1pure-ftpd(8)                       Pure-FTPd                      pure-ftpd(8)
2
3
4

NAME

6       pure-ftpd - simple File Transfer Protocol server
7
8

SYNOPSIS

10       pure-ftpd  [-0]  [-1]  [-2 cert_file[,key_file]] [-3 certd_socket] [-4]
11       [-6] [-a gid] [-A] [-b] [-B] [-c clients] [-C cnx/ip]  [-d  [-d]]  [-D]
12       [-e]  [-E] [-f facility] [-F fortunes file] [-g pidfile] [-G] [-H] [-i]
13       [-I] [-j] [-J ciphers] [-k percentage] [-K] [-l  authentication[:config
14       file]] [-L max files:max depth] [-m maxload] [-M] [-n maxfiles:maxsize]
15       [-N] [-o] [-O format:log file] [-p first:last] [-P ip address  or  host
16       name]  [-q  upload:download ratio] [-Q upload:download ratio] [-r] [-R]
17       [-s] [-S [address,][port]] [-t upload bandwidth:download bandwidth] [-T
18       upload  bandwidth:download  bandwidth]  [-u  uid] [-U umask files:umask
19       dirs] [-v bonjour name] [-V ip address] [-w] [-W]  [-x]  [-X]  [-y  max
20       user sessions:max anon sessions] [-Y tls behavior] [-z] [-Z]
21
22       Alternative style:
23       -0 --notruncate
24       -1 --logpid
25       -2 --certfile
26       -3 --extcert
27       -4 --ipv4only
28       -6 --ipv6only
29       -a --trustedgid
30       -A --chrooteveryone
31       -b --brokenclientscompatibility
32       -B --daemonize
33       -c --maxclientsnumber
34       -C --maxclientsperip
35       -d --verboselog
36       -D --displaydotfiles
37       -e --anonymousonly
38       -E --noanonymous
39       -f --syslogfacility
40       -F --fortunesfile
41       -g --pidfile
42       -G --norename
43       -h --help
44       -H --dontresolve
45       -i --anonymouscantupload
46       -I --maxidletime
47       -j --createhomedir
48       -J --tlsciphersuite
49       -k --maxdiskusagepct
50       -K --keepallfiles
51       -l --login
52       -L --limitrecursion
53       -m --maxload
54       -M --anonymouscancreatedirs
55       -n --quota
56       -N --natmode
57       -o --uploadscript
58       -O --altlog
59       -p --passiveportrange
60       -P --forcepassiveip
61       -q --anonymousratio
62       -Q --userratio
63       -r --autorename
64       -R --nochmod
65       -s --antiwarez
66       -S --bind
67       -t --anonymousbandwidth
68       -T --userbandwidth
69       -u --minuid
70       -U --umask
71       -v --bonjour
72       -V --trustedip
73       -w --allowuserfxp
74       -W --allowanonymousfxp
75       -x --prohibitdotfileswrite
76       -X --prohibitdotfilesread
77       -y --peruserlimits
78       -Y --tls
79       -z --allowdotfiles
80       -Z --customerproof
81
82

DESCRIPTION

84       Pure-FTPd is a small, simple server for the old and hairy File Transfer
85       Protocol, designed to use less resources than older servers, be smaller
86       and very secure, and to never execute any external program.
87
88       It  support most-used features and commands of FTP (including many mod‐
89       ern extensions), and leaves out everything which is  deprecated,  mean‐
90       ingless, insecure, or correlates with trouble.
91
92       IPv6 is fully supported.
93
94

