![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to ftamd.8c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / contrib / isode-beta / ftam2|
Return to ftamd.8c CVS log | Up to [CSRG BSD Unix] / 43BSDReno / contrib / isode-beta / ftam2 |
1.1 root 1: .TH FTAMD 8C "01 Mar 1987"
2: .\" $Header: /f/osi/ftam2/RCS/ftamd.8c,v 7.1 90/02/20 17:12:11 mrose Exp $
3: .\"
4: .\"
5: .\" $Log: ftamd.8c,v $
6: .\" Revision 7.1 90/02/20 17:12:11 mrose
7: .\" update
8: .\"
9: .\" Revision 7.0 89/11/23 21:54:35 mrose
10: .\" Release 6.0
11: .\"
12: .SH NAME
13: ftamd \- FTAM responder
14: .SH SYNOPSIS
15: .in +.5i
16: .ti -.5i
17: .B \*(SDiso.ftam
18: \%[\-c]
19: \%[\-d]
20: \fImagic\0arguments\fR
21: .in -.5i
22: (under \fI\*(SDtsapd\fR\0)
23: .SH DESCRIPTION
24: The \fIftamd\fR server implements the responder side of
25: the File Transfer, Access, and Management (FTAM) service.
26: .PP
27: Currently, implementations for Berkeley and AT&T UNIX exist.
28: Supported are:
29: the no-recovery FTAM-QoS;
30: any of
31: the transfer, management, and transfer and management service classes;
32: the kernel, read, write, limited file management, enhanced file management, and
33: grouping functional units;
34: and, the kernel and storage attribute groups.
35: Only three document types are supported as of this writing:
36: unstructured text files (FTAM\-1),
37: unstructured binary files (FTAM\-3),
38: and filedirectory files (NBS\-9).
39: .SH "DEBUG OPERATION"
40: If \fIiso.ftamd\fR is started interactively,
41: or if the `\-d' switch is given,
42: then debug mode is entered.
43: In this case,
44: all logging activity is displayed on the user's terminal.
45: In addition,
46: the logging information is more verbose.
47: .SH AUTHENTICATION
48: An FTAM initiator must be listed in the \fIpasswd\fR file and have a
49: non\-empty password.
50: Further, as with the \fIftpd\fR daemon,
51: the username must not appear in the \fI\*(EDftamusers\fR file
52: or the \fI/etc/ftpusers\fR file.
53: .PP
54: If the username \*(lqANON\*(rq or \*(lqftp\*(rq is given,
55: then \fIftamd\fR treats this as a guest access,
56: similar to the \*(lqanonymous\*(rq facility supported by the \fIftpd\fR daemon.
57: An entry in the \fIpasswd\fR file for user \*(lqftp\*(rq must be present with
58: a non\-zero UID.
59: For guest access,
60: a \fIchroot\fR to the guest home directory
61: is executed to restrict access to the system.
62: The guest home directory should be structured thusly:
63: .PP
64: Note that the `\-c' flag (given in the \fIisoservices\fR\0(5) file)
65: forces a \fIchroot\fR to the initiator's home directory.
66: This is used to restrict network access.
67: .TP
68: .B ~ftp/
69: Owned by \*(lqftp\*(rq with mode 555.
70: .TP
71: .B ~ftp/etc/
72: Owned by the super\-user with mode 555.
73: The \fIpasswd\fR and \fIgroup\fR files should be present,
74: each with mode 444.
75: .TP
76: .B ~ftp/pub/
77: Owned by \*(lqftp\*(rq with mode 777.
78: This is the directory where guests can place files from remote systems.
79: .TP
80: .B ~ftp/portal/
81: Owned by the super\-user with mode 555.
82: The super\-user can put world\-readable files here
83: (with mode 444) without fear of these files being removed or altered by
84: guests.
85: .PP
86: Note that since \fIftamd\fR doesn't use \fIls\fR in order to produce
87: directory listings,
88: the directory \fIbin/\fR under the guest home directory need not be present,
89: as it must be to support the anonymous guest with \fIftpd\fR.
90: .SH "VIRTUAL FILESTORE"
91: Here are the file attribute mappings:
92: .TP
93: .B filename
94: A single component, relative to the user's $HOME.
95: Changing this attribute is equivalent to a \fIrename\fR.
96: .TP
97: .B contents\-type
98: Based on st_mode:
99: \fBNBS\-9\fR for directories,
100: \fBNBS\-1\fR for regular files appearing to be textual,
101: \fBFTAM\-3\fR for all other regular files.
