HP-UX Reference (11i v1 05/09) - 1M System Administration Commands A-M (vol 3)
f
ftpd(1M)
Kerberos ftpd(1M)
The FTP server aborts an active file transfer only when the
ABOR command is preceded by a Telnet "Inter-
rupt Process" (IP) signal and a Telnet ‘‘Synch’’ signal in the command Telnet stream, as described in Inter-
net RFC 959. If
ftpd receives a STAT
command during a data transfer, preceded by a Telnet IP and
Synch, it returns the status of the transfer.
ftpd interprets file names according to the ‘‘globbing’’ conventions used by
csh. This allows users to util-
ize the metacharacters
*, ., [, ], {
, }, ˜, and ?.
ftpd authenticates users according to three rules:
• The user name must be in the password data base,
/etc/passwd , and not have a null password.
The client must provide the correct password for the user before any file operations can be per-
formed.
• The user name must not appear in the file
/etc/ftpd/ftpusers
(see ftpusers(4)).
• The user must have a standard shell returned by
getusershell().
Optionally, a system administrator can permit public access or ‘‘anonymous FTP.’’ If this has been set up,
users can access the anonymous FTP account with the user name
anonymous or ftp and any non-null
password (by convention, the client host’s name).
ftpd does a chroot() to the home directory of user
ftp, thus limiting anonymous FTP users’ access to the system. If the user name is
anonymous or ftp,
an anonymous FTP account must be present in the password file (user
ftp). In this case the user is
allowed to log in by specifying any password (by convention this is given as the user’s e-mail address).
In order to permit anonymous FTP, there must be an entry in the passwd(4) database for an account
named
ftp. The password field should be *, the group membership should be guest
, and the login shell
should be
/usr/bin/false. For example (assuming the
guest group ID is 10):
ftp:*:500:10:anonymous ftp:/home/ftp:/usr/bin/false
The anonymous FTP directory should be set up as follows:
˜ftp The home directory of the FTP account should be owned by user root and mode 555 (not writ-
able). Since
ftpd does a chroot() to this directory, it must have the following subdirectories
and files:
~ftp/usr/bin
This directory must be owned by root and mode 555 (not writable). The file /sbin/ls
should be copied to ˜ftp/usr/bin.
This is needed to support directory listing by
ftpd. The command should be mode 111 (executable only). If the FTP account is on
the same file system as /sbin, ˜ftp/usr/bin/ls
can be hard link, but it may not
be a symbolic link, because of the
chroot(). The command must be replaced when
the system is updated.
~ftp/etc
This directory must be owned by root and mode 555 (not writable). It should contain
versions of the files passwd and group. See passwd(4) and group(4). These files must
be owned by root and mode 444 (readable only). These files must be present for the
LIST command to be able to produce owner names rather than numbers.
~ftp/etc/passwd
This file should contain entries for the ftp user and any other users who own files
under the anonymous ftp directory. Such entries should have * for passwords.
Group IDs must be listed in the anonymous FTP group file, ˜ftp/etc/group. The
path names of home directories in ˜ftp/etc/passwd must be with respect to the
anonymous FTP home directory.
~ftp/etc/group
This file should contain the group names associated with any group IDs in file
~ftp/etc/passwd and any group IDs of files in the anonymous FTP subdirectories.
~ftp/pub (optional)
This directory is used by anonymous FTP users to deposit files on the system. It should
be owned by user ftp and should be mode 777 (readable and writable by all).
~ftp/dist (optional)
Directories used to make files available to anonymous ftp users should be mode 555 (not
writable), and any files to be distributed should be owned by root and mode 444 (read-
able only) so that they cannot be modified or removed by anonymous FTP users.
Section 1M−−286 Hewlett-Packard Company − 3 − HP-UX 11i Version 1: September 2005