FTP Daemon Options for Linux

by Rick Moen, <rick@linuxmafia.com>
revised 2007-10-08

Almost all current Linux distributions come equipped with one of the two standard ftp daemons (servers):

Both of these are extremely full-featured, but have had a long history of security exploits. wu-ftpd may be hopeless in the long term, unless fundamentally rewritten, and ProFTPd was in that same situation and is being drastically revamped by new maintainers. I'm not sure I'd trust that work, yet. (ProFTPd's state at what we might hope was its low point was summarised at http://lwn.net/1999/0909/a/proftpdesign.html .)

Additionally, both ftp daemons share the design trait of being (in my view) overfeatured: It is difficult to write secure code with very large feature sets, especially when it must run as a privileged process (as both those daemons must).

At a fundamental level, the ftp protocol itself poses a security problem: Like telnet and the normal variety of POP3 e-mail, it sends usernames and passwords unencrypted across the open Internet. It is trivially easy for hostile parties to capture ("sniff') those usernames and passwords, and then remotely login to your system as if they were your authorised users. Thus, ftp access into your system, generically, tends to threaten your system's security.

The exception is anonymous ftp access. By tradition, an anonymous user authenticates his ftp sessions using username "anonymous" (or "ftp") and gives his e-mail address at the password prompt. Thus, any "sniffing" of that username/password information is harmless: It's not secret.

Accordingly, what I'm personally looking for is a good implementation of anonymous ftp daemon services. I will try to build a complete list of all ftpd options on Linux, but please bear in mind my prejudice that non-anonymous file transfers should never be via ftp, but rather scp (Secure cp, part of the ssh Secure Shell protocol family) or sftp.

Name: 4.4BSD/NetBSD ftpd (bsd-ftpd)
Source: ftp://metalab.unc.edu/pub/Linux/system/Network/daemons/
Licence: BSD
Comments: Linux port of the NetBSD ftpd, which in turn was from 4.4BSD. Looks very old and unmaintained.

Name: aftpd (Anonymous FTP Daemon)
Source: http://pubweb.nfr.net/~mjr/pubs/index.shtml
Licence: Any use allowed except inclusion in commercial products (TIS lic.)
Comments: Stripped-down version of traditional BSD ftpd, supporting only anonymous access. Also has a read-only option (recommended). Appears to be an extremely sound design -- but very BSD-centric. If you've succeeded in making this compile for Linux, please let me know. In the meanwhile, this is an excellent choice for BSD (or Solaris?) systems.

Name: aftpd (Another FTP Daemon)
Source: http://vekoll.saturnus.vein.hu/~bazsi/aftpd/
Licence: Unstated.
Comments: Said to be in early alpha. Fine control of access rights (ACLs) and user accounting. Supports virtual hosts and "virtual users" (user with no UID).

Name: anonftpd
Source: ftp://koobera2.math.uic.edu/pub/software/
Licence: Free usage.
Comments: Great idea, disasterous implementation: Output (i.e., the ftp "LIST" command) is in a human-hostile format the author calls Easily Parseable List Format. "ls" command fails to support standard options such as "-l" or "-a". Inherently secure design because it uses no system calls capable of writing -- wasted on account of insane design decisions. Tragic.

Name: BeroFTPD
Source: ftp://bero.x5.net/pub/
Licence: BSD
Comments: Said to be based on wu-ftpd, with a superset of its features (extra support for virtual hosts).

Name: BetaFTPD
Source: http://members.xoom.com/sneeze/betaftpd.html
Licence: GPL v. 2
Comments: Single-threaded, small, fast. Said to be definitely not yet ready for prime time.

Name: bftpd (Bruker ftpd)
Source: http://www.bftpd.f2s.com/
Licence: GPL v. 2
Comments: Inetd-based ftp daemon, partly inspired by ideas drawn fron BetaFTPD, designed for are high configurability, security and speed. Does on-the-fly tar/gz, chroot without special configuration, PAM, passwd/shadow support.

Name: CrushFTP
Source: http://crushftp.terrashare.com/
Licence: Proprietary payware. No source code.
Comments: Written in Java. Requires a JVM. Remote Java-applet-based administration. Multithreaded.

Name: DPFS (Dual-Protocol File Server, formerly "Demi-FTPd")
Source: http://www.karico.fi/dftpd/
Licence: GPL v. 2
Comments: I'm not sure what to think of this one, yet. Promising.

