1.\" $NetBSD: ftpd.conf.5,v 1.19 2002/01/15 02:20:50 wiz Exp $ 2.\" 3.\" Copyright (c) 1997-2001 The NetBSD Foundation, Inc. 4.\" All rights reserved. 5.\" 6.\" This code is derived from software contributed to The NetBSD Foundation 7.\" by Luke Mewburn. 8.\" 9.\" Redistribution and use in source and binary forms, with or without 10.\" modification, are permitted provided that the following conditions 11.\" are met: 12.\" 1. Redistributions of source code must retain the above copyright 13.\" notice, this list of conditions and the following disclaimer. 14.\" 2. Redistributions in binary form must reproduce the above copyright 15.\" notice, this list of conditions and the following disclaimer in the 16.\" documentation and/or other materials provided with the distribution. 17.\" 3. All advertising materials mentioning features or use of this software 18.\" must display the following acknowledgement: 19.\" This product includes software developed by the NetBSD 20.\" Foundation, Inc. and its contributors. 21.\" 4. Neither the name of The NetBSD Foundation nor the names of its 22.\" contributors may be used to endorse or promote products derived 23.\" from this software without specific prior written permission. 24.\" 25.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 26.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 27.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 28.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 29.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 30.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 31.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 32.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 33.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 34.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 35.\" POSSIBILITY OF SUCH DAMAGE. 36.\" 37.Dd December 5, 2001 38.Dt FTPD.CONF 5 39.Os 40.Sh NAME 41.Nm ftpd.conf 42.Nd 43.Xr ftpd 8 44configuration file 45.Sh DESCRIPTION 46The 47.Nm 48file specifies various configuration options for 49.Xr ftpd 8 50that apply once a user has authenticated their connection. 51.Pp 52.Nm 53consists of a series of lines, each of which may contain a 54configuration directive, a comment, or a blank line. 55Directives that appear later in the file override settings by previous 56directives. 57This allows 58.Sq wildcard 59entries to define defaults, and then have class-specific overrides. 60.Pp 61A directive line has the format: 62.Dl command class [arguments] 63.Pp 64A 65.Dq \e 66is the escape character; it can be used to escape the meaning of the 67comment character, or if it is the last character on a line, extends 68a configuration directive across multiple lines. 69A 70.Dq # 71is the comment character, and all characters from it to the end of 72line are ignored (unless it is escaped with the escape character). 73.Pp 74Each authenticated user is a member of a 75.Em class , 76which is determined by 77.Xr ftpusers 5 . 78.Em class 79is used to determine which 80.Nm 81entries apply to the user. 82The following special classes exist when parsing entries in 83.Nm "" : 84.Bl -tag -width "chroot" -compact -offset indent 85.It Sy all 86Matches any class. 87.It Sy none 88Matches no class. 89.El 90.Pp 91Each class has a type, which may be one of: 92.Bl -tag -width "CHROOT" -offset indent 93.It Sy GUEST 94Guests (as per the 95.Dq anonymous 96and 97.Dq ftp 98logins). 99A 100.Xr chroot 2 101is performed after login. 102.It Sy CHROOT 103.Xr chroot 2 ed 104users (as per 105.Xr ftpchroot 5 ) . 106A 107.Xr chroot 2 108is performed after login. 109.It Sy REAL 110Normal users. 111.El 112.Pp 113The 114.Xr ftpd 8 115.Sy STAT 116command will return the class settings for the current user as defined by 117.Nm "" , 118unless the 119.Sy private 120directive is set for the class. 