OPTIONS

96       -0     When  a file is uploaded and there is already a previous version
97              of the file with the same name, the old file  will  neither  get
98              removed  nor  truncated.   Upload will take place in a temporary
99              file and once the upload is complete, the switch to the new ver‐
100              sion  will  be  atomic.  This option should not be used together
101              with virtual quotas.
102
103       -1     Add the PID to the syslog output. Ignored if -f none is set.
104
105       -2 cert_file[,key_file]
106              When using TLS, set the path to the certificate file.  The  cer‐
107              tificate  and  its  key can be be bundled into a single file, or
108              the key can be in a distinct file.
109
110       -3 path
111              Path to the pure-certd UNIX socket.
112
113       -4     Listen only to IPv4 connections.
114
115       -6     Listen only to IPv6 connections.
116
117       -a gid Regular users will be chrooted to their home directories, unless
118              they  belong  to  the  specified  gid.  Note that root is always
119              trusted, and that chroot() occurs only for anonymous ftp without
120              this option.
121
122       -A     Chroot() everyone, but root.
123
124       -b     Be broken. Turns on some compatibility hacks for shoddy clients,
125              and for broken Netfilter gateways.
126
127       -B     Start the standalone server in background (daemonize).
128
129       -c clients
130              Allow a maximum of clients to be connected.  clients must be  at
131              least 1, and if you combine it with -p it will be forced down to
132              half the number of ports specified by -p.  If more than  clients
133              are  connected,  new  clients are rejected at once, even clients
134              wishing to upload, or to log in as normal users.  Therefore,  it
135              is  advisable  to use -m as primary overload protection. The de‐
136              fault value is 50.
137
138       -C max connection per ip
139              Limit the number of simultaneous  connections  coming  from  the
140              same  IP address. This is yet another very effective way to pre‐
141              vent stupid denial of services and  bandwidth  starvation  by  a
142              single  user.   It  works  only  when  the server is launched in
143              standalone mode (if you use a super-server, it is supposed to do
144              that).  If  the  server  is launched with -C 2 , it doesn't mean
145              that the total number of connection is limited to  2.   But  the
146              same  client, coming from the same machine (or at least the same
147              IP), can't have more than  two  simultaneous  connections.  This
148              features  needs some memory to track IP addresses, but it's rec‐
149              ommended to use it.
150
151       -d     turns on debug logging. Every command is logged, except that the
152              argument  to PASS is changed to "<password>". If you repeat -d ,
153              responses too are logged.
154
155       -e     Only allow anonymous users to log in.
156
157       -E     Only allow authenticated login. Anonymous users are prohibited.
158
159       -f facility
160              makes ftpd use facility for all  syslog(3)  messages.   facility
161              defaults  to  ftp.   The  facility  names are normally listed in
162              /usr/include/sys/syslog.h.  Note that if -f is not the first op‐
163              tion  on the command line, a couple of messages may be logged to
164              local2 before the -f option is parsed.  Use -f none  to  disable
165              logging.
166
167       -F fortunes file
168              Display  a funny random message in the initial login banner. The
169              random cookies are extracted from a text file, in  the  standard
170              fortune format. If you installed the fortune package, you should
171              have a directory (usually /usr/share/fortune ) with binary files
172              ( xxxx.dat ) and text files (without the .dat extension).
173
174       -g pidfile
175              In  standalone  mode,  write  the pid to that file in instead of
176              /var/run/pure-ftpd.pid .
177
178       -G     When this option is enabled, people can no more change the  name
179              of already uploaded files, even if they own those files or their
180              directory.
181
182       -H     Don't resolve host names ("192.0.34.166" will be logged  instead
183              of "www.example.com"). It can significantly speed up connections
184              and reduce bandwidth usage on busy servers. Use it especially on
185              public FTP sites.
186
187       -i     Disallow  upload for anonymous users, whatever directory permis‐
188              sions are. This option is especially useful for virtual hosting,
189              to avoid your users create warez sites in their account.
190
191       -I timeout
192              Change the maximum idle time. The timeout is in minutes, and de‐
193              faults to 15.
194
195       -j     If the home directory of a  user  doesn't  exist,  automatically
196              create it. The newly created home directory belongs to the user,
197              and permissions are set according to the current directory mask.
198              To avoid local attacks, the parent directory should never belong
199              to an untrusted user.
200
201       -J ciphers
202              Set the list of ciphers that will be accepted  for  TLS  connec‐
203              tions.
204
205       -k percentage
206              Disallow  upload  if the partition is more than percentage full.
207              Example: -k 95 will ensure that your disk will never get  filled
208              more than 95% by FTP users.
209
210       -K     Allow  users to resume and upload files, but NOT to delete them.
211              Directories can be removed, but only if they are empty.
212
213       -l authentication:file
