'\" te .\" Copyright (C) 2004, Sun Microsystems, Inc. All Rights Reserved .\" Copyright 1989 AT&T .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] .TH IN.FTPD 1M "Nov 10, 2005" .SH NAME in.ftpd, ftpd \- File Transfer Protocol Server .SH SYNOPSIS .LP .nf \fBin.ftpd\fR [\fB-4\fR] [\fB-A\fR] [\fB-a\fR] [\fB-C\fR] [\fB-d\fR] [\fB-I\fR] [\fB-i\fR] [\fB-K\fR] [\fB-L\fR] [\fB-l\fR] [\fB-o\fR] [\fB-P\fR \fIdataport\fR] [\fB-p\fR \fIctrlport\fR] [\fB-Q\fR] [\fB-q\fR] [\fB-r\fR \fIrootdir\fR] [\fB-S\fR] [\fB-s\fR] [\fB-T\fR \fImaxtimeout\fR] [\fB-t\fR \fItimeout\fR] [\fB-u\fR \fIumask\fR] [\fB-V\fR] [\fB-v\fR] [\fB-W\fR] [\fB-w\fR] [\fB-X\fR] .fi .SH DESCRIPTION .sp .LP \fBin.ftpd\fR is the Internet File Transfer Protocol (FTP) server process. The server may be invoked by the Internet daemon \fBinetd\fR(1M) each time a connection to the FTP service is made or run as a standalone server. See \fBservices\fR(4). .SH OPTIONS .sp .LP \fBin.ftpd\fR supports the following options: .sp .ne 2 .na \fB\fB-4\fR\fR .ad .RS 17n When running in standalone mode, listen for connections on an \fBAF_INET\fR type socket. The default is to listen on an \fBAF_INET6\fR type socket. .RE .sp .ne 2 .na \fB\fB-a\fR\fR .ad .RS 17n Enables use of the \fBftpaccess\fR(4) file. .RE .sp .ne 2 .na \fB\fB-A\fR\fR .ad .RS 17n Disables use of the \fBftpaccess\fR(4) file. Use of \fBftpaccess\fR is disabled by default. .RE .sp .ne 2 .na \fB\fB-C\fR\fR .ad .RS 17n Non-anonymous users need local credentials (for example, to authenticate to remote fileservers). So they should be prompted for a password unless they forwarded credentials as part of authentication. .RE .sp .ne 2 .na \fB\fB-d\fR\fR .ad .RS 17n Writes debugging information to \fBsyslogd\fR(1M). .RE .sp .ne 2 .na \fB\fB-i\fR\fR .ad .RS 17n Logs the names of all files received by the \fBFTP\fR Server to \fBxferlog\fR(4). You can override the \fB-i\fR option through use of the \fBftpaccess\fR(4) file. .RE .sp .ne 2 .na \fB\fB-I\fR\fR .ad .RS 17n Disables the use of \fBAUTH\fR and \fBident\fR to determine the username on the client. See \fIRFC 931\fR. The \fBFTP\fR Server is built not to use \fBAUTH\fR and \fBident\fR. .RE .sp .ne 2 .na \fB\fB-K\fR\fR .ad .RS 17n Connections are only allowed for users who can authenticate through the \fBftp\fR \fBAUTH\fR mechanism. (Anonymous \fBftp\fR may also be allowed if it is configured.) \fBftpd\fR will ask the user for a password if one is required. .RE .sp .ne 2 .na \fB\fB-l\fR\fR .ad .RS 17n Logs each \fBFTP\fR session to \fBsyslogd\fR(1M). .RE .sp .ne 2 .na \fB\fB-L\fR\fR .ad .RS 17n Logs all commands sent to \fBin.ftpd\fR to \fBsyslogd\fR(1M). When the \fB-L\fR option is used, command logging will be on by default, once the FTP Server is invoked. Because the \fBFTP\fR Server includes \fBUSER\fR commands in those logged, if a user accidentally enters a password instead of the username, the password will be logged. You can override the \fB-L\fR option through use of the \fBftpaccess\fR(4) file. .RE .sp .ne 2 .na \fB\fB-o\fR\fR .ad .RS 17n Logs the names of all files transmitted by the FTP Server to \fBxferlog\fR(4). You can override the \fB-o\fR option through