source: TI05-delivery/trunk/src/bbftp-server-3.2.0/doc/bbftpd.1 @ 773

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI05-delivery/trunk/src/bbftp-server-3.2.0/doc/bbftpd.1
Revision 773, 12.8 KB checked in by spascoe, 14 years ago (diff)

Initial import of bbftp source

Line 
1.\" Automatically generated by Pod::Man version 1.15
2.\" Mon May 30 11:02:20 2005
3.\"
4.\" Standard preamble:
5.\" ======================================================================
6.de Sh \" Subsection heading
7.br
8.if t .Sp
9.ne 5
10.PP
11\fB\\$1\fR
12.PP
13..
14.de Sp \" Vertical space (when we can't use .PP)
15.if t .sp .5v
16.if n .sp
17..
18.de Ip \" List item
19.br
20.ie \\n(.$>=3 .ne \\$3
21.el .ne 3
22.IP "\\$1" \\$2
23..
24.de Vb \" Begin verbatim text
25.ft CW
26.nf
27.ne \\$1
28..
29.de Ve \" End verbatim text
30.ft R
31
32.fi
33..
34.\" Set up some character translations and predefined strings.  \*(-- will
35.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
36.\" double quote, and \*(R" will give a right double quote.  | will give a
37.\" real vertical bar.  \*(C+ will give a nicer C++.  Capital omega is used
38.\" to do unbreakable dashes and therefore won't be available.  \*(C` and
39.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<>
40.tr \(*W-|\(bv\*(Tr
41.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
42.ie n \{\
43.    ds -- \(*W-
44.    ds PI pi
45.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
46.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
47.    ds L" ""
48.    ds R" ""
49.    ds C` ""
50.    ds C' ""
51'br\}
52.el\{\
53.    ds -- \|\(em\|
54.    ds PI \(*p
55.    ds L" ``
56.    ds R" ''
57'br\}
58.\"
59.\" If the F register is turned on, we'll generate index entries on stderr
60.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and
61.\" index entries marked with X<> in POD.  Of course, you'll have to process
62.\" the output yourself in some meaningful fashion.
63.if \nF \{\
64.    de IX
65.    tm Index:\\$1\t\\n%\t"\\$2"
66..
67.    nr % 0
68.    rr F
69.\}
70.\"
71.\" For nroff, turn off justification.  Always turn off hyphenation; it
72.\" makes way too many mistakes in technical documents.
73.hy 0
74.if n .na
75.\"
76.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
77.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
78.bd B 3
79.    \" fudge factors for nroff and troff
80.if n \{\
81.    ds #H 0
82.    ds #V .8m
83.    ds #F .3m
84.    ds #[ \f1
85.    ds #] \fP
86.\}
87.if t \{\
88.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
89.    ds #V .6m
90.    ds #F 0
91.    ds #[ \&
92.    ds #] \&
93.\}
94.    \" simple accents for nroff and troff
95.if n \{\
96.    ds ' \&
97.    ds ` \&
98.    ds ^ \&
99.    ds , \&
100.    ds ~ ~
101.    ds /
102.\}
103.if t \{\
104.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
105.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
106.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
107.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
108.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
109.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
110.\}
111.    \" troff and (daisy-wheel) nroff accents
112.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
113.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
114.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
115.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
116.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
117.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
118.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
119.ds ae a\h'-(\w'a'u*4/10)'e
120.ds Ae A\h'-(\w'A'u*4/10)'E
121.    \" corrections for vroff
122.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
123.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
124.    \" for low resolution devices (crt and lpr)
