1.\" $NetBSD: ftpd.conf.manin,v 1.2 2010/01/04 01:10:43 lukem Exp $ 2.\" from NetBSD: ftpd.conf.5,v 1.37 2009/04/09 02:25:45 joerg Exp 3.\" 4.\" Copyright (c) 1997-2008 The NetBSD Foundation, Inc. 5.\" All rights reserved. 6.\" 7.\" This code is derived from software contributed to The NetBSD Foundation 8.\" by Luke Mewburn. 9.\" 10.\" Redistribution and use in source and binary forms, with or without 11.\" modification, are permitted provided that the following conditions 12.\" are met: 13.\" 1. Redistributions of source code must retain the above copyright 14.\" notice, this list of conditions and the following disclaimer. 15.\" 2. Redistributions in binary form must reproduce the above copyright 16.\" notice, this list of conditions and the following disclaimer in the 17.\" documentation and/or other materials provided with the distribution. 18.\" 19.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29.\" POSSIBILITY OF SUCH DAMAGE. 30.\" 31.Dd April 13, 2007 32.Dt FTPD.CONF 5 33.Os 34.Sh NAME 35.Nm ftpd.conf 36.Nd 37.Xr tnftpd 8 38configuration file 39.Sh DESCRIPTION 40The 41.Nm 42file specifies various configuration options for 43.Xr tnftpd 8 44that apply once a user has authenticated their connection. 45.Pp 46.Nm 47consists of a series of lines, each of which may contain a 48configuration directive, a comment, or a blank line. 49Directives that appear later in the file override settings by previous 50directives. 51This allows 52.Sq wildcard 53entries to define defaults, and then have class-specific overrides. 54.Pp 55A directive line has the format: 56.Dl command class [arguments] 57.Pp 58A 59.Dq \e 60is the escape character; it can be used to escape the meaning of the 61comment character, or if it is the last character on a line, extends 62a configuration directive across multiple lines. 63A 64.Dq # 65is the comment character, and all characters from it to the end of 66line are ignored (unless it is escaped with the escape character). 67.Pp 68Each authenticated user is a member of a 69.Em class , 70which is determined by 71.Xr ftpusers 5 . 72.Em class 73is used to determine which 74.Nm 75entries apply to the user. 76The following special classes exist when parsing entries in 77.Nm : 78.Bl -tag -width "chroot" -compact -offset indent 79.It Sy all 80Matches any class. 81.It Sy none 82Matches no class. 83.El 84.Pp 85Each class has a type, which may be one of: 86.Bl -tag -width "CHROOT" -offset indent 87.It Sy GUEST 88Guests (as per the 89.Dq anonymous 90and 91.Dq ftp 92logins). 93A 94.Xr chroot 2 95is performed after login. 96.It Sy CHROOT 97.Xr chroot 2 Ns ed 98users (as per 99.Xr ftpchroot 5 ) . 100A 101.Xr chroot 2 102is performed after login. 103.It Sy REAL 104Normal users. 105.El 106.Pp 107The 108.Xr tnftpd 8 109.Sy STAT 110command will return the class settings for the current user as defined by 111.Nm , 112unless the 113.Sy private 114directive is set for the class. 115.Pp 116Each configuration line may be one of: 117.Bl -tag -width 4n 118.It Sy advertize Ar class Op Ar host 119Set the address to advertise in the response to the 120.Sy PASV 121and 122.Sy LPSV 123commands to the address for 124.Ar host 125(which may be either a host name or IP address). 126This may be useful in some firewall configurations, although many 127ftp clients may not work if the address being advertised is different 128to the address that they've connected to. 129If 130.Ar class 131is 132.Dq none 133or 134.Ar host 135not is specified, disable this. 136.It Sy checkportcmd Ar class Op Sy off 137Check the 138.Sy PORT 139command for validity. 140The 141.Sy PORT 142command will fail if the IP address specified does not match the 143.Tn FTP 144command connection, or if the remote TCP port number is less than 145.Dv IPPORT_RESERVED . 146It is 147.Em strongly 148encouraged that this option be used, especially for sites concerned 149with potential security problems with 150.Tn FTP 151bounce attacks. 152If 153.Ar class 154is 155.Dq none 156or 157.Sy off 158is specified, disable this feature, otherwise enable it. 159.It Sy chroot Ar class Op Sy pathformat 160If 161.Ar pathformat 162is not specified or 163.Ar class 164is 165.Dq none , 166use the default behavior (see below). 