path: root/usr/src/man/man1m/in.ftpd.1m

'\" te
.\" Copyright (C) 2004, Sun Microsystems, Inc. All Rights Reserved
.\" Copyright 1989 AT&T
.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
.TH IN.FTPD 1M "Nov 10, 2005"
.SH NAME
in.ftpd, ftpd \- File Transfer Protocol Server
.SH SYNOPSIS
.LP
.nf
\fBin.ftpd\fR [\fB-4\fR] [\fB-A\fR] [\fB-a\fR] [\fB-C\fR] [\fB-d\fR] [\fB-I\fR] [\fB-i\fR] [\fB-K\fR] [\fB-L\fR] [\fB-l\fR]
     [\fB-o\fR] [\fB-P\fR \fIdataport\fR] [\fB-p\fR \fIctrlport\fR] [\fB-Q\fR] [\fB-q\fR]
     [\fB-r\fR \fIrootdir\fR] [\fB-S\fR] [\fB-s\fR] [\fB-T\fR \fImaxtimeout\fR] [\fB-t\fR \fItimeout\fR]
     [\fB-u\fR \fIumask\fR] [\fB-V\fR] [\fB-v\fR] [\fB-W\fR] [\fB-w\fR] [\fB-X\fR]
.fi

.SH DESCRIPTION
.sp
.LP
\fBin.ftpd\fR is the Internet File Transfer Protocol (FTP) server process. The
server may be invoked by the Internet daemon \fBinetd\fR(1M) each time a
connection to the FTP service is made or run as a standalone server. See
\fBservices\fR(4).
.SH OPTIONS
.sp
.LP
\fBin.ftpd\fR supports the following options:
.sp
.ne 2
.na
\fB\fB-4\fR\fR
.ad
.RS 17n
When running in standalone mode, listen for connections on an \fBAF_INET\fR
type socket. The default is to listen on an \fBAF_INET6\fR type socket.
.RE

.sp
.ne 2
.na
\fB\fB-a\fR\fR
.ad
.RS 17n
Enables use of the \fBftpaccess\fR(4) file.
.RE

.sp
.ne 2
.na
\fB\fB-A\fR\fR
.ad
.RS 17n
Disables use of the \fBftpaccess\fR(4) file. Use of \fBftpaccess\fR is disabled
by default.
.RE

.sp
.ne 2
.na
\fB\fB-C\fR\fR
.ad
.RS 17n
Non-anonymous users need local credentials (for example, to authenticate to
remote fileservers). So they should be prompted for a password unless they
forwarded credentials as part of authentication.
.RE

.sp
.ne 2
.na
\fB\fB-d\fR\fR
.ad
.RS 17n
Writes debugging information to \fBsyslogd\fR(1M).
.RE

.sp
.ne 2
.na
\fB\fB-i\fR\fR
.ad
.RS 17n
Logs the names of all files received by the \fBFTP\fR Server to
\fBxferlog\fR(4). You can override the \fB-i\fR option through use of the
\fBftpaccess\fR(4) file.
.RE

.sp
.ne 2
.na
\fB\fB-I\fR\fR
.ad
.RS 17n
Disables the use of \fBAUTH\fR and \fBident\fR to determine the username on the
client. See \fIRFC 931\fR. The \fBFTP\fR Server is built not to use \fBAUTH\fR
and \fBident\fR.
.RE

.sp
.ne 2
.na
\fB\fB-K\fR\fR
.ad
.RS 17n
Connections are only allowed for users who can authenticate through the
\fBftp\fR \fBAUTH\fR mechanism. (Anonymous \fBftp\fR may also be allowed if it
is configured.) \fBftpd\fR will ask the user for a password if one is required.
.RE

.sp
.ne 2
.na
\fB\fB-l\fR\fR
.ad
.RS 17n
Logs each \fBFTP\fR session to \fBsyslogd\fR(1M).
.RE