214              Enable a new authentication method. It can be one  of:  -l  unix
215              For  standard  (/etc/passwd) authentication.  -l pam For PAM au‐
216              thentication.  -l ldap:LDAP config file  For  LDAP  directories.
217              -l  mysql:MySQL config file For MySQL databases.  -l pgsql:Post‐
218              gres config file For Postgres databases.  -l puredb:PureDB data‐
219              base  file  For PureDB databases.  -l extauth:path to pure-authd
220              socket For external authentication handlers.
221              Different authentication methods can be mixed together. For  in‐
222              stance   if   you   run   the  server  with  -lpuredb:/etc/pure-
223              ftpd/pwd.pdb -lmysql:/etc/pure-ftpd/my.cf -lunix  Accounts  will
224              first  be  authenticated  from a PureDB database. If it fails, a
225              MySQL server will be asked. If the account is still not found is
226              the  database, standard unix accounts will be scanned. Authenti‐
227              cation methods are tried in the order you give the  -l  options,
228              if  you  do not give -l, then the decision comes from configure,
229              if PAM is built in, it is used, if not, then UNIX  (/etc/passwd)
230              is used by default.
231              See  the  README.LDAP  and README.MySQL files for info about the
232              built-in LDAP and SQL directory support.
233
234       -L max files:max depth
235              Avoid denial-of-service attacks by limiting the number  of  dis‐
236              played  files  in  a  'ls'  and the maximum depth of a recursive
237              'ls'. Defaults are 2000:5 (2000 files  displayed  for  a  single
238              'ls' and walk through 5 subdirectories max).
239
240       -m load
241              Do  not  allow  anonymous users to download files if the load is
242              above load when the user connects. Uploads and file listings are
243              still  allowed,  as are downloads by real users. The user is not
244              told about this until he/she tries to download a file.
245
246       -M     Allow anonymous users to create directories.
247
248       -n maxfiles:maxsize
249              Enable virtual quotas When virtual quotas are enabled, .ftpquota
250              files  are  created,  and  the number of files for a user is re‐
251              stricted to 'maxfiles'. The max total size of his  directory  is
252              also  restricted  to 'maxsize' Megabytes. Members of the trusted
253              group aren't subject to quotas.
254
255       -N     NAT mode. Force active mode. If your FTP server is behind a  NAT
256              box that doesn't support applicative FTP proxying, or if you use
257              port redirection without a  transparent  FTP  proxy,  use  this.
258              Well...  the  previous  sentence isn't very clear. Okay: if your
259              network looks like this:
260              FTP--NAT.gateway/router--Internet
261              and if you want people coming from the internet to  have  access
262              to  your  FTP  server,  please try without this option first. If
263              Netscape clients can connect without any problem, your NAT gate‐
264              way  rulez. If Netscape doesn't display directory listings, your
265              NAT gateway sucks. Use -N as a workaround.
266
267       -o     Enable pure-uploadscript.
268
269       -O format:log file
270              Record all file transfers into a specific log file, in an alter‐
271              native  format.  Currently,  three  formats  are supported: CLF,
272              Stats, W3C and xferlog.
273              If you add
274              -O clf:/var/log/pureftpd.log
275              to your  starting  options,  Pure-FTPd  will  log  transfers  in
276              /var/log/pureftpd.log  in  a  format  similar  to the Apache web
277              server in default configuration.
278              If you add
279              -O stats:/var/log/pureftpd.log
280              to your starting options, Pure-FTPd  will  create  accurate  log
281              files designed for traffic analys software like ftpStats.
282              If you add
283              -O w3c:/var/log/pureftpd.log
284              to  your  starting options, Pure-FTPd will create W3C-conformant
285              log files.
286              For  security  purposes,  the  path  must   be   absolute   (eg.
287              /var/log/pureftpd.log, not  ../log/pureftpd.log).
288
289       -p first:last
290              Use  only  ports  in  the range first to last inclusive for pas‐
291              sive-mode downloads. This means that clients  will  not  try  to
292              open  connections  to  TCP ports outside the range first - last,
293              which makes pure-ftpd more compatible with packet filters.  Note
294              that the maximum number of clients (specified with -c) is forced
295              down to (last + 1 - first)/2 if it is greater,  as  the  default
296              is. (The syntax for the port range is, conveniently, the same as
297              that of iptables).
298
299       -P ip address or host name
300              Force the specified IP address in reply to a PASV/EPSV  command.
301              If  the  server  is behind a masquerading (NAT) box that doesn't
302              properly handle stateful FTP masquerading, put the ip address of
303              that  box  here. If you have a dynamic IP address, you can use a
304              symbolic host name (probably the one of your gateway), that will
305              be resolved every time a new client will connect.
306
307       -q upload:download
308              Enable  an upload/download ratio for anonymous users (ex: -q 1:5
309              means that 1 Mb of goodies have to be uploaded to leech 5 Mb).
310
311       -Q upload:download
312              Enable ratios for anonymous and non-anonymous users. If  the  -a
313              option is also used, users from the trusted group have no ratio.
314
315       -r     Never  overwrite existing files. Uploading a file whose name al‐
