hq-nms-3 #man ftp
ftp(1) ftp(1)
NAME
ftp - file transfer program
SYNOPSIS
ftp [-g] [-i] [-n] [-c] [-P] [-v] [-B size] [server-host]
DESCRIPTION
ftp is a user interface to the File Transfer Protocol. ftp copies
files over a network connection between the local ``client'' host and
a remote ``server'' host. ftp runs on the client host.
Options
The ftp command supports the following options:
-g Disable file name ``globbing''; see the glob command, below.
By default, when this option is not specified, globbing is
enabled.
-i Disable interactive prompting by multiple-file commands; see
the prompt command, below. By default, when this option is
not specified, prompting is enabled.
-P Disables Kerberos authentication and authorization. Only
applicable in a secure environment based on Kerberos V5.
When this option is specified, a password is required and
the password is sent across the network in a readable form.
By default, if this option is not specified, a password is
not required and Kerberos authentication and authorization
takes place instead. See sis(5).
-n Disable ``auto-login''; see the open command, below. By
default, when this option is not specified, auto-login is
enabled.
-c When this option is set, the SYST and TYPE calls are not
made by the ftp client to the server upon establishing a
connection. The -c option takes effect only when auto-login
is disabled i.e. when it is invoked along with the -n
option. This option does not disable the SYST and TYPE
commands, but only refrains from invoking these commands
upon establishing a connection.
-v Enable verbose output; see the verbose command, below. If
this option is not specified, ftp displays verbose output
only if the standard input is associated with a terminal.
-B Set the buffer size of the data socket to size blocks of
1024 bytes. The valid range for size is an integer from 1 to
64 (default is 56).
Hewlett-Packard Company - 1 - HP-UX 11i Version 1: Nov 2004
ftp(1) ftp(1)
Note: A large buffer size will improve the performance of
ftp on fast links (e.g., FDDI), but may cause long
connection times on slow links (e.g., X.25).
The name of the server host that ftp communicates with can be
specified on the command line. If the server host is specified, ftp
immediately opens a connection to the server host; see the open
command, below. Otherwise, ftp waits for commands from the user.
The fallback option can be set within the [appdefaults] section in the
krb5.conf file (For more information on the [appdefaults] section,
refer to the krb5.conf(4) manpage in the Kerberos Client product). If
fallback is set to true and the Kerberos authentication fails, ftp
will use the nonsecure mode of authentication.
Note: Command-line options override the configuration file options.
File Transfer Protocol specifies file transfer parameters for type,
mode, form, and struct. ftp supports the ASCII, binary, and tenex
File Transfer Protocol types. ASCII is the default FTP type. (It
should be noted though that, whenever ftp establishes a connection
between two similar systems, it switches automatically to the more
efficient binary type.) ftp supports only the default values for the
file transfer parameters mode which defaults to stream, form which
defaults to non-print, and struct which defaults to file.
COMMANDS
ftp supports the following commands. Command arguments with embedded
spaces must be enclosed in quotes (for example, "argument with
embedded spaces").
![command [args]]
Invoke a shell on the local host. The SHELL environment variable
specifies which shell program to invoke. ftp invokes /usr/bin/sh
if SHELL is undefined. If command is specified, the shell
executes it and returns to ftp. Otherwise, an interactive shell
is invoked. When the shell terminates, it returns to ftp.
$ macro-name [args]
Execute the macro macro-name that was defined with the macdef
command. Arguments are passed to the macro unglobbed.
account [passwd]
Supply a supplemental password required by a remote system for
access to resources once a login has been successfully completed.
