Bftpd

Bftpd is an open source, cross-platform, fast, easy-to-use, small and easy-to-configure FTP (File Transfer Protocol) server (non-interactive daemon) designed for Linux kernel-based and UNIX-like operating systems. It implemented in C and it’s well known as a very secure FTP daemon.

Features at a glance

Key features include support for most RFC (Request for Comments) FTP commands, on-the-fly compression and archiving support using the tar.gz format, strong security with chroot (no special setup is required), as well as support for SITE CHOWN and SITE CHMOD.

In addition, the Bftpd FTP daemon doesn’t need configuration files, logs its actions to wtmp, syslog or to a custom log file, and provides support for PAM (Pluggable Authentication Module) and passwd/shadow passwords.

Command-line options

Command-line options include the ability to run the daemon via the inetd Internet service daemon, run in TCP (Transmission Control Protocol) listen mode, without pre-fork(), run without a configuration file, with default settings, as well as to read a custom configuration file instead of the one located on /etc/bftpd.conf. Additionally, it is possible to run it in daemon mode by using fork() and running it in TCP listen mode.

Getting started with Bftpd

Being written entirely in the C programming language, the software is small and fast. It’s actually a breeze to install Bftpd on your GNU/Linux system or FreeBSD distribution (both 32-bit and 64-bit architectures are supported), as you will have to get the latest version from Softoware, save it on your Home folder, and extract the archive.

Open a termina emulator, use the ‘cd’ command to navigate to the location of the extracted files, run the “./configure && make” command (without quotes) to configure and compile the project, and then execute the “make install” command, without quotes, as root or with sudo to install it system wide.

What is new in this release:

• This release of Bftpd fixes a potential buffer overflow bug that occurs when the server is compiled with S_ISLINK defined. This bug may cause a buffer overflow when symbolic links are included in a directory listing. The new version 4.4 of Bftpd should process symbolic links properly or, in cases were S_ISLINK is not defined, hide symbolic links. This latter behaviour is provided for added security and to avoid causing Bftpd to hang on some operating systems while processing directory listings where symbolic links exist.

What is new in version 3.6:

• This release includes a fix for dealing with named pipes.
• Previously performing a directory listing on a directory that included a named pipe would cause Bftpd's connect to stall.
• This release provides a work-around so that directory listings complete cleanly.

What is new in version 3.1:

• A configuration default which could allow anonymous users to have more access to the server than intended was fixed.
• By default, Bftpd now blocks anonymous logins, so any access must be turned on by the admin.

What is new in version 3.0:

• This update does not introduce any code changes.
• The release includes some corrections to the documentation.
• It also adds a Slovak translation of the documentation.

What is new in version 2.9:

• A bug was found in the way bftpd handles anonymous logins. When an anonymous user connects, the ROOTDIR option in the configuration file was was being ignored. The new release, 2.9, corrects this problem. Thanks to Paul Laufer for reporting this issue.
• This release also fixes an issue where the bftpd log file would get erased on Ubuntu during a reboot of the system.

What is new in version 2.8:

• The 2.8 release brings a lot of improvements and bug fixes to Bftpd.
• There were some cases where the user config options might not be read properly, depending on how Bftpd was compiled. This has been fixed so options should always be read.
• Anonymous logins have been fixed. This broke a few releases back and it's been corrected. We have also disabled anonymous logins by default. You can allow anonymous logins in the configuration file.
• If several Bftpd sessions all die at once, the system will now clean up the zombie processes.
• The "list" command now recognizes the "-a" paramater, allowing clients to see hidden files. This function only works if the administrator has turned on the configuration file option SHOW_HIDDEN_FILES.
• The search function has been updated, allowing users to see symbolic links, even if those links are broken. For this feature to work, the configuration file option SHOW_NONREADABLE_FILES must be turned on.
• Many thanks to Raster who contributed most of the improvements for this release. Also thanks to Oliver Metz for reporting bugs.
• In short, we've fixed a few things, tried to make the system more secure out of the box and added some optional functionality. Please see the contact page if you would like to report a problem.

What is new in version 2.7:

• This release, 2.7, fixes an issue where an FTP client would attempt to delete a directory on the server. The server would previously send back the same error regardless if the directory was full or if the client did now have permission to delete it. This would confuse some clients. Thanks to Raster for providing this patch.
• This release also clears up some complier warnings from gcc 4.4.1.

What is new in version 2.4:

• A minor security bug which could be used to cause a denial of service attack has been fixed.

What is new in version 2.2.1:

• This release provides one bugfix that would cause problems or a crash in environments where bftpd was started without stdin, stdout, or stderr streams.