Annotation of src/usr.bin/ssh/sftp-server.8, Revision 1.21
1.21 ! jmc 1: .\" $OpenBSD: sftp-server.8,v 1.20 2013/01/03 12:54:49 djm Exp $
1.2 deraadt 2: .\"
1.5 deraadt 3: .\" Copyright (c) 2000 Markus Friedl. All rights reserved.
1.2 deraadt 4: .\"
5: .\" Redistribution and use in source and binary forms, with or without
6: .\" modification, are permitted provided that the following conditions
7: .\" are met:
8: .\" 1. Redistributions of source code must retain the above copyright
9: .\" notice, this list of conditions and the following disclaimer.
10: .\" 2. Redistributions in binary form must reproduce the above copyright
11: .\" notice, this list of conditions and the following disclaimer in the
12: .\" documentation and/or other materials provided with the distribution.
13: .\"
14: .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15: .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16: .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17: .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18: .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19: .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20: .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21: .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22: .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23: .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24: .\"
1.21 ! jmc 25: .Dd $Mdocdate: January 3 2013 $
1.1 markus 26: .Dt SFTP-SERVER 8
27: .Os
28: .Sh NAME
29: .Nm sftp-server
30: .Nd SFTP server subsystem
31: .Sh SYNOPSIS
32: .Nm sftp-server
1.18 djm 33: .Op Fl ehR
1.20 djm 34: .Op Fl d Ar start_directory
1.11 djm 35: .Op Fl f Ar log_facility
36: .Op Fl l Ar log_level
1.16 djm 37: .Op Fl u Ar umask
1.1 markus 38: .Sh DESCRIPTION
39: .Nm
40: is a program that speaks the server side of SFTP protocol
41: to stdout and expects client requests from stdin.
42: .Nm
43: is not intended to be called directly, but from
1.3 aaron 44: .Xr sshd 8
1.1 markus 45: using the
46: .Cm Subsystem
47: option.
1.11 djm 48: .Pp
49: Command-line flags to
50: .Nm
51: should be specified in the
52: .Cm Subsystem
53: declaration.
1.1 markus 54: See
1.10 jmc 55: .Xr sshd_config 5
1.1 markus 56: for more information.
1.11 djm 57: .Pp
58: Valid options are:
59: .Bl -tag -width Ds
1.21 ! jmc 60: .It Fl d Ar start_directory
1.20 djm 61: specifies an alternate starting directory for users.
62: The pathname may contain the following tokens that are expanded at runtime:
63: %% is replaced by a literal '%',
64: %h is replaced by the home directory of the user being authenticated,
65: and %u is replaced by the username of that user.
66: The default is to use the user's home directory.
67: This option is useful in conjunction with the
68: .Xr sshd_config 5
69: .Cm ChrootDirectory
70: option.
1.17 djm 71: .It Fl e
72: Causes
73: .Nm
74: to print logging information to stderr instead of syslog for debugging.
1.11 djm 75: .It Fl f Ar log_facility
76: Specifies the facility code that is used when logging messages from
77: .Nm .
78: The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
79: LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
80: The default is AUTH.
1.17 djm 81: .It Fl h
82: Displays
83: .Nm
84: usage information.
1.11 djm 85: .It Fl l Ar log_level
86: Specifies which messages will be logged by
87: .Nm .
88: The possible values are:
89: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
90: INFO and VERBOSE log transactions that
91: .Nm
92: performs on behalf of the client.
93: DEBUG and DEBUG1 are equivalent.
94: DEBUG2 and DEBUG3 each specify higher levels of debugging output.
95: The default is ERROR.
1.18 djm 96: .It Fl R
97: Places this instance of
98: .Nm
99: into a read-only mode.
100: Attempts to open files for writing, as well as other operations that change
1.19 jmc 101: the state of the filesystem, will be denied.
1.16 djm 102: .It Fl u Ar umask
103: Sets an explicit
104: .Xr umask 2
105: to be applied to newly-created files and directories, instead of the
106: user's default mask.
1.11 djm 107: .El
1.13 djm 108: .Pp
109: For logging to work,
110: .Nm
111: must be able to access
112: .Pa /dev/log .
113: Use of
114: .Nm
1.15 sobrado 115: in a chroot configuration therefore requires that
1.13 djm 116: .Xr syslogd 8
117: establish a logging socket inside the chroot directory.
1.3 aaron 118: .Sh SEE ALSO
1.6 markus 119: .Xr sftp 1 ,
1.3 aaron 120: .Xr ssh 1 ,
1.10 jmc 121: .Xr sshd_config 5 ,
1.3 aaron 122: .Xr sshd 8
1.6 markus 123: .Rs
1.8 deraadt 124: .%A T. Ylonen
125: .%A S. Lehtinen
1.6 markus 126: .%T "SSH File Transfer Protocol"
127: .%N draft-ietf-secsh-filexfer-00.txt
128: .%D January 2001
129: .%O work in progress material
130: .Re
1.1 markus 131: .Sh HISTORY
132: .Nm
133: first appeared in
134: .Ox 2.8 .
1.9 jmc 135: .Sh AUTHORS
136: .An Markus Friedl Aq markus@openbsd.org