125.if \n(.H>23 .if \n(.V>19 \
126\{\
127.    ds : e
128.    ds 8 ss
129.    ds o a
130.    ds d- d\h'-1'\(ga
131.    ds D- D\h'-1'\(hy
132.    ds th \o'bp'
133.    ds Th \o'LP'
134.    ds ae ae
135.    ds Ae AE
136.\}
137.rm #[ #] #H #V #F C
138.\" ======================================================================
139.\"
140.IX Title "BBFTPD 1"
141.TH BBFTPD 1 "perl v5.6.1" "2005-05-30" "User Contributed Perl Documentation"
142.UC
143.SH "NAME"
144bbftpd \- \s-1BBFTP\s0 protocol server
145.SH "SYNOPSIS"
146.IX Header "SYNOPSIS"
147\&\fBbbftpd\fR \fB\-v\fR
148.PP
149\&\fBbbftpd\fR \fB\-s\fR [\fB\-f\fR] [\fB\-e\fR EphemeralPortsRange] [\fB\-l\fR LogLevel] [\fB\-m\fR MaxStreamNumber] [\fB\-w\fR PortNumber] [\fB\-R\fR ProfileFile]
150.PP
151\&\fBbbftpd\fR \fB\-b\fR [\fB\-f\fR] [\fB\-e\fR EphemeralPortsRange] [\fB\-l\fR LogLevel] [\fB\-m\fR MaxStreamNumber] [\fB\-w\fR PortNumber] [\fB\-R\fR ProfileFile] [\fB\-u\fR] [\fB\-c\fR|\fB\-p\fR]
152.PP
153\&\fBbbftpd\fR [\fB\-f\fR] [\fB\-e\fR EphemeralPortsRange] [\fB\-l\fR LogLevel] [\fB\-m\fR MaxStreamNumber] [\fB\-w\fR PortNumber] [\fB\-R\fR ProfileFile] [\fB\-u\fR] [\fB\-c\fR|\fB\-p\fR]
154.SH "DESCRIPTION"
155.IX Header "DESCRIPTION"
156bbftpd is a server that supports the \s-1BBFTP\s0 protocol. This protocol has been
157developed in order to speed up transfer by using multiple \s-1TCP\s0 streams between
158client and server, and also to take advantage of the \fB\s-1RFC\s0 1323\fR.
159.PP
160As one of the major problems of the \s-1FTP\s0 protocol was the unencrypted transmission
161of the username and password, \s-1BBFTP\s0 uses several methods for authentication.
162The first one is to generate at each new connection a \s-1RSA\s0 key pair, to send
163the public key to the client who will encrypt the username and password using
164this public key, and then to decrypt them with the private key. As these keys
165are 1024 bits long and generated at each new connection, it will be quite
166difficult to steal a password. This method requires OpenSSL to be installed
167on both sides. The second connection method is based on ssh; instead
168of making a connection to a running daemon, the client will remotely start the
169daemon with ssh (with a command like ssh \-l user remotehost \*(L"bbftpd \-s\*(R").
170A third additionnal authenticate mode allows to use certificates to log on. This mode
171is based on the Grid Security Infrastructure and requires Globus software to be installed.
172The client side needs a certificate to identify itself and the daemon needs a host certificate
173.PP
174\&\s-1BBFTP\s0 protocol works in the following way :
175.PP
176\&\fB-\fR After the authentication procedure has ended there is what is called a control
177connection between the client and the server. On that connection all control commands
178will circulate.
179.PP
180\&\fB-\fR When a data transfer occurs (get or put command sent by the client), the server can
181work in passive or non-passive mode:
182.PP
183\&\- In passive mode (with client >= 3), the server gets all \s-1TCP\s0 ports needed by the transfer
184(one per stream) and sends those ports to the client on the control connection. If the
185server is built or run with a range, those ports will be chosen in this range.
186.PP
187\&\- In non-passive mode, the client gets all \s-1TCP\s0 ports needed by the transfer
188(one per stream) and sends those port numbers to the server on the control connection.
189The server will then connect to those ports (using a defined port number if the
190\&\fB\-f\fR is not used) and use them to transfer data.
191.PP
192To meet security requirements (firewalls filters), you may want to use the passive mode with
193a defined range of ephemeral ports.
194.PP
195The behaviour of the server is controlled by commands sent by the client (see \fIbbftp\fR\|(1)).