If no argument is included, the user is prompted for an account
password in a non-echoing input mode.
append local-file [remote-file]
Copy local-file to the end of remote-file. If remote-file is
left unspecified, the local file name is used in naming the
Hewlett-Packard Company - 2 - HP-UX 11i Version 1: Nov 2004
ftp(1) ftp(1)
remote file after being altered by any ntrans or nmap setting.
ascii
Set the file transfer type to network ASCII. This is the default
type.
bell Sound a bell after each file transfer completes.
binary
Set the file transfer type to binary.
bye Close the connection to the server host if a connection was open,
and exit. Typing an end-of-file (EOF) character also terminates
and exits the session.
case Toggle remote computer file name case mapping during mget
commands. When case is on (the default is off), remote computer
file names with all letters in uppercase are written in the local
directory with the letters mapped to lowercase.
cd remote-directory
Set the working directory on the server host to remote-directory.
cdup Set the working directory on the server host to the parent of the
current remote working directory.
chmod mode file-name
Change the permission modes of the file file-name on the remote
system to mode.
close
Terminate the connection to the server host. The close command
does not exit ftp. Any defined macros are erased.
cr Toggle carriage return stripping during ascii type file
retrieval. Records are denoted by a carriage-return/line-feed
sequence during ascii type file transfer. When cr is on (the
default), carriage returns are stripped from this sequence to
conform with the UNIX single line-feed record delimiter. Records
on non-UNIX remote systems may contain single line-feeds; when an
ascii type transfer is made, these line-feeds can be
distinguished from a record delimiter only when cr is off.
delete remote-file
Delete remote-file. The remote-file can be an empty directory.
No globbing is done.
dir [remote-directory] [local-file]
Write a remote-directory listing to standard output or optionally
to local-file. If neither remote-directory nor local-file is
specified, list the remote working directory to standard output.
Hewlett-Packard Company - 3 - HP-UX 11i Version 1: Nov 2004
ftp(1) ftp(1)
If interactive prompting is on, ftp prompts the user to verify
that the last argument is indeed the target file for dir output.
Globbing characters are always expanded.
disconnect
A synonym for close.
form format
Set the file transfer form to format. The only supported format
is non-print
get remote-file [local-file]
Copy remote-file to local-file. If local-file is unspecified,
ftp uses the specified remote-file name as the local-file name,
subject to alteration by the current case, ntrans, and nmap
settings.
glob Toggle file name globbing. When file name globbing is enabled,
ftp expands csh(1) metacharacters in file and directory names.
These characters are *, ?, [, ], ~, {, and }. The server host
expands remote file and directory names. Globbing metacharacters
are always expanded for the ls and dir commands. If globbing is
enabled, metacharacters are also expanded for the multiple-file
commands mdelete, mdir, mget, mls, and mput.
hash Toggle printing of a hash-sign (#) for each 1024 bytes
transferred. Note that the use of this feature may cause
performance degradation.
help [command]
Print an informative message about the ftp command called ftp-
command. If ftp-command is unspecified, print a list of all ftp
commands.
idle [seconds]
Set the inactivity timer on the remote server to seconds seconds.
If seconds is omitted, ftp prints the current inactivity timer.
lcd [local-directory]
Set the local working directory to local-directory. If local-
directory is unspecified, set the local working directory to the
user's local home directory.
ls [remote-directory] [local-file]
Write a listing of remote-directory to local-file. The listing
includes any system-dependent information that the server chooses
to include; for example, most UNIX systems produce output from
the command ls -l (see also nlist). If neither remote-directory
nor local-file is specified, list the remote working directory.
If globbing is enabled, globbing metacharacters are expanded.
Hewlett-Packard Company - 4 - HP-UX 11i Version 1: Nov 2004
ftp(1) ftp(1)
macdef macro-name
Define a macro. Subsequent lines are stored as the macro macro-
name; an empty input line terminates macro input mode. There is
a limit of 16 macros and 4096 total characters in all defined
macros. Macros remain defined until a close command is executed.
The macro processor interprets $ and \ as special characters. A
$ followed by a number (or numbers) is replaced by the
corresponding argument on the macro invocation command line. A $
followed by an i signals to the macro processor that the
executing macro is to be looped. On the first pass $i is
replaced by the first argument on the macro invocation command
line, on the second pass it is replaced by the second argument,
and so on. A \ followed by any character is replaced by that
character. Use the \ to prevent special treatment of the $.
mdelete [remote-files]
Delete remote-files. If globbing is enabled, globbing
metacharacters are expanded.
mdir remote-files local-file
Write a listing of remote-files to local-file. If globbing is
enabled, globbing metacharacters are expanded. If interactive
prompting is on, ftp prompts the user to verify that the last
argument is indeed the target local file for mdir output.