121.Pp 122Each configuration line may be one of: 123.Bl -tag -width 4n 124.It Sy advertise Ar class Ar host 125.It Sy advertize Ar class Ar host 126Set the address to advertise in the response to the 127.Sy PASV 128and 129.Sy LPSV 130commands to the address for 131.Ar host 132(which may be either a host name or IP address). 133This may be useful in some firewall configurations, although many 134ftp clients may not work if the address being advertised is different 135to the address that they've connected to. 136If 137.Ar class 138is 139.Dq none 140or no argument is given, disable this. 141.It Sy checkportcmd Ar class Op Sy off 142Check the 143.Sy PORT 144command for validity. 145The 146.Sy PORT 147command will fail if the IP address specified does not match the 148.Tn FTP 149command connection, or if the remote TCP port number is less than 150.Dv IPPORT_RESERVED . 151It is 152.Em strongly 153encouraged that this option be used, espcially for sites concerned 154with potential security problems with 155.Tn FTP 156bounce attacks. 157If 158.Ar class 159is 160.Dq none 161or 162.Sy off 163is given, disable this feature, otherwise enable it. 164.It Sy chroot Ar class Op Sy pathformat 165If 166.Ar pathformat 167is not given or 168.Ar class 169is 170.Dq none , 171use the default behaviour (see below). 172Otherwise, 173.Ar pathformat 174is parsed to create a directory to create as the root directory with 175.Xr chroot 2 176into upon login. 177.Pp 178.Ar pathformat 179can contain the following escape strings: 180.Bl -tag -width "Escape" -offset indent -compact 181.It Sy "Escape" 182.Sy Description 183.It "\&%c" 184Class name. 185.It "\&%d" 186Home directory of user. 187.It "\&%u" 188User name. 189.It "\&%\&%" 190A 191.Dq \&% 192character. 193.El 194.Pp 195The default root directory is: 196.Bl -tag -width "CHROOT" -offset indent -compact 197.It Sy CHROOT 198The user's home directory. 199.It Sy GUEST 200If 201.Fl a Ar anondir 202is given, use 203.Ar anondir , 204otherwise the home directory of the 205.Sq ftp 206user. 207.It Sy REAL 208By default no 209.Xr chroot 2 210is performed. 211.El 212.It Sy classtype Ar class Ar type 213Set the class type of 214.Ar class 215to 216.Ar type 217(see above). 218.It Xo Sy conversion Ar class 219.Ar suffix Op Ar "type disable command" 220.Xc 221Define an automatic in-line file conversion. 222If a file to retrieve ends in 223.Ar suffix , 224and a real file (sans 225.Ar suffix ) 226exists, then the output of 227.Ar command 228is returned instead of the contents of the file. 229.Pp 230.Bl -tag -width "disable" -offset indent 231.It Ar suffix 232The suffix to initiate the conversion. 233.It Ar type 234A list of valid filetypes for the conversion. 235Valid types are: 236.Sq f 237(file), and 238.Sq d 239(directory). 240.It Ar disable 241The name of file that will prevent conversion if it exists. 242A file name of 243.Dq Pa \&. 244will prevent this disabling action 245(i.e., the conversion is always permitted.) 246.It Ar command 247The command to run for the conversion. 248The first word should be the full path name 249of the command, as 250.Xr execv 3 251is used to execute the command. 252All instances of the word 253.Dq %s 254in 255.Ar command 256are replaced with the requested file (sans 257.Ar suffix ) . 258.El 259.Pp 260Conversion directives specified later in the file override earlier 261conversions with the same suffix. 262.It Sy denyquick Ar class Op Sy off 263Enforce 264.Xr ftpusers 5 265rules after the 266.Sy USER 267command is received, rather than after the 268.Sy PASS 269command is received. 270Whilst enabling this feature may allow information leakage about 271available accounts (for example, if you allow some users of a 272.Sy REAL 273or 274.Sy CHROOT 275class but not others), it is useful in preventing a denied user 276(such as 277.Sq root ) 278from entering their password across an insecure connection. 