196.PP
197The server can be used in different ways :
198.PP
199Through inetd (and tcpwrapper if needed). In this case the line in the inetd.conf file will
200look like :
201.PP
202\&\fIbbftp stream tcp nowait root /usr/local/bin/bbftpd bbftpd [\-f] [\-e EphemeralPortsRange] [\-l LogLevel] [\-m MaxStreamNumber] [\-R ProfileFile] [\-u] [\-c|\-p]\fR
203.PP
204As a standalone server. In this case the starting procedure has to contain the following line:
205.PP
206\&\fIbbftpd \-b [\-f] [\-e EphemeralPortsRange] [\-l LogLevel] [\-m MaxStreamNumber] [\-w PortNumber] [\-u] [\-R ProfileFile] [\-u] [\-c|\-p]\fR
207.PP
208Started via ssh. In this case the remote command started by the client will look like:
209.PP
210\&\fIbbftpd \-s [\-f] [\-e EphemeralPortsRange] [\-l LogLevel] [\-m MaxStreamNumber] [\-w PortNumber] [\-R ProfileFile]\fR
211.SH "OPTIONS"
212.IX Header "OPTIONS"
213.Ip "\-b" 4
214.IX Item "-b"
215Use this option to start bbftpd in background. In this case the server will bind and listen
216on a control port which can be changed with the \fB\-w\fR option.
217.Ip "\-f" 4
218.IX Item "-f"
219The standard behaviour of the server is to bind the server-side port number on data
220connection to controlport minus one. This is useful if the server is behind a firewall.
221If you want the server to take the first free port number use this option.
222.Ip "\-e EphemeralPortsRange" 4
223.IX Item "-e EphemeralPortsRange"
224In passive mode (ie, requested by a client >= 3), the server can choose the ephemeral ports
225for data connections in a range defined by this option. The syntax is: min:max.
226Make sure to choose relevant values for min and max ports. If this option is not set, the
227server will choose the port number in the default range which depends on the system.
228.Ip "\-l LogLevel" 4
229.IX Item "-l LogLevel"
230Use this option to change the log level. By default the server will log nothing.
231\&\fILoglevel\fR is a string (uppercase or lowercase) whose values are :
232.RS 4
233.Ip "\s-1EMERGENCY\s0" 4
234.IX Item "EMERGENCY"
235.PD 0
236.Ip "\s-1ALERT\s0" 4
237.IX Item "ALERT"
238.Ip "\s-1CRITICAL\s0" 4
239.IX Item "CRITICAL"
240.Ip "\s-1ERROR\s0" 4
241.IX Item "ERROR"
242.Ip "\s-1WARNING\s0" 4
243.IX Item "WARNING"
244.Ip "\s-1NOTICE\s0" 4
245.IX Item "NOTICE"
246.Ip "\s-1INFORMATION\s0" 4
247.IX Item "INFORMATION"
248.Ip "\s-1DEBUG\s0" 4
249.IX Item "DEBUG"
250.RE
251.RS 4
252.PD
253.Sp
254\&\fB\s-1WARNING\s0 :\fR
255.Sp
256This option has to be the last one when used in conjunction with option
257\&\fB\-s\fR for backward compatibility.
258.RE
259.Ip "\-m MaxStreamNumber" 4
260.IX Item "-m MaxStreamNumber"
261For each stream the server forks a child. If you want to limit or increase the number of streams
262use this option.
263.Ip "\-R ProfileFile" 4
264.IX Item "-R ProfileFile"
265At start, the daemon tries to execute commands located in the
266\&\fB$HOME/.bbftprc\fR file. The location of this file can be changed with this option. See
267\&\fB\s-1CONTROL\s0 \s-1COMMANDS\s0\fR
268to know the list of control commands
269.Ip "\-s" 4
270.IX Item "-s"
271Use this option when the server is started remotely via an ssh connection.