.sp
.ne 2
.na
\fB\fB-L\fR\fR
.ad
.RS 17n
Logs all commands sent to \fBin.ftpd\fR to \fBsyslogd\fR(1M). When the \fB-L\fR
option is used, command logging will be on by default, once the FTP Server is
invoked. Because the \fBFTP\fR Server includes \fBUSER\fR commands in those
logged, if a user accidentally enters a password instead of the username, the
password will be logged. You can override the \fB-L\fR option through use of
the \fBftpaccess\fR(4) file.
.RE

.sp
.ne 2
.na
\fB\fB-o\fR\fR
.ad
.RS 17n
Logs the names of all files transmitted by the FTP Server to \fBxferlog\fR(4).
You can override the \fB-o\fR option through use of the \fBftpaccess\fR(4)
file.
.RE

.sp
.ne 2
.na
\fB\fB-P\fR \fIdataport\fR\fR
.ad
.RS 17n
The FTP Server determines the port number by looking in the \fBservices\fR(4)
file for an entry for the \fBftp-data\fR service. If there is no entry, the
daemon uses the port just prior to the control connection port. Use the
\fB-P\fR option to specify the data port number.
.RE

.sp
.ne 2
.na
\fB\fB-p\fR \fIctrlport\fR\fR
.ad
.RS 17n
When run in standalone mode, the \fBFTP\fR Server determines the control port
number by looking in the \fBservices\fR(4) file for an entry for the \fBftp\fR
service. Use the \fB-p\fR option to specify the control port number.
.RE

.sp
.ne 2
.na
\fB\fB-Q\fR\fR
.ad
.RS 17n
Disables \fBPID\fR files. This disables user limits. Large, busy sites that do
not want to impose limits on the number of concurrent users can use this option
to disable \fBPID\fR files.
.RE

.sp
.ne 2
.na
\fB\fB-q\fR\fR
.ad
.RS 17n
Uses \fBPID\fR files. The \fBlimit\fR directive uses \fBPID\fR files to
determine the number of current users in each access class. By default,
\fBPID\fR files are used.
.RE

.sp
.ne 2
.na
\fB\fB-r\fR \fIrootdir\fR\fR
.ad
.RS 17n
\fBchroot\fR(2) to \fIrootdir\fR upon loading. Use this option to improve
system security. It limits the files that can be damaged should a break in
occur through the daemon. This option is similar to anonymous \fBFTP\fR.
Additional files are needed, which vary from system to system.
.RE

.sp
.ne 2
.na
\fB\fB-S\fR\fR
.ad
.RS 17n
Places the daemon in standalone operation mode. The daemon runs in the
background. This is useful for startup scripts that run during system
initialization. See \fBinit.d\fR(4).
.RE

.sp
.ne 2
.na
\fB\fB-s\fR\fR
.ad
.RS 17n
Places the daemon in standalone operation mode. The daemon runs in the
foreground. This is useful when run from \fB/etc/inittab\fR by \fBinit\fR(1M).
.RE

.sp
.ne 2
.na
\fB\fB-T\fR \fImaxtimeout\fR\fR
.ad
.RS 17n
Sets the maximum allowable timeout period to \fImaxtimeout\fR seconds. The
default maximum timeout limit is 7200 second (two hours). You can override the
\fB-T\fR option through use of the \fBftpaccess\fR(4) file.
.RE

.sp
.ne 2
.na
\fB\fB-t\fR \fItimeout\fR\fR
.ad
.RS 17n
Sets the inactivity timeout period to \fItimeout\fR seconds. The default
timeout period is 900 seconds (15 minutes). You can override the \fB-t\fR
option through use of the \fBftpaccess\fR(4) file.
.RE

.sp
.ne 2
.na
\fB\fB-u\fR \fIumask\fR\fR
.ad
.RS 17n
Sets the default \fBumask\fR to \fIumask\fR.
.RE