167Otherwise, 168.Ar pathformat 169is parsed to create a directory to create as the root directory with 170.Xr chroot 2 171into upon login. 172.Pp 173.Ar pathformat 174can contain the following escape strings: 175.Bl -tag -width "Escape" -offset indent -compact 176.It Sy "Escape" 177.Sy Description 178.It "\&%c" 179Class name. 180.It "\&%d" 181Home directory of user. 182.It "\&%u" 183User name. 184.It "\&%\&%" 185A 186.Dq \&% 187character. 188.El 189.Pp 190The default root directory is: 191.Bl -tag -width "CHROOT" -offset indent -compact 192.It Sy CHROOT 193The user's home directory. 194.It Sy GUEST 195If 196.Fl a Ar anondir 197is specified, use 198.Ar anondir , 199otherwise the home directory of the 200.Sq ftp 201user. 202.It Sy REAL 203By default no 204.Xr chroot 2 205is performed. 206.El 207.It Sy classtype Ar class Ar type 208Set the class type of 209.Ar class 210to 211.Ar type 212(see above). 213.It Sy conversion Ar class Ar suffix Op Ar "type disable command" 214Define an automatic in-line file conversion. 215If a file to retrieve ends in 216.Ar suffix , 217and a real file (sans 218.Ar suffix ) 219exists, then the output of 220.Ar command 221is returned instead of the contents of the file. 222.Pp 223.Bl -tag -width "disable" -offset indent 224.It Ar suffix 225The suffix to initiate the conversion. 226.It Ar type 227A list of valid file types for the conversion. 228Valid types are: 229.Sq f 230(file), and 231.Sq d 232(directory). 233.It Ar disable 234The name of file that will prevent conversion if it exists. 235A file name of 236.Dq Pa \&. 237will prevent this disabling action 238(i.e., the conversion is always permitted.) 239.It Ar command 240The command to run for the conversion. 241The first word should be the full path name 242of the command, as 243.Xr execv 3 244is used to execute the command. 245All instances of the word 246.Dq %s 247in 248.Ar command 249are replaced with the requested file (sans 250.Ar suffix ) . 251.El 252.Pp 253Conversion directives specified later in the file override earlier 254conversions with the same suffix. 255.It Sy denyquick Ar class Op Sy off 256Enforce 257.Xr ftpusers 5 258rules after the 259.Sy USER 260command is received, rather than after the 261.Sy PASS 262command is received. 263Whilst enabling this feature may allow information leakage about 264available accounts (for example, if you allow some users of a 265.Sy REAL 266or 267.Sy CHROOT 268class but not others), it is useful in preventing a denied user 269(such as 270.Sq root ) 271from entering their password across an insecure connection. 272This option is 273.Em strongly 274recommended for servers which run an anonymous-only service. 275If 276.Ar class 277is 278.Dq none 279or 280.Sy off 281is specified, disable this feature, otherwise enable it. 282.It Sy display Ar class Op Ar file 283If 284.Ar file 285is not specified or 286.Ar class 287is 288.Dq none , 289disable this. 290Otherwise, each time the user enters a new directory, check if 291.Ar file 292exists, and if so, display its contents to the user. 293Escape sequences are supported; refer to 294.Sx Display file escape sequences 295in 296.Xr tnftpd 8 297for more information. 298.It Sy hidesymlinks Ar class Op Sy off 299If 300.Ar class 301is 302.Dq none 303or 304.Sy off 305is specified, disable this feature. 306Otherwise, the 307.Sy LIST 308command lists symbolic links as the file or directory the link 309references 310.Pq Dq Li "ls -LlA" . 311Servers which run an anonymous service may wish to enable this 312feature for 313.Sy GUEST 314users, so that symbolic links do not leak names in 315directories that are not searchable by 316.Sy GUEST 317users. 318.It Sy homedir Ar class Op Sy pathformat 319If 320.Ar pathformat 321is not specified or 322.Ar class 323is 324.Dq none , 325use the default behavior (see below). 326Otherwise, 327.Ar pathformat 328is parsed to create a directory to change into upon login, and to use 329as the 330.Sq home 331directory of the user for tilde expansion in pathnames, etc. 332.Ar pathformat 333is parsed as per the 334.Sy chroot 335directive. 336.Pp 337The default home directory is the home directory of the user for 338.Sy REAL 339users, and 340.Pa / 341for 342.Sy GUEST 343and 344.Sy CHROOT 345users. 