FTP Daemon Options for Linux
by Rick Moen, <rick@linuxmafia.com>
revised 2007-10-08
Almost all current Linux distributions come equipped with one of the two standard ftp daemons (servers):
- wu-ftpd (or the wu-ftpd-academ variant)
- Proftpd
Both of these are extremely full-featured, but have had a long history of security exploits. wu-ftpd may be hopeless in the long term, unless fundamentally rewritten, and ProFTPd was in that same situation and is being drastically revamped by new maintainers. I'm not sure I'd trust that work, yet. (ProFTPd's state at what we might hope was its low point was summarised at http://lwn.net/1999/0909/a/proftpdesign.html .)
Additionally, both ftp daemons share the design trait of being (in my view) overfeatured: It is difficult to write secure code with very large feature sets, especially when it must run as a privileged process (as both those daemons must).
At a fundamental level, the ftp protocol itself poses a security problem: Like telnet and the normal variety of POP3 e-mail, it sends usernames and passwords unencrypted across the open Internet. It is trivially easy for hostile parties to capture ("sniff') those usernames and passwords, and then remotely login to your system as if they were your authorised users. Thus, ftp access into your system, generically, tends to threaten your system's security.
The exception is anonymous ftp access. By tradition, an anonymous user authenticates his ftp sessions using username "anonymous" (or "ftp") and gives his e-mail address at the password prompt. Thus, any "sniffing" of that username/password information is harmless: It's not secret.
Accordingly, what I'm personally looking for is a good implementation of anonymous ftp daemon services. I will try to build a complete list of all ftpd options on Linux, but please bear in mind my prejudice that non-anonymous file transfers should never be via ftp, but rather scp (Secure cp, part of the ssh Secure Shell protocol family) or sftp.
Name: 4.4BSD/NetBSD ftpd (bsd-ftpd)
Source: ftp://metalab.unc.edu/pub/Linux/system/Network/daemons/
Licence: BSD
Comments: Linux port of the NetBSD ftpd, which in turn was from
4.4BSD. Looks very old and unmaintained.
Name: aftpd (Anonymous FTP Daemon)
Source: http://pubweb.nfr.net/~mjr/pubs/index.shtml
Licence: Any use allowed except inclusion in commercial
products (TIS lic.)
Comments: Stripped-down version of traditional BSD ftpd,
supporting only anonymous access. Also has a read-only option
(recommended). Appears to be an extremely sound design -- but
very BSD-centric. If you've succeeded in making this compile
for Linux, please let me know. In the meanwhile, this is an
excellent choice for BSD (or Solaris?) systems.
Name: aftpd (Another FTP Daemon)
Source: http://vekoll.saturnus.vein.hu/~bazsi/aftpd/
Licence: Unstated.
Comments: Said to be in early alpha. Fine control of access
rights (ACLs) and user accounting. Supports virtual hosts and
"virtual users" (user with no UID).
Name: anonftpd
Source: ftp://koobera2.math.uic.edu/pub/software/
Licence: Free usage.
Comments: Great idea, disasterous implementation: Output (i.e.,
the ftp "LIST" command) is in a human-hostile format the author
calls Easily Parseable List Format. "ls" command fails to
support standard options such as "-l" or "-a". Inherently
secure design because it uses no system calls capable of
writing -- wasted on account of insane design decisions.
Tragic.
Name: BeroFTPD
Source: ftp://bero.x5.net/pub/
Licence: BSD
Comments: Said to be based on wu-ftpd, with a superset of its
features (extra support for virtual hosts).
Name: BetaFTPD
Source: http://members.xoom.com/sneeze/betaftpd.html
Licence: GPL v. 2
Comments: Single-threaded, small, fast. Said to be definitely
not yet ready for prime time.
Name: bftpd (Bruker ftpd)
Source: http://www.bftpd.f2s.com/
Licence: GPL v. 2
Comments: Inetd-based ftp daemon, partly inspired by ideas
drawn fron BetaFTPD, designed for are high configurability,
security and speed. Does on-the-fly tar/gz, chroot without
special configuration, PAM, passwd/shadow support.
Name: CrushFTP
Source: http://crushftp.terrashare.com/
Licence: Proprietary payware. No source code.
Comments: Written in Java. Requires a JVM. Remote
Java-applet-based administration. Multithreaded.
Name: DPFS (Dual-Protocol File Server, formerly
"Demi-FTPd")
Source: http://www.karico.fi/dftpd/
Licence: GPL v. 2
Comments: I'm not sure what to think of this one, yet.
Promising.