.sp
.ne 2
.na
\fB\fB-V\fR\fR
.ad
.RS 17n
Displays copyright and version information, then terminate.
.RE

.sp
.ne 2
.na
\fB\fB-v\fR\fR
.ad
.RS 17n
Writes debugging information to \fBsyslogd\fR(1M).
.RE

.sp
.ne 2
.na
\fB\fB-W\fR\fR
.ad
.RS 17n
Does not record user \fBlogin\fR and \fBlogout\fR in the \fBwtmpx\fR(4) file.
.RE

.sp
.ne 2
.na
\fB\fB-w\fR\fR
.ad
.RS 17n
Records each user \fBlogin\fR and \fBlogout\fR in the \fBwtmpx\fR(4) file. By
default, logins and logouts are recorded.
.RE

.sp
.ne 2
.na
\fB\fB-X\fR\fR
.ad
.RS 17n
Writes the output from the \fB-i\fR and \fB-o\fR options to the
\fBsyslogd\fR(1M) file instead of \fBxferlog\fR(4). This allows the collection
of output from several hosts on one central loghost. You can override the
\fB-X\fR option through use of the \fBftpaccess\fR(4) file.
.RE

.SS "Requests"
.sp
.LP
The FTP Server currently supports the following \fBFTP\fR requests. Case is not
distinguished.
.sp
.ne 2
.na
\fB\fBABOR\fR\fR
.ad
.RS 8n
Abort previous command.
.RE

.sp
.ne 2
.na
\fB\fBADAT\fR\fR
.ad
.RS 8n
Send an authentication protocol message.
.RE

.sp
.ne 2
.na
\fB\fBALLO\fR\fR
.ad
.RS 8n
Allocate storage (vacuously).
.RE

.sp
.ne 2
.na
\fB\fBAUTH\fR\fR
.ad
.RS 8n
Specify an authentication protocol to be performed. Currently only
"\fBGSSAPI\fR" is supported.
.RE

.sp
.ne 2
.na
\fB\fBAPPE\fR\fR
.ad
.RS 8n
Append to a file.
.RE

.sp
.ne 2
.na
\fB\fBCCC\fR\fR
.ad
.RS 8n
Set the command channel protection mode to "\fBClear\fR" (no protection). Not
allowed if data channel is protected.
.RE

.sp
.ne 2
.na
\fB\fBCDUP\fR\fR
.ad
.RS 8n
Change to parent of current working directory.
.RE

.sp
.ne 2
.na
\fB\fBCWD\fR\fR
.ad
.RS 8n
Change working directory.
.RE

.sp
.ne 2
.na
\fB\fBDELE\fR\fR
.ad
.RS 8n
Delete a file.
.RE

.sp
.ne 2
.na
\fB\fBENC\fR\fR
.ad
.RS 8n
Send a privacy and integrity protected command (given in argument).
.RE

.sp
.ne 2
.na
\fB\fBEPRT\fR\fR
.ad
.RS 8n
Specify extended address for the transport connection.
.RE

.sp
.ne 2
.na
\fB\fBEPSV\fR\fR
.ad
.RS 8n
Extended passive command request.
.RE

.sp
.ne 2
.na
\fB\fBHELP\fR\fR
.ad
.RS 8n
Give help information.
.RE

.sp
.ne 2
.na
\fB\fBLIST\fR\fR
.ad
.RS 8n
Give list files in a directory (\fBls\fR \fB-lA\fR).
.RE

.sp
.ne 2
.na
\fB\fBLPRT\fR\fR
.ad
.RS 8n
Specify long address for the transport connection.
.RE

.sp
.ne 2
.na
\fB\fBLPSV\fR\fR
.ad
.RS 8n
Long passive command request.
.RE

.sp
.ne 2
.na
\fB\fBMIC\fR\fR
.ad
.RS 8n
Send an integrity protected command (given in argument).
.RE