279This option is 280.Em strongly 281recommended for servers which run an anonymous-only service. 282If 283.Ar class 284is 285.Dq none 286or 287.Sy off 288is given, disable this feature, otherwise enable it. 289.It Sy display Ar class Op Ar file 290If 291.Ar file 292is not given or 293.Ar class 294is 295.Dq none , 296disable this. 297Otherwise, each time the user enters a new directory, check if 298.Ar file 299exists, and if so, display its contents to the user. 300Escape sequences are supported; refer to 301.Sx Display file escape sequences 302in 303.Xr ftpd 8 304for more information. 305.It Sy homedir Ar class Op Sy pathformat 306If 307.Ar pathformat 308is not given or 309.Ar class 310is 311.Dq none , 312use the default behaviour (see below). 313Otherwise, 314.Ar pathformat 315is parsed to create a directory to change into upon login, and to use 316as the 317.Sq home 318directory of the user for tilde expansion in pathnames, etc. 319.Ar pathformat 320is parsed as per the 321.Sy chroot 322directive. 323.Pp 324The default home directory is the home directory of the user for 325.Sy REAL 326users, and 327.Pa / 328for 329.Sy GUEST 330and 331.Sy CHROOT 332users. 333.It Xo Sy limit Ar class 334.Ar count Op Ar file 335.Xc 336Limit the maximum number of concurrent connections for 337.Ar class 338to 339.Ar count , 340with 341.Sq 0 342meaning unlimited connections. 343If the limit is exceeded and 344.Ar file 345is given, display its contents to the user. 346If 347.Ar class 348is 349.Dq none 350or 351.Ar count 352is not specified, disable this. 353If 354.Ar file 355is a relative path, it will be searched for in 356.Pa /etc 357(which can be overridden with 358.Fl c Ar confdir ) . 359.It Sy maxfilesize Ar class Ar size 360Set the maximum size of an uploaded file to 361.Ar size . 362If 363.Ar class 364is 365.Dq none 366or no argument is given, disable this. 367.It Sy maxtimeout Ar class Ar time 368Set the maximum timeout period that a client may request, 369defaulting to two hours. 370This cannot be less than 30 seconds, or the value for 371.Sy timeout . 372If 373.Ar class 374is 375.Dq none 376or 377.Ar time 378is not specified, set to default of 2 hours. 379.It Sy modify Ar class Op Sy off 380If 381.Ar class 382is 383.Dq none 384or 385.Sy off 386is given, disable the following commands: 387.Sy CHMOD , 388.Sy DELE , 389.Sy MKD , 390.Sy RMD , 391.Sy RNFR , 392and 393.Sy UMASK . 394Otherwise, enable them. 395.It Sy motd Ar class Op Ar file 396If 397.Ar file 398is not given or 399.Ar class 400is 401.Dq none , 402disable this. 403Otherwise, use 404.Ar file 405as the message of the day file to display after login. 406Escape sequences are supported; refer to 407.Sx Display file escape sequences 408in 409.Xr ftpd 8 410for more information. 411If 412.Ar file 413is a relative path, it will be searched for in 414.Pa /etc 415(which can be overridden with 416.Fl c Ar confdir ) . 417.It Sy notify Ar class Op Ar fileglob 418If 419.Ar fileglob 420is not given or 421.Ar class 422is 423.Dq none , 424disable this. 425Otherwise, each time the user enters a new directory, 426notify the user of any files matching 427.Ar fileglob . 428.It Sy passive Ar class Op Sy off 429If 430.Ar class 431is 432.Dq none 433or 434.Sy off 435is given, prevent passive 436.Sy ( PASV , 437.Sy LPSV , 438and 439.Sy EPSV ) 440connections. 441Otherwise, enable them. 442.It Sy portrange Ar class Ar min Ar max 443Set the range of port number which will be used for the passive data port. 444.Ar max 445must be greater than 446.Ar min , 447and both numbers must be be between 448.Dv IPPORT_RESERVED 449(1024) and 65535. 