[Image] [Image] [Image] - Professional FTP Daemon - What is ProFTPD? ProFTPD is an FTP daemon for unix and unix-like operating systems. ProFTPD is developed, released and distributed under the GNU Public License (GPL), which basically establishes it as free software, meaning that it may be sold, licensed and otherwise manipulated in any way desired as long as full and complete source code either accompanies any ProFTPD packages or is made available by any and all sites that distribute pre-compiled binaries. The software can be modified by anyone at anytime, as long as all derived works also are licensed under the GNU Public License. Why yet another FTP daemon? ProFTPD grew out of the desire to have a secure and configurable FTP server, and out of a significant admiration of the Apache web server. There are currently a very limited number of FTP servers running on unix (or unix-like) hosts. The most commonly used server is probably wu-ftpd. While wu-ftpd provides excellent performance and is generally a good product, it lacks numerous features found in newer Win32 FTP servers, and has a poor security history. Personally, I (the originator of the ProFTPD project) have spent a good deal of time hacking wu-ftpd in order to fix bugs and try to add features. Unfortunately, it quickly became clear that a complete redesign was necessary in order to implement the configurability and features desired. ProFTPD is not a hack based on any other server, it's an independent source tree from the ground up. In addition to wu-ftpd there are a couple of other FTP servers available which are designed to be light-weight and secure, at the expense of configurability. For example, Troll FTP is an excellent FTP daemon which is considerably more secure and less resource intensive than wu-ftpd. Unfortunately, while it is quite suitable for basic FTP services, it does not offer the feature set required for more sophisticated FTP sites. ProFTPD offers the following features (at it's current release level, more planned soon!): * Single main configuration file, with directives and directive groups which are completely intuitive to any administrator who has ever used the Apache web server. * Per directory ".ftpaccess" configuration similar to Apache's ".htaccess". * Easy to configure multiple virtual FTP servers and anonymous FTP services. * Designed to run either as a stand-alone server or from inetd, depending on system load. * Anonymous FTP root directories do not require any specific directory structure, system binaries or other system files. * No SITE EXEC command. In modern Internet environments, such commands are a security nightmare. ProFTPD does not execute any external programs at any time. The source is available (and must always be available) for administrators to audit. * Hidden directories or files, based on unix style permissions, or user/group ownership. * Runs as a configurable non-privileged user in stand-alone mode in order to decrease chances of attacks which might exploit it's "root" abilities. Note: This feature is dependent on the capabilities of the host Unix system. * Logging and utmp/wtmp support. Logging is compatible with the wu-ftpd standard, with extended logging available. * Shadow password suite support, including support for expired accounts. What ProFTPD is not. ProFTPD is not light-weight, and isn't intended to be. ProFTPD is designed to be powerful, for the FTP administrator who needs a powerful, configurable and secure FTP daemon. This isn't to say that ProFTP developers don't attempt to optimize and reduce code bloat, but our emphasis is on speed and functionality rather than minimizing resource usage. ProFTPD doesn't implement the following FTP features, generally because they are unnecessary on the modern Internet. Such features will not be supported, unless there is a specific unforeseen need from the ProFTPD user community: * Binary and ASCII transfer modes only. EBCDIC and LOCAL data types are pretty much obsoleted by convention in the modern world of 8-bit ASCII (7-bit significance) and 8-bit binary ("IMAGE" in RFC 959 terms) systems. * No client specified data structure format. Again, this is obsoleted by convention; record/page data structure is not used. * Transfer mode is always "STREAM". * Compression is not available. Implementing this would require ProFTPD to execute an external program or implement compression internally. Obviously the former is undesirable. * FTP "accounts" (via the ACCT command). Modern convention uses USER/PASS. * Unique filenames when storing (via the STOU command). * SITE EXEC commands. As previously stated, it is a violation of our security model to execute any external program. Which Operating Systems are supported? ProFTPD Version 1.0.x currently supports the following Unix and "unix-like" operating systems: * Linux (recommend 2.0.x or 2.1.x) * Irix 5.3 * BSDI 2.1/3.0 (3.0 hasn't been tested yet) * Solaris 2.5 Version 1.2.x has been tested on (sometimes minimally) and supports the following (gcc and gmake required unless otherwise indicated): * Linux (recommend 2.0.x or 2.1.x) * BSDI 2.x (not tested) * BSDI 3.1 (tested -- use gmake instead of make) * IRIX 6.2 (minimally tested) * IRIX 6.3 (native compiler or gcc) * IRIX 6.4 (tested) * Solaris 2.5.1 (see Solaris2.5x.README) * Solaris 2.6 (not tested) * AIX 3.2 (native compiler) * AIX 4.2 (tested) * OpenBSD 2.2/2.3 (tested) * FreeBSD 2.2.7 (tested -- one caveat, see README) * Digital UNIX 4.0A (not tested) * DEC OSF/1 (native compiler) ProFTPD was developed under Linux, but certainly isn't restricted to Linux. If you are interested in porting to another OS or becoming involved in the project, check out the development page. How do I get, configure and install ProFTPD? ProFTPD is available in (up to) four different flavors: production release ("stable"), development release ("experimental") and possible patchlevel releases ("interim"). Check our download page for current version information and download links. Once you have retrieved the distribution tarball file, you'll need to untar it via: tar -xzf proftpd-1.0.1.tar.gz This will unpack the distribution source into a directory such as "proftpd-1.0.1". Change into this directory and scan the README text file. Your next stop will probably be to run the configure shell script and finally run: make Followed by: make install If you get stuck, the INSTALL text file contains more explicit instructions regarding installation. This will install the binary into /usr/local/sbin and default configuration file into /etc, and supplemental binaries into /usr/local/bin. You can change these default directories by running configure --prefix=[prefix-dir]. For example, configure --prefix=/usr results in proftpd being installed in /usr/sbin, and other binaries in /usr/bin. Once installed, you'll need to edit /etc/proftpd.conf to suit your tastes, and possibly modify your inetd configuration (if you wish to run proftpd in inetd mode). The default configuration file will be suitable for basic FTP server needs, however you'll need to modify it in order to implement virtual servers, additional anonymous/guest accounts, etc. For more configuration information see the configuration page. For configuration directive information see the proftpd reference page. Where can I find additional assistance for ProFTPD? A ProFTPD mailing list exists for development purposes and limited technical assistance. Before posting to the list, you should most definitely subscribe; as often responses are posted back to the list but not mailed to the original sender. To subscribe, send an email message to majordomo@evcom.net with the first line in the body of your message as subscribe proftpd-l. If at a later date you wish to unsubscribe from the list, send a similar message to majordomo@evcom.net with unsubscribe proftpd-l as the first line of your message. Once subscribed, you should send all list email to proftpd-l@evcom.net. Do not send requests for subscription or unsubscription to the above address, it is for list traffic only! A searchable archive of the list is maintained at http://www.proftpd.org/proftpd-l-archive/. The archive is updated in real-time, while the searchable engine is updated daily.