.sp
.ne 2
.na
\fB\fBMKD\fR\fR
.ad
.RS 8n
Make a directory.
.RE

.sp
.ne 2
.na
\fB\fBMDTM\fR\fR
.ad
.RS 8n
Show last time file modified.
.RE

.sp
.ne 2
.na
\fB\fBMODE\fR\fR
.ad
.RS 8n
Specify data transfer \fImode\fR.
.RE

.sp
.ne 2
.na
\fB\fBNLST\fR\fR
.ad
.RS 8n
Give name list of files in directory (\fBls\fR).
.RE

.sp
.ne 2
.na
\fB\fBNOOP\fR\fR
.ad
.RS 8n
Do nothing.
.RE

.sp
.ne 2
.na
\fB\fBPASS\fR\fR
.ad
.RS 8n
Specify password.
.RE

.sp
.ne 2
.na
\fB\fBPASV\fR\fR
.ad
.RS 8n
Prepare for server-to-server transfer.
.RE

.sp
.ne 2
.na
\fB\fBPBSZ\fR\fR
.ad
.RS 8n
Specify a protection buffer size.
.RE

.sp
.ne 2
.na
\fB\fBPROT\fR\fR
.ad
.RS 8n
Specify a protection level under which to protect data transfers. Allowed
arguments:
.sp
.ne 2
.na
\fB\fBclear\fR\fR
.ad
.RS 11n
No protection.
.RE

.sp
.ne 2
.na
\fB\fBsafe\fR\fR
.ad
.RS 11n
Integrity protection
.RE

.sp
.ne 2
.na
\fB\fBprivate\fR\fR
.ad
.RS 11n
Integrity and encryption protection
.RE

.RE

.sp
.ne 2
.na
\fB\fBPORT\fR\fR
.ad
.RS 8n
Specify data connection port.
.RE

.sp
.ne 2
.na
\fB\fBPWD\fR\fR
.ad
.RS 8n
Print the current working directory.
.RE

.sp
.ne 2
.na
\fB\fBQUIT\fR\fR
.ad
.RS 8n
Terminate session.
.RE

.sp
.ne 2
.na
\fB\fBREST\fR\fR
.ad
.RS 8n
Restart incomplete transfer.
.RE

.sp
.ne 2
.na
\fB\fBRETR\fR\fR
.ad
.RS 8n
Retrieve a file.
.RE

.sp
.ne 2
.na
\fB\fBRMD\fR\fR
.ad
.RS 8n
Remove a directory.
.RE

.sp
.ne 2
.na
\fB\fBRNFR\fR\fR
.ad
.RS 8n
Specify rename-from file name.
.RE

.sp
.ne 2
.na
\fB\fBRNTO\fR\fR
.ad
.RS 8n
Specify rename-to file name.
.RE

.sp
.ne 2
.na
\fB\fBSITE\fR\fR
.ad
.RS 8n
Use nonstandard commands.
.RE

.sp
.ne 2
.na
\fB\fBSIZE\fR\fR
.ad
.RS 8n
Return size of file.
.RE

.sp
.ne 2
.na
\fB\fBSTAT\fR\fR
.ad
.RS 8n
Return status of server.
.RE

.sp
.ne 2
.na
\fB\fBSTOR\fR\fR
.ad
.RS 8n
Store a file.
.RE

.sp
.ne 2
.na
\fB\fBSTOU\fR\fR
.ad
.RS 8n
Store a file with a unique name.
.RE

.sp
.ne 2
.na
\fB\fBSTRU\fR\fR
.ad
.RS 8n
Specify data transfer \fIstructure\fR.
.RE

.sp
.ne 2
.na
\fB\fBSYST\fR\fR
.ad
.RS 8n
Show operating system type of server system.
.RE

.sp
.ne 2
.na
\fB\fBTYPE\fR\fR
.ad
.RS 8n
Specify data transfer \fBtype\fR.
.RE

.sp
.ne 2
.na
\fB\fBUSER\fR\fR
.ad
.RS 8n
Specify user name.
.RE

.sp
.ne 2
.na
\fB\fBXCUP\fR\fR
.ad
.RS 8n
Change to parent of current working directory. This request is deprecated.
.RE

