ftpd

DARPA internet file transfer protocol daemon

Syntax:

ftpd [-bdkl] [-f timeout] [-T maxtimeout] [-t timeout]

Options:

-b
Allow the client to specify a remote IP address in the PORT command.
-d
Write debugging info to the system log.
-f timeout
Specify a timeout for local file operations in minutes (default and maximum are 120 minutes, 0 specifies no timeout). If ftpd becomes blocked while reading or writing to a file, it times out and ends the operation with an error.
-k
Disable the keepalive option on the data connection. By default, keepalive is on and messages are sent out on the data connection at least every two hours. If the client fails to respond, the connection is considered broken and is closed. This option disables the messages.
-l
Log each ftp session in the system log.
-T maxtimeout
Set the maximum timeout period allowed to the specified number of seconds (default limit is 7200 seconds, i.e. 2 hours). You should find this option useful since a client may also request a timeout period other than the one specified by the -t option.
-t timeout
Set the inactivity timeout period to the specified number of seconds (default is 900 seconds, i.e. 15 minutes).

Description:

The ftpd daemon is a DARPA Internet File Transfer Protocol server. It uses the TCP protocol and listens at the port specified in the FTP entry of the services file.

Supported ftp requests

The ftpd daemon currently supports the following ftp requests; case isn't distinguished.

Request Description
ABOR Abort previous command
ALLO Allocate storage
APPE Append to a file
CDUP Change to parent of current working directory
CWD Change working directory
DELE Delete a file
HELP Give help information
LIST List files in a directory (ls -l)
MKD Make a directory
MDTM Show last modification time of file
MODE Specify data transfer mode
NLST Give name list of files in directory
NOOP Do nothing
PASS Specify password
PASV Prepare for server-to-server transfer
PORT Specify data connection port
PWD Print the current working directory
QUIT Terminate a session
REST Restart incomplete transfer
RETR Retrieve a file
RMD Remove a directory
RNFR Specify rename-from filename
RNTO Specify rename-to filename
SITE Nonstandard commands (see next section)
SIZE Return size of file
STAT Return status of server
STOR Store a file
STOU Store a file with a unique name
STRU Specify data transfer structure
SYST Show operating system type of server system
TYPE Specify data transfer type
USER Specify username
XCUP Change to parent of current working directory (deprecated)
XCWD Change working directory (deprecated)
XMKD Make a directory (deprecated)
XPWD Print the current working directory (deprecated)
XRMD Remove a directory (deprecated)

Nonstandard commands

The following nonstandard or UNIX-specific commands are supported by the SITE request.

Request Description
UMASK Change umask (e.g. SITE UMASK 002)
IDLE Set idle-timer (e.g. SITE IDLE 60)
CHMOD Change mode of a file (e.g. SITE CHMOD 755 filename)
HELP Give help information (e.g. SITE HELP)

ABOR command

The ftp daemon will abort an active file transfer only when the ABOR command is preceded by a Telnet ``Interrupt Process'' (IP) signal and by a Telnet ``Synch'' signal in the command Telnet stream, as described in Internet RFC 959. If a STAT command is received during a data transfer, preceded by a Telnet IP and Synch, transfer status will be returned.

Metacharacters

Because the ftpd daemon interprets filenames according to the globbing conventions used by sh, users can employ these metacharacters:

*
?
[
]
{
}
~

User authorization

The ftpd daemon authenticates users according to these rules:

  1. The username must be in the password database /etc/passwd and must not have a null password. The client must provide a password before any file operations may be performed.
  2. The username must not appear in the file /etc/ftpusers, which contains a list of users who aren't allowed to use of ftp. One username is listed per line. If this file is missing, anyone on the local system may access ftp.
  3. The user must have a standard shell (i.e. one listed in /etc/shells).
  4. If the username is anonymous or ftp, an anonymous ftp account must be present in the password file (user ftp). In this case, the user can log in by giving any password (by convention, users give the name of the client host).

In the last case, it's recommended that the ftp subtree be constructed with care; the following rules are recommended:

~ftp
Make the home directory owned by ftp and unwritable by anyone.
~ftp/bin
Make this directory owned by the superuser and unwritable by anyone. The ls utility, which must be present to support the LIST command, should have mode 111.
~ftp/etc
Make this directory owned by the superuser and unwritable by anyone. The files passwd and group must be present for the ls command to be able to produce owner names rather than numbers. The password field in passwd isn't used and shouldn't contain real encrypted passwords. The passwd and group files should be mode 444.
~ftp/pub
Make this directory mode 777 and owned by ftp. If any files are to be accessed via the anonymous account, the user should place them in this directory.

Anonymous ftp will fix the root (chroot()) of the user to ~ftp, which will prevent the user from using files on other QNX nodes. This implies that ~ftp must resolve to the current node.

Caveats:

To restrict outbound network access to the QNX network, you can specify the -L option to Proc (see QNX OS Utilities Reference).

The server must run as the superuser to create sockets with privileged port numbers. It maintains an effective user ID of the logged-in user, reverting to the superuser only when binding addresses to sockets. The possible security holes have been extensively scrutinized, but are possibly incomplete.

See also:

ftp, tftpd

RFC 959, RFC 1123