DHDSFTPD Manual Page
NAME
dhdsftpd---DHD's Safe FTP Daemon.
SYNOPSIS
dhdsftpd [-t[est]] [-v[erbose]] [-l[og]] [-m[axload] load] directory
DESCRIPTION
This should be run from inetd with a line something like:
ftp stream tcp nowait root /usr/etc/dhdsftpd dhdsftpd -l /home/pub
and will allow read-only anon access to the specified directory.
Note that this has to run as root to bind to the ftp-data port, so
is extra careful to check that files requested are plain files with
global read permissions.
This can be run `wait' rather than `nowait' to limit access to one
daemon at a time.
No directory-changing or upload commands are supported, and the
daemon should run with as few privileges as possible. This should
be a very safe replacement for the real FTP. Given that the daemon
has to run as root, to guard against loopholes in the code this
server should not be run on critcal machines, or machines with root
access to critical resources, if at all possible.
In logging mode all logins (with user ID, mail-ID and remote
machine ID if possible) and session terminations are logged to
syslog. Serious errors (eg that result in early program
termination) are always logged to syslog.
In verbose mode more information, such as details of which files
were requested and successfully transferred and how fast, are
logged. This *does not* affect the amount of information seen by
the remote user so that a remote user cannot tell when their session
is being logged.
The `maxload' parameter determines the maximum system load at which
we are prepared to operate. When preparing to accept a connection
the system load is tested. If the load is higher than that
specified as a maximum, the daemon exits. If the load is higher
than double the `maxload' value before any command, the daemon
terminates.
The `test' flag has the program write output to stdout rather than
to file descriptor 0 so that it can be tested on the command-line
taking on stdin/stdout. Indetd normally leaves fd 0 set up for
reading and writing.
FTP commands understood are: USER PASS NOOP PORT TYPE RETR QUIT.
The USER command argument must be `ftp' or `anonymous'; no other
name will be accepted.
The TYPE command can only specify A (ASCII) or I (Image), and no
further parameters.
The RETR command may only refer to a file in the current directory,
ie may contain no `/'s in the name, and must be a plain file.
Commands other than USER NOOP and QUIT will only be accepted when
the user has logged in. PASS will only be accepted immediately
after USER.
BUGS
Actually a feature. This daemon only understands a very limited
subset of FTP commands, and responds with only a fairly
coarse-grained set of error/success codes.
RFC959 says we must also accept MODE (stream only), STRU and STOR,
but for the moment I don't.
For the moment, the PORT command is NOT implemented, which will
cause delays if multiple files are to be transferred. However,
many FTP clients (and Sun's in particular) can work round the
absence of the PORT command moderately transparently.
I don't actually look up MX records for the email address given as
password to check that it does at least exist.
I don't time out incoming idle connections, which I should.