450If 451.Ar class 452is 453.Dq none 454or no arguments are given, disable this. 455.It Sy private Ar class Op Sy off 456If 457.Ar class 458is 459.Dq none 460or 461.Sy off 462is given, do not display class information in the output of the 463.Sy STAT 464command. 465Otherwise, display the information. 466.It Sy rateget Ar class Ar rate 467Set the maximum get 468.Pq Sy RETR 469transfer rate throttle for 470.Ar class 471to 472.Ar rate 473bytes per second. 474If 475.Ar rate 476is 0, the throttle is disabled. 477If 478.Ar class 479is 480.Dq none 481or no arguments are given, disable this. 482.Pp 483An optional suffix may be provided, which changes the intrepretation of 484.Ar rate 485as follows: 486.Bl -tag -width 3n -offset indent -compact 487.It b 488Causes no modification. (Default; optional) 489.It k 490Kilo; multiply the argument by 1024 491.It m 492Mega; multiply the argument by 1048576 493.It g 494Giga; multiply the argument by 1073741824 495.It t 496Tera; multiply the argument by 1099511627776 497.El 498.It Sy rateput Ar class Ar rate 499Set the maximum put 500.Pq Sy STOR 501transfer rate throttle for 502.Ar class 503to 504.Ar rate 505bytes per second, 506which is parsed as per 507.Sy rateget Ar rate . 508If 509.Ar class 510is 511.Dq none 512or no arguments are given, disable this. 513.It Sy sanenames Ar class Op Sy off 514If 515.Ar class 516is 517.Dq none 518or 519.Sy off 520is given, allow uploaded file names to contain any characters valid for a 521file name. 522Otherwise, only permit file names which don't start with a 523.Sq \&. 524and only comprise of characters from the set 525.Dq [-+,._A-Za-z0-9] . 526.It Sy template Ar class Op Ar refclass 527Define 528.Ar refclass 529as the 530.Sq template 531for 532.Ar class ; 533any reference to 534.Ar refclass 535in following directives will also apply to members of 536.Ar class . 537This is useful to define a template class so that other classes which are 538to share common attributes can be easily defined without unnecessary 539duplication. 540There can be only one template defined at a time. 541If 542.Ar refclass 543is not given, disable the template for 544.Ar class . 545.It Sy timeout Ar class Ar time 546Set the inactivity timeout period. 547(the default is fifteen minutes). 548This cannot be less than 30 seconds, or greater than the value for 549.Sy maxtimeout . 550If 551.Ar class 552is 553.Dq none 554or 555.Ar time 556is not specified, set to the default of 15 minutes. 557.It Sy umask Ar class Ar umaskval 558Set the umask to 559.Ar umaskval . 560If 561.Ar class 562is 563.Dq none 564or 565.Ar umaskval 566is not specified, set to the default of 567.Li 027 . 568.It Sy upload Ar class Op Sy off 569If 570.Ar class 571is 572.Dq none 573or 574.Sy off 575is given, disable the following commands: 576.Sy APPE , 577.Sy STOR , 578and 579.Sy STOU , 580as well as the modify commands: 581.Sy CHMOD , 582.Sy DELE , 583.Sy MKD , 584.Sy RMD , 585.Sy RNFR , 586and 587.Sy UMASK . 588Otherwise, enable them. 589.El 590.Sh DEFAULTS 591The following defaults are used: 592.Pp 593.Bd -literal -offset indent -compact 594checkportcmd all 595classtype chroot CHROOT 596classtype guest GUEST 597classtype real REAL 598display none 599limit all -1 # unlimited connections 600maxtimeout all 7200 # 2 hours 601modify all 602motd all motd 603notify none 604passive all 605timeout all 900 # 15 minutes 606umask all 027 607upload all 608modify guest off 609umask guest 0707 610.Ed 611.Sh FILES 612.Bl -tag -width /usr/share/examples/ftpd/ftpd.conf -compact 613.It Pa /etc/ftpd.conf 614This file. 615.It Pa /usr/share/examples/ftpd/ftpd.conf 616A sample 617.Nm 618file. 619.El 620.Sh SEE ALSO 621.Xr ftpchroot 5 , 622.Xr ftpusers 5 , 623.Xr ftpd 8 624.Sh HISTORY 625The 626.Nm 627functionality was implemented in 628.Nx 1.3 629and later releases by Luke Mewburn, based on work by Simon Burge. 630