346.It Sy limit Ar class Op Ar count Op Ar file 347Limit the maximum number of concurrent connections for 348.Ar class 349to 350.Ar count , 351with 352.Sq \-1 353meaning unlimited connections. 354If the limit is exceeded and 355.Ar file 356is specified, display its contents to the user. 357If 358.Ar class 359is 360.Dq none 361or 362.Ar count 363is not specified, disable this. 364If 365.Ar file 366is a relative path, it will be searched for in 367.Pa @sysconfdir@ 368(which can be overridden with 369.Fl c Ar confdir ) . 370.It Sy maxfilesize Ar class Op Ar size 371Set the maximum size of an uploaded file to 372.Ar size , 373with 374.Sq \-1 375meaning unlimited connections. 376If 377.Ar class 378is 379.Dq none 380or 381.Ar size 382is not specified, disable this. 383.It Sy maxtimeout Ar class Op Ar time 384Set the maximum timeout period that a client may request, 385defaulting to two hours. 386This cannot be less than 30 seconds, or the value for 387.Sy timeout . 388If 389.Ar class 390is 391.Dq none 392or 393.Ar time 394is not specified, use the default. 395.It Sy mmapsize Ar class Op Ar size 396Set the size of the sliding window to map a file using 397.Xr mmap 2 . 398If zero, 399.Xr tnftpd 8 400will use 401.Xr read 2 402instead. 403The default is zero. 404This option affects only binary transfers. 405If 406.Ar class 407is 408.Dq none 409or 410.Ar size 411is not specified, use the default. 412.It Sy modify Ar class Op Sy off 413If 414.Ar class 415is 416.Dq none 417or 418.Sy off 419is specified, disable the following commands: 420.Sy CHMOD , 421.Sy DELE , 422.Sy MKD , 423.Sy RMD , 424.Sy RNFR , 425and 426.Sy UMASK . 427Otherwise, enable them. 428.It Sy motd Ar class Op Ar file 429If 430.Ar file 431is not specified or 432.Ar class 433is 434.Dq none , 435disable this. 436Otherwise, use 437.Ar file 438as the message of the day file to display after login. 439Escape sequences are supported; refer to 440.Sx Display file escape sequences 441in 442.Xr tnftpd 8 443for more information. 444If 445.Ar file 446is a relative path, it will be searched for in 447.Pa @sysconfdir@ 448(which can be overridden with 449.Fl c Ar confdir ) . 450.It Sy notify Ar class Op Ar fileglob 451If 452.Ar fileglob 453is not specified or 454.Ar class 455is 456.Dq none , 457disable this. 458Otherwise, each time the user enters a new directory, 459notify the user of any files matching 460.Ar fileglob . 461.It Sy passive Ar class Op Sy off 462If 463.Ar class 464is 465.Dq none 466or 467.Sy off 468is specified, prevent passive 469.Sy ( PASV , 470.Sy LPSV , 471and 472.Sy EPSV ) 473connections. 474Otherwise, enable them. 475.It Sy portrange Ar class Op Ar min Ar max 476Set the range of port number which will be used for the passive data port. 477.Ar max 478must be greater than 479.Ar min , 480and both numbers must be be between 481.Dv IPPORT_RESERVED 482(1024) and 65535. 483If 484.Ar class 485is 486.Dq none 487or no arguments are specified, disable this. 488.It Sy private Ar class Op Sy off 489If 490.Ar class 491is 492.Dq none 493or 494.Sy off 495is specified, do not display class information in the output of the 496.Sy STAT 497command. 498Otherwise, display the information. 499.It Sy rateget Ar class Op Ar rate 500Set the maximum get 501.Pq Sy RETR 502transfer rate throttle for 503.Ar class 504to 505.Ar rate 506bytes per second. 507If 508.Ar rate 509is 0, the throttle is disabled. 510If 511.Ar class 512is 513.Dq none 514or 515.Ar rate 516is not specified, disable this. 517.It Sy rateput Ar class Op Ar rate 518Set the maximum put 519.Pq Sy STOR 520transfer rate throttle for 521.Ar class 522to 523.Ar rate 524bytes per second. 525If 526.Ar rate 527is 0, the throttle is disabled. 528If 529.Ar class 530is 531.Dq none 532or 533.Ar rate 534is not specified, disable this. 535.It Sy readsize Ar class Op Ar size 536Set the size of the read buffer to 537.Xr read 2 538a file. 539The default is the file system block size. 540This option affects only binary transfers. 541If 542.Ar class 543is 544.Dq none 545or 546.Ar size 547is not specified, use the default. 548.It Sy recvbufsize Ar class Op Ar size 549Set the size of the socket receive buffer. 550The default is zero and the system default value will be used. 551This option affects only passive transfers. 