use of the \fBftpaccess\fR(4) file. .RE .sp .ne 2 .na \fB\fB-P\fR \fIdataport\fR\fR .ad .RS 17n The FTP Server determines the port number by looking in the \fBservices\fR(4) file for an entry for the \fBftp-data\fR service. If there is no entry, the daemon uses the port just prior to the control connection port. Use the \fB-P\fR option to specify the data port number. .RE .sp .ne 2 .na \fB\fB-p\fR \fIctrlport\fR\fR .ad .RS 17n When run in standalone mode, the \fBFTP\fR Server determines the control port number by looking in the \fBservices\fR(4) file for an entry for the \fBftp\fR service. Use the \fB-p\fR option to specify the control port number. .RE .sp .ne 2 .na \fB\fB-Q\fR\fR .ad .RS 17n Disables \fBPID\fR files. This disables user limits. Large, busy sites that do not want to impose limits on the number of concurrent users can use this option to disable \fBPID\fR files. .RE .sp .ne 2 .na \fB\fB-q\fR\fR .ad .RS 17n Uses \fBPID\fR files. The \fBlimit\fR directive uses \fBPID\fR files to determine the number of current users in each access class. By default, \fBPID\fR files are used. .RE .sp .ne 2 .na \fB\fB-r\fR \fIrootdir\fR\fR .ad .RS 17n \fBchroot\fR(2) to \fIrootdir\fR upon loading. Use this option to improve system security. It limits the files that can be damaged should a break in occur through the daemon. This option is similar to anonymous \fBFTP\fR. Additional files are needed, which vary from system to system. .RE .sp .ne 2 .na \fB\fB-S\fR\fR .ad .RS 17n Places the daemon in standalone operation mode. The daemon runs in the background. This is useful for startup scripts that run during system initialization. See \fBinit.d\fR(4). .RE .sp .ne 2 .na \fB\fB-s\fR\fR .ad .RS 17n Places the daemon in standalone operation mode. The daemon runs in the foreground. This is useful when run from \fB/etc/inittab\fR by \fBinit\fR(1M). .RE .sp .ne 2 .na \fB\fB-T\fR \fImaxtimeout\fR\fR .ad .RS 17n Sets the maximum allowable timeout period to \fImaxtimeout\fR seconds. The default maximum timeout limit is 7200 second (two hours). You can override the \fB-T\fR option through use of the \fBftpaccess\fR(4) file. .RE .sp .ne 2 .na \fB\fB-t\fR \fItimeout\fR\fR .ad .RS 17n Sets the inactivity timeout period to \fItimeout\fR seconds. The default timeout period is 900 seconds (15 minutes). You can override the \fB-t\fR option through use of the \fBftpaccess\fR(4) file. .RE .sp .ne 2 .na \fB\fB-u\fR \fIumask\fR\fR .ad .RS 17n Sets the default \fBumask\fR to \fIumask\fR. .RE .sp .ne 2 .na \fB\fB-V\fR\fR .ad .RS 17n Displays copyright and version information, then terminate. .RE .sp .ne 2 .na \fB\fB-v\fR\fR .ad .RS 17n Writes debugging information to \fBsyslogd\fR(1M). .RE .sp .ne 2 .na \fB\fB-W\fR\fR .ad .RS 17n Does not record user \fBlogin\fR and \fBlogout\fR in the \fBwtmpx\fR(4) file. .RE .sp .ne 2 .na \fB\fB-w\fR\fR .ad .RS 17n Records each user \fBlogin\fR and \fBlogout\fR in the \fBwtmpx\fR(4) file. By default, logins and logouts are recorded. .RE .sp .ne 2 .na \fB\fB-X\fR\fR .ad .RS 17n Writes the output from the \fB-i\fR and \fB-o\fR options to the \fBsyslogd\fR(1M) file instead of \fBxferlog\fR(4). This allows the