272.Ip "\-v" 4
273.IX Item "-v"
274Use this option to write the version of the software and default values to standard output.
275.Ip "\-w  PortNumber" 4
276.IX Item "-w  PortNumber"
277Use this option to change the control port number.
278.Ip "\-u" 4
279.IX Item "-u"
280This option allows the daemon to accept non-encrypted username/password messages from a client.
281.Ip "\-c | \-p" 4
282.IX Item "-c | -p"
283When compiled with certificates authentication module, these options allow to restrict the way
284client can authenticate. \-c accepts certificates only, whereas \-p accepts user/password only.
285If theses options are not used, both methods are accepted.
286If \-c is used, the option \-u is meaningless and ignored.
287.SH "CONTROL COMMANDS"
288.IX Header "CONTROL COMMANDS"
289The control commands are contained by an \s-1ASCII\s0 file (file specified by the \fB\-R\fR option
290or ~/.bbftpdrc or /etc/bbftpd.conf).
291.if n .Ip "\fBsetackto """"Acknowledge time-out""""\fR" 4
292.el .Ip "\fBsetackto ``Acknowledge time-out''\fR" 4
293.IX Item "setackto "Acknowledge time-out"
294Set time-out (in seconds) to wait for an acknowledge. Default value is 100
295.if n .Ip "\fBsetrecvcontrolto """"Input control time-out""""\fR" 4
296.el .Ip "\fBsetrecvcontrolto ``Input control time-out''\fR" 4
297.IX Item "setrecvcontrolto "Input control time-out"
298Set time-out (in seconds) to wait while reading on the control socket. Default value is 180
299.if n .Ip "\fBsetsendcontrolto """"Output control time-out""""\fR" 4
300.el .Ip "\fBsetsendcontrolto ``Output control time-out''\fR" 4
301.IX Item "setsendcontrolto "Output control time-out"
302Set time-out (in seconds) to wait while writing on the control socket. Default value is 180
303.if n .Ip "\fBsetdatato """"Data time-out""""\fR" 4
304.el .Ip "\fBsetdatato ``Data time-out''\fR" 4
305.IX Item "setdatato "Data time-out"
306Set time-out (in seconds) to wait while reading on the data socket. Default value is 300
307.Ip "\fBsetoption [no]fixeddataport\fR" 4
308.IX Item "setoption [no]fixeddataport"
309Use a fixed port for listening while using \s-1SSH\s0 (ie standard port +1 = 5022). Otherwise, use
310any available port (in range \-e if specified).
311.SH "MESSAGES AND ERRORS"
312.IX Header "MESSAGES AND ERRORS"
313All informative messages and error messages are written to the syslog.
314.SH "AUTHORS"
315.IX Header "AUTHORS"
316\&\fBbbftp\fR was developed by Gilles Farrache.
317It is now maintained by Lionel Schwarz at
318\&\fB \s-1IN2P3\s0 Computing Center\fR
319, Villeurbanne (\s-1FRANCE\s0).
320.SH "CONTRIBUTORS"
321.IX Header "CONTRIBUTORS"
322Tim Adye (Idea and implementation of ssh mode)
323.PP
324Gilles Gallot (Mutli-IP addresses support, secondary groups support, port on various systems and bug fixes)
325.PP
326Andrew Goodney (Port to Darwin)
327.PP
328Paola Grosso (Idea and implementation of the \-q client option)
329.PP
330Petr Holub (Port to Windows cygwin)
331.PP
332Dan Schrager (Idea and implementation of the \-D client option)
333.PP
334Rod Walker & Kostas Georgiou (Idea and implementation of the \-g client option)
335.PP
336Shuwei Ye (Bug fix)
337.SH "BUGS"
338.IX Header "BUGS"
339Send bugs / comments to bbftp@in2p3.fr
340.SH "SEE ALSO"
341.IX Header "SEE ALSO"
342\&\fIbbftp\fR\|(1).
Note: See TracBrowser for help on using the repository browser.