ftpd -- Internet File Transfer Protocol server


/etc/ftpd [ -a ] [ -A ] [ -d ] [ -i ] [ -l ] [ -L ] [ -o ] [ -P ] [ -p ] [ -Q ] [ -q ] [ -r ] [ -S ] [ -s ]
[ -t timeout ] [ -T maxtimeout ] [ -u mask ] [ -v ] [ -V ] [ -w ] [ -W ] [ -X ]


ftpd is the Internet File Transfer Protocol server process. The server uses the TCP protocol and listens at the port specified in the ftp service specification; see services(SFF).

ftpd is started by the super server inetd, and therefore must have an entry in inetd's configuration file, /etc/inetd.conf. See inetd(ADMN) and inetd.conf(SFF).

Specify that the access file, /etc/ftpaccess, must be present. This is the default behavior.

Ignore the access file, /etc/ftpaccess.

Write debugging information to the syslog file.

Log all inbound file transfers to the ftplog file.

Log all FTP sessions to the syslog file.

Log all commands received from remote FTP clients to the syslog file.

Log all outbound file transfers to the ftplog file.

Override the port numbers used by the daemon. Normally, the daemon determines the port numbers by looking in the /etc/services for "ftp" and "ftp-data". If there is no /etc/services entry for "ftp-data" and the -P option is not specified, the daemon uses the port just prior to the control connection port.

Override the port numbers used by the daemon. Available only if running as a standalone daemon.

Disable the PID files. These files are required by the limit directive to determine the number of current users in each access class. Disabling the use of the PID files disables user limits. Use this option when testing the server as a normal user when access permissions prevent the use of the PID files. Large, busy sites which do not wish to impose limits on the number of concurrent users may also consider disabling the PID files.

Specify that the daemon is to use the PID files.

chroot(S) to the specified rootdir immediately upon loading. This can improve system security by limiting the files which may be damaged should a breakin occur through the daemon. Set is much like anonymous FTP, with additional files needed which vary from system to system.

Run in standalone operation mode in the background. This option is useful in startup scripts during system initialization (ie., in rc.local).

Run in standalone operation mode in the foreground. This option is useful when running from init (ie., /etc/inittab.

-t timeout
Set the timeout period for an inactive session to timeout seconds. The default is 15 minutes. A client may also request a different timeout period; see the -T option.

-T maxtimeout
Set the maximum timeout limit to maxtimeout seconds. The default limit is 2 hours. This option prevents clients from requesting longer timeout periods than the set limit.

-u mask
Set the file creation mask to mask.

Equivalent to -d.

Cause the program to display copyright and version information, then terminate.

Log every login and logout in the wtmp file. This is the default behavior.

Do not log user logins and logouts in the wtmp file.

Output created by the -i and -o options is not saved to ftplog, but saved to syslog so that output from several hosts can be saved on one central host.

FTP requests

The FTP server currently supports the following FTP requests; case is not distinguished.

abort previous command

send authentication data

specify account (ignored)

allocate storage (vacuously)

append to a file

send authentication type

change to parent of current working directory

change working directory

delete a file

give help information

give list files in a directory (ls -l)

make a directory

show last modification time of file

specify data transfer mode

give name list of files in directory (ls)

do nothing

specify password

prepare for server-to-server transfer

specify protection level

specify data connection port

set protection level

print the current working directory

terminate session

restart a file transfer

retrieve a file

remove a directory

specify rename-from file name

specify rename-to file name

non-standard commands (see next section)

return size of file

return status of server

store a file

store a file with a unique name

specify data transfer structure

display operating system information

specify data transfer type

specify user name

change to parent of current working directory

change working directory

make a directory

print the current working directory

remove a directory

SITE request commands

The following non-standard or UNIX-specific commands are supported by the SITE request.

change mode of a file. For example, SITE CHMOD 755 filename

run the specified command. For example, SITE EXEC command, where command resides in or is linked into the /etc/ftp-exec directory on the FTP server.

WARNING: Providing the capability for remote clients to execute non-standard commands on the FTP server incurs potential security risks. Use extreme caution when placing executables and setting permissions in the /etc/ftp-exec directory.

validate with the specified group password. For example, SITE GPASS passwd

change to the specified group. For example, SITE GROUP group

give help information. For example, SITE HELP

set idle-timer. For example, SITE IDLE 60

exec a local index command. For example, SITE INDEX list

change the language in which ftpd sends messages back to the client. By default, the value of LANG is read from the client user's environment. If this variable is not set, LANG is set to english by default. For example, SITE LANG french sets the language of ftpd messages to French.

show information about files newer than date. For example, SITE MINFO datepath

find files newer than time. For example, SITE NEWER date or SITE NEWER date path

change umask. For example, SITE UMASK 002

The remaining FTP requests specified in RFC 959 are recognized, but not implemented. MDTM and SIZE are not specified in RFC 959, but will appear in the next updated FTP RFC.