552If 553.Ar class 554is 555.Dq none 556or 557.Ar size 558is not specified, use the default. 559.It Sy sanenames Ar class Op Sy off 560If 561.Ar class 562is 563.Dq none 564or 565.Sy off 566is specified, allow uploaded file names to contain any characters valid for a 567file name. 568Otherwise, only permit file names which don't start with a 569.Sq \&. 570and only comprise of characters from the set 571.Dq [-+,._A-Za-z0-9] . 572.It Sy sendbufsize Ar class Op Ar size 573Set the size of the socket send buffer. 574The default is zero and the system default value will be used. 575This option affects only binary transfers. 576If 577.Ar class 578is 579.Dq none 580or 581.Ar size 582is not specified, use the default. 583.It Sy sendlowat Ar class Op Ar size 584Set the low water mark of socket send buffer. 585The default is zero and system default value will be used. 586This option affects only for binary transfer. 587If 588.Ar class 589is 590.Dq none 591or 592.Ar size 593is not specified, use the default. 594.It Sy template Ar class Op Ar refclass 595Define 596.Ar refclass 597as the 598.Sq template 599for 600.Ar class ; 601any reference to 602.Ar refclass 603in following directives will also apply to members of 604.Ar class . 605This is useful to define a template class so that other classes which are 606to share common attributes can be easily defined without unnecessary 607duplication. 608There can be only one template defined at a time. 609If 610.Ar refclass 611is not specified, disable the template for 612.Ar class . 613.It Sy timeout Ar class Op Ar time 614Set the inactivity timeout period. 615(the default is fifteen minutes). 616This cannot be less than 30 seconds, or greater than the value for 617.Sy maxtimeout . 618If 619.Ar class 620is 621.Dq none 622or 623.Ar time 624is not specified, use the default. 625.It Sy umask Ar class Op Ar umaskval 626Set the umask to 627.Ar umaskval . 628If 629.Ar class 630is 631.Dq none 632or 633.Ar umaskval 634is not specified, set to the default of 635.Li 027 . 636.It Sy upload Ar class Op Sy off 637If 638.Ar class 639is 640.Dq none 641or 642.Sy off 643is specified, disable the following commands: 644.Sy APPE , 645.Sy STOR , 646and 647.Sy STOU , 648as well as the modify commands: 649.Sy CHMOD , 650.Sy DELE , 651.Sy MKD , 652.Sy RMD , 653.Sy RNFR , 654and 655.Sy UMASK . 656Otherwise, enable them. 657.It Sy writesize Ar class Op Ar size 658Limit the number of bytes to 659.Xr write 2 660at a time. 661The default is zero, which means all the data available as a result of 662.Xr mmap 2 663or 664.Xr read 2 665will be written at a time. 666This option affects only binary transfers. 667If 668.Ar class 669is 670.Dq none 671or 672.Ar size 673is not specified, use the default. 674.El 675.Ss Numeric argument suffix parsing 676Where command arguments are numeric, a decimal number is expected. 677Two or more numbers may be separated by an 678.Dq x 679to indicate a product. 680Each number may have one of the following optional suffixes: 681.Bl -tag -width 3n -offset indent -compact 682.It b 683Block; multiply by 512 684.It k 685Kibi; multiply by 1024 (1 KiB) 686.It m 687Mebi; multiply by 1048576 (1 MiB) 688.It g 689Gibi; multiply by 1073741824 (1 GiB) 690.It t 691Tebi; multiply by 1099511627776 (1 TiB) 692.It w 693Word; multiply by the number of bytes in an integer 694.El 695.Pp 696See 697.Xr strsuftoll 3 698for more information. 699.Sh DEFAULTS 700The following defaults are used: 701.Pp 702.Bd -literal -offset indent -compact 703checkportcmd all 704classtype chroot CHROOT 705classtype guest GUEST 706classtype real REAL 707display none 708limit all \-1 # unlimited connections 709maxtimeout all 7200 # 2 hours 710modify all 711motd all motd 712notify none 713passive all 714timeout all 900 # 15 minutes 715umask all 027 716upload all 717modify guest off 718umask guest 0707 719.Ed 720.Sh FILES 721.Bl -tag -width @datadir@/examples/tnftpd/ftpd.conf -compact 722.It Pa @sysconfdir@/ftpd.conf 723This file. 724.It Pa @datadir@/examples/tnftpd/ftpd.conf 725A sample 726.Nm 727file. 728.El 729.Sh SEE ALSO 730.Xr strsuftoll 3 , 731.Xr ftpchroot 5 , 732.Xr ftpusers 5 , 733.Xr tnftpd 8 734.Sh HISTORY 735The 736.Nm 737functionality was implemented in 738.Nx 1.3 739and later releases by Luke Mewburn, based on work by Simon Burge. 740