Pure-FTPd, a secure FTP daemon

Security first

Pure-FTPd is actively supported, and it was always designed with security in mind, and the code is always re-audited as new kind of vulnerabilities are discussed.

The server can run with privilege separation for paranoid security. It can even run 100% non-root, with its built-in chroot() emulation and virtual accounts.

Transmission of cleartext passwords and commands can be avoided : Pure-FTPd has optional support for an SSL/TLS encryption layer using the OpenSSL library.

Pure-FTPd works on your server

The same source code compiles and runs on Linux, MacOS, OpenBSD, NetBSD, DragonflyBSD, FreeBSD, Solaris and derivatives, Tru64, Irix, HPUX and AIX.

Pre-built binary packages are available for virtually all operating supported systems.

Pure-FTPd speaks your language

All server messages are translated in English, German, Romanian, French, Polish, Spanish, Danish, Dutch, Italian, Brazilian Portuguese, Slovak, Korean, Swedish, Norwegian, Russian, Traditional Chinese, Simplified Chinese, Czech, Turkish, Hungarian and Catalan.

It helps your customers understand diagnostics, even when english isn’t their native language.

Messages are in independant files and they can be easily translated to new languages, or customized.

Transparent conversion of client to filesystem charsets is implemented, with UTF-8 support.

An excellent choice for newbies

Beginners can install a Pure-FTPd server in 5 minutes. It can be as simple as installing the package, typing pure-ftpd & and… that’s all. You already have a running server, and clients can start to connect.

There’s no need to review any long and complex configuration file, where possible mistakes could have security and reliability implications. Pure-FTPd uses simple command-line switches to enable the features you need.

You can limit the number of simultaneous users, limit their bandwidth to avoid starving connection, hide system files (chroot), have upload/download ratios, and moderate new uploads. Custom messages can be displayed at login-time (even changing fortune files) and when an user enters a new directory. Also, to avoid your disks being filled up, you can define a maximal percentage, and new uploads will be disallowed once this percentage is reached.

The FXP (server-to-server) protocol is implemented. It can be available for everyone, or only for authenticated users.

Kiddies are using common brute-forcing tools that are trying to discover hidden directories. Pure-FTPd provides a protection against this. Anonymous access is secure by default. For instance, users can’t access dot-files (.bash_history, .rhosts, …) unless you explicitly enable this.

And to watch who’s doing what, the pure-ftpwho command shows a table with currently active sessions, how much bandwidth is taken by every user, what files they are uploading or downloading, where they are coming from, etc.

