<% $m->comp("header.htm") %> <% $m->comp("menu.htm") %>
About | Features | Permissions | Users & Groups | Rights | Signals

What is OpenFTPD ?

OpenFTPD is a free, open source FTP server implementation for the UNIX platform. It is based on FTP4ALL (Version 3.012) by Crescent and started as an alternative version by primemover with some fixes and patches because the official development of FTP4ALL stalled.

Some month later we were at a point where the differences to the official FTP4ALL were that big that there was no sense anymore still calling it a patched version of FTP4ALL, so we decided to create a new project called OpenFTPD.

Thanks a lot to Crescent, Crestor and Senfgurke for their great work on FTP4ALL. Check http://www.ftp4all.de for some more information.

OpenFTPD was designed to require no superuser privileges. The advantages are that it cannot be exploited to gain root access on a machine and second, any user on a UNIX box can run this server without special permissions. The only restriction is that you can't use ports below 1024, so you will not be able to setup a port 21 server without being root.

It is not designed to replace wu-ftpd or any other system-level FTP server, neither it does not use the default user database (/etc/passwd or NIS or whatever) nor the UNIX file and directory permissions. Instead it sets up its own user and group database and file and directory permission system.

OpenFTPD is designed for running a private, specialised FTP site with an own user and group database. Although anonymous FTP is supported we don't recommend this mode and there will be no further development in this direction.

Features like upload/download ratios, detailled statistics, support for seperating a site into sections and an included nuking system make OpenFTPD to the perfect system for the exchange of files of any kind.

OpenFTPD was developed and tested with Linux and FreeBSD and may run on other modern UNIX systems but we can't guarantee that. You will need a C compiler (gcc preferred) to compile OpenFTPD and Perl to run the install script and several addons written in Perl.

There is no binary distribution available, the only one is the source distribution. This allows you to convince yourself that there are no backdoors and gives you the possibility to do fix bugs and write addons or modifications on your own.

Features

  • Free source code available
  • Server runs under normal user accounts (no superuser privileges needed)
  • Permissions can be given to files and directories, similar to UNIX but with advanced options for directories. The OpenFTPD permissions are independent of the UNIX permissions below and stored in own permission files.
  • User classes: anonymous, normal, superuser, siteop and groupop
  • Ability to restrict user logins to IP ranges (10 IP ranges for each users)
  • Private mode (connections from unknown IP's are closed quitely)
  • Number of simultaneous logins can be set for each user
  • Counts upload and downloaded amount for every user
  • Credit system
  • Section system (seperated settings, credits and stats depending on FTP path)
  • Download counter for every file and directory
  • Logging user activities, also through external program
  • Customizable FTP replies, with variables and colors
  • Full online server administration with site commands
  • Passive FTP
  • Archive checking through external program/script
  • Day/Week/Month/Year/Total upload/download stats
  • Duplicate file checking (interal dupechecker, support for external dupechecker)
  • User scripts, new commands with external scripts/programs
  • Filename / directory name conversion on upload
  • Readme files for directories
  • DES encrypted user and group file
  • Taglines for users and groups
  • Admintool support
  • User-based permission system (for group- and siteops)
  • Tme-of-day dependant session and bandwith limit
  • Upload statistic for directories (race info)
  • Included IRC bot scripts
  • Included archive checker
  • Internal on-the-fly checksum calculation
  • Internal dupecheck with crc checking

Permissions

OpenFTPD uses a file protection scheme similar to that of UNIX. Permissions on files or directories can be given to the 3 instances owner, group and world (others). Rights can be assigned to directories and files. For files, the rights are almost the same, with the exception that there is no execute right (but this is not needed for a ftp server). For directories, the rights differ from the UNIX rights.

Directory permissions
access change the permission or remove it
list list the content of a directory
chdir change to the directory
get download files
put upload new files
mkdir create subdirectories
rmdir remove subdirectories
overwrite overwrite or delete files

File permissions
read read (download) the file
write delete, rename, or overwrite the file (overwrite permission for parent directory needed)
chmod change the file permissions

The permissions for directories and files are stored in special binary files named .permissions by default. These files contain user and group id of the owner and the permissions for owner, group and others - for the directory itself and for each file in the directory. If a readme file exists in a directory, its content is displayed whenever a user changes to this directory. You can change the filename for permissionfile and readmefile in the OpenFTPD registry although this is not recommended.

