Pure-FTPd
Pure-FTPd is a free (BSD), secure, production-quality and
standard-conformant FTP server. It doesn’t provide useless bells and
whistles, but focuses on efficiency and ease of use. It provides
simple answers to common needs, plus unique useful features for
personal users as well as hosting providers.
Security first
Pure-FTPd is actively supported, and it was always designed with
security in mind, and the code is always re-audited as new kind of
vulnerabilities are discussed.
The server can run with privilege separation for paranoid security. It
can even run 100% non-root, with its built-in chroot() emulation and
virtual accounts.
Transmission of cleartext passwords and commands can be avoided :
Pure-FTPd has optional support for an SSL/TLS encryption layer using
the OpenSSL library.
Pure-FTPd works on your server
The same source code compiles and runs on Linux, MacOS, OpenBSD,
NetBSD, DragonflyBSD, FreeBSD, Solaris and derivatives, Tru64, Irix,
HPUX and AIX.
Pre-built binary packages are available for virtually all operating
supported systems.
Pure-FTPd speaks your language
All server messages are translated in English, German, Romanian,
French, Polish, Spanish, Danish, Dutch, Italian, Brazilian Portuguese,
Slovak, Korean, Swedish, Norwegian, Russian, Traditional Chinese,
Simplified Chinese, Czech, Turkish, Hungarian and Catalan.
It helps your customers understand diagnostics, even when english
isn’t their native language.
Messages are in independant files and they can be easily translated to
new languages, or customized.
Transparent conversion of client to filesystem charsets is
implemented, with UTF-8 support.
An excellent choice for newbies
Beginners can install a Pure-FTPd server in 5 minutes. It can be as
simple as installing the package, typing pure-ftpd &
and… that’s
all. You already have a running server, and clients can start to
connect.
There’s no need to review any long and complex configuration file,
where possible mistakes could have security and reliability
implications. Pure-FTPd uses simple command-line switches to enable
the features you need.
You can limit the number of simultaneous users, limit their bandwidth
to avoid starving connection, hide system files (chroot
), have
upload/download ratios, and moderate new uploads. Custom messages can
be displayed at login-time (even changing fortune files) and when an
user enters a new directory. Also, to avoid your disks being filled
up, you can define a maximal percentage, and new uploads will be
disallowed once this percentage is reached.
The FXP (server-to-server) protocol is implemented. It can be
available for everyone, or only for authenticated users.
Kiddies are using common brute-forcing tools that are trying to
discover hidden directories. Pure-FTPd provides a protection against
this. Anonymous access is secure by default. For instance, users can’t
access dot-files (.bash_history
, .rhosts
, …) unless you explicitly
enable this.
And to watch who’s doing what, the pure-ftpwho
command shows a table
with currently active sessions, how much bandwidth is taken by every
user, what files they are uploading or downloading, where they are
coming from, etc.
High flexibility for ISPs and hosting services
- System accounts can immediately have FTP access. Authentication via PAM modules is also supported. Accounts below an uid (e.g.
< 500
for daemon accounts) can be disallowed.
- All accounts can be easily chrooted by default. For easy administration, a “trusted” group with no
chroot
can be defined.
- FTP accounts can be distinct from system accounts, stored in an independant database. Multiple accounts can share the same system id. A built-in indexing database allows very fast lookups. It is sucessfully running with over 1.5 million accounts on the same server. System accounts can be copied to virtual FTP accounts, so that users can have different passwords for shell access and FTP access.
- LDAP authentication is also fully supported. Pure-FTPd was successfully tested with OpenLDAP and iPlanet Directory Server. It uses standard
posixAccounts
classes.
- Built-in secure cryptographic hashes can be used with any LDAP server, even those that are lacking support for these hashes.
- User info can also be centralized in MySQL databases, with or without transactions. All queries are fully customizable, and requests can be built with user names, remote client addresses, local IP addresses and ports. That way, complex hosting rules can be easily implemented, even with multiple virtual servers on the same host, and multiple virtual domains with many users.
- Multiple authentication methods can be chained in any order. For instance, SQL accounts, LDAP directories and system accounts can be used at the same time.