.sp
.ne 2
.na
\fB\fBXCWD\fR\fR
.ad
.RS 8n
Change working directory. This request is deprecated.
.RE

.sp
.ne 2
.na
\fB\fBXMKD\fR\fR
.ad
.RS 8n
Make a directory. This request is deprecated.
.RE

.sp
.ne 2
.na
\fB\fBXPWD\fR\fR
.ad
.RS 8n
Print the current working directory. This request is deprecated.
.RE

.sp
.ne 2
.na
\fB\fBXRMD\fR\fR
.ad
.RS 8n
Remove a directory. This request is deprecated.
.RE

.sp
.LP
The following nonstandard or UNIX specific commands are supported by the
\fBSITE\fR request:
.sp
.ne 2
.na
\fB\fBALIAS\fR\fR
.ad
.RS 15n
List aliases.
.RE

.sp
.ne 2
.na
\fB\fBCDPATH\fR\fR
.ad
.RS 15n
List the search path used when changing directories.
.RE

.sp
.ne 2
.na
\fB\fBCHECKMETHOD\fR\fR
.ad
.RS 15n
List or set the \fBchecksum\fR method.
.RE

.sp
.ne 2
.na
\fB\fBCHECKSUM\fR\fR
.ad
.RS 15n
Give the \fBchecksum\fR of a file.
.RE

.sp
.ne 2
.na
\fB\fBCHMOD\fR\fR
.ad
.RS 15n
Change mode of a file. For example, \fBSITE CHMOD 755 \fIfilename\fR\fR.
.RE

.sp
.ne 2
.na
\fB\fBEXEC\fR\fR
.ad
.RS 15n
Execute a program. For example, \fBSITE EXEC program params\fR
.RE

.sp
.ne 2
.na
\fB\fBGPASS\fR\fR
.ad
.RS 15n
Give special group access password. For example, \fBSITE GPASS bar\fR.
.RE

.sp
.ne 2
.na
\fB\fBGROUP\fR\fR
.ad
.RS 15n
Request special group access. For example, \fBSITE GROUP foo\fR.
.RE

.sp
.ne 2
.na
\fB\fBGROUPS\fR\fR
.ad
.RS 15n
List supplementary group membership.
.RE

.sp
.ne 2
.na
\fB\fBHELP\fR\fR
.ad
.RS 15n
Give help information. For example, \fBSITE HELP\fR.
.RE

.sp
.ne 2
.na
\fB\fBIDLE\fR\fR
.ad
.RS 15n
Set idle-timer. For example, \fBSITE IDLE 60\fR.
.RE

.sp
.ne 2
.na
\fB\fBUMASK\fR\fR
.ad
.RS 15n
Change \fBumask\fR. For example, \fBSITE UMASK 002\fR.
.RE