316              ready exists cause an automatic rename. Files are called  xyz.1,
317              xyz.2, xyz.3, etc.
318
319       -R     Disallow users (even non-anonymous ones) usage of the CHMOD com‐
320              mand. On hosting services, it may  prevent  newbies  from  doing
321              mistakes,  like setting bad permissions on their home directory.
322              Only root can use CHMOD when this switch is enabled.
323
324       -s     Don't allow anonymous users to retrieve  files  owned  by  "ftp"
325              (generally, files uploaded by other anonymous users).
326
327       -S [{ip address|hostname}] [,{port|service name}]
328              This  option  is only effective when the server is launched as a
329              standalone server.  Connections are accepted on the specified IP
330              and  port. IPv4 and IPv6 are supported. Numeric and fully-quali‐
331              fied host names are accepted. A service name (see /etc/services)
332              can be used instead of a numeric port number.
333
334       -t bandwidth
335              or  -t upload bandwidth:download bandwidth Enable process prior‐
336              ity lowering and bandwidth throttling for anonymous users. Delay
337              should be in kilobytes/seconds.
338
339       -T bandwidth
340              or  -T upload bandwidth:download bandwidth Enable process prior‐
341              ity  lowering  and  bandwidth  throttling   for   *ALL*   users.
342              Pure-FTPd  should  have been explicitly compiled with throttling
343              support to have these flags work.  It is possible to  have  dif‐
344              ferent  bandwidth limits for uploads and for downloads. '-t' and
345              '-T' can indeed be followed by two numbers delimited by a column
346              (':'). The first number is the upload bandwidth and the next one
347              applies only to downloads. One of them can be left  blank  which
348              means  infinity.   A single number without any column means that
349              the same limit applies to upload and download.
350
351       -u uid Do not allow uids below uid to log in  (typically,  low-numbered
352              uids  are  used  for administrative accounts).  -u 100 is suffi‐
353              cient to deny access to  all  administrative  accounts  on  many
354              linux boxes, where 99 is the last administrative account. Anony‐
355              mous FTP is allowed even if the uid of the ftp user  is  smaller
356              than uid.  -u 1 denies access only to root accounts. The default
357              is to allow FTP access to all accounts.
358
359       -U umask files:umask dirs
360              Change the mask for creation of new files and  directories.  The
361              default  are 133 (files are readable -but not writable- by other
362              users) and 022 (same thing for directory, with the  execute  bit
363              on).   If  new  files  should  only be readable by the user, use
364              177:077. If you  want  uploaded  files  to  be  executable,  use
365              022:022  (files  will  be  readable  by other people) or 077:077
366              (files will only be readable by their owner).
367
368       -v bonjour name
369              Set the Bonjour name of the service (only available on  MacOS  X
370              when Bonjour support is compiled in).
371
372       -V ip address
373              Allow  non-anonymous  FTP  access only on this specific local IP
374              address. All other IP addresses are only  anonymous.  With  that
375              option,  you  can have routed IPs for public access, and a local
376              IP (like 10.x.x.x) for  administration.  You  can  also  have  a
377              routable  trusted  IP protected by firewall rules, and only that
378              IP can be used to login as a non-anonymous user.
379
380       -w     Enable support for the FXP  protocol,  for  non-anonymous  users
381              only.
382
383       -W     Enable the FXP protocol for everyone.  FXP IS AN UNSECURE PROTO‐
384              COL. NEVER ENABLE IT ON UNTRUSTED NETWORKS.
385
386       -x     In normal operation mode,  authenticated  users  can  read/write
387              files beginning with a dot ('.'). Anonymous users can't, for se‐
388              curity reasons (like changing banners or a  forgotten  .rhosts).
389              When  '-x'  is used, authenticated users can download dot-files,
390              but not overwrite/create them, even if they own them. That  way,
391              you can prevent hosted users from messing .qmail files.
392
393       -X     This flag is identical to the previous one (writing dot-files is
394              prohibited), but in addition, users can't even *read* files  and
395              directories beginning with a dot (like "cd .ssh").
396
397       -y per user max sessions:max anonymous sessions
398              This  switch enables per-user concurrency limits. Two values are
399              separated by a column. The first one is the max number  of  con‐
400              current sessions for a single login. The second one is the maxi‐
401              mum number of anonoymous sessions.
402
403       -Y tls behavior
404              -Y 0 (default) disables TLS security mechanisms.
405              -Y 1 Accept both normal sessions and TLS ones.
406              -Y 2 refuses connections that aren't using TLS  security  mecha‐
407              nisms, including anonymous ones.
408              -Y  3  refuses connections that aren't using TLS security mecha‐
409              nisms, and refuse cleartext data channels as well.
410              The server must have been compiled with TLS support and a  valid
411              certificate must be in place to accept encrypted sessions.
412
413       -z     Allow  anonymous  users  to  read files and directories starting
414              with a dot ('.').
415
416       -Z     Add safe guards against common customer mistakes (like  chmod  0
417              on their own files) .
418
419
420

