FreeBSD Manual Pages
FTPD.CONF(5) File Formats Manual FTPD.CONF(5) NAME ftpd.conf -- tnftpd(8) configuration file DESCRIPTION The ftpd.conf file specifies various configuration options for tnftpd(8) that apply once a user has authenticated their connection. ftpd.conf consists of a series of lines, each of which may contain a configuration directive, a comment, or a blank line. Directives that appear later in the file override settings by previous directives. This allows `wildcard' entries to define defaults, and then have class- specific overrides. A directive line has the format: command class [arguments] A "\" is the escape character; it can be used to escape the meaning of the comment character, or if it is the last character on a line, ex- tends a configuration directive across multiple lines. A "#" is the comment character, and all characters from it to the end of line are ignored (unless it is escaped with the escape character). Each authenticated user is a member of a class, which is determined by ftpusers(5). class is used to determine which ftpd.conf entries apply to the user. The following special classes exist when parsing entries in ftpd.conf: all Matches any class. none Matches no class. Each class has a type, which may be one of: GUEST Guests (as per the "anonymous" and "ftp" logins). A chroot(2) is performed after login. CHROOT chroot(2)ed users (as per ftpchroot(5)). A chroot(2) is performed after login. REAL Normal users. The tnftpd(8) STAT command will return the class settings for the cur- rent user as defined by ftpd.conf, unless the private directive is set for the class. Each configuration line may be one of: advertize class [host] Set the address to advertise in the response to the PASV and LPSV commands to the address for host (which may be either a host name or IP address). This may be useful in some firewall configura- tions, although many ftp clients may not work if the address be- ing advertised is different to the address that they've connected to. If class is "none" or host not is specified, disable this. checkportcmd class [off] Check the PORT command for validity. The PORT command will fail if the IP address specified does not match the FTP command con- nection, or if the remote TCP port number is less than IPPORT_RESERVED. It is strongly encouraged that this option be used, especially for sites concerned with potential security problems with FTP bounce attacks. If class is "none" or off is specified, disable this feature, otherwise enable it. chroot class [pathformat] If pathformat is not specified or class is "none", use the de- fault behavior (see below). Otherwise, pathformat is parsed to create a directory to create as the root directory with chroot(2) into upon login. pathformat can contain the following escape strings: Escape Description %c Class name. %d Home directory of user. %u User name. %% A "%" character. The default root directory is: CHROOT The user's home directory. GUEST If -a anondir is specified, use anondir, otherwise the home directory of the `ftp' user. REAL By default no chroot(2) is performed. classtype class type Set the class type of class to type (see above). conversion class suffix [type disable command] Define an automatic in-line file conversion. If a file to re- trieve ends in suffix, and a real file (sans suffix) exists, then the output of command is returned instead of the contents of the file. suffix The suffix to initiate the conversion. type A list of valid file types for the conversion. Valid types are: `f' (file), and `d' (directory). disable The name of file that will prevent conversion if it exists. A file name of "." will prevent this disabling action (i.e., the conversion is always permitted.) command The command to run for the conversion. The first word should be the full path name of the command, as execv(3) is used to execute the command. All instances of the word "%s" in command are replaced with the requested file (sans suffix). Conversion directives specified later in the file override ear- lier conversions with the same suffix. denyquick class [off] Enforce ftpusers(5) rules after the USER command is received, rather than after the PASS command is received. Whilst enabling this feature may allow information leakage about available ac- counts (for example, if you allow some users of a REAL or CHROOT class but not others), it is useful in preventing a denied user (such as `root') from entering their password across an insecure connection. This option is strongly recommended for servers which run an anonymous-only service. If class is "none" or off is specified, disable this feature, otherwise enable it. display class [file] If file is not specified or class is "none", disable this. Oth- erwise, each time the user enters a new directory, check if file exists, and if so, display its contents to the user. Escape se- quences are supported; refer to "Display file escape sequences" in tnftpd(8) for more information. hidesymlinks class [off] If class is "none" or off is specified, disable this feature. Otherwise, the LIST command lists symbolic links as the file or directory the link references ("ls -LlA"). Servers which run an anonymous service may wish to enable this feature for GUEST users, so that symbolic links do not leak names in directories that are not searchable by GUEST users. homedir class [pathformat] If pathformat is not specified or class is "none", use the de- fault behavior (see below). Otherwise, pathformat is parsed to create a directory to change into upon login, and to use as the `home' directory of the user for tilde expansion in pathnames, etc. pathformat is parsed as per the chroot directive. The default home directory is the home directory of the user for REAL users, and / for GUEST and CHROOT users. limit class [count [file]] Limit the maximum number of concurrent connections for class to count, with `-1' meaning unlimited connections. If the limit is exceeded and file is specified, display its contents to the user. If class is "none" or count is not specified, disable this. If file is a relative path, it will be searched for in /usr/local/etc (which can be overridden with -c confdir). maxfilesize