1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
|
--- ftpd.8.TLS.orig Thu May 16 15:07:51 2002
+++ ftpd.8.TLS Tue Sep 9 02:33:26 2003
@@ -35,13 +35,13 @@
.\" @(#)ftpd.8 8.2 (Berkeley) 4/19/94
.\"
.Dd June 18, 1996
-.Dt FTPD 8
+.Dt FTPD-TLS 8
.Os
.Sh NAME
-.Nm ftpd
-.Nd Internet File Transfer Protocol server
+.Nm ftpd-tls
+.Nd Internet File Transfer Protocol server supporting AUTH TLS
.Sh SYNOPSIS
-.Nm ftpd
+.Nm ftpd-tls
.Op Fl AdDhlMPSU46
.Op Fl T Ar maxtimeout
.Op Fl t Ar timeout
@@ -62,7 +62,7 @@
.Bl -tag -width Ds
.It Fl A
Permit only anonymous ftp connections, accounts listed in
-.Pa /etc/ftpchroot
+.Pa %%PREFIX%%/etc/ftpd-tls/ftpchroot
or users in a login class with the
.Dq ftp-chroot
variable set (see below).
@@ -107,7 +107,7 @@
.It Fl P
Permit illegal port numbers or addresses for PORT command initiated connects.
By default
-.Xr ftpd 8
+.Xr ftpd-tls 8
violates the RFC and thus constrains the PORT command to non-reserved ports
and requires it use the same source address as the connection came from.
This prevents the "FTP bounce attack" against services on both the local
@@ -116,7 +116,7 @@
With this option set,
.Nm
logs all anonymous downloads to the file
-.Pa /var/log/ftpd
+.Pa /var/log/ftpd-tls
when this file exists.
.It Fl U
Each concurrent
@@ -176,20 +176,20 @@
.El
.Pp
The file
-.Pa /etc/nologin
+.Pa /var/run/nologin
can be used to disable ftp access.
If the file exists,
.Nm
displays it and exits.
If the file
-.Pa /etc/ftpwelcome
+.Pa %%PREFIX%%/etc/ftpd-tls/ftpwelcome
exists,
.Nm
prints it before issuing the
.Dq ready
message.
If the welcome file exists
-.Pa ( /etc/motd
+.Pa ( %%PREFIX%%/etc/ftpd-tls/motd
by default),
.Nm
prints it after a successful login.
@@ -320,13 +320,13 @@
file operations may be performed.
.It
The login name must not appear in the file
-.Pa /etc/ftpusers .
+.Pa %%PREFIX%%/etc/ftpd-tls/ftpusers .
.It
The user must have a standard shell as described by
.Xr shells 5 .
.It
If the user name appears in the file
-.Pa /etc/ftpchroot
+.Pa %%PREFIX%%/etc/ftpd-tls/ftpchroot
the session's root will be changed to the user's login directory by
.Xr chroot 2
as for an
@@ -432,7 +432,7 @@
.El
.Pp
If logging to the
-.Pa /var/log/ftpd
+.Pa /var/log/ftpd-tls
file is enabled, information will be written in the following format:
.Pp
.Bl -tag -width XXXXXXXXXXXXXX -offset indent -compact
@@ -514,24 +514,24 @@
.It Pa welcome
The path of the file containing the welcome message.
If this variable is not set,
-.Pa /etc/motd
+.Pa %%PREFIX%%/etc/ftpd-tls/motd
is used.
.El
.Sh FILES
-.Bl -tag -width /var/run/ftpd.pid -compact
-.It Pa /etc/ftpusers
+.Bl -tag -width /var/run/ftpd-tls.pid -compact
+.It Pa %%PREFIX%%/etc/ftpd-tls/ftpusers
list of unwelcome/restricted users
-.It Pa /etc/ftpchroot
+.It Pa %%PREFIX%%/etc/ftpd-tls/ftpchroot
list of normal users who should be chrooted
-.It Pa /etc/ftpwelcome
+.It Pa %%PREFIX%%/etc/ftpd-tls/ftpwelcome
welcome notice
-.It Pa /etc/nologin
+.It Pa /var/run/nologin
displayed and access refused
.It Pa /var/run/utmp
list of users on the system
-.It Pa /var/run/ftpd.pid
+.It Pa /var/run/ftpd-tls.pid
process ID if running in daemon mode
-.It Pa /var/log/ftpd
+.It Pa /var/log/ftpd-tls
log file for anonymous downloads
.El
.Sh SEE ALSO
@@ -541,14 +541,16 @@
.Xr chroot 2 ,
.Xr login.conf 5 ,
.Xr shells 5 ,
+.Xr ftpd 8 ,
.Xr inetd 8 ,
.Xr syslogd 8 ,
-.Xr ftp-proxy 8
.Sh HISTORY
The
-.Nm
+.Ic ftpd
command appeared in
.Bx 4.2 .
+.Pp
+AUTH TLS support added by Peter 'Luna' Runestig <peter@runestig.com>.
.Sh BUGS
The server must run as the superuser to create sockets with
privileged port numbers.
|