Name: fhttpd
Source: http://www.fhttpd.org/
Licence: GPL v. 2
Comments: Does both ftp and http -- still a beta version, at this writing. Doesn't support passive connections.

Source: http://www.ftp4all.de/
Licence: GPL v. 2
Comments: Rare design: Can be compiled/installed by non-root users.

Name: ftpd-BSD
Source: http://www.owlriver.com/projects/ftpd-BSD/
Licence: BSD with GPL-licensed additions
Comments: OpenBSD's ftpd as portedtto Linux by Owl River Company, based on early work by Robert R. Wal. Added support for current PAM, glibc, xinetd, logrotate.

Name: ftpd-BSD
Source: ftp://ftpd-bsd.psychasia.com/pub/ftpd-bsd/
Licence: BSD
Comments: OpenBSD's ftp as ported to Linux by David Madore (see: http://www.eleves.ens.fr:8080/home/madore/programs/#prog_ftpd-BSD) and subsequently maintained by Will Estes, based on early work by Robert R. Wal. Added PAM support (broken a/o 11/2001). This version reportedly has some build problems with PAM support and potential problems with IP aliasing -- and has not been modified since the initial 2001-02-28 version. IPv6-capable.

Name: ginseng-ftpd
Source: http://mmondor.rubiks.net/software.html
Licence: BSD
Comments: Forked from NetBSD's bsd-ftpd v. 6.5. Single configuration file, read-only accounts, umask, per-user directory size limits, PAM and shadow password support, on-the-fly gunzip, internal ls, IPv6 support, various security fixes. By Matthew Mondor.

Name: glFtpD
Source: http://www.glftpd.org/
Licence: Free usage, no source code.
Comments: Why do I get the definite feeling this thing has something to do with warez kiddies? I wouldn't touch it on a bet.

Name: hftpd (Hoser FTPD)
Source: http://www.zabbo.net/hftpd/
Licence: GPL v. 2
Comments: Heavily threaded; use on Linux 2.2+ w/glibc 2.1+. Currently Linux and x86-only. Looks promising; very spare documentation.

Name: Libra FTP Server
Source: http://libraftp.narod.ru/libraindex.html
Licence: GPL v. 2
Comments: Anonymous-only. Read-only mode, extensive logging, MD5 checksumming of transferred files, IPv6 support. Doesn't need to run as root, uses no external calls. Can support ftp proxy. By Andrey Savochkin and Maxim Shesterikov.

Name: Linux-ftpd
Source: ftp://metalab.unc.edu/pub/Linux/system/Network/daemons/
Licence: BSD
Comments: Berkeley ftp daemon, ported from OpenBSD. Obviously has not been maintained for several years.

Name: lukemftpd
Source: ftp://ftp.netbsd.org/pub/NetBSD/misc/lukemftp/
Licence: BSD
Comments: A portable version (by Luke Mewburn) of NetBSD-current's ftpd. Described as 90% of wu-ftpd's functionality with 30% of its footprint.

Name: mmftpd
Source: http://mmondor.gobot.ca/software.html
Licence: BSD w/advertising clause
Comments: By Matthew Mondor, written from scratch as a successor to his earlier ginseng-ftpd. Virtual users only, runs non-privileged and optionally chrooted, supports some anti-DoS measures and bandwidth shaping, supports per-user permissions/limits. Users' access can be read-only, and is confined to home directories via careful path-checking.

Name: Muddleftpd
Source: http://www.nongnu.org/muddleftpd
Licence: GPL v. 2
Comments: Can compile & install for non-root user. Designed from scratch. Unmaintained since 2003.

Name: NcFTPd
Source: http://www.ncftp.com/ncftpd/
Licence: Proprietary payware. No source code.
Comments: Uses directory caching and avoids forking code.

Name: Net::FTPServer
Source: http://www.cpan.org/modules/by-authors/id/R/RW/RWMJ/
Licence: GPL
Comments: Fully-fledged FTP server written in Perl. Feature parity with wu-ftpd. Extensible. Virtual filesystem lets you serve files/images/whatever from a SQL database. See also the Freshmeat project page at http://freshmeat.net/projects/netftpserver/

Name: oftpd
Source: http://www.time-travellers.org/oftpd/
ftp://ftp.ferrara.linux.it/pub/project6/sources/ (IPv6 patches)
Licence: BSD
Comments: Anonymous-only, sheds root authority for most of its operation, contains internal cd and ls functions. Said to be an "early release". Runs stand-alone, i.e., not under inetd.