AUTHENTICATION

422       Some of the complexities of older servers are left out.
423
424       This  version  of pure-ftpd can use PAM for authentication. If you want
425       it to consult any files like /etc/shells or /etc/ftpd/ftpusers  consult
426       pam docs. LDAP directories and SQL databases are also supported.
427
428       Anonymous users are authenticated in any of three ways:
429
430       1.  The  user  logs  in as "ftp" or "anonymous" and there is an account
431       called "ftp" with an existing home directory. This server does not  ask
432       anonymous users for an email address or other password.
433
434       2.  The  user connects to an IP address which resolves to the name of a
435       directory in /etc/pure-ftpd/pure-ftpd (or a symlink in  that  directory
436       to  a real directory), and there is an account called "ftp" (which does
437       not need to have a valid home directory). See Virtual Servers below.
438
439       Ftpd does a chroot(2) to the relevant base directory when an  anonymous
440       user logs in.
441
442       Note that ftpd allows remote users to log in as root if the password is
443       known and -u not used.
444
445

UNUSUAL FEATURES

447       If a user's home directory is /path/to/home/./, FTP sessions under that
448       UID  will  be  chroot()ed.  In addition, if a users's home directory is
449       /path/to/home/./directory   the   session   will   be   chroot()ed   to
450       /path/to/home and the FTP session will start in 'directory'.
451
452       As noted above, this pure-ftpd omits several features that are required
453       by the RFC or might be considered useful at first. Here is  a  list  of
454       the most important omissions.
455
456       On-the-fly tar is not supported, for several reasons. I feel that users
457       who want to get many files should use a  special  FTP  client  such  as
458       "mirror," which also supports incremental fetch. I don't want to either
459       add several hundred lines of code to create tar files or execute an ex‐
460       ternal tar. Finally, on-the-fly tar distorts log files.
461
462       On-the-fly  compression  is left out too. Most files on an FTP site are
463       compressed already, and if a file isn't, there presumably is  a  reason
464       why.  (As  for  decompression:  Don't  FTP users waste bandwidth enough
465       without help from on-the-fly decompression?)
466
467

