for an “anonymous” or “ftp”
                account (see next item).  However, the user must still supply a password.  This
                feature is intended as a compromise between a fully anonymous account and a fully
                privileged account.  The account should also be set up as for an anonymous

           6.   If the user name is “anonymous” or “ftp”, an anonymous ftp account must be
                present in the password file (user “ftp”).  In this case the user is allowed to
                log in by specifying any password (by convention an email address for the user
                should be used as the password).

     In the last case, ftpd takes special measures to restrict the client's access privileges.
     The server performs a chroot(2) to the home directory of the “ftp” user.  In order that
     system security is not breached, it is recommended that the “ftp” subtree be constructed
     with care, consider following these guidelines for anonymous ftp.

     In general all files should be owned by “root”, and have non-write permissions (644 or 755
     depending on the kind of file). No files should be owned or writable by “ftp” (possibly with
     exception for the ~ftp/incoming, as specified below).

           ~ftp      The “ftp” homedirectory should be owned by root.

           ~ftp/bin  The directory for external programs (such as ls(1)).  These programs must
                     either be statically linked, or you must setup an environment for dynamic
                     linking when running chrooted.  These programs will be used if present:

                           ls      Used when listing files.

                                   When retrieving a filename that ends in .Z, and that file
                                   isn't present, ftpd will try to find the filename without .Z
                                   and compress it on the fly.

                           gzip    Same as compress, just with files ending in .gz.

                           gtar    Enables retrieval of whole directories as files ending in
                                   .tar.  Can also be combined with compression. You must use GNU
                                   Tar (or some other that supports the -z and -Z flags).

                           locate  Will enable ``fast find'' with the SITE FIND command. You must
                                   also create a locatedb file in ~ftp/etc.

           ~ftp/etc  If you put copies of the passwd(5) and group(5) files here, ls will be able
                     to produce owner names rather than numbers. Remember to remove any passwords
                     from these files.

                     The file motd, if present, will be printed after a successful login.

           ~ftp/dev  Put a copy of /dev/null(7) here.

           ~ftp/pub  Traditional place to put whatever you want to make public.

     If you want guests to be able to upload files, create a ~ftp/incoming directory owned by
     “root”, and group “ftp” with mode 730 (make sure “ftp” is member of group “ftp”).  The
     following restrictions apply to anonymous users:

     ·   Directories created will have mode 700.

     ·   Uploaded files will be created with an umask of 777, if not changed with the -g option.

     ·   These command are not accessible: DELE, RMD, RNTO, RNFR, SITE UMASK, and SITE CHMOD.

     ·   Filenames must start with an alpha-numeric character, and consist of alpha-numeric
         characters or any of the following: + (plus), - (minus), = (equal), _ (underscore), .
         (period), and , (comma).


     /etc/ftpusers    Access list for users.
     /etc/ftpchroot   List of normal users who should be chroot'd.
     /etc/ftpwelcome  Welcome notice.
     /etc/motd        Welcome notice after login.
     /etc/nologin     Displayed and access refused.
     ~/.klogin        Login access for Kerberos.


     ftp(1), otp(1), getusershell(3), ftpusers(5), syslogd(8)


     RFC 1938  OTP Specification
     RFC 2228  FTP Security Extensions.


     The server must run as the super-user to create sockets with privileged port numbers.  It
     maintains an effective user id of the logged in user, reverting to the super-user only when
     binding addresses to sockets.  The possible security holes have been extensively
     scrutinized, but are possibly incomplete.


     The ftpd command appeared in 4.2BSD.