.sp
.LP
The remaining FTP requests specified in \fIRFC 959\fR are recognized, but not
implemented.
.sp
.LP
The \fBFTP\fR server will abort an active file transfer only when the
\fBABOR\fR command is preceded by a Telnet "Interrupt Process" (IP) signal and
a Telnet "Synch" signal in the command Telnet stream, as described in \fIRFC
959\fR. If a \fBSTAT\fR command is received during a data transfer that has
been preceded by a Telnet IP and Synch, transfer status will be returned.
.sp
.LP
\fBin.ftpd\fR interprets file names according to the "globbing" conventions
used by \fBcsh\fR(1). This allows users to utilize the metacharacters: \fB* ? [
] { } ~\fR
.sp
.LP
\fBin.ftpd\fR authenticates users according to the following rules:
.sp
.LP
First, the user name must be in the password data base, the location of which
is specified in \fBnsswitch.conf\fR(4). An encrypted password (an
authentication token in PAM) must be present. A password must always be
provided by the client before any file operations can be performed. For
non-anonymous users, the PAM framework is used to verify that the correct
password was entered. See \fBSECURITY\fR below.
.sp
.LP
Second, the user name must not appear in either the \fB/etc/ftpusers\fR or the
\fB/etc/ftpd/ftpusers\fR file. Use of the \fB/etc/ftpusers\fR files is
deprecated, although it is still supported.
.sp
.LP
Third, the users must have a standard shell returned by \fBgetusershell\fR(3C).
.sp
.LP
Fourth, if the user name is \fBanonymous\fR or \fBftp\fR, an anonymous ftp
account must be present in the password file for user \fBftp\fR. Use
\fBftpconfig\fR(1M) to create the anonymous \fBftp\fR account and home
directory tree.
.sp
.LP
Fifth, if the GSS-API is used to authenticate the user, then
\fBgss_auth_rules\fR(5) determines user access without a password needed.
.sp
.LP
The FTP Server supports virtual hosting, which can be configured by using
\fBftpaddhost\fR(1M).
.sp
.LP
The FTP Server does not support sublogins.
.SS "General FTP Extensions"
.sp
.LP
The FTP Server has certain extensions. If the user specifies a filename that
does not exist with a \fBRETR\fR (retrieve) command, the FTP Server looks for a
conversion to change a file or directory that does into the one requested. See
\fBftpconversions\fR(4).
.sp
.LP
By convention, anonymous users supply their email address when prompted for a
password. The FTP Server attempts to validate these email addresses. A user
whose FTP client hangs on a long reply, for example, a multiline response,
should use a dash (-) as the first character of the user's password, as this
disables the Server's \fBlreply()\fR function.
.sp
.LP
The FTP Server can also log all file transmission and reception. See
\fBxferlog\fR(4) for details of the log file format.
.sp
.LP
The \fBSITE EXEC\fR command may be used to execute commands in the
\fB/bin/ftp-exec\fR directory. Take care that you understand the security
implications before copying any command into the \fB/bin/ftp-exec\fR directory.
For example, do not copy in \fB/bin/sh\fR. This would enable the user to
execute other commands through the use of \fBsh -c\fR. If you have doubts about
this feature, do not create the \fB/bin/ftp-exec\fR directory.
.SH SECURITY
.sp
.LP
For non-anonymous users, \fBin.ftpd\fR uses \fBpam\fR(3PAM) for authentication,
account management, and session management, and can use Kerberos v5 for
authentication.
.sp
.LP
The \fBPAM\fR configuration policy, listed through \fB/etc/pam.conf\fR,
specifies the module to be used for \fBin.ftpd\fR. Here is a partial
\fBpam.conf\fR file with entries for the \fBin.ftpd\fR command using the UNIX
authentication, account management, and session management module.
.sp
.in +2
.nf
ftp  auth        requisite   pam_authtok_get.so.1
ftp  auth        required    pam_dhkeys.so.1
ftp  auth        required    pam_unix_auth.so.1

ftp  account     required    pam_unix_roles.so.1
ftp  account     required    pam_unix_projects.so.1
ftp  account     required    pam_unix_account.so.1

