Wget/FTP-Options
Next: Recursive Retrieval Options, Previous: HTTPS (SSL/TLS) Options, Up: Invoking [Contents][Index]
2.9 FTP Options
‘--ftp-user=user
’
‘--ftp-password=password
’
Specify the username user
and password password
on an
FTP server. Without this, or the corresponding startup option,
the password defaults to ‘-wget@
’, normally used for anonymous
FTP.
Another way to specify username and password is in the URL itself
(see URL Format). Either method reveals your password to anyone who
bothers to run ps
. To prevent the passwords from being seen,
store them in .wgetrc
or .netrc
, and make sure to protect
those files from other users with chmod
. If the passwords are
really important, do not leave them lying in those files either—edit
the files and delete them after Wget has started the download.
‘--no-remove-listing
’
Don’t remove the temporary .listing
files generated by FTP
retrievals. Normally, these files contain the raw directory listings
received from FTP servers. Not removing them can be useful for
debugging purposes, or when you want to be able to easily check on the
contents of remote server directories (e.g. to verify that a mirror
you’re running is complete).
Note that even though Wget writes to a known filename for this file,
this is not a security hole in the scenario of a user making
.listing
a symbolic link to /etc/passwd
or something and
asking root
to run Wget in his or her directory. Depending on
the options used, either Wget will refuse to write to .listing
,
making the globbing/recursion/time-stamping operation fail, or the
symbolic link will be deleted and replaced with the actual
.listing
file, or the listing will be written to a
.listing.number
file.
Even though this situation isn’t a problem, though, root
should
never run Wget in a non-trusted user’s directory. A user could do
something as simple as linking index.html
to /etc/passwd
and asking root
to run Wget with ‘-N
’ or ‘-r
’ so the file
will be overwritten.
‘--no-glob
’
Turn off FTP globbing. Globbing refers to the use of shell-like
special characters (wildcards), like ‘*
’, ‘?
’, ‘[
’
and ‘]
’ to retrieve more than one file from the same directory at
once, like:
wget ftp://gnjilux.srk.fer.hr/*.msg
By default, globbing will be turned on if the URL contains a globbing character. This option may be used to turn globbing on or off permanently.
You may have to quote the URL to protect it from being expanded by
your shell. Globbing makes Wget look for a directory listing, which is
system-specific. This is why it currently works only with Unix FTP
servers (and the ones emulating Unix ls
output).
‘--no-passive-ftp
’
Disable the use of the passive FTP transfer mode. Passive FTP mandates that the client connect to the server to establish the data connection rather than the other way around.
If the machine is connected to the Internet directly, both passive and
active FTP should work equally well. Behind most firewall and NAT
configurations passive FTP has a better chance of working. However,
in some rare firewall configurations, active FTP actually works when
passive FTP doesn’t. If you suspect this to be the case, use this
option, or set passive_ftp=off
in your init file.
‘--preserve-permissions
’
Preserve remote file permissions instead of permissions set by umask.
‘--retr-symlinks
’
By default, when retrieving FTP directories recursively and a symbolic link is encountered, the symbolic link is traversed and the pointed-to files are retrieved. Currently, Wget does not traverse symbolic links to directories to download them recursively, though this feature may be added in the future.
When ‘--retr-symlinks=no
’ is specified, the linked-to file is not
downloaded. Instead, a matching symbolic link is created on the local
filesystem. The pointed-to file will not be retrieved unless this recursive
retrieval would have encountered it separately and downloaded it anyway. This
option poses a security risk where a malicious FTP Server may cause Wget to
write to files outside of the intended directories through a specially crafted
.LISTING file.
Note that when retrieving a file (not a directory) because it was specified on the command-line, rather than because it was recursed to, this option has no effect. Symbolic links are always traversed in this case.
2.10 FTPS Options
- ‘
--ftps-implicit
’ - This option tells Wget to use FTPS implicitly. Implicit FTPS consists of initializing SSL/TLS from the very beginning of the control connection. This option does not send an
AUTH TLS
command: it assumes the server speaks FTPS and directly starts an SSL/TLS connection. If the attempt is successful, the session continues just like regular FTPS (PBSZ
andPROT
are sent, etc.). Implicit FTPS is no longer a requirement for FTPS implementations, and thus many servers may not support it. If ‘--ftps-implicit
’ is passed and no explicit port number specified, the default port for implicit FTPS, 990, will be used, instead of the default port for the "normal" (explicit) FTPS which is the same as that of FTP, 21. - ‘
--no-ftps-resume-ssl
’ - Do not resume the SSL/TLS session in the data channel. When starting a data connection, Wget tries to resume the SSL/TLS session previously started in the control connection. SSL/TLS session resumption avoids performing an entirely new handshake by reusing the SSL/TLS parameters of a previous session. Typically, the FTPS servers want it that way, so Wget does this by default. Under rare circumstances however, one might want to start an entirely new SSL/TLS session in every data connection. This is what ‘
--no-ftps-resume-ssl
’ is for. - ‘
--ftps-clear-data-connection
’ - All the data connections will be in plain text. Only the control connection will be under SSL/TLS. Wget will send a
PROT C
command to achieve this, which must be approved by the server. - ‘
--ftps-fallback-to-ftp
’ - Fall back to FTP if FTPS is not supported by the target server. For security reasons, this option is not asserted by default. The default behaviour is to exit with an error. If a server does not successfully reply to the initial
AUTH TLS
command, or in the case of implicit FTPS, if the initial SSL/TLS connection attempt is rejected, it is considered that such server does not support FTPS.
Next: Recursive Retrieval Options, Previous: HTTPS (SSL/TLS) Options, Up: Invoking [Contents][Index]