`ftpd`

DARPA internet file transfer protocol daemon

Syntax:

ftpd [-bdkl] [-f timeout] [-T maxtimeout] [-t timeout]

Options:

-b: Allow the client to specify a remote IP address in the PORT command.
-d: Write debugging info to the system log.
-f timeout: Specify a timeout for local file operations in minutes (default and maximum are 120 minutes, 0 specifies no timeout). If ftpd becomes blocked while reading or writing to a file, it times out and ends the operation with an error.
-k: Disable the keepalive option on the data connection. By default, keepalive is on and messages are sent out on the data connection at least every two hours. If the client fails to respond, the connection is considered broken and is closed. This option disables the messages.
-l: Log each ftp session in the system log.
-T maxtimeout: Set the maximum timeout period allowed to the specified number of seconds (default limit is 7200 seconds, i.e. 2 hours). You should find this option useful since a client may also request a timeout period other than the one specified by the -t option.
-t timeout: Set the inactivity timeout period to the specified number of seconds (default is 900 seconds, i.e. 15 minutes).

Description:

The ftpd daemon is a DARPA Internet File Transfer Protocol server. It uses the TCP protocol and listens at the port specified in the FTP entry of the services file.

Supported `ftp` requests

The ftpd daemon currently supports the following ftp requests; case isn't distinguished.

Request	Description
`ABOR`	Abort previous command
`ALLO`	Allocate storage
`APPE`	Append to a file
`CDUP`	Change to parent of current working directory
`CWD`	Change working directory
`DELE`	Delete a file
`HELP`	Give help information
`LIST`	List files in a directory (`ls -l`)
`MKD`	Make a directory
`MDTM`	Show last modification time of file
`MODE`	Specify data transfer mode
`NLST`	Give name list of files in directory
`NOOP`	Do nothing
`PASS`	Specify password
`PASV`	Prepare for server-to-server transfer
`PORT`	Specify data connection port
`PWD`	Print the current working directory
`QUIT`	Terminate a session
`REST`	Restart incomplete transfer
`RETR`	Retrieve a file
`RMD`	Remove a directory
`RNFR`	Specify rename-from filename
`RNTO`	Specify rename-to filename
`SITE`	Nonstandard commands (see next section)
`SIZE`	Return size of file
`STAT`	Return status of server
`STOR`	Store a file
`STOU`	Store a file with a unique name
`STRU`	Specify data transfer structure
`SYST`	Show operating system type of server system
`TYPE`	Specify data transfer type
`USER`	Specify username
`XCUP`	Change to parent of current working directory (deprecated)
`XCWD`	Change working directory (deprecated)
`XMKD`	Make a directory (deprecated)
`XPWD`	Print the current working directory (deprecated)
`XRMD`	Remove a directory (deprecated)

Nonstandard commands

The following nonstandard or UNIX-specific commands are supported by the SITE request.

Request	Description
`UMASK`	Change umask (e.g. `SITE UMASK 002`)
`IDLE`	Set idle-timer (e.g. `SITE IDLE 60`)
`CHMOD`	Change mode of a file (e.g. `SITE CHMOD 755` filename)
`HELP`	Give help information (e.g. `SITE HELP`)

The ftp daemon will abort an active file transfer only when the ABOR command is preceded by a Telnet ``Interrupt Process'' (IP) signal and by a Telnet ``Synch'' signal in the command Telnet stream, as described in Internet RFC 959. If a STAT command is received during a data transfer, preceded by a Telnet IP and Synch, transfer status will be returned.

Metacharacters

Because the ftpd daemon interprets filenames according to the globbing conventions used by sh, users can employ these metacharacters:

*
?
[
]
{
}
~

User authorization

The ftpd daemon authenticates users according to these rules:

The username must be in the password database /etc/passwd and must not have a null password. The client must provide a password before any file operations may be performed.
The username must not appear in the file /etc/ftpusers, which contains a list of users who aren't allowed to use of ftp. One username is listed per line. If this file is missing, anyone on the local system may access ftp.
The user must have a standard shell (i.e. one listed in /etc/shells).
If the username is anonymous or ftp, an anonymous ftp account must be present in the password file (user ftp). In this case, the user can log in by giving any password (by convention, users give the name of the client host).

In the last case, it's recommended that the ftp subtree be constructed with care; the following rules are recommended:

~ftp: Make the home directory owned by ftp and unwritable by anyone.
~ftp/bin: Make this directory owned by the superuser and unwritable by anyone. The ls utility, which must be present to support the LIST command, should have mode 111.
~ftp/etc: Make this directory owned by the superuser and unwritable by anyone. The files passwd and group must be present for the ls command to be able to produce owner names rather than numbers. The password field in passwd isn't used and shouldn't contain real encrypted passwords. The passwd and group files should be mode 444.
~ftp/pub: Make this directory mode 777 and owned by ftp. If any files are to be accessed via the anonymous account, the user should place them in this directory.

Anonymous ftp will fix the root (chroot()) of the user to ~ftp, which will prevent the user from using files on other QNX nodes. This implies that ~ftp must resolve to the current node.

Caveats:

To restrict outbound network access to the QNX network, you can specify the -L option to Proc (see QNX OS Utilities Reference).

The server must run as the superuser to create sockets with privileged port numbers. It maintains an effective user ID of the logged-in user, reverting to the superuser only when binding addresses to sockets. The possible security holes have been extensively scrutinized, but are possibly incomplete.