Name: fhttpd
Source: http://www.fhttpd.org/
Licence: GPL v. 2
Comments: Does both ftp and http -- still a beta version, at
this writing. Doesn't support passive connections.
Name: FTP4ALL
Source: http://www.ftp4all.de/
Licence: GPL v. 2
Comments: Rare design: Can be compiled/installed by non-root
users.
Name: ftpd-BSD
Source: http://www.owlriver.com/projects/ftpd-BSD/
Licence: BSD with GPL-licensed additions
Comments: OpenBSD's ftpd as portedtto Linux by Owl River
Company, based on early work by Robert R. Wal. Added support
for current PAM, glibc, xinetd, logrotate.
Name: ftpd-BSD
Source: ftp://ftpd-bsd.psychasia.com/pub/ftpd-bsd/
Licence: BSD
Comments: OpenBSD's ftp as ported to Linux by David Madore
(see:
http://www.eleves.ens.fr:8080/home/madore/programs/#prog_ftpd-BSD)
and subsequently maintained by Will Estes, based on early work
by Robert R. Wal. Added PAM support (broken a/o 11/2001). This
version reportedly has some build problems with PAM support and
potential problems with IP aliasing -- and has not been
modified since the initial 2001-02-28 version.
IPv6-capable.
Name: ginseng-ftpd
Source: http://mmondor.rubiks.net/software.html
Licence: BSD
Comments: Forked from NetBSD's bsd-ftpd v. 6.5. Single
configuration file, read-only accounts, umask, per-user
directory size limits, PAM and shadow password support,
on-the-fly gunzip, internal ls, IPv6 support, various security
fixes. By Matthew Mondor.
Name: glFtpD
Source: http://www.glftpd.org/
Licence: Free usage, no source code.
Comments: Why do I get the definite feeling this thing has
something to do with warez kiddies? I wouldn't touch it on a
bet.
Name: hftpd (Hoser FTPD)
Source: http://www.zabbo.net/hftpd/
Licence: GPL v. 2
Comments: Heavily threaded; use on Linux 2.2+ w/glibc 2.1+.
Currently Linux and x86-only. Looks promising; very spare
documentation.
Name: Libra FTP Server
Source: http://libraftp.narod.ru/libraindex.html
Licence: GPL v. 2
Comments: Anonymous-only. Read-only mode, extensive logging,
MD5 checksumming of transferred files, IPv6 support. Doesn't
need to run as root, uses no external calls. Can support ftp
proxy. By Andrey Savochkin and Maxim Shesterikov.
Name: Linux-ftpd
Source: ftp://metalab.unc.edu/pub/Linux/system/Network/daemons/
Licence: BSD
Comments: Berkeley ftp daemon, ported from OpenBSD. Obviously
has not been maintained for several years.
Name: lukemftpd
Source: ftp://ftp.netbsd.org/pub/NetBSD/misc/lukemftp/
Licence: BSD
Comments: A portable version (by Luke Mewburn) of
NetBSD-current's ftpd. Described as 90% of wu-ftpd's
functionality with 30% of its footprint.
Name: mmftpd
Source: http://mmondor.gobot.ca/software.html
http://mmondor.rubiks.net/software.html
Licence: BSD w/advertising clause
Comments: By Matthew Mondor, written from scratch as a
successor to his earlier ginseng-ftpd. Virtual users only, runs
non-privileged and optionally chrooted, supports some anti-DoS
measures and bandwidth shaping, supports per-user
permissions/limits. Users' access can be read-only, and is
confined to home directories via careful path-checking.
Name: Muddleftpd
Source: http://www.nongnu.org/muddleftpd
Licence: GPL v. 2
Comments: Can compile & install for non-root user. Designed
from scratch. Unmaintained since 2003.
Name: NcFTPd
Source: http://www.ncftp.com/ncftpd/
Licence: Proprietary payware. No source code.
Comments: Uses directory caching and avoids forking code.
Name: Net::FTPServer
Source: http://www.cpan.org/modules/by-authors/id/R/RW/RWMJ/
Licence: GPL
Comments: Fully-fledged FTP server written in Perl. Feature
parity with wu-ftpd. Extensible. Virtual filesystem lets you
serve files/images/whatever from a SQL database. See also the
Freshmeat project page at http://freshmeat.net/projects/netftpserver/
Name: oftpd
Source: http://www.time-travellers.org/oftpd/
ftp://ftp.ferrara.linux.it/pub/project6/sources/
(IPv6 patches)
Licence: BSD
Comments: Anonymous-only, sheds root authority for most of its
operation, contains internal cd and ls functions. Said to be an
"early release". Runs stand-alone, i.e., not under inetd.