Name: pftpd (Peter's ftpd)
Source: ftp://ftp.lysator.liu.se/pub/unix/pftpd/
Licence: Free usage.
Comments: Multithreaded, anonymous-only ftp daemon. Also supports additional anonymous-access directories within your local users' home directories. Limitations: Doesn't yet support globbing (*, ?, []) or names lookups on gids. Operates in read-only mode by default. Does BINARY or ASCII mode (including restartable transfers), and active or passive connections. Still gives occasionally buggy output, as of 2000-12.

Name: ProFTPd
Source: http://www.proftpd.org/
ftp://sith.mimuw.edu.pl/pub/users/baggins/IPv6/ (IPv6 patches)
http://www.t17.ds.pwr.wroc.pl/~misiek/ipv6/ (IPv6 patches)
Licence: GPL v. 2
Comments: Extremely full-featured, but saddled with a crufty design and a sad, ongoing history of security compromises. This is tragic, since it was a noble ground-up effort to replace and improve on wu-ftpd. Configuration design inspired by Apache's, supports virtual domains. Does it all. Fortunately, in 1999, it was taken over by new maintainers, so we may see drastic improvements. Can support SSL/TLS access for non-anonymous users: http://groups.google.nl/group/alt.os.linux/msg/0376cb5ca19e3a09. Graphical administrative tool is available: http://www.gadmintools.org/

Name: Publicfile
Source: http://cr.yp.to/publicfile.html
Licence: Bears author's copyright statement, only, and no licence, and thus is distributable only directly by the copyright owner -- proprietary software. The author (who seems hostile to open-source[1] software licencing - see http://cr.yp.to/qmail/dist.html) seems to have deliberately intended this unfortunate situation. My understanding is that you have implied licence to retrieve the package directly from the author's site, to write/apply/distribute patches, to compile it, and to use it -- but not to redistribute it or works derived from it. The foregoing applies in the USA: Wholly different rights may result elsewhere. The author addresses this matter (in the abstract) at http://cr.yp.to/softwarelaw.html.
Starting in late 2007, author asserted that most of his other software (notably qmail and djbdns) would prospectively become public domain by his own decree, but seems to have omitted publicfile.
Comments: Still an alpha version, at this late date. Provides ftp and http file access, disallows writes to the public file area, does its work without root authority. By Daniel J. Bernstein, author of anonftpd (which, please see). Requires Bernstein's ucspi-tcp and daemontools packages, which were until late 2007 available under the same non-licence as publicfile, but are now asserted to be public domain. Does NOT produce standard human-readable output, only Bernstein's "Easily Parseable List Format" (EPLF), as with the author's earlier anonftpd.

Name: Publish-ftpd
Source: http://ccil.org/~cowan/publish-ftpd/
Licence: GPL v. 2
Comments: A read-only ftp/http daemon written in Perl, having no anonymous functionality, requiring only Perl and a couple of standard Perl modules, and designed to run under a superserver such as xinetd or inetd. Logged in users are rooted to their respective publish-ftpd home directories, can cannot cd out except by following symlinks if present. Username under which publish-ftpd gets specified in the superserver (and must not be root), plus the port, allowed client IPs, maximum number of connections overall or per IP, and allowed times of day for access. Written by John Cowan. Doesn't yet support http as of v. 0.78.

Name: Pure-FTPd
Source: http://sourceforge.net/projects/pureftpd/
Licence: Free usage.
Comments: Patched, improved version of Troll-ftpd, adding ASCII-mode transfers, capabilities-model (ACLs) support, PAM support, built-in "ls" command, IPv6 support, chrooted home directories, bounded ports for passive mode, FXP protocol support. Seems like a winner, if going by descriptions. Supports at this date (2006-03) SSL/TLS encryption for the control channel only, not the data channel.

Dovecot imapd author Timo Sirainen has posted comments: Says it still relies on fixed-sized buffers and (a/o 1.0.12) has unreadable source code on account of inclusion of 589 #ifdefs.

Name: Roxen Challenger
Source: http://www.roxen.com/download/source/
Licence: GPL v. 2
Comments: ftpd is part of a large, ambitious, multi-threaded SSL3-Web/proxy/mirror server. (The strong-crypto version is proprietary: The 40-bit version is under the GPL.)