- Custom authentication methods can easily be added. Pure-FTPd supports external authentication modules, and writing a new backend can be as simple as a few lines of shell script.
- Pure-FTPd supports a virtual quota system : accounts can have individual quota (max number of files, max total size) even when they share the same system uid.
- Bandwidth throttling is supported, with distinct settings for upload and download.
- Every user can be assigned individual quota, ratio and bandwidth.
- Every user can be allowed to connect only from a specific range on IP address, or only to its own virtual host.
- Every user can be individually restricted to his home directory or not.
- Every user can be allowed to connect only during configured time-ranges (e.g. only during business hours).
- An anti-warez system prevents users from trading if they found a public-writeable directory. Files owned by the anonymous ftp users can’t be downloaded (sysadmin has to moderate them by changing their ownership) . Also, ftp users can’t create directories by default to hide files.
- Any external shell script can be called after a successful upload. Virus scanners and database archiveal can easily be set up.
- A maximum concurrent connection from the same IP address can be enforced to avoid bandwidth starvation and denial-of-service attacks.
- Downloads can be disallowed if the system load is too high.
- Directory listings list a parametrable max number of files. Recursive listings are fully supported, with a parametrable maximal depth. So you can provide recursive search to your users without providing any simple denial-of-service.
- The pure-ftpwho command provides real-time reports of who’s doing what on the FTP server, including bandwidth usage. The result can be a full web page, and the program can also work like a standard CGI program, compatible with any web server. XML and text reports are also available, as well as a compact and easily parsable format for shell scripts.
- Log files are accurate, and they use standard syslog facilities. Additional Apache-like (
CLF
) log files can be produced. They are compatible with all web-statistic software. An extended format called Stats
is also implemented, and works with advanced third-party FTP statistic software like FTPStats and ModLogAn. FTPStats provides detailed per-user statistics.
- Home directories can be created on-demand. This is especially useful with LDAP and SQL backends : just insert a row in the database, and the account is ready to go. No need to create any directory for that user : it will be automatically created the first time he will log in.
- Multiple virtual FTP servers can be hosted on the same computer, with an independant trusted IP for administration.
- Access to dot-files can be restricted, so that users can’t read/write
.ssh
directories, .bash_history
files, .rhosts
files, etc.
- Safe permissions are enforced on users home directories. Customers can’t disable their accounts by mistake with an insecure “chmod 0 /” command. The “chmod” command can also be totally disabled.
- Multiple Pure-FTPd servers with different settings can run on the same host without any conflict.
- Pure-FTPd can act as private FTP server and disallow all anonymous connections regardless of the “ftp” system account. With another switch, the server can be anonymous-only, and refuse connections to all shell accounts.
- Symbolic links can be followed when users are chrooted, even when they are pointing out of the chroot jail. This unique feature makes shared content easy to set up.
- Directory aliases can be enabled, to provide shortcuts to common directories.
- Uploads are truely atomic. Web servers will not serve partial images nor broken PHP scripts when the files are being uploaded, even when content is being updated.
Compatibility with existing specifications, clients and servers
Pure-FTPd has one of the most complete implementation of the FTP protocol specifications. It includes the protocol basics, plus modern extensions like MLST/MLSD (extensible and mirror-safe directory listings).
RFC conformance is great, but in the real-life, there are a lot of buggy clients. It’s why Pure-FTPd has also workarounds for some versions of popular Windows clients that totally violates the FTP protocol. Pure-FTPd also works with broken home-made clients that don’t properly terminate lines.
So if your current setup works with another FTP server, you can safely move to Pure-FTPd without breaking anything or receiving customers complaints: things will work as before for them, and the migration will be transparent.
IPv6 is fully supported. EPSV/EPRT IPv6 protocol extensions are implemented, and every configuration option and logging feature works with IPv4 and IPv6 as well.
Pure-FTPd is the first daemon to implement ESTA
and ESTP
. These two commands ensures FTP data connection assurance, in order to increase the protocol-level security.
Firewalling is easy: Pure-FTPd can restrict the port range for passive connections, force the announced IP for masquerading gateways, or disable passive connections to deal with broken port forwarders.