mget remote-files
Copy remote-files to the local system. If globbing is enabled,
globbing metacharacters are expanded. The resulting local file
names are processed according to case, ntrans, and nmap settings.
mkdir directory-name
Create remote directory-name.
mls remote-files local-file
Write an abbreviated listing of remote-files to local-file. If
globbing is enabled, globbing metacharacters are expanded. If
interactive prompting is on, ftp prompts the user to verify that
the last argument is indeed the target local file for mls output.
mode [mode-name]
Set the FTP file transfer mode to mode-name. The only supported
mode is stream.
modtime remote-file
Show the last modification time of remote-file.
mput local-files
Copy local-files from the local system to the remote system. The
remote files have the same name as the local files processed
according to ntrans and nmap settings. If globbing is enabled,
globbing characters are expanded.
Hewlett-Packard Company - 5 - HP-UX 11i Version 1: Nov 2004
ftp(1) ftp(1)
newer file-name
Get the file only if the modification time of the remote file is
more recent that the file on the current system. If the file
does not exist on the current system, the remote file is
considered newer. Otherwise, this command is identical to get.
nlist [remote-directory] [local-file]
Write an abbreviated listing of remote-directory to local-file.
If remote-directory is left unspecified, the current working
directory is used. If interactive prompting is on, ftp prompts
the user to verify that the last argument is indeed the target
local file for nlist output.
nmap [inpattern outpattern]
Set or unset the filename mapping mechanism. If no arguments are
specified, the filename mapping mechanism is unset. If arguments
are specified, remote filenames are mapped during mput commands
and put commands issued without a specified remote target
filename. If arguments are specified, local filenames are mapped
during mget commands and get commands issued without a specified
local target filename. This command is useful when connecting to
a non-UNIX remote computer with different file naming conventions
or practices. The mapping follows the pattern set by inpattern
and outpattern. inpattern is a template for incoming filenames
(which may have already been processed according to the ntrans
and case settings). Variable templating is accomplished by
including the sequences $1, $2, ..., $9 in inpattern. Use \ to
prevent this special treatment of the $ character. All other
characters are treated literally, and are used to determine the
nmap inpattern variable values. For example, given inpattern
$1.$2 and the remote file name mydata.data, $1 would have the
value mydata, and $2 would have the value data. The outpattern
determines the resulting mapped filename. The sequences $1,
$2, ..., $9 are replaced by any value resulting from the
inpattern template. The sequence $0 is replaced by the original
filename. Additionally, the sequence [seq1,seq2] is replaced by
seq1 if seq1 is not a null string; otherwise it is replaced by
seq2. For example, the command nmap $1.$2.$3 [$1,$2].[$2,file]
would yield the output filename myfile.data for input filenames
myfile.data and myfile.data.old, myfile.file for the input
filename myfile, and myfile.myfile for the input filename
.myfile. Spaces can be included in outpattern, as in the
example:
nmap $1 | sed "s/ *$//" > $1
Use the \ character to prevent special treatment of the $, [, ],
and , characters.
ntrans [inchars [outchars]]
Set or unset the filename character translation mechanism. If no
Hewlett-Packard Company - 6 - HP-UX 11i Version 1: Nov 2004
ftp(1) ftp(1)
arguments are specified, the filename character translation
mechanism is unset. If arguments are specified, characters in
remote filenames are translated during mput commands and put
commands issued without a specified remote target filename. If
arguments are specified, characters in local filenames are
translated during mget commands and get commands issued without a
specified local target filename. This command is useful when
connecting to a non-UNIX remote computer with different file
naming conventions or practices. Characters in a filename
matching a character in inchars are replaced with the
corresponding character in outchars. If the character's position
in inchars is longer than the length of outchars, the character
is deleted from the file name.
open server-host [port-number]
Establish a connection to server-host, using port-number (if
specified). If auto-login is enabled, ftp attempts to log into
the server host.
passive
Toggle passive mode of transfer. By default, the passive mode of
transfer is disabled. This command enables the server to specify
the data port for the ftp transfer.
