wget: FTP Options
1
1 2.9 FTP Options
1 ===============
1
1 ‘--ftp-user=USER’
1 ‘--ftp-password=PASSWORD’
1 Specify the username USER and password PASSWORD on an FTP server.
1 Without this, or the corresponding startup option, the password
1 defaults to ‘-wget@’, normally used for anonymous FTP.
1
1 Another way to specify username and password is in the URL itself
1 (⇒URL Format). Either method reveals your password to
1 anyone who bothers to run ‘ps’. To prevent the passwords from
1 being seen, store them in ‘.wgetrc’ or ‘.netrc’, and make sure to
1 protect those files from other users with ‘chmod’. If the
1 passwords are really important, do not leave them lying in those
1 files either—edit the files and delete them after Wget has started
1 the download.
1
1 ‘--no-remove-listing’
1 Don’t remove the temporary ‘.listing’ files generated by FTP
1 retrievals. Normally, these files contain the raw directory
1 listings received from FTP servers. Not removing them can be
1 useful for debugging purposes, or when you want to be able to
1 easily check on the contents of remote server directories (e.g. to
1 verify that a mirror you’re running is complete).
1
1 Note that even though Wget writes to a known filename for this
1 file, this is not a security hole in the scenario of a user making
1 ‘.listing’ a symbolic link to ‘/etc/passwd’ or something and asking
1 ‘root’ to run Wget in his or her directory. Depending on the
1 options used, either Wget will refuse to write to ‘.listing’,
1 making the globbing/recursion/time-stamping operation fail, or the
1 symbolic link will be deleted and replaced with the actual
1 ‘.listing’ file, or the listing will be written to a
1 ‘.listing.NUMBER’ file.
1
1 Even though this situation isn’t a problem, though, ‘root’ should
1 never run Wget in a non-trusted user’s directory. A user could do
1 something as simple as linking ‘index.html’ to ‘/etc/passwd’ and
1 asking ‘root’ to run Wget with ‘-N’ or ‘-r’ so the file will be
1 overwritten.
1
1 ‘--no-glob’
1 Turn off FTP globbing. Globbing refers to the use of shell-like
1 special characters (“wildcards”), like ‘*’, ‘?’, ‘[’ and ‘]’ to
1 retrieve more than one file from the same directory at once, like:
1
1 wget ftp://gnjilux.srk.fer.hr/*.msg
1
1 By default, globbing will be turned on if the URL contains a
1 globbing character. This option may be used to turn globbing on or
1 off permanently.
1
1 You may have to quote the URL to protect it from being expanded by
1 your shell. Globbing makes Wget look for a directory listing,
1 which is system-specific. This is why it currently works only with
1 Unix FTP servers (and the ones emulating Unix ‘ls’ output).
1
1 ‘--no-passive-ftp’
1 Disable the use of the “passive” FTP transfer mode. Passive FTP
1 mandates that the client connect to the server to establish the
1 data connection rather than the other way around.
1
1 If the machine is connected to the Internet directly, both passive
1 and active FTP should work equally well. Behind most firewall and
1 NAT configurations passive FTP has a better chance of working.
1 However, in some rare firewall configurations, active FTP actually
1 works when passive FTP doesn’t. If you suspect this to be the
1 case, use this option, or set ‘passive_ftp=off’ in your init file.
1
1 ‘--preserve-permissions’
1 Preserve remote file permissions instead of permissions set by
1 umask.
1
1 ‘--retr-symlinks’
1 By default, when retrieving FTP directories recursively and a
1 symbolic link is encountered, the symbolic link is traversed and
1 the pointed-to files are retrieved. Currently, Wget does not
1 traverse symbolic links to directories to download them
1 recursively, though this feature may be added in the future.
1
1 When ‘--retr-symlinks=no’ is specified, the linked-to file is not
1 downloaded. Instead, a matching symbolic link is created on the
1 local filesystem. The pointed-to file will not be retrieved unless
1 this recursive retrieval would have encountered it separately and
1 downloaded it anyway. This option poses a security risk where a
1 malicious FTP Server may cause Wget to write to files outside of
1 the intended directories through a specially crafted .LISTING file.
1
1 Note that when retrieving a file (not a directory) because it was
1 specified on the command-line, rather than because it was recursed
1 to, this option has no effect. Symbolic links are always traversed
1 in this case.
1
1 2.10 FTPS Options
1 =================
1
1 ‘--ftps-implicit’
1 This option tells Wget to use FTPS implicitly. Implicit FTPS
1 consists of initializing SSL/TLS from the very beginning of the
1 control connection. This option does not send an ‘AUTH TLS’
1 command: it assumes the server speaks FTPS and directly starts an
1 SSL/TLS connection. If the attempt is successful, the session
1 continues just like regular FTPS (‘PBSZ’ and ‘PROT’ are sent,
1 etc.). Implicit FTPS is no longer a requirement for FTPS
1 implementations, and thus many servers may not support it. If
1 ‘--ftps-implicit’ is passed and no explicit port number specified,
1 the default port for implicit FTPS, 990, will be used, instead of
1 the default port for the "normal" (explicit) FTPS which is the same
1 as that of FTP, 21.
1
1 ‘--no-ftps-resume-ssl’
1 Do not resume the SSL/TLS session in the data channel. When
1 starting a data connection, Wget tries to resume the SSL/TLS
1 session previously started in the control connection. SSL/TLS
1 session resumption avoids performing an entirely new handshake by
1 reusing the SSL/TLS parameters of a previous session. Typically,
1 the FTPS servers want it that way, so Wget does this by default.
1 Under rare circumstances however, one might want to start an
1 entirely new SSL/TLS session in every data connection. This is
1 what ‘--no-ftps-resume-ssl’ is for.
1
1 ‘--ftps-clear-data-connection’
1 All the data connections will be in plain text. Only the control
1 connection will be under SSL/TLS. Wget will send a ‘PROT C’ command
1 to achieve this, which must be approved by the server.
1
1 ‘--ftps-fallback-to-ftp’
1 Fall back to FTP if FTPS is not supported by the target server.
1 For security reasons, this option is not asserted by default. The
1 default behaviour is to exit with an error. If a server does not
1 successfully reply to the initial ‘AUTH TLS’ command, or in the
1 case of implicit FTPS, if the initial SSL/TLS connection attempt is
1 rejected, it is considered that such server does not support FTPS.
1