Name: pftpd (Peter's ftpd)
Source: ftp://ftp.lysator.liu.se/pub/unix/pftpd/
Licence: Free usage.
Comments: Multithreaded, anonymous-only ftp daemon. Also
supports additional anonymous-access directories within your
local users' home directories. Limitations: Doesn't yet support
globbing (*, ?, []) or names lookups on gids. Operates in
read-only mode by default. Does BINARY or ASCII mode (including
restartable transfers), and active or passive connections.
Still gives occasionally buggy output, as of 2000-12.
Name: ProFTPd
Source: http://www.proftpd.org/
ftp://sith.mimuw.edu.pl/pub/users/baggins/IPv6/
(IPv6 patches)
http://www.t17.ds.pwr.wroc.pl/~misiek/ipv6/
(IPv6 patches)
Licence: GPL v. 2
Comments: Extremely full-featured, but saddled with a crufty
design and a sad, ongoing history of security compromises. This
is tragic, since it was a noble ground-up effort to replace and
improve on wu-ftpd. Configuration design inspired by Apache's,
supports virtual domains. Does it all. Fortunately, in 1999, it
was taken over by new maintainers, so we may see drastic
improvements. Can support SSL/TLS access for non-anonymous users:
http://groups.google.nl/group/alt.os.linux/msg/0376cb5ca19e3a09. Graphical
administrative tool is available: http://www.gadmintools.org/
Name: Publicfile
Source: http://cr.yp.to/publicfile.html
Licence: Bears author's copyright
statement, only, and no licence, and thus
is distributable only directly by the copyright owner --
proprietary software. The author (who seems hostile to
open-source[1] software licencing - see http://cr.yp.to/qmail/dist.html)
seems to have deliberately intended this unfortunate situation.
My understanding is that you have implied licence to retrieve
the package directly from the author's site, to
write/apply/distribute patches, to compile it, and to use it --
but not to redistribute it or works derived from it. The
foregoing applies in the USA: Wholly different rights may
result elsewhere. The author addresses this matter (in the
abstract) at http://cr.yp.to/softwarelaw.html.
Starting in late 2007, author asserted that most of his
other software (notably qmail and djbdns) would prospectively become
public domain by his own decree, but seems to have omitted
publicfile.
Comments: Still an alpha version, at this late date.
Provides ftp
and http file access, disallows writes to the public file area,
does its work without root authority. By Daniel J. Bernstein,
author of anonftpd (which, please see). Requires Bernstein's
ucspi-tcp and daemontools packages, which were until late 2007
available under the same non-licence as publicfile, but are now
asserted to
be
public domain. Does NOT produce standard human-readable
output, only Bernstein's "Easily Parseable List Format" (EPLF),
as with the author's earlier anonftpd.
Name: Publish-ftpd
Source: http://ccil.org/~cowan/publish-ftpd/
Licence: GPL v. 2
Comments: A read-only ftp/http daemon written in
Perl, having no anonymous functionality, requiring only Perl and a
couple of standard Perl modules, and designed to run under a
superserver such as xinetd or inetd. Logged in users are rooted
to their respective publish-ftpd home directories, can cannot cd out
except by following symlinks if present. Username under which
publish-ftpd gets specified in the superserver (and must not be
root), plus the port, allowed client IPs, maximum number of connections
overall or per IP, and allowed times of day for access. Written
by John Cowan. Doesn't yet support http as of v. 0.78.
Name: Pure-FTPd
Source: http://sourceforge.net/projects/pureftpd/
Licence: Free usage.
Comments: Patched, improved version of Troll-ftpd, adding
ASCII-mode transfers, capabilities-model (ACLs) support, PAM
support, built-in "ls" command, IPv6 support, chrooted home
directories, bounded ports for passive mode, FXP protocol
support. Seems like a winner, if going by descriptions.
Supports at this date (2006-03) SSL/TLS encryption for the control channel
only, not the data channel.
Dovecot imapd author Timo Sirainen has posted comments: Says it still relies on fixed-sized buffers and (a/o 1.0.12) has unreadable source code on account of inclusion of 589 #ifdefs.
Name: Roxen Challenger
Source: http://www.roxen.com/download/source/
Licence: GPL v. 2
Comments: ftpd is part of a large, ambitious, multi-threaded
SSL3-Web/proxy/mirror server. (The strong-crypto version is
proprietary: The 40-bit version is under the GPL.)