ftp  session     required    pam_unix_session.so.1
.fi
.in -2

.sp
.LP
If there are no entries for the \fBftp\fR service, then the entries for the
"other" service will be used. Unlike \fBlogin\fR, \fBpasswd\fR, and other
commands, the \fBftp\fR protocol will only support a single password. Using
multiple modules will prevent \fBin.ftpd\fR from working properly.
.sp
.LP
To use Kerberos for authentication, a \fBhost/\fR\fI<FQDN>\fR Kerberos
principal must exist for each Fully Qualified Domain Name associated with the
\fBin.ftpd\fR server. Each of these \fBhost/\fR\fI<FQDN>\fR principals must
have a \fBkeytab\fR entry in the \fB/etc/krb5/krb5.keytab\fR file on the
\fBin.ftpd\fR server. An example principal might be:
.sp
.LP
\fBhost/bigmachine.eng.example.com\fR
.sp
.LP
See \fBkadmin\fR(1M) or \fBgkadmin\fR(1M) for instructions on adding a
principal to a \fBkrb5.keytab\fR file. See \fI\fR for a discussion of Kerberos
authentication.
.sp
.LP
For anonymous users, who by convention supply their email address as a
password, \fBin.ftpd\fR validates passwords according to the \fBpasswd-check\fR
capability in the \fBftpaccess\fR file.
.SH USAGE
.sp
.LP
The \fBin.ftpd\fR command is IPv6-enabled. See \fBip6\fR(7P).
.SH FILES
.sp
.ne 2
.na
\fB\fB/etc/ftpd/ftpaccess\fR\fR
.ad
.sp .6
.RS 4n
FTP Server configuration file
.RE

.sp
.ne 2
.na
\fB\fB/etc/ftpd/ftpconversions\fR\fR
.ad
.sp .6
.RS 4n
FTP Server conversions database
.RE

.sp
.ne 2
.na
\fB\fB/etc/ftpd/ftpgroups\fR\fR
.ad
.sp .6
.RS 4n
FTP Server enhanced group access file
.RE

.sp
.ne 2
.na
\fB\fB/etc/ftpd/ftphosts\fR\fR
.ad
.sp .6
.RS 4n
FTP Server individual user host access file
.RE

.sp
.ne 2
.na
\fB\fB/etc/ftpd/ftpservers\fR\fR
.ad
.sp .6
.RS 4n
FTP Server virtual hosting configuration file.
.RE

.sp
.ne 2
.na
\fB\fB/etc/ftpd/ftpusers\fR\fR
.ad
.sp .6
.RS 4n
File listing users for whom FTP login privileges are disallowed.
.RE

.sp
.ne 2
.na
\fB\fB/etc/ftpusers\fR\fR
.ad
.sp .6
.RS 4n
File listing users for whom FTP login privileges are disallowed. This use of
this file is deprecated.
.RE

.sp
.ne 2
.na
\fB\fB/var/log/xferlog\fR\fR
.ad
.sp .6
.RS 4n
FTP Server transfer log file
.RE

.sp
.ne 2
.na
\fB\fB/var/run/ftp.pids-\fIclassname\fR\fR\fR
.ad
.sp .6
.RS 4n

.RE

.sp
.ne 2
.na
\fB\fB/var/adm/wtmpx\fR\fR
.ad
.sp .6
.RS 4n
Extended database files that contain the history of user access and accounting
information for the \fBwtmpx\fR database.
.RE

.SH ATTRIBUTES
.sp
.LP
See \fBattributes\fR(5) for descriptions of the following attributes:
.sp

.sp
.TS
box;
c | c
l | l .
ATTRIBUTE TYPE	ATTRIBUTE VALUE
_
Interface Stability	External
.TE

