The
ftpd.conf file specifies various configuration options for
ftpd(8) that apply once a user has authenticated their connection.
ftpd.conf consists of a series of lines, each of which may contain a configuration directive, a comment, or a blank line. Directives that appear later in the file override settings by previous directives. This allows ‘wildcard' entries to define defaults, and then have class-specific overrides.
A directive line has the format:
command class [arguments]
A “\” is the escape character; it can be used to escape the meaning of the comment character, or if it is the last character on a line, extends a configuration directive across multiple lines. A “#” is the comment character, and all characters from it to the end of line are ignored (unless it is escaped with the escape character).
Each authenticated user is a member of a
class, which is determined by
ftpusers(5).
class is used to determine which
ftpd.conf entries apply to the user. The following special classes exist when parsing entries in
ftpd.conf:
Each class has a type, which may be one of:
GUEST
Guests (as per the “anonymous” and “ftp” logins). A
chroot(2) is performed after login.
The
ftpd(8) STAT command will return the class settings for the current user as defined by
ftpd.conf, unless the
private directive is set for the class.
Each configuration line may be one of:
advertize class [host]
Set the address to advertise in the response to the PASV and LPSV commands to the address for host (which may be either a host name or IP address). This may be useful in some firewall configurations, although many ftp clients may not work if the address being advertised is different to the address that they've connected to. If class is “none” or host not is specified, disable this.
checkportcmd class [off]
Check the PORT command for validity. The PORT command will fail if the IP address specified does not match the FTP command connection, or if the remote TCP port number is less than IPPORT_RESERVED. It is strongly encouraged that this option be used, especially for sites concerned with potential security problems with FTP bounce attacks. If class is “none” or off is specified, disable this feature, otherwise enable it.
chroot class [pathformat]
If
pathformat is not specified or
class is “none”, use the default behavior (see below). Otherwise,
pathformat is parsed to create a directory to create as the root directory with
chroot(2) into upon login.
pathformat can contain the following escape strings:
%d
Home directory of user.
The default root directory is:
CHROOT
The user's home directory.
GUEST
If -a anondir is specified, use anondir, otherwise the home directory of the ‘ftp' user.
classtype class type
Set the class type of class to type (see above).
conversion class suffix [type disable command]
Define an automatic in-line file conversion. If a file to retrieve ends in
suffix, and a real file (sans
suffix) exists, then the output of
command is returned instead of the contents of the file.
suffix
The suffix to initiate the conversion.
type
A list of valid file types for the conversion. Valid types are: ‘f' (file), and ‘d' (directory).
disable
The name of file that will prevent conversion if it exists. A file name of “.” will prevent this disabling action (i.e., the conversion is always permitted.)
command
The command to run for the conversion. The first word should be the full path name of the command, as
execv(3) is used to execute the command. All instances of the word “%s” in
command are replaced with the requested file (sans
suffix).
Conversion directives specified later in the file override earlier conversions with the same suffix.
denyquick class [off]
Enforce
ftpusers(5) rules after the
USER command is received, rather than after the
PASS command is received. Whilst enabling this feature may allow information leakage about available accounts (for example, if you allow some users of a
REAL or
CHROOT class but not others), it is useful in preventing a denied user (such as ‘root') from entering their password across an insecure connection. This option is
strongly recommended for servers which run an anonymous-only service. If
class is “none” or
off is specified, disable this feature, otherwise enable it.
display class [file]
If
file is not specified or
class is “none”, disable this. Otherwise, each time the user enters a new directory, check if
file exists, and if so, display its contents to the user. Escape sequences are supported; refer to
Display file escape sequences in
ftpd(8) for more information.
hidesymlinks class [off]
If class is “none” or off is specified, disable this feature. Otherwise, the LIST command lists symbolic links as the file or directory the link references (“ls -LlA”). Servers which run an anonymous service may wish to enable this feature for GUEST users, so that symbolic links do not leak names in directories that are not searchable by GUEST users.
homedir class [pathformat]
If
pathformat is not specified or
class is “none”, use the default behavior (see below). Otherwise,
pathformat is parsed to create a directory to change into upon login, and to use as the ‘home' directory of the user for tilde expansion in pathnames, etc.
pathformat is parsed as per the
chroot directive.