Name: SSLftpd
Source: ftp://ftp.psy.uq.oz.au:/pub/Crypto/SSLapps/
Licence: BSD
Comments: Standard wu-ftpd, patched to support SSL
authentication, falling back to standard ftp for non-SSL
(regular) ftp clients.
Name: Todokru
Source: http://www.futuresouth.com/~tomw/todokeru/
Licence: Free usage.
Comments: Written entirely in Perl. (Also requires POE.) Author
says it was written mostly for fun, and could be improved to be
a solid option, but that he personally wouldn't use it.
Name: Troll-ftpd
Source: ftp://ftp.troll.no/freebies/ftpd/
http://www.t17.ds.pwr.wroc.pl/~misiek/ipv6/
(IPv6 patches)
Licence: Free usage.
Comments: Linux-only, cleanly written ftpd by a Troll Tech
employee. Fast, small, secure, and easy to configure for
anonymous-only operation. It even does virtual domains. About
the only thing wrong with it is that it doesn't support ASCII
mode transfers, only binary, and that kills it for me. But
please see also the entry for Pure-ftpd.
Name: TUX
Source: ftp://ftp.redhat.com/pub/redhat/tux/
Licence: GPL v. 2
Comments: Linux-only, kernel-based, threaded,
very-high-performance HTTP and ftp server. Does virtual
domains. Written by Ingo Molnar.
Name: Twoftpd
Source: http://untroubled.org/twoftpd/
Licence: GPL v. 2
Comments: Ftpd in two separate modules: A front-end for
authentication only, and a back-end that carries out all
file-handling and file-transfer. Performs chroot by default. No
external calls. Included twoftpd-anon variant is a
stripped-down version for anonymous ftp only. Written by Bruce
Guenter.
Name: Very Secure ftp Daemon (vs-ftpd)
Source: ftp://ferret.lmh.ox.ac.uk/pub/linux/
Licence: GPL v. 2
Comments: Supports local accounts as well as anonymous. Modular
design, with each module running with minimal privilege. Runs
as an unprivileged user in a chroot jail, with special care in
handling of buffers, and uses all internal functions (e.g., no
external call to ls). Tries to avoid using potentially
dangerous library calls, and encapsulates all library calls
through two of its routines, as auditable points of contact.
Can optionally support SSL/TLS, thereby making non-anonymous ftp
access reasonable for a change: http://groups.google.nl/group/alt.os.linux/msg/ac05649d840ef8d5
(vs-ftpd is the current favourite ftpd of
this document's maintainer.)
Name: Washington University FTPd (Wuarchive-ftpd, aka
wu-ftpd)
Source: http://www.wu-ftpd.org/
http://www.t17.ds.pwr.wroc.pl/~misiek/ipv6/
(IPv6 patches)
Licence: BSD
Comments: The most popular ftpd on the Net, and the standard
ftp server. Well documented and supported, and can do just
about anything. Unfortunately, it is considered insecure, and
has a long history of security compromises. From Washington
University in St. Louis, Missouri.
Name: wu-ftpd-academ
Source: ftp://ftp.academ.com/pub/wu-ftpd/private/
Licence: BSD
Comments: When such is available, this is where you get the
patched & enhanced version of wu-ftpd from Academ
Consulting Services in Houston, Texas (Stan Barber,
proprietor). Often, security fixes for wu-ftpd are performed by
Stan, first.
Name: wzdftpd
Source: http://www.wzdftpd.net/
Licence: GPV v. 2
Comments: Support for SSL/TLS, crontabs,
remote administration via SITE commands, diverse user-database back-ends
and virtual users,
TCL/Perl script extensions, virtual users, IPv6. Multithreaded,
portable, coded in C, runs unprivileged, uses simple configuration
file, supports extensions in TCL or Perl. Modular design.
Notes: Dan Kegel is doing a "performance bake-off" of ftp daemons for Linux: http://www.kegel.com/dkftpbench/bakeoff.html
The page for his ftp-daemon benchmarking tool is extremely informative, too: http://www.kegel.com/dkftpbench/
[1] As defined by http://www.opensource.org/docs/definition_plain.html , the standard and essentially sole meaningful yardstick for that term. Bernstein apologists, who characteristically seem to think "open source" should mean whatever they want it to, are invited to eat my shorts. And also to read http://linuxmafia.com/~rick/faq/index.php?page=warez#djb .
---
Copyright (C) 2000-2002, Rick Moen,
<rick@linuxmafia.com>.
This information is free; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 2.
This work is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this work; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
Alternatively and at the recipient's option, this work may be used freely under the Attribution-ShareAlike 1.0 licence.