wget: FTP Options
2.9 FTP Options
===============
‘--ftp-user=USER’
‘--ftp-password=PASSWORD’
Specify the username USER and password PASSWORD on an FTP server.
Without this, or the corresponding startup option, the password
defaults to ‘-wget@’, normally used for anonymous FTP.
Another way to specify username and password is in the URL itself
(⇒URL Format). Either method reveals your password to
anyone who bothers to run ‘ps’. To prevent the passwords from
being seen, store them in ‘.wgetrc’ or ‘.netrc’, and make sure to
protect those files from other users with ‘chmod’. If the
passwords are really important, do not leave them lying in those
files either—edit the files and delete them after Wget has started
the download.
‘--no-remove-listing’
Don’t remove the temporary ‘.listing’ files generated by FTP
retrievals. Normally, these files contain the raw directory
listings received from FTP servers. Not removing them can be
useful for debugging purposes, or when you want to be able to
easily check on the contents of remote server directories (e.g. to
verify that a mirror you’re running is complete).
Note that even though Wget writes to a known filename for this
file, this is not a security hole in the scenario of a user making
‘.listing’ a symbolic link to ‘/etc/passwd’ or something and asking
‘root’ to run Wget in his or her directory. Depending on the
options used, either Wget will refuse to write to ‘.listing’,
making the globbing/recursion/time-stamping operation fail, or the
symbolic link will be deleted and replaced with the actual
‘.listing’ file, or the listing will be written to a
‘.listing.NUMBER’ file.
Even though this situation isn’t a problem, though, ‘root’ should
never run Wget in a non-trusted user’s directory. A user could do
something as simple as linking ‘index.html’ to ‘/etc/passwd’ and
asking ‘root’ to run Wget with ‘-N’ or ‘-r’ so the file will be
overwritten.
‘--no-glob’
Turn off FTP globbing. Globbing refers to the use of shell-like
special characters (“wildcards”), like ‘*’, ‘?’, ‘[’ and ‘]’ to
retrieve more than one file from the same directory at once, like:
wget ftp://gnjilux.srk.fer.hr/*.msg
By default, globbing will be turned on if the URL contains a
globbing character. This option may be used to turn globbing on or
off permanently.
You may have to quote the URL to protect it from being expanded by
your shell. Globbing makes Wget look for a directory listing,
which is system-specific. This is why it currently works only with
Unix FTP servers (and the ones emulating Unix ‘ls’ output).
‘--no-passive-ftp’
Disable the use of the “passive” FTP transfer mode. Passive FTP
mandates that the client connect to the server to establish the
data connection rather than the other way around.
If the machine is connected to the Internet directly, both passive
and active FTP should work equally well. Behind most firewall and
NAT configurations passive FTP has a better chance of working.
However, in some rare firewall configurations, active FTP actually
works when passive FTP doesn’t. If you suspect this to be the
case, use this option, or set ‘passive_ftp=off’ in your init file.
‘--preserve-permissions’
Preserve remote file permissions instead of permissions set by
umask.
‘--retr-symlinks’
By default, when retrieving FTP directories recursively and a
symbolic link is encountered, the symbolic link is traversed and
the pointed-to files are retrieved. Currently, Wget does not
traverse symbolic links to directories to download them
recursively, though this feature may be added in the future.
When ‘--retr-symlinks=no’ is specified, the linked-to file is not
downloaded. Instead, a matching symbolic link is created on the
local filesystem. The pointed-to file will not be retrieved unless
this recursive retrieval would have encountered it separately and
downloaded it anyway. This option poses a security risk where a
malicious FTP Server may cause Wget to write to files outside of
the intended directories through a specially crafted .LISTING file.
Note that when retrieving a file (not a directory) because it was
specified on the command-line, rather than because it was recursed
to, this option has no effect. Symbolic links are always traversed
in this case.
2.10 FTPS Options
=================
‘--ftps-implicit’
This option tells Wget to use FTPS implicitly. Implicit FTPS
consists of initializing SSL/TLS from the very beginning of the
control connection. This option does not send an ‘AUTH TLS’
command: it assumes the server speaks FTPS and directly starts an
SSL/TLS connection. If the attempt is successful, the session
continues just like regular FTPS (‘PBSZ’ and ‘PROT’ are sent,
etc.). Implicit FTPS is no longer a requirement for FTPS
implementations, and thus many servers may not support it. If
‘--ftps-implicit’ is passed and no explicit port number specified,
the default port for implicit FTPS, 990, will be used, instead of
the default port for the "normal" (explicit) FTPS which is the same
as that of FTP, 21.
‘--no-ftps-resume-ssl’
Do not resume the SSL/TLS session in the data channel. When
starting a data connection, Wget tries to resume the SSL/TLS
session previously started in the control connection. SSL/TLS
session resumption avoids performing an entirely new handshake by
reusing the SSL/TLS parameters of a previous session. Typically,
the FTPS servers want it that way, so Wget does this by default.
Under rare circumstances however, one might want to start an
entirely new SSL/TLS session in every data connection. This is
what ‘--no-ftps-resume-ssl’ is for.
‘--ftps-clear-data-connection’
All the data connections will be in plain text. Only the control
connection will be under SSL/TLS. Wget will send a ‘PROT C’ command
to achieve this, which must be approved by the server.
‘--ftps-fallback-to-ftp’
Fall back to FTP if FTPS is not supported by the target server.
For security reasons, this option is not asserted by default. The
default behaviour is to exit with an error. If a server does not
successfully reply to the initial ‘AUTH TLS’ command, or in the
case of implicit FTPS, if the initial SSL/TLS connection attempt is
rejected, it is considered that such server does not support FTPS.