The default home directory is the home directory of the user for
REAL users, and
/ for
GUEST and
CHROOT users.
limit class [count [file]]
Limit the maximum number of concurrent connections for class to count, with ‘-1' meaning unlimited connections. If the limit is exceeded and file is specified, display its contents to the user. If class is “none” or count is not specified, disable this. If file is a relative path, it will be searched for in /etc (which can be overridden with -c confdir).
maxfilesize class [size]
Set the maximum size of an uploaded file to size, with ‘-1' meaning unlimited connections. If class is “none” or size is not specified, disable this.
maxtimeout class [time]
Set the maximum timeout period that a client may request, defaulting to two hours. This cannot be less than 30 seconds, or the value for timeout. If class is “none” or time is not specified, use the default.
mmapsize class [size]
Set the size of the sliding window to map a file using
mmap(2). If zero,
ftpd(8) will use
read(2) instead. The default is zero. This option affects only binary transfers. If
class is “none” or
size is not specified, use the default.
modify class [off]
If class is “none” or off is specified, disable the following commands: CHMOD, DELE, MKD, RMD, RNFR, and UMASK. Otherwise, enable them.
motd class [file]
If
file is not specified or
class is “none”, disable this. Otherwise, use
file as the message of the day file to display after login. Escape sequences are supported; refer to
Display file escape sequences in
ftpd(8) for more information. If
file is a relative path, it will be searched for in
/etc (which can be overridden with
-c confdir).
notify class [fileglob]
If fileglob is not specified or class is “none”, disable this. Otherwise, each time the user enters a new directory, notify the user of any files matching fileglob.
passive class [off]
If class is “none” or off is specified, prevent passive (PASV, LPSV, and EPSV) connections. Otherwise, enable them.
portrange class [min max]
Set the range of port number which will be used for the passive data port. max must be greater than min, and both numbers must be be between IPPORT_RESERVED (1024) and 65535. If class is “none” or no arguments are specified, disable this.
private class [off]
If class is “none” or off is specified, do not display class information in the output of the STAT command. Otherwise, display the information.
rateget class [rate]
Set the maximum get (RETR) transfer rate throttle for class to rate bytes per second. If rate is 0, the throttle is disabled. If class is “none” or rate is not specified, disable this.
rateput class [rate]
Set the maximum put (STOR) transfer rate throttle for class to rate bytes per second. If rate is 0, the throttle is disabled. If class is “none” or rate is not specified, disable this.
readsize class [size]
Set the size of the read buffer to
read(2) a file. The default is the file system block size. This option affects only binary transfers. If
class is “none” or
size is not specified, use the default.
recvbufsize class [size]
Set the size of the socket receive buffer. The default is zero and the system default value will be used. This option affects only passive transfers. If class is “none” or size is not specified, use the default.
sanenames class [off]
If class is “none” or off is specified, allow uploaded file names to contain any characters valid for a file name. Otherwise, only permit file names which don't start with a ‘.' and only comprise of characters from the set “[-+,._A-Za-z0-9]”.
sendbufsize class [size]
Set the size of the socket send buffer. The default is zero and the system default value will be used. This option affects only binary transfers. If class is “none” or size is not specified, use the default.
sendlowat class [size]
Set the low water mark of socket send buffer. The default is zero and system default value will be used. This option affects only for binary transfer. If class is “none” or size is not specified, use the default.
template class [refclass]
Define refclass as the ‘template' for class; any reference to refclass in following directives will also apply to members of class. This is useful to define a template class so that other classes which are to share common attributes can be easily defined without unnecessary duplication. There can be only one template defined at a time. If refclass is not specified, disable the template for class.
timeout class [time]
Set the inactivity timeout period. (the default is fifteen minutes). This cannot be less than 30 seconds, or greater than the value for maxtimeout. If class is “none” or time is not specified, use the default.
umask class [umaskval]
Set the umask to umaskval. If class is “none” or umaskval is not specified, set to the default of 027.
upload class [off]
If class is “none” or off is specified, disable the following commands: APPE, STOR, and STOU, as well as the modify commands: CHMOD, DELE, MKD, RMD, RNFR, and UMASK. Otherwise, enable them.
writesize class [size]
Limit the number of bytes to
write(2) at a time. The default is zero, which means all the data available as a result of
mmap(2) or
read(2) will be written at a time. This option affects only binary transfers. If
class is “none” or
size is not specified, use the default.
Numeric argument suffix parsing
Where command arguments are numeric, a decimal number is expected. Two or more numbers may be separated by an “x” to indicate a product. Each number may have one of the following optional suffixes:
k
Kibi; multiply by 1024 (1 KiB)
m
Mebi; multiply by 1048576 (1 MiB)
g
Gibi; multiply by 1073741824 (1 GiB)
t
Tebi; multiply by 1099511627776 (1 TiB)
w
Word; multiply by the number of bytes in an integer
See
strsuftoll(3) for more information.