prompt
Toggle interactive prompting. By default, ftp prompts the user
for a yes or no response for each output file during multiple-
file commands. If interactive prompting is disabled, ftp
performs the command for all specified files.
proxy ftp-command
Execute an ftp command on a secondary control connection. This
command allows simultaneous connection to two remote FTP servers
for transferring files between the two servers. The first proxy
command should be an open, to establish the secondary control
connection. Enter the command proxy ? to see other FTP commands
executable on the secondary connection. The following commands
behave differently when prefaced by proxy: open does not define
new macros during the auto-login process, close does not erase
existing macro definitions, get and mget transfer files from the
host on the primary control connection to the host on the
secondary control connection, and put, mput, and append transfer
files from the host on the secondary control connection to the
host on the primary control connection. Third party file
transfers depend upon support of the FTP protocol PASV command by
the server on the secondary control connection.
put local-file [remote-file]
Copy local-file to remote-file. If remote-file is unspecified,
ftp assigns the local-file name, processed according to any
ntrans or nmap settings, to the remote-file name.
Hewlett-Packard Company - 7 - HP-UX 11i Version 1: Nov 2004
ftp(1) ftp(1)
pwd Write the name of the remote working directory to stdout.
quit A synonym for bye.
quote arguments
Send arguments, verbatim, to the server host. See ftpd(1M).
recv remote-file [local-file]
A synonym for get.
reget remote-file [local-file]
reget acts like get, except that if local-file exists and is
smaller than remote-file, local-file is presumed to be a
partially transferred copy of remote-file and the transfer is
continued from the apparent point of failure. This command is
useful when transferring very large files over networks that tend
to drop connections.
rhelp [command-name]
Request help from the server host. If command-name is specified,
supply it to the server. See ftpd(1M).
rstatus [file-name]
With no arguments, show status of remote machine. If file-name
is specified, show status of file-name on remote machine.
rename remote-from remote-to
Rename remote-from, which can be either a file or a directory, to
remote-to.
reset
Clear reply queue. This command re-synchronizes command/reply
sequencing with the remote FTP server. Resynchronization may be
necessary following a violation of the FTP protocol by the remote
server.
restart marker
Restart the immediately following get or put at the indicated
marker. On UNIX systems, marker is usually a byte offset into
the file.
rmdir remote-directory
Delete remote-directory. remote-directory must be an empty
directory.
runique
Toggle storing of files on the local system with unique
filenames. If a file already exists with a name equal to the
target local filename for a get or mget command, a .1 is appended
to the name. If the resulting name matches another existing
file, a .2 is appended to the original name. If this process
Hewlett-Packard Company - 8 - HP-UX 11i Version 1: Nov 2004
ftp(1) ftp(1)
continues up to .99, an error message is printed, and the
transfer does not take place. ftp reports the unique filename.
Note that runique does not affect local files generated from a
shell command (see below). The default value is off.
send local-file [remote-file]
A synonym for put.
sendport
Toggle the use of PORT commands. By default, ftp attempts to use
a PORT command when establishing a connection for each data
transfer. If the PORT command fails, ftp uses the default data
port. When the use of PORT commands is disabled, ftp makes no
attempt to use PORT commands for each data transfer. This is
useful for certain FTP implementations that ignore PORT commands
but (incorrectly) indicate that they've been accepted. See
ftpd(1M). Turning sendport off may cause delays in the execution
of commands.
site arguments
Send arguments, verbatim, to the server host as a SITE command.
See ftpd(1M).
size remote-file
Show the size of remote-file.
status
Show the current status of ftp.
struct [struct-name]
Set the FTP file transfer struct to struct-name. The only
supported struct is file.
sunique
Toggle storing of files on remote machine under unique file
names. The remote server reports the unique name. By default,
sunique is off.
system
Show the type of operating system running on the remote machine.
tenex
Set the FTP file transfer type to tenex.
type [type-name]
Set the FTP file transfer type to type-name. If type-name is
unspecified, write the current type to stdout. Ascii, binary,
and tenex are the types currently supported.
umask [newmask]
Set the default umask on the remote server to newmask. If
Hewlett-Packard Company - 9 - HP-UX 11i Version 1: Nov 2004
ftp(1) ftp(1)
newmask is omitted, the current umask is printed.
user user-name [password] [account]
Log into the server host on the current connection, which must
already be open. A .netrc file in the user's local home
directory can provide the user-name, password, and optionally the
account; see netrc(4). Otherwise ftp prompts the user for this
information. The HP-UX FTP server does not require an account.