class [size] Set the maximum size of an uploaded file to size, with `-1' mean- ing unlimited connections. If class is "none" or size is not specified, disable this. maxtimeout class [time] Set the maximum timeout period that a client may request, de- faulting to two hours. This cannot be less than 30 seconds, or the value for timeout. If class is "none" or time is not speci- fied, use the default. mmapsize class [size] Set the size of the sliding window to map a file using mmap(2). If zero, tnftpd(8) will use read(2) instead. The default is zero. This option affects only binary transfers. If class is "none" or size is not specified, use the default. modify class [off] If class is "none" or off is specified, disable the following commands: CHMOD, DELE, MKD, RMD, RNFR, and UMASK. Otherwise, en- able them. motd class [file] If file is not specified or class is "none", disable this. Oth- erwise, use file as the message of the day file to display after login. Escape sequences are supported; refer to "Display file escape sequences" in tnftpd(8) for more information. If file is a relative path, it will be searched for in /usr/local/etc (which can be overridden with -c confdir). notify class [fileglob] If fileglob is not specified or class is "none", disable this. Otherwise, each time the user enters a new directory, notify the user of any files matching fileglob. passive class [off] If class is "none" or off is specified, prevent passive (PASV, LPSV, and EPSV) connections. Otherwise, enable them. portrange class [min max] Set the range of port number which will be used for the passive data port. max must be greater than min, and both numbers must be between IPPORT_RESERVED (1024) and 65535. If class is "none" or no arguments are specified, disable this. private class [off] If class is "none" or off is specified, do not display class in- formation in the output of the STAT command. Otherwise, display the information. rateget class [rate] Set the maximum get (RETR) transfer rate throttle for class to rate bytes per second. If rate is 0, the throttle is disabled. If class is "none" or rate is not specified, disable this. rateput class [rate] Set the maximum put (STOR) transfer rate throttle for class to rate bytes per second. If rate is 0, the throttle is disabled. If class is "none" or rate is not specified, disable this. readsize class [size] Set the size of the read buffer to read(2) a file. The default is the file system block size. This option affects only binary transfers. If class is "none" or size is not specified, use the default. recvbufsize class [size] Set the size of the socket receive buffer. The default is zero and the system default value will be used. This option affects only passive transfers. If class is "none" or size is not speci- fied, use the default. sanenames class [off] If class is "none" or off is specified, allow uploaded file names to contain any characters valid for a file name. Otherwise, only permit file names which don't start with a `.' and only comprise of characters from the set "[-+,._A-Za-z0-9]". sendbufsize class [size] Set the size of the socket send buffer. The default is zero and the system default value will be used. This option affects only binary transfers. If class is "none" or size is not specified, use the default. sendlowat class [size] Set the low water mark of socket send buffer. The default is zero and system default value will be used. This option affects only for binary transfer. If class is "none" or size is not specified, use the default. template class [refclass] Define refclass as the `template' for class; any reference to refclass in following directives will also apply to members of class. This is useful to define a template class so that other classes which are to share common attributes can be easily de- fined without unnecessary duplication. There can be only one template defined at a time. If refclass is not specified, dis- able the template for class. timeout class [time] Set the inactivity timeout period. (the default is fifteen min- utes). This cannot be less than 30 seconds, or greater than the value for maxtimeout. If class is "none" or time is not speci- fied, use the default. umask class [umaskval] Set the umask to umaskval. If class is "none" or umaskval is not specified, set to the default of 027. upload class [off] If class is "none" or off is specified, disable the following commands: APPE, STOR, and STOU, as well as the modify commands: CHMOD, DELE, MKD, RMD, RNFR, and UMASK. Otherwise, enable them. writesize class [size] Limit the number of bytes to write(2) at a time. The default is zero, which means all the data available as a result of mmap(2) or read(2) will be written at a time. This option affects only binary transfers. If class is "none" or size is not specified, use the default. Numeric argument suffix parsing Where command arguments are numeric, a decimal number is expected. Two or more numbers may be separated by an "x" to indicate a product. Each number may have one of the following optional suffixes: b Block; multiply by 512 k Kibi; multiply by 1024 (1 KiB) m Mebi; multiply by 1048576 (1 MiB) g Gibi; multiply by 1073741824 (1 GiB) t Tebi; multiply by 1099511627776 (1 TiB) w Word; multiply by the number of bytes in an integer See strsuftoll(3) for more information. DEFAULTS The following defaults are used: checkportcmd all classtype chroot CHROOT classtype guest GUEST classtype real REAL display none limit all -1 # unlimited connections maxtimeout all 7200 # 2 hours modify all motd all motd notify none passive all timeout all 900 # 15 minutes umask all 027 upload all modify guest off umask guest 0707 FILES /usr/local/etc/ftpd.conf This file. /usr/local/share/examples/tnftpd/ftpd.conf A sample ftpd.conf file. SEE ALSO strsuftoll(3), ftpchroot(5), ftpusers(5), tnftpd(8) HISTORY The ftpd.conf functionality was implemented in NetBSD 1.3 and later re- leases by Luke Mewburn, based on work by Simon Burge. FreeBSD 14.3 August 22, 2020 FTPD.CONF(5)
NAME | DESCRIPTION | DEFAULTS | FILES | SEE ALSO | HISTORY
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=ftpd.conf&sektion=5&manpath=FreeBSD+14.3-RELEASE+and+Ports>