collection of output from several hosts on one central loghost. You can override the \fB-X\fR option through use of the \fBftpaccess\fR(4) file. .RE .SS "Requests" .sp .LP The FTP Server currently supports the following \fBFTP\fR requests. Case is not distinguished. .sp .ne 2 .na \fB\fBABOR\fR\fR .ad .RS 8n Abort previous command. .RE .sp .ne 2 .na \fB\fBADAT\fR\fR .ad .RS 8n Send an authentication protocol message. .RE .sp .ne 2 .na \fB\fBALLO\fR\fR .ad .RS 8n Allocate storage (vacuously). .RE .sp .ne 2 .na \fB\fBAUTH\fR\fR .ad .RS 8n Specify an authentication protocol to be performed. Currently only "\fBGSSAPI\fR" is supported. .RE .sp .ne 2 .na \fB\fBAPPE\fR\fR .ad .RS 8n Append to a file. .RE .sp .ne 2 .na \fB\fBCCC\fR\fR .ad .RS 8n Set the command channel protection mode to "\fBClear\fR" (no protection). Not allowed if data channel is protected. .RE .sp .ne 2 .na \fB\fBCDUP\fR\fR .ad .RS 8n Change to parent of current working directory. .RE .sp .ne 2 .na \fB\fBCWD\fR\fR .ad .RS 8n Change working directory. .RE .sp .ne 2 .na \fB\fBDELE\fR\fR .ad .RS 8n Delete a file. .RE .sp .ne 2 .na \fB\fBENC\fR\fR .ad .RS 8n Send a privacy and integrity protected command (given in argument). .RE .sp .ne 2 .na \fB\fBEPRT\fR\fR .ad .RS 8n Specify extended address for the transport connection. .RE .sp .ne 2 .na \fB\fBEPSV\fR\fR .ad .RS 8n Extended passive command request. .RE .sp .ne 2 .na \fB\fBHELP\fR\fR .ad .RS 8n Give help information. .RE .sp .ne 2 .na \fB\fBLIST\fR\fR .ad .RS 8n Give list files in a directory (\fBls\fR \fB-lA\fR). .RE .sp .ne 2 .na \fB\fBLPRT\fR\fR .ad .RS 8n Specify long address for the transport connection. .RE .sp .ne 2 .na \fB\fBLPSV\fR\fR .ad .RS 8n Long passive command request. .RE .sp .ne 2 .na \fB\fBMIC\fR\fR .ad .RS 8n Send an integrity protected command (given in argument). .RE .sp .ne 2 .na \fB\fBMKD\fR\fR .ad .RS 8n Make a directory. .RE .sp .ne 2 .na \fB\fBMDTM\fR\fR .ad .RS 8n Show last time file modified. .RE .sp .ne 2 .na \fB\fBMODE\fR\fR .ad .RS 8n Specify data transfer \fImode\fR. .RE .sp .ne 2 .na \fB\fBNLST\fR\fR .ad .RS 8n Give name list of files in directory (\fBls\fR). .RE .sp .ne 2 .na \fB\fBNOOP\fR\fR .ad .RS 8n Do nothing. .RE .sp .ne 2 .na \fB\fBPASS\fR\fR .ad .RS 8n Specify password. .RE .sp .ne 2 .na \fB\fBPASV\fR\fR .ad .RS 8n Prepare for server-to-server transfer. .RE .sp .ne 2 .na \fB\fBPBSZ\fR\fR .ad .RS 8n Specify a protection buffer size. .RE .sp .ne 2 .na \fB\fBPROT\fR\fR .ad .RS 8n Specify a protection level under which to protect data transfers. Allowed arguments: .sp .ne 2 .na \fB\fBclear\fR\fR .ad .RS 11n No protection. .RE .sp .ne 2 .na \fB\fBsafe\fR\fR .ad .RS 11n Integrity protection .RE .sp .ne 2 .na \fB\fBprivate\fR\fR .ad .RS 11n Integrity and encryption protection .RE .RE .sp .ne 2 .na \fB\fBPORT\fR\fR .ad .RS 8n Specify data connection port. .RE .sp .ne 2 .na \fB\fBPWD\fR\fR .ad .RS 8n Print the current working directory. .RE .sp .ne 2 .na \fB\fBQUIT\fR\fR .ad .RS 8n Terminate session. .RE .sp .ne 2 .na \fB\fBREST\fR\fR .ad .RS 8n Restart incomplete transfer. .RE .sp .ne 2 .na \fB\fBRETR\fR\fR .ad .RS 8n Retrieve a file. .RE .sp .ne 2 .na \fB\fBRMD\fR\fR .ad .RS 8n Remove a directory. .RE .sp .ne 2 .na \fB\fBRNFR\fR\fR .ad .RS 8n Specify rename-from file name. .RE .sp .ne 2 .na \fB\fBRNTO\fR\fR .ad .RS 8n Specify rename-to file name. .RE .sp .ne 2 .na \fB\fBSITE\fR\fR .ad .RS 8n Use nonstandard commands. .RE .sp .ne 2 .na \fB\fBSIZE\fR\fR .ad .RS 8n Return size of file. .RE .sp .ne 2 .na \fB\fBSTAT\fR\fR .ad .RS 8n Return status of server. .RE .sp .ne 2 .na \fB\fBSTOR\fR\fR .ad .RS 8n Store a file. .RE .sp .ne 2 .na \fB\fBSTOU\fR\fR .ad .RS 8n Store a file with a unique name. .RE .sp .ne 2 .na \fB\fBSTRU\fR\fR .ad .RS 8n Specify data transfer \fIstructure\fR. .RE .sp .ne 2 .na \fB\fBSYST\fR\fR .ad .RS 8n Show operating system type of server system. .RE .sp .ne 2 .na \fB\fBTYPE\fR\fR .ad .RS 8n Specify data transfer \fBtype\fR. .RE .sp .ne 2 .na \fB\fBUSER\fR\fR .ad .RS 8n Specify user name. .RE .sp .ne 2 .na \fB\fBXCUP\fR\fR .ad .RS 8n Change to parent of current working directory. This request is deprecated. .RE .sp .ne 2 .na \fB\fBXCWD\fR\fR .ad .RS 8n Change working directory. This request is deprecated. .RE .sp .ne 2 .na \fB\fBXMKD\fR\fR .ad .RS 8n Make a directory. This request is deprecated. .RE .sp .ne 2 .na \fB\fBXPWD\fR\fR .ad .RS 8n Print the current working directory. This request is deprecated. .RE .sp .ne 2 .na \fB\fBXRMD\fR\fR .ad .RS 8n Remove a directory. This request is deprecated. .RE .sp .LP The following nonstandard or UNIX specific commands are supported by the \fBSITE\fR request: .sp .ne 2 .na \fB\fBALIAS\fR\fR .ad .RS 15n List aliases. .RE .sp .ne 2 .na \fB\fBCDPATH\fR\fR .ad .RS 15n List the search path used when changing directories. .RE .sp .ne 2 .na \fB\fBCHECKMETHOD\fR\fR .ad .RS 15n List or set the \fBchecksum\fR method. .RE .sp .ne 2 .na \fB\fBCHECKSUM\fR\fR .ad .RS 15n Give the \fBchecksum\fR of a file. .RE .sp .ne 2 .na \fB\fBCHMOD\fR\fR .ad .RS 15n Change mode of a file. For example, \fBSITE CHMOD 755 \fIfilename\fR\fR. .RE .sp .ne 2 .na \fB\fBEXEC\fR\fR .ad .RS 15n Execute a program. For example, \fBSITE EXEC program params\fR .RE .sp .ne 2 .na \fB\fBGPASS\fR\fR .ad .RS 15n Give special group access password. For example, \fBSITE GPASS bar\fR. .RE .sp .ne 2 .na \fB\fBGROUP\fR\fR .ad .RS 15n Request special group access. For example, \fBSITE GROUP foo\fR. .RE .sp .ne 2 .na \fB\fBGROUPS\fR\fR .ad .RS 15n List supplementary group membership. .RE .sp .ne 2 .na \fB\fBHELP\fR\fR .ad .RS 15n Give help information. For example, \fBSITE HELP\fR. .RE .sp .ne 2 .na \fB\fBIDLE\fR\fR .ad .RS 15n Set idle-timer. For example, \fBSITE IDLE 60\fR. .RE .sp .ne 2 .na \fB\fBUMASK\fR\fR .ad .RS 15n Change \fBumask\fR. For example, \fBSITE UMASK 002\fR. .RE .sp .LP The remaining FTP requests specified in \fIRFC 959\fR are recognized, but not implemented. .sp .LP The \fBFTP\fR server will abort an active file transfer only when the \fBABOR\fR command is preceded by a Telnet "Interrupt Process" (IP) signal and a Telnet "Synch" signal in the command Telnet stream, as described in \fIRFC 959\fR. If a \fBSTAT\fR command is received during a data transfer that has been preceded by a Telnet IP and Synch, transfer status will be returned. .sp .LP \fBin.ftpd\fR