For security reasons, ftp always requires a password. It does
not log into remote accounts that do not have a password.
In a secure environment based on Kerberos V5, ftp will not
require a password. Instead, Kerberos authentication and
authorization will be performed as described in sis(5). In all
other environments, users are considered authenticated if they
have a password and that password is correct, and authorized if
an account exists for them on the remote system.
verbose
Toggle verbose output. If verbose output is enabled, ftp
displays responses from the server host, and when a file transfer
completes it reports statistics regarding the efficiency of the
transfer.
? [command]
A synonym for the help command. Prints the help information for
the specified command.
Aborting A File Transfer
To abort a file transfer, use the terminal interrupt key (usually
Ctrl-C). Sending transfers are halted immediately. ftp halts
incoming (receive) transfers by first sending a FTP protocol ABOR
command to the remote server, then discarding any further received
data. The speed at which this is accomplished depends upon the remote
server's support for ABOR processing. If the remote server does not
support the ABOR command, an ftp> prompt does not appear until the
remote server completes sending the requested file.
The terminal interrupt key sequence is ignored while ftp awaits a
reply from the remote server. A long delay in this mode may result
from the ABOR processing described above, or from unexpected behavior
by the remote server, including violations of the FTP protocol. If
the delay results from unexpected remote server behavior, the local
ftp program must be killed manually.
File Naming Conventions
Files specified as arguments to ftp commands are processed according
to the following rules.
+ If the file name - is specified, ftp uses the standard input (for
reading) or standard output (for writing).
Hewlett-Packard Company - 10 - HP-UX 11i Version 1: Nov 2004
ftp(1) ftp(1)
+ If the first character of the file name is |, ftp interprets the
remainder of the argument as a shell command. ftp forks a shell,
using popen() (see popen(3S)) with the supplied argument, and reads
(writes) from standard output (standard input). If the shell
command includes spaces, the argument must be quoted, as in:
"| ls -lt"
Some useful examples of this mechanism are:
ls . "| more"
The above command lists the files in the current directory page by
page.
put "| tail -20 loc_file" rem_file
This command copies the last twenty lines of the local file
"loc_file" to the remote system as "rem_file".
+ Otherwise, if globbing is enabled, ftp expands local file names
according to the rules used by the C shell (see csh(1)); see the
glob command, below. If the ftp command expects a single local
file (e.g., put), only the first filename generated by the globbing
operation is used.
+ For mget commands and get commands with unspecified local file
names, the local filename is named the same as the remote filename,
which may be altered by a case, ntrans, or nmap setting. The
resulting filename may then be altered if runique is on.
+ For mput commands and put commands with unspecified remote file
names, the remote filename is named the same as the local filename,
which may be altered by a ntrans or nmap setting. The resulting
filename may then be altered by the remote server if sunique is on.
WARNINGS
Correct execution of many commands depends upon proper behavior by the
remote server.
DIAGNOSTICS
Error! could not retrieve authentication type.
Please notify sys admin.
There are two authentication mechanisms used by ftp. One
authentication mechanism is based on Kerberos and the other is
not. The type of authentication mechanism is obtained from a
system file which is updated by inetsvcs_sec(1M). If the system
file does not contain known authentication types, the above error
is displayed.
Hewlett-Packard Company - 11 - HP-UX 11i Version 1: Nov 2004
ftp(1) ftp(1)
AUTHOR
ftp was developed by the University of California, Berkeley.
SEE ALSO
csh(1), rcp(1), ftpd(1M), inetsvcs_sec(1M), netrc(4), ftpusers(4),
hosts(4), krb5.conf(4), sis(5).
