ftpd.1m (2010 09)
f
ftpd(1M) ftpd(1M)
Optionally, a system administrator can permit public access or "anonymous FTP." If this has been set up,
users can access the anonymous FTP account with the user name
anonymous or ftp and any non-null
password (by convention, the client host’s name).
ftpd does a chroot() to the home directory of user
ftp, thus limiting anonymous FTP users’ access to the system. If the user name is
anonymous or ftp
,
an anonymous FTP account must be present in the password file (user
ftp). In this case the user is
allowed to log in by specifying any password (by convention this is given as the user’s e-mail address).
In order to permit anonymous FTP, there must be an entry in the
/etc/passwd database for an
account named
ftp. See passwd (4). The password field should be
*, the group membership should be
guest, and the login shell should be
/usr/bin/false. For example (assuming the
guest group ID
is
10):
ftp:*:500:10:anonymous ftp:/home/ftp:/usr/bin/false
The anonymous FTP directory should be set up as follows:
˜ftp The home directory of the FTP account should be owned by user
root and mode 555 (not writ-
able). Since
ftpd does a chroot() to this directory, it must have the following subdirectories
and files:
~ftp/usr/bin
This directory must be owned by root and mode 555 (not writable). The file
/sbin/ls should be copied to ˜ftp/usr/bin. This is needed to support directory
listing by ftpd. The command should be mode 111 (executable only). If the FTP
account is on the same file system as /sbin, ˜ftp/usr/bin/ls
can be hard link,
but it may not be a symbolic link, because of the
chroot(). The command must be
replaced when the system is updated.
Note: The file /usr/bin/ls can also be copied to the directory ˜ftp/usr/bin
in place of /sbin/ls. However, if this is done, a set of relevant libraries must also
be copied under the directory ˜ftp/usr/lib. See the HP-UX Remote Access Ser-
vices Administrator’s Guide for details of required libraries. The directory
~ftp/usr/lib must be owned by root and mode 555 (not writable). All the
libraries copied under this directory must be mode 555 (not writable).
~ftp/etc
This directory must be owned by root and mode 555 (not writable). It should contain
versions of the files passwd and group. See passwd (4) and group (4). These files
must be owned by root and mode 444 (readable only). These files must be present for
the LIST command to be able to produce owner names rather than numbers.
~ftp/etc/passwd
This file should contain entries for the ftp user and any other users who own files
under the anonymous ftp directory. Such entries should have * for passwords.
Group IDs must be listed in the anonymous FTP group file, ˜ftp/etc/group
. The
path names of home directories in
˜ftp/etc/passwd
must be with respect to the
anonymous FTP home directory.
~ftp/etc/group
This file should contain the group names associated with any group IDs in file
~ftp/etc/passwd and any group IDs of files in the anonymous FTP subdirectories.
~ftp/pub (optional)
This directory is used by anonymous FTP users to deposit files on the system. It
should be owned by user ftp and should be mode 777 (readable and writable by all).
~ftp/dist (optional)
Directories used to make files available to anonymous FTP users should be mode 555
(not writable), and any files to be distributed should be owned by root and mode 444
(readable only) so that they cannot be modified or removed by anonymous FTP users.
Note: The steps that are followed to create an anonymous account are used to create a guest account
also.
DIAGNOSTICS
ftpd replies to FTP commands to ensure synchronization of requests and actions during file transfers,
and to indicate the status of ftpd. Every command produces at least one reply, although there may be
more than one. A reply consists of a three-digit number, a space, some text, and an end of line. The
HP-UX 11i Version 3: September 2010 − 7 − Hewlett-Packard Company 7