interprets file names according to the "globbing" conventions used by \fBcsh\fR(1). This allows users to utilize the metacharacters: \fB* ? [ ] { } ~\fR .sp .LP \fBin.ftpd\fR authenticates users according to the following rules: .sp .LP First, the user name must be in the password data base, the location of which is specified in \fBnsswitch.conf\fR(4). An encrypted password (an authentication token in PAM) must be present. A password must always be provided by the client before any file operations can be performed. For non-anonymous users, the PAM framework is used to verify that the correct password was entered. See \fBSECURITY\fR below. .sp .LP Second, the user name must not appear in either the \fB/etc/ftpusers\fR or the \fB/etc/ftpd/ftpusers\fR file. Use of the \fB/etc/ftpusers\fR files is deprecated, although it is still supported. .sp .LP Third, the users must have a standard shell returned by \fBgetusershell\fR(3C). .sp .LP Fourth, if the user name is \fBanonymous\fR or \fBftp\fR, an anonymous ftp account must be present in the password file for user \fBftp\fR. Use \fBftpconfig\fR(1M) to create the anonymous \fBftp\fR account and home directory tree. .sp .LP Fifth, if the GSS-API is used to authenticate the user, then \fBgss_auth_rules\fR(5) determines user access without a password needed. .sp .LP The FTP Server supports virtual hosting, which can be configured by using \fBftpaddhost\fR(1M). .sp .LP The FTP Server does not support sublogins. .SS "General FTP Extensions" .sp .LP The FTP Server has certain extensions. If the user specifies a filename that does not exist with a \fBRETR\fR (retrieve) command, the FTP Server looks for a conversion to change a file or directory that does into the one requested. See \fBftpconversions\fR(4). .sp .LP By convention, anonymous users supply their email address when prompted for a password. The FTP Server attempts to validate these email addresses. A user whose FTP client hangs on a long reply, for example, a multiline response, should use a dash (-) as the first character of the user's password, as this disables the Server's \fBlreply()\fR function. .sp .LP The FTP Server can also log all file transmission and reception. See \fBxferlog\fR(4) for details of the log file format. .sp .LP The \fBSITE EXEC\fR command may be used to execute commands in the \fB/bin/ftp-exec\fR directory. Take care that you understand the security implications before copying any command into the \fB/bin/ftp-exec\fR directory. For example, do not copy in \fB/bin/sh\fR. This would enable the user to execute other commands through the use of \fBsh -c\fR. If you have doubts about this feature, do not create the \fB/bin/ftp-exec\fR directory. .SH SECURITY .sp .LP For non-anonymous users, \fBin.ftpd\fR uses \fBpam\fR(3PAM) for authentication, account management, and session management, and can use Kerberos v5 for authentication. .sp .LP The \fBPAM\fR configuration policy, listed through \fB/etc/pam.conf\fR, specifies the module to be used for \fBin.ftpd\fR. Here is a partial \fBpam.conf\fR file with entries for the \fBin.ftpd\fR command using the UNIX authentication, account management, and session