102: Files that are neither regular nor directories are inaccessible via this
103: implementation of the VFS (i.e., special files).
104: .TP
105: .B account
106: The st_gid according to /etc/group.
107: Changing this attribute is equivalent to a \fIchgrp\fR.
108: .TP
109: .B date\-and\-time\-of\-creation
110: The st_mtime.
111: .TP
112: .B date\-and\-time\-of\-last\-modification
113: The st_mtime.
114: .TP
115: .B date\-and\-time\-of\-last\-read\-access
116: The st_atime.
117: .TP
118: .B date\-and\-time\-of\-last\-attribute\-modification
119: The st_ctime.
120: .TP
121: .B identity\-of\-creator
122: The st_uid according to /etc/passwd.
123: .TP
124: .B identity\-of\-last\-modifier
125: The st_uid according to /etc/passwd
126: (if the value of the st_mode field guarantees uniqueness).
127: .TP
128: .B identity\-of\-last\-reader
129: The st_uid according to /etc/passwd
130: (if the value of the st_mode field guarantees uniqueness).
131: .TP
132: .B identity\-of\-last\-attribute\-modifier
133: The st_uid according to /etc/passwd
134: (if the value of the st_mode field guarantees uniqueness).
135: .TP
136: .B file\-availability
137: Immediate.
138: .TP
139: .B permitted\-actions
140: Depends on st_mode as interpreted by \fIaccess\fR\0(2):
141: R_OK for permission to read;
142: W_OK for permission to write;
143: permission is always granted to read attributes;
144: permission is granted to change attributes if the initiator has uid equal to
145: st_uid;
146: permission to delete is based on writability of parent directory.
147: .TP
148: .B filesize
149: The st_size.
150: .TP
151: .B future\-filesize
152: Not available.
153: .TP
154: .B access\-control
155: Not available.
156: .TP
157: .B encryption\-name
158: Not available.
159: .TP
160: .B legal\-qualifications
161: Not available.
162: .TP
163: .B private\-use
164: Not available.
165: .PP
166: The activity attribute mappings are straight\-forward.
167: The read action corresponds to reading UNIX files.
168: The insert, replace, extend, and erase actions correspond to writing
169: UNIX files.
170: Concurrency control is supported for reading and writing,
171: but not for reading or changing attributes, or for deleting files.
172: .SH FILES
173: .nf
174: .ta \w'\*(EDisodocuments 'u
175: \*(EDisodocuments ISODE FTAM document types database
176: \*(EDisoentities ISODE entities database
177: \*(EDftamusers list of users prohibited by ftam
178: \*(LDftam.log logfile
179: /usr/adm/wtmp login records
180: .re
181: .fi
182: .SH "SEE ALSO"
183: ftam(1c), libftam(3n), isodocuments(5)
184: .br
185: \fIThe ISO Development Environment: User's Manual\fR,
186: .br
187: ISO 8571:
188: \fIInformation Processing Systems \-\-
189: File Transfer, Access, and Management\fR
190: .SH DIAGNOSTICS
191: All obvious.
192: .SH AUTHOR
193: Marshall T. Rose
194: .PP
195: This program is based somewhat on the \fIftpd\fR(8c) program supplied with
196: Berkeley UNIX.
197: .SH BUGS
198: The anonymous account is inherently dangerous and should be avoided when
199: possible.
200: It is also inherently useful.
201: .PP
202: The Berkeley UNIX version of this program runs with the effective UID of the
203: FTAM initiator,
204: but also with the real UID of the super\-user.
205: This is necessary to change the account attribute on files
206: (using \fIchown\fR\0).
207: The possible security holes have been extensively considered,
208: but may be incomplete.
209: .PP
210: The AT&T UNIX version, which lacks kernel support for this technique, acts
211: differently.
212: Immediately upon association establishment,
213: it changes both the real and effective UID to that of the FTAM initiator.
214: To change the account attribute on files,
215: it invokes the \fIchgrp\fR program.
216: Similarly, to create or delete directories,
217: it invokes either the \fImkdir\fR program or the \fIrmdir\fR program.
218: .PP
219: The AT&T UNIX version of this program has been tested both under
220: the System V Compatibility Package in SUN UNIX release 3.2
221: and a true SVR3 implementation.
222: However,
223: the \fIfcntl\fR syscall,
224: which is used to implement concurrency control,
225: currently seems to be a no\-op.
226: The Berkeley UNIX version of this program uses \fIflock\fR,
227: which seems to work just fine.
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.