RE: [fw-wiz] OT: FTP Servers

From: Sloane, David (
Date: 06/06/03

  • Next message: Bennett Todd: "[fw-wiz] Re: OT: FTP Servers"
    Date: Fri, 6 Jun 2003 16:44:57 -0400

    First, I don't know if WU-FTPD is still a good server or not.

    I've had good luck setting up vsftpd on linux recently.


    The author is a bit... enthusiastic about his project, but don't be put off
    by the unusual exuberance.

    The documentation is good but a little scattered - the man pages are the
    most complete reference.

    Security and performance seem to be the twin goals of the server and I've
    found that it performs well. My (public-facing) ftp site doesn't get a lot
    of traffic, so I can't say "It's really secure" with any conviction.

    I've found it integrates well with PAM security on Red Hat 9. If you're
    making a dedicated ftp server, this integration is quite useful. For
    example, you can set system-wide password-aging and disk quotas, which will
    then apply to all of your ftp users. You can chroot local users
    (chroot_local_user=YES in the vsftpd.conf file) so that each user sees her
    home directory as the ftp server root (forgive me if this is obvious to you
    *nix wizards). It's good stuff.

    Version 1.2.0 of vsftpd just came out, but I'm still running 1.1.3 in
    production till I have time to test the new build.

    Good luck.


    -----Original Message-----
    From: John Smith []
    Sent: Friday, June 06, 2003 2:51 PM
    Subject: [fw-wiz] OT: FTP Servers


        I have been tasked to build a FTP server. I have selected the OS (a
    Unix variant that I know how to strip down to bare bones). The last
    time I built a Unix FTP server (roughly five years ago) I used WU-FTPD.

        My question is this: Is WU-FTPD still a good FTP server to use? The
    pros are I am experienced with it and it works very well in
    installations I have done. The (potential) con is the fact that there
    hasn't been a new release of the code since 11/2001 (2.6.2). I haven't
    seen new exploits for it, so I don't know if the code is that stable or
    if it isn't being maintained anymore. The home page (
    was last updated 2/18/2003.

        If WU-FTPD is not a good FTP server to use or there are better (i.e.
    - more secure) servers out there, what would you suggest? The needs for
    the site are anonymous FTP, potentially some 'real' FTP users, and up to
    500 simultaneous FTP connections. And of course the FTP server should
    be free. :-)

        Thank you.


    firewall-wizards mailing list
    firewall-wizards mailing list

  • Next message: Bennett Todd: "[fw-wiz] Re: OT: FTP Servers"