ftpd.1m (2010 09)
f
ftpd(1M) ftpd(1M)
CCC Clear command channel
ENC Privacy protected command
MIC Integrity protected command
PROT Data channel protection level (level "C" only)
PBSZ Protection buffer size (has no effect)
These commands are described in draft 8 of the FTP security extensions.
SITE Command
The following non-standard or HP-UX specific commands are supported by the
SITE command:
Command Description
UMASK Change umask. (e.g., SITE UMASK 002)
IDLE Set idle-timer. (e.g., SITE IDLE 60)
CHMOD Change mode of a file. (e.g.,
SITE CHMOD 755 filename)
HELP Give help information. (e.g., SITE HELP
).
NEWER List files newer than a particular date.
MINFO Similar to SITE NEWER, but gives extra information.
GROUP Request for special group access. (e.g., SITE GROUP foo
).
GPASS Give special group access password. (e.g.,
SITE GPASS bar).
EXEC Execute a program. (e.g., SITE EXEC program params
)
For the
SITE EXEC command, in order to execute a program it has to be placed in the
/etc/ftpd/ftp-exec
directory. The program to be executed must be either a binary program file or a
valid shell. For example for the following program:
cat /etc/ftpd/ftp-exec/hi.sh
#!/usr/bin/sh
echo hello
When we give the following SITE EXEC command:
ftp> site exec hi.sh
The output will be as follows:
200-hi.sh
200-hello
200 (end of ’hi.sh’)
Note: The security of the system will entirely be dependent on what binaries or shell programs that the
administrator has placed in the directory
/etc/ftpd/ftp-exec. Making this functionality available
to real users who have shell access does not have any major security ramifications, but for anonymous
and guest users who do not have shell access, there are security risks.
Other FTP Requests
The remaining FTP requests specified in Internet RFC 959 are recognized, but not implemented.
MDTM
and SIZE are not specified in RFC 959, but are expected in the next updated FTP RFC.
The FTP server aborts an active file transfer only when the
ABOR command is preceded by a Telnet
"Interrupt Process" (IP) signal and a Telnet "Synch" signal in the command Telnet stream, as described in
Internet RFC 959. If ftpd receives a STAT command during a data transfer, preceded by a Telnet IP
and Synch, it returns the status of the transfer.
ftpd interprets file names according to the "globbing" conventions used by csh. This allows users to
utilize the metacharacters *, ., [, ], {, }, ˜, and ?.
ftpd authenticates users according to the following rules:
• The user name must be in the password data base, (e.g., the local password file
/etc/passwd, NIS,
and LDAP) and not have a null password. The client must provide the correct password for the user
before any file operations can be performed.
• The user name must not appear in the file
/etc/ftpd/ftpusers (see ftpusers (4)).
• The user must have a standard shell returned by
getusershell().
• The user environment must be accessible (per the configured database sources explained in
nsswitch.conf (4)).
6 Hewlett-Packard Company − 6 − HP-UX 11i Version 3: September 2010