DIRECTORY ALIASES

469       Shortcuts for the "cd" command can be set up if  the  server  has  been
470       compiled with the --with-diraliases feature.
471
472       To   enable   directory   aliases,  create  a  file  called  /etc/pure-
473       ftpd/pureftpd-dir-aliases and alternate lines of alias names and  asso‐
474       ciated directories.
475
476

ANONYMOUS FTP

478       This server leaves out some of the commands and features that have been
479       used to subvert anonymous FTP servers in the past, but still  you  have
480       to  be  a  little bit careful in order to support anonymous FTP without
481       risk to the rest of your files.
482
483       Make ~ftp and all files and directories below this directory  owned  by
484       some  user other than "ftp," and only the .../incoming directory/direc‐
485       tories writable by "ftp." It is probably best if  all  directories  are
486       writable  only by a special group such as "ftpadmin" and "ftp" is not a
487       member of this group.
488
489       If you do not trust the local users, put ~ftp on a separate  partition,
490       so  local users can't hard-link unapproved files into the anonymous FTP
491       area.
492
493       Use of the -s option is strongly suggested. (Simply add "-s" to the end
494       of the ftpd line in /etc/inetd.conf to enable it.)
495
496       Most  other  FTP  servers  require  that  a  number  of  files  such as
497       ~ftp/bin/ls exist. This server does not require that any files  or  di‐
498       rectories  within ~/ftp whatsoever exist, and I recommend that all such
499       unnecessary files are removed (for no real reason).
500
501       It may be worth considering to run the anonymous FTP service as a  vir‐
502       tual  server,  to  get automatic logins and to firewall off the FTP ad‐
503       dress/port to which real users can log in.
504
505       If your server is a public FTP site, you may want to allow  only  'ftp'
506       and  'anonymous'  users to log in. Use the -e option for this. Real ac‐
507       counts will be ignored and you will get a  secure,  anonymous-only  FTP
508       server.
509
510

MAGIC FILES

512       The files <ftproot>/.banner and .message are magical.
513
514       If  there  is a file called .banner in the root directory of the anony‐
515       mous FTP area, or in the root directory of a virtual host,  and  it  is
516       shorter  than 1024 bytes, it is printed upon login. (If the client does
517       not log in explicitly, and an implicit login is triggered by a  CWD  or
518       CDUP  command,  the banner is not printed. This is regrettable but hard
519       to avoid.)
520
521       If there is a file called .message in any directory and it  is  shorter
522       than  1024  bytes, that file is printed whenever a user enters that di‐
523       rectory using CWD or CDUP.
524
525

VIRTUAL SERVERS

527       You can run several different anonymous FTP servers  on  one  host,  by
528       giving the host several IP addresses with different DNS names.
529
530       Here  are  the steps needed to create an extra server using an IP alias
531       on linux 2.4.x, called "ftp.example.com" on address 10.11.12.13. on the
532       IP alias eth0.
533
534       1.  Create  an  "ftp" account if you do not have one. It it best if the
535       account does not have a valid home directory and  shell.  I  prefer  to
536       make  /dev/null  the ftp account's home directory and shell.  Ftpd uses
537       this account to set the anonymous users' uid.
538
539       2. Create a directory as described in Anonymous FTP and make a  symlink
540       called /etc/pure-ftpd/pure-ftpd/10.11.12.13 which points to this direc‐
541       tory.
542
543       3. Make sure your kernel has support for IP aliases.
544
545       4. Make sure that the following commands are run at boot:
546
547         /sbin/ifconfig eth0:1 10.11.12.13
548
549       That should be all. If you have problems, here are some things to try.
550
551       First, symlink /etc/pure-ftpd/pure-ftpd/127.0.0.1 to some directory and
552       say  "ftp  localhost".  If that doesn't log you in, the problem is with
553       ftpd.
554
555       If not, "ping -v 10.11.12.13" and/or "ping -v ftp.example.com" from the
556       same host. If this does not work, the problem is with the IP alias.
557
558       Next,  try "ping -v 10.11.12.13" from a host on the local ethernet, and
559       afterwards "/sbin/arp -a". If 10.11.12.13 is listed among the  ARP  en‐
560       tries  with  the correct hardware address, the problem is probably with
561       the IP alias. If  10.11.12.13  is  listed,  but  has  hardware  address
562       0:0:0:0:0:0, then proxy-ARP isn't working.
563
564       If none of that helps, I'm stumped. Good luck.
565
566       Warning: If you setup a virtual hosts, normal users will not be able to
567       login via this name,  so  don't  create  link/directory  in  /etc/pure-
568       ftpd/pure-ftpd for your regular hostname.
569
570