.SH SEE ALSO
.sp
.LP
\fBcsh\fR(1), \fBftp\fR(1), \fBftpcount\fR(1), \fBftpwho\fR(1), \fBls\fR(1),
\fBsvcs\fR(1), \fBftpaddhost\fR(1M), \fBftpconfig\fR(1M), \fBftprestart\fR(1M),
\fBftpshut\fR(1M), \fBgkadmin\fR(1M), \fBinetadm\fR(1M), \fBinetd\fR(1M),
\fBkadmin\fR(1M), \fBsvcadm\fR(1M), \fBsyslogd\fR(1M), \fBchroot\fR(2),
\fBumask\fR(2), \fBgetpwent\fR(3C), \fBgetusershell\fR(3C), \fBsyslog\fR(3C),
\fBftpaccess\fR(4), \fBftpconversions\fR(4), \fBftpgroups\fR(4),
\fBftphosts\fR(4), \fBftpservers\fR(4), \fBftpusers\fR(4), \fBgroup\fR(4),
\fBpasswd\fR(4), \fBservices\fR(4), \fBxferlog\fR(4), \fBwtmpx\fR(4),
\fBattributes\fR(5), \fBgss_auth_rules\fR(5), \fBpam_authtok_check\fR(5),
\fBpam_authtok_get\fR(5), \fBpam_authtok_store\fR(5), \fBpam_dhkeys\fR(5),
\fBpam_passwd_auth\fR(5), \fBpam_unix_account\fR(5), \fBpam_unix_auth\fR(5),
\fBpam_unix_session\fR(5), \fBsmf\fR(5), \fBip6\fR(7P)
.sp
.LP
\fI\fR
.sp
.LP
Allman, M., Ostermann, S., and Metz, C. \fIRFC 2428, FTP Extensions for IPv6
and NATs\fR. The Internet Society. September 1998.
.sp
.LP
Piscitello, D. \fIRFC 1639, FTP Operation Over Big Address Records (FOOBAR)\fR.
Network Working Group. June 1994.
.sp
.LP
Postel, Jon, and Joyce Reynolds. \fIRFC 959, File Transfer Protocol (FTP )\fR.
Network Information Center. October 1985.
.sp
.LP
St. Johns, Mike. \fIRFC 931, Authentication Server\fR. Network Working Group.
January 1985.
.sp
.LP
Linn, J., \fIGeneric Security Service Application Program Interface Version 2,
Update 1, RFC 2743.\fR The Internet Society, January 2000.
.sp
.LP
Horowitz, M., Lunt, S., \fIFTP Security Extensions, RFC 2228\fR. The Internet
Society, October 1997.
.SH DIAGNOSTICS
.sp
.LP
\fBin.ftpd\fR logs various errors to \fBsyslogd\fR(1M), with a facility code of
daemon.
.SH NOTES
.sp
.LP
The anonymous \fBFTP\fR account is inherently dangerous and should be avoided
when possible.
.sp
.LP
The \fBFTP\fR Server must perform certain tasks as the superuser, for example,
the creation of sockets with privileged port numbers. It maintains an effective
user \fBID\fR of the logged in user, reverting to the superuser only when
necessary.
.sp
.LP
The \fBFTP\fR Server no longer supports the \fB/etc/default/ftpd\fR file.
Instead of using \fBUMASK=nnn\fR to set the umask, use the \fBdefumask\fR
capability in the \fBftpaccess\fR file. The banner greeting text capability is
also now set through the \fBftpaccess\fR file by using the greeting text
capability instead of by using \fBBANNER="..."\fR. However, unlike the
\fBBANNER\fR string, the greeting text string is not passed to the shell for
evaluation. See \fBftpaccess\fR(4).
.sp
.LP
The \fBpam_unix\fR(5) module is no longer supported. Similar functionality is
provided by \fBpam_authtok_check\fR(5), \fBpam_authtok_get\fR(5),
\fBpam_authtok_store\fR(5), \fBpam_dhkeys\fR(5), \fBpam_passwd_auth\fR(5),
\fBpam_unix_account\fR(5), \fBpam_unix_auth\fR(5), and
\fBpam_unix_session\fR(5).
.sp
.LP
The \fBin.ftpd\fR service is managed by the service management facility,
\fBsmf\fR(5), under the service identifier:
.sp
.in +2
.nf
svc:/network/ftp
.fi
.in -2
.sp

.sp
.LP
Administrative actions on this service, such as enabling, disabling, or
requesting restart, can be performed using \fBsvcadm\fR(1M). Responsibility for
initiating and restarting this service is delegated to \fBinetd\fR(1M). Use
\fBinetadm\fR(1M) to make configuration changes and to view configuration
information for this service. The service's status can be queried using the
\fBsvcs\fR(1) command.