Hewlett-Packard Company - 12 - HP-UX 11i Version 1: Nov 2004
################################################################################
hq-nms-3 #man ftpd
Reformatting entry. Wait... done
ftpd(1M) ftpd(1M)
NAME
ftpd - DARPA Internet File Transfer Protocol server
SYNOPSIS
/usr/lbin/ftpd [-l] [-p] [-v] [-t timeout] [-P] [-T maxtimeout]
[-u umask] [-B size] [-a] [-A] [-L] [-i] [-o] [-m number_of_tries]
DESCRIPTION
ftpd is the DARPA Internet File Transfer Protocol server. It expects
to be run by the Internet daemon (see inetd(1M) and inetd.conf(4)).
inetd runs ftpd when a service request is received at the port
indicated in the ftp service specification in /etc/services (see
services(4)). ftpd recognizes the following options and command-line
arguments.
-l Causes each FTP session to be logged in the syslog
file.
-p The default action of ftpd does not allow usage of
reserved ports as the originating port on the
client's system i.e., the PORT command cannot
specify a reserved port. This option allows the
client to specify a reserved port. Note, allowing
usage of reserved ports can result in the misuse
of ftpd. The security ramifications should be
understood before the option is turned on.
-v The debugging information is written to the syslog
file.
-t timeout Causes ftpd to timeout inactive sessions after
timeout seconds. By default, ftpd terminates an
inactive session after 15 minutes.
-P Enables third party transfer.
-T maxtimeout A client can also request a different timeout
period. The -T option sets to maxtimeout the
maximum timeout that client can request, in
seconds. By default, the maximum timeout is 2
hours.
-u umask Change default ftpd umask from 027 to umask.
-B size Sets the buffer size of the data socket to size
blocks of 1024 bytes. The valid range for size is
from 1 to 64 (default is 56). NOTE: A large
buffer size will improve the performance of ftpd
on fast links (e.g. FDDI), but may cause long
connection times on slow links (e.g. X.25).
Hewlett-Packard Company - 1 - HP-UX Release 11i: November 2000
ftpd(1M) ftpd(1M)
-a Enables the use of the configuration file
/etc/ftpd/ftpaccess. (see ftpaccess(4)).
-A Disables the use of the configuration file
/etc/ftpd/ftpaccess. (see ftpaccess(4)).
-L Logs all commands sent to the ftpd(1M) server to
be logged to the syslog. The -L option is
overridden by /etc/ftpd/ftpaccess file. (see
ftpaccess(4)). If the -L option is used, commands
will be logged to syslog by default.
-i Logs all the files received by ftpd server to
xferlog (see xferlog(5)). This option is
overridden by the /etc/ftpd/ftpaccess file. (see
ftpaccess(4)).
-o Logs all files transmitted by ftpd to xferlog (see
xferlog(5)). It logs outgoing files from the ftpd
server. This option is overridden by the
/etc/ftpd/ftpaccess file. (see ftpaccess(4)).
-m number_of_tries
Specifies the number of tries for a bind() socket
call.
ftpd currently supports the following commands (uppercase and
lowercase are interpreted as equivalent):
Command Description
ABOR Abort previous command
ACCT Specify account (ignored)
ALLO Allocate storage (vacuously)
APPE Append to a file
CDUP Change to parent of current working directory
CWD Change working directory
DELE Delete a file
HELP Give help information
LIST Give list files in a directory (ls -l)
MKD Make a directory
MDTM Show last modification time of file
MODE Specify data transfer mode
NLST Give name list of files in directory
NOOP Do nothing
PASS Specify password
PASV Prepare for server-to-server transfer
PORT Specify data connection port
PWD Print the current working directory
QUIT Terminate session
REST Restart incomplete transfer
Hewlett-Packard Company - 2 - HP-UX Release 11i: November 2000
ftpd(1M) ftpd(1M)
RETR Retrieve a file
RMD Remove a directory
RNFR Specify rename-from file name
RNTO Specify rename-to file name
SITE Non-standard commands (see next section)
SIZE Return size of file
STAT Return status of server
STOR Store a file
STOU Store a file with a unique name
STRU Specify data transfer structure
SYST Show operating system type of server system
TYPE Specify data transfer type
USER Specify user name
XCUP Change to parent of current working directory
XCWD Change working directory
XMKD Make a directory
XPWD Print the current working directory
XRMD Remove a directory
The following non-standard or HP-UX specific commands are supported by
the SITE command:
Command Description
UMASK Change umask. (e.g., SITE UMASK 002)
IDLE Set idle-timer. (e.g., SITE IDLE 60)
CHMOD Change mode of a file. (e.g., SITE CHMOD 755
filename)
HELP Give help information. (e.g., SITE HELP)
NEWER List files newer than a particular date.