Name: SSLftpd
Source: ftp://ftp.psy.uq.oz.au:/pub/Crypto/SSLapps/
Licence: BSD
Comments: Standard wu-ftpd, patched to support SSL authentication, falling back to standard ftp for non-SSL (regular) ftp clients.

Name: Todokru
Source: http://www.futuresouth.com/~tomw/todokeru/
Licence: Free usage.
Comments: Written entirely in Perl. (Also requires POE.) Author says it was written mostly for fun, and could be improved to be a solid option, but that he personally wouldn't use it.

Name: Troll-ftpd
Source: ftp://ftp.troll.no/freebies/ftpd/
http://www.t17.ds.pwr.wroc.pl/~misiek/ipv6/ (IPv6 patches)
Licence: Free usage.
Comments: Linux-only, cleanly written ftpd by a Troll Tech employee. Fast, small, secure, and easy to configure for anonymous-only operation. It even does virtual domains. About the only thing wrong with it is that it doesn't support ASCII mode transfers, only binary, and that kills it for me. But please see also the entry for Pure-ftpd.

Name: TUX
Source: ftp://ftp.redhat.com/pub/redhat/tux/
Licence: GPL v. 2
Comments: Linux-only, kernel-based, threaded, very-high-performance HTTP and ftp server. Does virtual domains. Written by Ingo Molnar.

Name: Twoftpd
Source: http://untroubled.org/twoftpd/
Licence: GPL v. 2
Comments: Ftpd in two separate modules: A front-end for authentication only, and a back-end that carries out all file-handling and file-transfer. Performs chroot by default. No external calls. Included twoftpd-anon variant is a stripped-down version for anonymous ftp only. Written by Bruce Guenter.

Name: Very Secure ftp Daemon (vs-ftpd)
Source: ftp://ferret.lmh.ox.ac.uk/pub/linux/
Licence: GPL v. 2
Comments: Supports local accounts as well as anonymous. Modular design, with each module running with minimal privilege. Runs as an unprivileged user in a chroot jail, with special care in handling of buffers, and uses all internal functions (e.g., no external call to ls). Tries to avoid using potentially dangerous library calls, and encapsulates all library calls through two of its routines, as auditable points of contact. Can optionally support SSL/TLS, thereby making non-anonymous ftp access reasonable for a change: http://groups.google.nl/group/alt.os.linux/msg/ac05649d840ef8d5 (vs-ftpd is the current favourite ftpd of this document's maintainer.)

Name: Washington University FTPd (Wuarchive-ftpd, aka wu-ftpd)
Source: http://www.wu-ftpd.org/
http://www.t17.ds.pwr.wroc.pl/~misiek/ipv6/ (IPv6 patches)
Licence: BSD
Comments: The most popular ftpd on the Net, and the standard ftp server. Well documented and supported, and can do just about anything. Unfortunately, it is considered insecure, and has a long history of security compromises. From Washington University in St. Louis, Missouri.

Name: wu-ftpd-academ
Source: ftp://ftp.academ.com/pub/wu-ftpd/private/
Licence: BSD
Comments: When such is available, this is where you get the patched & enhanced version of wu-ftpd from Academ Consulting Services in Houston, Texas (Stan Barber, proprietor). Often, security fixes for wu-ftpd are performed by Stan, first.

Name: wzdftpd
Source: http://www.wzdftpd.net/
Licence: GPV v. 2
Comments: Support for SSL/TLS, crontabs, remote administration via SITE commands, diverse user-database back-ends and virtual users, TCL/Perl script extensions, virtual users, IPv6. Multithreaded, portable, coded in C, runs unprivileged, uses simple configuration file, supports extensions in TCL or Perl. Modular design.

Notes: Dan Kegel is doing a "performance bake-off" of ftp daemons for Linux: http://www.kegel.com/dkftpbench/bakeoff.html

The page for his ftp-daemon benchmarking tool is extremely informative, too: http://www.kegel.com/dkftpbench/

[1] As defined by http://www.opensource.org/docs/definition_plain.html , the standard and essentially sole meaningful yardstick for that term. Bernstein apologists, who characteristically seem to think "open source" should mean whatever they want it to, are invited to eat my shorts. And also to read http://linuxmafia.com/~rick/faq/index.php?page=warez#djb .

Copyright (C) 2000-2002, Rick Moen, <rick@linuxmafia.com>.

This information is free; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 2.

This work is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this work; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

Alternatively and at the recipient's option, this work may be used freely under the Attribution-ShareAlike 1.0 licence.