The FTP server will abort an active file transfer only when the ABOR command is preceded by a Telnet Interrupt Process (IP) signal and a Telnet Synch signal in the command Telnet stream, as described in RFC 959. If a STAT command is received during a data transfer, preceded by a Telnet IP and Synch, transfer status will be returned.

ftpd interprets file names according to the ``globbing'' conventions used by sh(C). This allows users to utilize the metacharacters * ? [ ] { } and ~.

ftpd authenticates users according to four rules.

Anonymous FTP

When a client logs into the anonymous ftp account, ftpd takes special measures to restrict the client's access privileges. The server performs a chroot(S) command to the home directory of the ftp user.

To prevent a breach in system security, use the following rules when constructing the ftp subtree. (~ftp means ``the home directory of user ftp.'')

Make the home directory owned by root with mode set to 755.

Make this directory owned by root and unwritable by anyone. The program ls(C) must be present in this directory to support the list commands. This program should have mode 111.

Make this directory owned by root and unwritable by anyone. The files passwd(C) and group(F) must be present for the ls command to be able to produce owner names rather than numbers. The password field in passwd is not used, and should not contain real encrypted passwords. These files should be mode 444.

Make this directory owned by root and unwritable by anyone.

Copy /lib/ to this location to support ~ftp/bin/ls. This file should be mode 555 and owned by bin.

Make this directory mode 555 and owned by root. Users should then place files which are to be accessible via the anonymous account in this directory. For full details, see ``Setting up anonymous ftp'' in the Networking Guide.

Make this directory owned by root and unreadable by anyone (mode 333). These permissions create a ``blind dropbox''.

Make this directory owned by root and unwritable by anyone.

Make this directory owned by root and unwritable by anyone.




Copy /usr/lib/, /usr/lib/, /usr/lib/, and /usr/lib/ to this location to support ~ftp/bin/ls. Both files should be mode 555 and owned by bin.

Create this device with the following command:

find /dev/socksys -print | cpio -pdmuv ~ftp

If the networking software on this system is removed and reinstalled, rerun the above command because the major number of the original /dev/socksys device may change.

Create this device with the following command:

find /dev/zero -print | cpio -pdmuv ~ftp

The FTP server expects that anonymous users will give their e-mail address as a password. The server will complain if the password is not of the form user@domain. Users will not be denied access because of malformed passwords.


The ftp server recognizes the special extensions, .tar, .Z, and .tar.Z. In these cases, it will attempt to execute the system commands tar(C), compress(C), or a combination of both. This is useful for retrieving entire directory hierarchies in a single operation. Note that not all systems support the compress command. If this functionality is desired for anonymous logins, the commands must be installed in the appropriate paths under the anonymous login directory. See ``Files'' and ftpconv(SFF).

New filename extensions and rules can be added to the conversions file, ftpconv(SFF). Note that conversions only work when retrieving files from the FTP server.

Long replies

For users whose FTP client will hang on long replies (multi-line responses), using a dash as the first character of the password will disable the use of long replies.


The anonymous account is inherently dangerous and should be avoided when possible.

The server must run as root to create sockets with privileged port numbers. It maintains an effective user ID of the logged in user, reverting to root only when binding addresses to sockets.

Kerberos Network Authentication Service protocol is no longer supported.

Data encryption is not supported.


ftp server configuration file

file name conversions

list of disallowed users, including root, uucp, and other pseudo-users

allowable shell list

user database

group database

system log file

default transfer log file

configuration file for inetd

Internet services list
The following files are needed for anonymous ftp:

to support the LIST and NLST commands

to support the LIST and NLST commands

allows the ftp server to execute tar for anonymous logins

allows the ftp server to execute compress for anonymous logins

needed to establish data connections

used by ~ftp/bin/ls

used by ~ftp/bin/ls

files to be accessible via anonymous ftp
The contents of the files ~ftp/etc/passwd and ~ftp/etc/group should be minimal and not contain real passwords for security reasons.

See also

ftp(TC), ftpaccess(SFF), ftpconv(SFF), ftphosts(SFF), ftplog(SFF), ftpusers(SFF), inetd(ADMN), inetd.conf(SFF), services(SFF), syslog(SLIB), syslogd(ADM), v5srvtab(SFF)

Standards conformance

ftpd is not part of any currently supported standard. It is an extension of AT&T UNIX System V provided by The Santa Cruz Operation, Inc.

ftpd is conformant with:
RFC 959 (STD 9), RFC 1123

© 2003 Caldera International, Inc. All rights reserved.
SCO OpenServer Release 5.0.7 -- 11 February 2003