management module. .sp .in +2 .nf ftp auth requisite pam_authtok_get.so.1 ftp auth required pam_dhkeys.so.1 ftp auth required pam_unix_auth.so.1 ftp account required pam_unix_roles.so.1 ftp account required pam_unix_projects.so.1 ftp account required pam_unix_account.so.1 ftp session required pam_unix_session.so.1 .fi .in -2 .sp .LP If there are no entries for the \fBftp\fR service, then the entries for the "other" service will be used. Unlike \fBlogin\fR, \fBpasswd\fR, and other commands, the \fBftp\fR protocol will only support a single password. Using multiple modules will prevent \fBin.ftpd\fR from working properly. .sp .LP To use Kerberos for authentication, a \fBhost/\fR\fI\fR Kerberos principal must exist for each Fully Qualified Domain Name associated with the \fBin.ftpd\fR server. Each of these \fBhost/\fR\fI\fR principals must have a \fBkeytab\fR entry in the \fB/etc/krb5/krb5.keytab\fR file on the \fBin.ftpd\fR server. An example principal might be: .sp .LP \fBhost/bigmachine.eng.example.com\fR .sp .LP See \fBkadmin\fR(1M) or \fBgkadmin\fR(1M) for instructions on adding a principal to a \fBkrb5.keytab\fR file. See \fI\fR for a discussion of Kerberos authentication. .sp .LP For anonymous users, who by convention supply their email address as a password, \fBin.ftpd\fR validates passwords according to the \fBpasswd-check\fR capability in the \fBftpaccess\fR file. .SH USAGE .sp .LP The \fBin.ftpd\fR command is IPv6-enabled. See \fBip6\fR(7P). .SH FILES .sp .ne 2 .na \fB\fB/etc/ftpd/ftpaccess\fR\fR .ad .sp .6 .RS 4n FTP Server configuration file .RE .sp .ne 2 .na \fB\fB/etc/ftpd/ftpconversions\fR\fR .ad .sp .6 .RS 4n FTP Server conversions database .RE .sp .ne 2 .na \fB\fB/etc/ftpd/ftpgroups\fR\fR .ad .sp .6 .RS 4n FTP Server enhanced group access file .RE .sp .ne 2 .na \fB\fB/etc/ftpd/ftphosts\fR\fR .ad .sp .6 .RS 4n FTP Server individual user host access file .RE .sp .ne 2 .na \fB\fB/etc/ftpd/ftpservers\fR\fR .ad .sp .6 .RS 4n FTP Server virtual hosting configuration file. .RE .sp .ne 2 .na \fB\fB/etc/ftpd/ftpusers\fR\fR .ad .sp .6 .RS 4n File listing users for whom FTP login privileges are disallowed. .RE .sp .ne 2 .na \fB\fB/etc/ftpusers\fR\fR .ad .sp .6 .RS 4n File listing users for whom FTP login privileges are disallowed. This use of this file is deprecated. .RE .sp .ne 2 .na \fB\fB/var/log/xferlog\fR\fR .ad .sp .6 .RS 4n FTP Server transfer log file .RE .sp .ne 2 .na \fB\fB/var/run/ftp.pids-\fIclassname\fR\fR\fR .ad .sp .6 .RS 4n .RE .sp .ne 2 .na \fB\fB/var/adm/wtmpx\fR\fR .ad .sp .6 .RS 4n Extended database files that contain the history of user access and accounting information for the \fBwtmpx\fR database. .RE .SH ATTRIBUTES .sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp .sp .TS box; c | c l | l . ATTRIBUTE TYPE ATTRIBUTE VALUE _ Interface Stability External .TE .SH SEE ALSO .sp .LP \fBcsh\fR(1), \fBftp\fR(1), \fBftpcount\fR(1), \fBftpwho\fR(1), \fBls\fR(1), \fBsvcs\fR(1), \fBftpaddhost\fR(1M), \fBftpconfig\fR(1M), \fBftprestart\fR(1M), \fBftpshut\fR(1M), \fBgkadmin\fR(1M), \fBinetadm\fR(1M), \fBinetd\fR(1M), \fBkadmin\fR(1M), \fBsvcadm\fR(1M), \fBsyslogd\fR(1M), \fBchroot\fR(2), \fBumask\fR(2), \fBgetpwent\fR(3C), \fBgetusershell\fR(3C), \fBsyslog\fR(3C), \fBftpaccess\fR(4), \fBftpconversions\fR(4), \fBftpgroups\fR(4), \fBftphosts\fR(4), \fBftpservers\fR(4), \fBftpusers\fR(4), \fBgroup\fR(4), \fBpasswd\fR(4), \fBservices\fR(4), \fBxferlog\fR(4), \fBwtmpx\fR(4), \fBattributes\fR(5), \fBgss_auth_rules\fR(5), \fBpam_authtok_check\fR(5), \fBpam_authtok_get\fR(5), \fBpam_authtok_store\fR(5), \fBpam_dhkeys\fR(5), \fBpam_passwd_auth\fR(5), \fBpam_unix_account\fR(5), \fBpam_unix_auth\fR(5), \fBpam_unix_session\fR(5), \fBsmf\fR(5), \fBip6\fR(7P) .sp .LP \fI\fR .sp .LP Allman, M., Ostermann, S., and Metz, C. \fIRFC 2428, FTP Extensions for IPv6 and NATs\fR. The Internet Society. September 1998. .sp .LP Piscitello, D. \fIRFC 1639, FTP Operation Over Big Address Records (FOOBAR)\fR. Network Working Group. June 1994. .sp .LP Postel, Jon, and Joyce Reynolds. \fIRFC 959, File Transfer Protocol (FTP )\fR. Network Information Center. October 1985. .sp .LP St. Johns, Mike. \fIRFC 931, Authentication Server\fR. Network Working Group. January 1985. .sp .LP Linn, J., \fIGeneric Security Service Application Program Interface Version 2, Update 1, RFC 2743.\fR The Internet Society, January 2000. .sp .LP Horowitz, M., Lunt, S., \fIFTP Security Extensions, RFC 2228\fR. The Internet Society, October 1997. .SH DIAGNOSTICS .sp .LP \fBin.ftpd\fR logs various errors to \fBsyslogd\fR(1M), with a facility code of daemon. .SH NOTES .sp .LP The anonymous \fBFTP\fR account is inherently dangerous and should be avoided when possible. .sp .LP The \fBFTP\fR Server must perform certain tasks as the superuser, for example, the creation of sockets with privileged port numbers. It maintains an effective user \fBID\fR of the logged in user, reverting to the superuser only when necessary. .sp .LP The \fBFTP\fR Server no longer supports the \fB/etc/default/ftpd\fR file. Instead of using \fBUMASK=nnn\fR to set the umask, use the \fBdefumask\fR capability in the \fBftpaccess\fR file. The banner greeting text capability is also now set through the \fBftpaccess\fR file by using the greeting text capability instead of by using \fBBANNER="..."\fR. However, unlike the \fBBANNER\fR string, the greeting text string is not passed to the shell for evaluation. See \fBftpaccess\fR(4). .sp .LP The \fBpam_unix\fR(5) module is no longer supported. Similar functionality is provided by \fBpam_authtok_check\fR(5), \fBpam_authtok_get\fR(5), \fBpam_authtok_store\fR(5), \fBpam_dhkeys\fR(5), \fBpam_passwd_auth\fR(5), \fBpam_unix_account\fR(5), \fBpam_unix_auth\fR(5), and \fBpam_unix_session\fR(5). .sp .LP The \fBin.ftpd\fR service is managed by the service management facility, \fBsmf\fR(5), under the service identifier: .sp .in +2 .nf svc:/network/ftp .fi .in -2 .sp .sp .LP Administrative actions on this service, such as enabling, disabling, or requesting restart, can be performed using \fBsvcadm\fR(1M). Responsibility for initiating and restarting this service is delegated to \fBinetd\fR(1M). Use \fBinetadm\fR(1M) to make configuration changes and to view configuration information for this service. The service's status can be queried using the \fBsvcs\fR(1) command.