Users & Groups

There are 6 different userclasses in OpenFTPD

normal This user has an account with the server, and may log in with his user name and password. An IP range can be set individually for each user, allowing him to log in from certain IP adresses only. Access can be restricted by number of sessions and bandwidth used.
anonymous This user may log in anonymously, i.e. with his e-mail address as password, or with a default password. Login is possible from any IP address. Anonymous cannot change password (if set), and credit is not saved for later sessions. Access can be restricted by number of sessions and bandwidth used.
groupop Groupops are normal users, but have additional rights in administering the site. Rights granted are limited to members of one or more specified groups. You can set the default rights for new groupops in the registry.
siteop Siteops are normal users, but have additional rights in administering the site. Rights granted are not limited to users of certain groups. You can set the default rights for new siteops in the registry.
superuser This user also needs login and password, but has unlimited access to files and directories of the server, i.e. access permissions do not count. Furthermore, he can use all SITE commands, allowing him to modify users, groups and other server parameters. The maximum number of users does not apply for superusers. However, IP check applies, superusers can only log in from the given IP range (like registered users), thereby improving security.
template This is not an ordinary user account like the other three ones. It is created in order to create other user accounts faster. When creating a normal user account, a template can be specified. Then all user data from the template are copied to the new user account.

Like in UNIX, users are moved together in groups. Every user must be in one group. This group is called the primary group. Furthermore, a user can be in up to eight secondary groups. There are two differences between the primary group and the secondary groups. The first is, that all files and directories that the user creates get only the primary group id. Second, the user can only run scripts from his primary group.

Rights

The OpenFTPD user rights system gives you a possibility to set very detailled permissions to your users. But we still recommend to choose your siteops and groupops wisely and give powerful rights only to people you trust hundred percent.

Those rights does not affect superuser accounts they always have all rights without explicit setting them.

R_STATE Change the state of the server (open/close/shutdown)
R_PORTS Change the port numbers
R_GUI Use the GUI
R_MONITOR Monitor user activity
R_FILEACCESS not needed at the moment
R_DUMP_FILES Dump user and group file
R_REGISTRY Edit registry
R_MESSAGES Add / Edit / Remove message files
R_CONFIG Get / Edit / Remove config files
R_NUKE Nuke directories / files
R_UNDUPE Remove entries from the dupe log
R_ALWAYS_LOGIN Login even if site is closed
R_GROUP_ALL All group rights together
R_GROUP_ADD Add a new group
R_GROUP_EDIT Edit a group
R_GROUP_DELETE Delete a group
R_GROUP_LIST View the group list
R_USER_ALL All user rights together
R_USER_DISABLE Disable an user
R_USER_KICK Kick an online user
R_USER_PASSWD Change password of an user
R_USER_ADD Add a new user
R_USER_EDIT Edit an user
R_USER_DELETE Delete an user
R_USER_READ Read user information of normal users
R_USER_ADD_SO Add a new siteop
R_USER_EDIT_SO Edit a siteop
R_USER_DELETE_SO Delete a siteop
R_USER_READ_SO Read user information of siteops
R_USER_ADD_GO Add a new groupop
R_USER_EDIT_GO Edit a groupop
R_USER_DELETE_GO Delete a groupop
R_USER_READ_GO Read user information of groupops
R_USER_ADD_ANON Add an anonymous user
R_USER_ADD_TMP Add a template user
R_USER_EDIT_IP Edit IP ranges of an user
R_USER_EDIT_GRPS Edit groups of an user
R_USER_EDIT_CREDIT Edit credits of an user
R_USER_EDIT_STATS Edit stats of an user
R_USER_EDIT_RIGHTS Edit rights of an user
R_USER_EDIT_INFO Edit info (tagline) of an user
R_USER_EDIT_UID Edit UID of an user
R_USER_EDIT_LOGINS Edit number of logins of an user
R_USER_EDIT_SPEEDS Edit speedlimit of an user
R_ALL All rights together

Signals

OpenFTPD can handle some signals to dump files. Use the kill command on the shell to send signals to the ftpd process.

SIGHUP dump the user- and groupfile, the registry and the binary stat files
SIGUSR1 dump the ascii stat files used by scripts
SIGUSR2 dump who.log and optionally the old textmode userfile

 
<% $m->comp("footer.htm") %>