- Professional FTP Daemon -



What is ProFTPD?

ProFTPD is an FTP daemon for unix and unix-like operating systems. ProFTPD is developed, released and distributed under the GNU Public License (GPL), which basically establishes it as free software, meaning that it may not be sold (although charges may be levied for distribution and media), and that it may not be distributed without full and complete source code (or that full and complete source code must be made available from all sites that distributed pre-compiled binaries). ProFTPD is designed to be advanced, incredibly configurable and secure.

 

Why yet another FTP daemon?

ProFTPD grew out of the desire to have a secure and configurable FTP server, and out of a significant admiration of the Apache web server. There are currently a very limited number of FTP servers running on unix (or unix-like) hosts. The most commonly used server is probably wu-ftpd. While wu-ftpd provides excellent performance and is generally a good product, it lacks numerous features found in newer Win32 FTP servers, and has a poor security history. Personally, I (the originator of the ProFTPD project) have spent a good deal of time hacking wu-ftpd in order to fix bugs and try to add features. Unfortunately, it quickly became clear that a complete redesign was necessary in order to implement the configurability and features desired. ProFTPD is not a hack based on any other server, it's an independent source tree from the ground up.

In addition to wu-ftpd there are a couple of other FTP servers available which are designed to be light-weight and secure, at the expense of configurability. For example, Troll FTP is an excellent FTP daemon which is considerably more secure and less resource intensive than wu-ftpd. Unfortunately, while it is quite suitable for basic FTP services, it does not offer the feature set required for more sophisticated FTP sites.

ProFTPD offers the following features (at it's current release level, more planned soon!):

  • Single main configuration file, with directives and directive groups which are completely intuitive to any administrator who has ever used the Apache web server.
  • Per directory ".ftpaccess" configuration similar to Apache's ".htaccess".
  • Easy to configure multiple virtual FTP servers and anonymous FTP services.
  • Designed to run either as a stand-alone server or from inetd, depending on system load.
  • Anonymous FTP root directories do not require any specific directory structure, system binaries or other system files.
  • No SITE EXEC command. In modern Internet environments, such commands are a security nightmare. ProFTPD does not execute any external programs at any time. The source is available (and must always be available) for administrators to audit.
  • Hidden directories or files, based on unix style permissions, or user/group ownership.
  • Runs as a configurable non-privileged user in stand-alone mode in order to decrease chances of attacks which might exploit it's "root" abilities. Note: This feature is dependent on the capabilities of the host Unix system.
  • Logging and utmp/wtmp support. Logging is compatible with the wu-ftpd standard, with extended logging available.
  • Shadow password suite support, including support for expired accounts.

 

What ProFTPD is not.

ProFTPD is not light-weight, and isn't intended to be. ProFTPD is designed to be powerful, for the FTP administrator who needs a powerful, configurable and secure FTP daemon. This isn't to say that ProFTP developers don't attempt to optimize and reduce code bloat, but our emphasis is on speed and functionality rather than minimizing resource usage.

ProFTPD doesn't implement the following FTP features, generally because they are unnecessary on the modern Internet. Such features will not be supported, unless there is a specific unforeseen need from the ProFTPD user community:

  • Binary and ASCII transfer modes only. EBCDIC and LOCAL data types are pretty much obsoleted by convention in the modern world of 8-bit ASCII (7-bit significance) and 8-bit binary ("IMAGE" in RFC 959 terms) systems.
  • No client specified data structure format. Again, this is obsoleted by convention; record/page data structure is not used.
  • Transfer mode is always "STREAM".
  • Compression is not available. Implementing this would require ProFTPD to execute an external program or implement compression internally. Obviously the former is undesirable.
  • FTP "accounts" (via the ACCT command). Modern convention uses USER/PASS.
  • Unique filenames when storing (via the STOU command).
  • SITE EXEC commands. As previously stated, it is a violation of our security model to execute any external program.

 

Which Operating Systems are supported?

ProFTPD currently supports the following Unix and "unix-like" operating systems:
  • Linux (recommend 2.0.x or 2.1.x)
  • Irix 5.3
  • BSDI 2.1/3.0 (3.0 hasn't been tested yet)
  • Solaris 2.5

Yes, this list is small. :-) ProFTPD was developed under Linux, but isn't restricted to Linux. If you are interested in porting to another OS, please do! Check out the development page.

 

How do I get, configure and install ProFTPD?

ProFTPD is available in (up to) four different flavors: production release ("stable"), development release ("experimental") and possible patchlevel releases ("interim"). Check our download page for current version information and download links.

Once you have retrieved the distribution tarball file, you'll need to untar it via:
tar -xzf proftpd-1.0.1.tar.gz

This will unpack the distribution source into a directory such as "proftpd-1.0.1". Change into this directory and scan the README and INSTALL text files. Your next stop will probably be to run the configure shell script and finally run:
make install

This will install the binary into /usr/sbin and default configuration file into /etc. You can change these directories by modifying Makefile in the source root directory. Once installed, you'll need to edit /etc/proftpd.conf to suit your tastes, and possibly modify your inetd configuration (if you wish to run proftpd in inetd mode). The default configuration file will be suitable for basic FTP server needs, however you'll need to modify it in order to implement virtual servers, additional anonymous/guest accounts, etc. For more configuration information see the configuration page. For configuration directive information see the proftpd reference page.