FILES

572       /etc/passwd is used via libc (and PAM is this case), to get the uid and
573       home directory of normal users, the uid and home directory of "ftp" for
574       normal anonymous ftp, and just the uid of "ftp" for virtual ftp hosts.
575
576       /etc/shadow is used like /etc/passwd if shadow support is enabled.
577
578       /etc/group  is  used  via  libc,  to get the group membership of normal
579       users.
580
581       /proc/net/tcp is used to count existing FTP connections, if the  -c  or
582       -p options are used
583
584       /etc/pure-ftpd/pure-ftpd/<ip address> is the base directory for the <ip
585       address> virtual ftp server, or a symbolic link to its base  directory.
586       Ftpd  does  a  chroot(2) into this directory when a user logs in to <ip
587       address>, thus symlinks outside this directory will not work.
588
589       ~ftp is the base directory for "normal" anonymous FTP.  Ftpd does a ch‐
590       root(2)  into  this directory when an anonymous user logs in, thus sym‐
591       links outside this directory will not work.
592
593

LS

595       The behaviour of LIST and NLST is a  tricky  issue.  Few  servers  send
596       RFC-compliant responses to LIST, and some clients depend on non-compli‐
597       ant responses.
598
599       This server uses glob(3) to do filename globbing.
600
601       The response to NLST is by default similar to that of ls(1),  and  that
602       to  LIST  is by default similar to that of ls -l or ls -lg on most Unix
603       systems, except that the "total" count is  meaningless.   Only  regular
604       files,  directories  and  symlinks are shown. Only important ls options
605       are supported:
606
607       -1     Undoes -l and -C.
608
609       -a     lists even files/directories whose names begin with ".".
610
611       -C     lists files in as many columns as will fit on the screen. Undoes
612              -1 and -l.
613
614       -d     lists argument directories' names rather their contents.
615
616       -D     List  files  beginning  with  a  dot  ('.') even when the client
617              doesn't append the -a option to the list command.
618
619       -F     appends '*' to executable regular files, '@' to symlinks and '/'
620              to directories.
621
622       -l     shows  various details about the file, including file group. See
623              ls(1) for details. Undoes -1 and -C.
624
625       -r     reverses the sorting order (modifies -S and -t and  the  default
626              alphabetical ordering).
627
628       -R     recursively  descends into subdirectories of the argument direc‐
629              tories.
630
631       -S     Sorts by file size instead of by name. Undoes -t.
632
633       -t     Sorts by file modification time instead of by name. Undoes -S.
634
635

PROTOCOL

637       Here are the FTP commands supported by this server.
638       ABOR ALLO APPE AUTH TLS CCC CDUP CWD DELE EPRT EPSV ESTA ESTP FEAT HELP
639       LIST  MDTM  MFMT  MKD MLSD MLST MODE NLST NOOP PASS PASV PBSZ PORT PROT
640       PWD QUIT REST RETR RMD RNFR RNTO SIZE STAT STOR  STOU  STRU  SYST  TYPE
641       USER  XCUP XCWD XDBG XMKD XPWD XRMD OPTS MLST SITE CHMOD SITE HELP SITE
642       IDLE SITE TIME SITE UTIME
643
644