MINFO Works like SITE NEWER, but gives extra
information.
GROUP Request for special group access. (e.g. , SITE
GROUP foo)
GPASS Give special group access password. (e.g. , SITE
GPASS bar)
EXEC Execute a program. (e.g. , SITE EXEC program
params)
The remaining FTP requests specified in Internet RFC 959 are
recognized, but not implemented. MDTM and SIZE are not specified in
RFC 959, but are expected in the next updated FTP RFC.
The FTP server aborts an active file transfer only when the ABOR
command is preceded by a Telnet "Interrupt Process" (IP) signal and a
Telnet ``Synch'' signal in the command Telnet stream, as described in
Internet RFC 959. If ftpd receives a STAT command during a data
transfer, preceded by a Telnet IP and Synch, it returns the status of
the transfer.
ftpd interprets file names according to the ``globbing'' conventions
used by csh(1). This allows users to utilize the metacharacters *, .,
Hewlett-Packard Company - 3 - HP-UX Release 11i: November 2000
ftpd(1M) ftpd(1M)
[, ], {, }, ~, and ?.
ftpd authenticates users according to three rules:
+ The user name must be in the password data base, /etc/passwd,
and not have a null password. The client must provide the
correct password for the user before any file operations can
be performed.
+ The user name must not appear in the file /etc/ftpd/ftpusers
(see ftpusers(4)).
+ The user must have a standard shell returned by
getusershell().
Optionally, a system administrator can permit public access or
``anonymous If this has been set up, users can access the
anonymous FTP account with the user name anonymous or ftp and any
non-null password (by convention, the client host's name). ftpd does
a chroot() to the home directory of user ftp, thus limiting anonymous
FTP users' access to the system. If the user name is anonymous or
ftp, an anonymous FTP account must be present in the password file
(user ftp). In this case the user is allowed to log in by specifying
any password (by convention this is given as the user's e-mail
address).
In order to permit anonymous FTP, there must be an entry in the
passwd(4) database for an account named ftp. The password field
should be *, the group membership should be guest, and the login shell
should be /usr/bin/false. For example (assuming the guest group ID is
10):
ftp:*:500:10:anonymous ftp:/home/ftp:/usr/bin/false
The anonymous FTP directory should be set up as follows:
~ftp The home directory of the FTP account should be owned by user
root and mode 555 (not writable). Since ftpd does a chroot()
to this directory, it must have the following subdirectories
and files:
~ftp/usr/bin
This directory must be owned by root and mode 555
(not writable). The file /sbin/ls should be copied
to ~ftp/usr/bin. This is needed to support
directory listing by ftpd. The command should be
mode 111 (executable only). If the FTP account is
on the same file system as /sbin, ~ftp/usr/bin/ls
can be hard link, but it may not be a symbolic link,
because of the chroot(). The command must be
replaced when the system is updated.
Hewlett-Packard Company - 4 - HP-UX Release 11i: November 2000
ftpd(1M) ftpd(1M)
~ftp/etc This directory must be owned by root and mode 555
(not writable). It should contain versions of the
files passwd and group. See passwd(4) and group(4).
These files must be owned by root and mode 444
(readable only). These files must be present for
the LIST command to be able to produce owner names
rather than numbers.
~ftp/etc/passwd
This file should contain entries for the ftp user
and any other users who own files under the
anonymous ftp directory. Such entries should have *
for passwords. Group IDs must be listed in the
anonymous FTP group file, ~ftp/etc/group. The path
names of home directories in ~ftp/etc/passwd must be
with respect to the anonymous FTP home directory.