High flexibility for ISPs and hosting services

  • System accounts can immediately have FTP access. Authentication via PAM modules is also supported. Accounts below an uid (e.g. < 500 for daemon accounts) can be disallowed.
  • All accounts can be easily chrooted by default. For easy administration, a “trusted” group with no chroot can be defined.
  • FTP accounts can be distinct from system accounts, stored in an independant database. Multiple accounts can share the same system id. A built-in indexing database allows very fast lookups. It is sucessfully running with over 1.5 million accounts on the same server. System accounts can be copied to virtual FTP accounts, so that users can have different passwords for shell access and FTP access.
  • LDAP authentication is also fully supported. Pure-FTPd was successfully tested with OpenLDAP and iPlanet Directory Server. It uses standard posixAccounts classes.
  • Built-in secure cryptographic hashes can be used with any LDAP server, even those that are lacking support for these hashes.
  • User info can also be centralized in MySQL databases, with or without transactions. All queries are fully customizable, and requests can be built with user names, remote client addresses, local IP addresses and ports. That way, complex hosting rules can be easily implemented, even with multiple virtual servers on the same host, and multiple virtual domains with many users.
  • Multiple authentication methods can be chained in any order. For instance, SQL accounts, LDAP directories and system accounts can be used at the same time.
  • Custom authentication methods can easily be added. Pure-FTPd supports external authentication modules, and writing a new backend can be as simple as a few lines of shell script.
  • Pure-FTPd supports a virtual quota system : accounts can have individual quota (max number of files, max total size) even when they share the same system uid.
  • Bandwidth throttling is supported, with distinct settings for upload and download.
  • Every user can be assigned individual quota, ratio and bandwidth.
  • Every user can be allowed to connect only from a specific range on IP address, or only to its own virtual host.
  • Every user can be individually restricted to his home directory or not.
  • Every user can be allowed to connect only during configured time-ranges (e.g. only during business hours).
  • An anti-warez system prevents users from trading if they found a public-writeable directory. Files owned by the anonymous ftp users can’t be downloaded (sysadmin has to moderate them by changing their ownership) . Also, ftp users can’t create directories by default to hide files.
  • Any external shell script can be called after a successful upload. Virus scanners and database archiveal can easily be set up.
  • A maximum concurrent connection from the same IP address can be enforced to avoid bandwidth starvation and denial-of-service attacks.
  • Downloads can be disallowed if the system load is too high.
  • Directory listings list a parametrable max number of files. Recursive listings are fully supported, with a parametrable maximal depth. So you can provide recursive search to your users without providing any simple denial-of-service.
  • The pure-ftpwho command provides real-time reports of who’s doing what on the FTP server, including bandwidth usage. The result can be a full web page, and the program can also work like a standard CGI program, compatible with any web server. XML and text reports are also available, as well as a compact and easily parsable format for shell scripts.
  • Log files are accurate, and they use standard syslog facilities. Additional Apache-like (CLF) log files can be produced. They are compatible with all web-statistic software. An extended format called Stats is also implemented, and works with advanced third-party FTP statistic software like FTPStats and ModLogAn. FTPStats provides detailed per-user statistics.
  • Home directories can be created on-demand. This is especially useful with LDAP and SQL backends : just insert a row in the database, and the account is ready to go. No need to create any directory for that user : it will be automatically created the first time he will log in.
  • Multiple virtual FTP servers can be hosted on the same computer, with an independant trusted IP for administration.
  • Access to dot-files can be restricted, so that users can’t read/write .ssh directories, .bash_history files, .rhosts files, etc.
  • Safe permissions are enforced on users home directories. Customers can’t disable their accounts by mistake with an insecure “chmod 0 /” command. The “chmod” command can also be totally disabled.
  • Multiple Pure-FTPd servers with different settings can run on the same host without any conflict.
  • Pure-FTPd can act as private FTP server and disallow all anonymous connections regardless of the “ftp” system account. With another switch, the server can be anonymous-only, and refuse connections to all shell accounts.
  • Symbolic links can be followed when users are chrooted, even when they are pointing out of the chroot jail. This unique feature makes shared content easy to set up.
  • Directory aliases can be enabled, to provide shortcuts to common directories.
  • Uploads are truely atomic. Web servers will not serve partial images nor broken PHP scripts when the files are being uploaded, even when content is being updated.

Compatibility with existing specifications, clients and servers

Pure-FTPd has one of the most complete implementation of the FTP protocol specifications. It includes the protocol basics, plus modern extensions like MLST/MLSD (extensible and mirror-safe directory listings).

RFC conformance is great, but in the real-life, there are a lot of buggy clients. It’s why Pure-FTPd has also workarounds for some versions of popular Windows clients that totally violates the FTP protocol. Pure-FTPd also works with broken home-made clients that don’t properly terminate lines.

So if your current setup works with another FTP server, you can safely move to Pure-FTPd without breaking anything or receiving customers complaints: things will work as before for them, and the migration will be transparent.

IPv6 is fully supported. EPSV/EPRT IPv6 protocol extensions are implemented, and every configuration option and logging feature works with IPv4 and IPv6 as well.

Pure-FTPd is the first daemon to implement ESTA and ESTP. These two commands ensures FTP data connection assurance, in order to increase the protocol-level security.

Firewalling is easy: Pure-FTPd can restrict the port range for passive connections, force the announced IP for masquerading gateways, or disable passive connections to deal with broken port forwarders.