BUGS

646       Please report bugs to the mailing-list (see  below).   Pure-FTPd  looks
647       very stable and is used on production servers. However it comes with no
648       warranty and it can have nasty bugs or security flaws.
649
650

HOME PAGE

652       http://www.pureftpd.org/
653

NEW VERSIONS

655       See the mailing-list on http://www.pureftpd.org/ml/.
656
657

AUTHOR AND LICENSE

659       Troll-FTPd was written by Arnt Gulbrandsen <agulbra@troll.no> and copy‐
660       right  1995-2002 Troll Tech AS, Waldemar Thranes gate 98B, N-0175 Oslo,
661       Norway, fax +47 22806380.
662
663       Pure-FTPd is (C)opyleft 2001-2022 by Frank DENIS  <j  at  pureftpd  dot
664       org>.
665
666       This software is covered by the BSD license.
667
668       Contributors:
669        Arnt Gulbrandsen,
670        Troll Tech AS,
671        Janos Farkas,
672        August Fullford,
673        Ximenes Zalteca,
674        Patrick Michael Kane,
675        Arkadiusz Miskiewicz,
676        Michael K. Johnson,
677        Kelley Lingerfelt,
678        Sebastian Andersson,
679        Andreas Westin,
680        Jason Lunz,
681        Mathias Gumz,
682        Claudiu Costin,
683        Ping,
684        Paul Lasarev,
685        Jean-Mathieux Schaffhauser,
686        Emmanuel Hocdet,
687        Sami Koskinen,
688        Sami Farin,
689        Luis Llorente Campo,
690        Peter Pentchev,
691        Darren Casey,
692        The Regents of the University of California,
693        Theo de Raadt (OpenBSD),
694        Matthias Andree,
695        Isak Lyberth,
696        Steve Reid,
697        RSA Data Security Inc,
698        Trilucid,
699        Dmtry Lebkov,
700        Johan Huisman,
701        Thorsten Kukuk,
702        Jan van Veen,
703        Roger Constantin Demetrescu,
704        Stefano F.,
705        Robert Varga,
706        Freeman,
707        James Metcalf,
708        Im Eunjea,
709        Philip Gladstone,
710        Kenneth Stailey,
711        Brad Smith,
712        Ulrik Sartipy,
713        Cindy Marasco,
714        Nicolas Doye,
715        Thomas Briggs,
716        Stanton Gallegos,
717        Florin Andrei,
718        Chan Wilson,
719        Bjoern Metzdorf,
720        Ben Gertzfield,
721        Akhilesch Mritunjai,
722        Dawid Szymanski,
723        Kurt Inge Smadal,
724        Alex Dupre,
725        Gabriele Vinci,
726        Andrey Ulanov,
727        Fygul Hether,
728        Jeffrey Lim,
729        Ying-Chieh Liao,
730        Johannes Erdfelt,
731        Martin Sarfy,
732        Clive Goodhead,
733        Aristoteles Pagaltzis,
734        Stefan Hornburg,
735        Mehmet Cokcevik,
736        Brynjar Eide,
737        Torgnt Wernersson,
738        Banhalmi Csaba,
739        Volodin D,
740        Oriol Magran,
741        Jui-Nan Lin,
742        Patrick Gosling,
743        Marc Balmer,
744        Rajat Upadhyaya / Novell,
745        Christian Cier-Zniewski,
746        Wilco Baan Hofman,
747        Clement Chauplannaz.
748
749

SEE ALSO

751       ftp(1),   pure-ftpd(8)   pure-ftpwho(8)  pure-mrtginfo(8)  pure-upload‐
752       script(8) pure-statsdecode(8)  pure-pw(8)  pure-quotacheck(8)  pure-au‐
753       thd(8) pure-certd(8)
754
755       RFC 959, RFC 2228, RFC 2389, RFC 2428 and RFC 4217.
756
757
758
759Frank Denis                         1.0.51                        pure-ftpd(8)
Impressum