HP-UX Reference (11i v1 05/09) - 1M System Administration Commands A-M (vol 3)
f
ftpd(1M) ftpd(1M)
Optionally, a system administrator can permit public access or ‘‘anonymous FTP.’’ If this has been set up,
users can access the anonymous FTP account with the user name
anonymous or ftp and any non-null
password (by convention, the client host’s name).
ftpd
does a chroot() to the home directory of user
ftp, thus limiting anonymous FTP users’ access to the system. If the user name is
anonymous or ftp
,
an anonymous FTP account must be present in the password file (user
ftp). In this case the user is
allowed to log in by specifying any password (by convention this is given as the user’s e-mail address).
In order to permit anonymous FTP, there must be an entry in the passwd(4) database for an account
named
ftp. The password field should be
*, the group membership should be guest, and the login shell
should be
/usr/bin/false
. For example (assuming the guest group ID is
10):
ftp:*:500:10:anonymous ftp:/home/ftp:/usr/bin/false
The anonymous FTP directory should be set up as follows:
˜ftp The home directory of the FTP account should be owned by user
root and mode 555 (not writ-
able). Since
ftpd does a chroot() to this directory, it must have the following subdirectories
and files:
~ftp/usr/bin
This directory must be owned by root and mode 555 (not writable). The file /sbin/ls
should be copied to ˜ftp/usr/bin.
This is needed to support directory listing by
ftpd. The command should be mode 111 (executable only). If the FTP account is on
the same file system as /sbin, ˜ftp/usr/bin/ls
can be hard link, but it may not
be a symbolic link, because of the
chroot(). The command must be replaced when
the system is updated.
~ftp/etc
This directory must be owned by root and mode 555 (not writable). It should contain
versions of the files passwd and group. See passwd(4) and group(4). These files must
be owned by root and mode 444 (readable only). These files must be present for the
LIST command to be able to produce owner names rather than numbers.
~ftp/etc/passwd
This file should contain entries for the ftp user and any other users who own files
under the anonymous ftp directory. Such entries should have * for passwords.
Group IDs must be listed in the anonymous FTP group file, ˜ftp/etc/group
. The
path names of home directories in
˜ftp/etc/passwd
must be with respect to the
anonymous FTP home directory.
~ftp/etc/group
This file should contain the group names associated with any group IDs in file
~ftp/etc/passwd and any group IDs of files in the anonymous FTP subdirectories.
~ftp/pub (optional)
This directory is used by anonymous FTP users to deposit files on the system. It should
be owned by user ftp and should be mode 777 (readable and writable by all).
~ftp/dist (optional)
Directories used to make files available to anonymous ftp users should be mode 555 (not
writable), and any files to be distributed should be owned by root and mode 444 (read-
able only) so that they cannot be modified or removed by anonymous FTP users.
Note: The steps that are followed to create an anonymous account is used to create a guest account also.
DIAGNOSTICS
ftpd replies to FTP commands to ensure synchronization of requests and actions during file transfers, and
to indicate the status of ftpd. Every command produces at least one reply, although there may be more
than one. A reply consists of a three-digit number, a space, some text, and an end of line. The number is
useful for programs; the text is useful for users. The number must conform to this standard, but the text
can vary.
The first digit of the message indicates whether the reply is good, bad, or incomplete. Five values exist for
the first digit. The values and the interpretations of the values are:
1 The requested action is being initiated; expect another reply before proceeding with a new
command.
Section 1M−−282 Hewlett-Packard Company − 3 − HP-UX 11i Version 1: September 2005