~ftp/etc/group
This file should contain the group names associated
with any group IDs in file ~ftp/etc/passwd and any
group IDs of files in the anonymous FTP
subdirectories.
~ftp/pub (optional)
This directory is used by anonymous FTP users to
deposit files on the system. It should be owned by
user ftp and should be mode 777 (readable and
writable by all).
~ftp/dist (optional)
Directories used to make files available to
anonymous ftp users should be mode 555 (not
writable), and any files to be distributed should be
owned by root and mode 444 (readable only) so that
they cannot be modified or removed by anonymous FTP
users.
Note: The steps that are followed to create an anonymous account is
used to create a guest account also.
DIAGNOSTICS
ftpd replies to FTP commands to ensure synchronization of requests and
actions during file transfers, and to indicate the status of ftpd.
Every command produces at least one reply, although there may be more
than one. A reply consists of a three-digit number, a space, some
text, and an end of line. The number is useful for programs; the text
is useful for users. The number must conform to this standard, but
the text can vary.
The first digit of the message indicates whether the reply is good,
bad, or incomplete. Five values exist for the first digit. The
Hewlett-Packard Company - 5 - HP-UX Release 11i: November 2000
ftpd(1M) ftpd(1M)
values and the interpretations of the values are:
1 The requested action is being initiated; expect another
reply before proceeding with a new command.
2 The requested action is complete. The server is ready
for a new request.
3 The command has been accepted, but the requested action
requires more information.
4 The command was not accepted, the requested action
failed, but the error condition is temporary and the
action can be requested again.
5 The command was not accepted, the requested action
failed, and the error condition would most likely occur
again if the same command sequence is repeated.
The second digit indicates the functional area that the message
addresses. The values of the second digit and the interpretations of
these values are:
0 Syntax. A message with a 0 for the second digit
indicates that a syntax error occurred.
1 Information. A message with a 1 as the second digit
indicates that the message is in reply to a request for
information.
2 Connections. A message with a 2 as the second digit
indicates that the message is a reply to a request for
control and data connection information.
3 Authentication and accounting. A message with a 3 as the
second digit indicates that the message is a reply to a
login or accounting procedure.
4 Not currently specified.
5 File system. A message with a 5 as the second digit
indicates that the text following the number contains
information concerning the status of the server file
system.
The third digit provides a further clarification of the information
supplied by the second digit. Following are several examples of
messages. Note that ftpd's replies match the number but not the text.
110 Restart marker reply. MARK yyyy=mmmm where yyyy is a
user process data stream marker, and mmmm is ftpd's
Hewlett-Packard Company - 6 - HP-UX Release 11i: November 2000
ftpd(1M) ftpd(1M)
equivalent marker
120 Service ready in nnn minutes
200 Command okay
211 System status, or system help reply
212 Directory status
230 User logged in, proceed
250 Requested file action okay, completed
331 User name okay, need password
350 Requested file action pending further information
425 Cannot open data connection
451 Requested action aborted: local error in processing
500 Syntax error, command unrecognized or command line too
long
530 Not logged in
550 Requested action not taken; file unavailable, not found,
no access
WARNINGS
The password is sent unencrypted through the socket connection.
Anonymous FTP is inherently dangerous to system security.
DEPENDENCIES
Pluggable Authentication Modules (PAM)
PAM is an Open Group standard for user authentication, password
modification, and validation of accounts. In particular,
pam_authenticate() is invoked to perform all functions related to
login. This includes retrieving the password, validating the account,
and displaying error messages.
AUTHOR
ftpd was developed by the University of California, Berkeley and the
Washington University, St. Louis, Missouri.
SEE ALSO
ftp(1), inetd(1M), chroot(2), getusershell(3C), pam_authenticate(3),
inetd.conf(4), ftpaccess(4), ftpusers(4), group(4), passwd(4),
xferlog(5).
Hewlett-Packard Company - 7 - HP-UX Release 11i: November 2000
hq-nms-3 # quit
sh: quit: not found.
hq-nms-3 #exit
logout root