The automated installation program (install_ncftpd.pl) has been updated considerably, mostly to support modern startup control systems (Systemd, Upstart, Launchd). It is important to remember that Perl must be installed in order to run install_ncftpd.pl, but you can still install NcFTPd manually if your system lacks Perl (such as FreeBSD 9).
Bug fixed where MFMT command was ignored.
Bug fixed where zero-byte uploads were not logged.
NcFTPd now does more in-depth pre-flight checks for access to the encrypted passwords before logging a warning.
Fixed a problem that could cause initial installation in a Solaris zone to fail.
You can now disable the CLNT or FEAT commands by adding allow-clnt=no or allow-feat=no to the general.cf. We highly recommmend that you leave these commands enabled.
Fix for "remote jail breakout" bug.
Symbolic links that point to items with pathnames longer than 127 characters are now shown in MLS directory listings, and are no longer shown with truncated pathnames in regular directory listings.
The maximum length of allowed usernames and passwords has increased.
Bug fixed where passwords encrypted with SHA were not recognized.
A few interface bugs fixed in the useradmin.pl CGI script (an extra program for managing ncftpd_passwd user databases via the web).
You can now again (as had been in version 1.x) enable/disable verbose logging on-the-fly without restarting NcFTPd, by sending the main process a SIGUSR1 signal.
Similarly, the ncftpd_spy utility program has been upgraded to make it easier to turn on live verbose logging and watch the log file, with these new usages:
ncftpd_spy tail (equivalent to /usr/bin/tail -f on the misc log)
ncftpd_spy toggle verbose logging
ncftpd_spy toggle verbose logging and tail.
The built-in ls no longer truncates the value of symbolic links at 63 characters, so that links pointing to longer paths will be shown.
The new general.cf options
Bug fixed where MLSx listings could fail on Linux.
Bug fixed where the current domain's set-name (from the domain.cf) was not being logged to the session log.
ncftpd_passwd now has an interactive mode to add or edit user records using the -A or -U flags, respectively. Previously, only a non-interactive mode was available (using the -a or -u flags, respectively) which required passing the entire colon-delimited record to the program as a command-line argument.
A daylight savings time bug has been fixed, which caused some timestamps to be off by an hour.
The new general.cf option
The new general.cf option
The new general.cf option
The new general.cf option
The new general.cf option
The new general.cf option
The new general.cf option
The new general.cf option
The new general.cf option
Directory listings are now timed internally, as had already been done for file transfers.
When loading the users (/etc/passwd) or groups file, ignore lines starting with an octothorpe ("#").
Other compatibility and small internal fixes.
Problem fixed where domain-specific logging was sending all log data to the first domain in the domain.cf.
Bug fixed where the
The ncftpd_repquota utility program has been improved.
Bug fixed where resuming a file at a position larger than 2 GB could fail.
Columns for directory listings are now properly aligned when large files are present. Previously, large files would cause the file size column to become misaligned.
Bug fixed with sendfile-io with large files. There were some other minor bugs with the sendfile implementation that were also fixed.
The xfer logs now indicate at what offset a file was resumed at (or 0 if started from the beginning), and the size of the file when the transfer started.
A few minor bugs with NcFTPd quotas fixed.
The Extended User Permissions' rename permission now requires delete permission when the file to be renamed to already exists.
Possible bug with
Assorted minor fixes and compatibility improvements.
Support for new platforms, including official support for AMD64 (also known as x86_64 or x64) for some operating systems.
The proposed standard command MFMT is now implemented.
This allows remote users to change the modification timestamp
on local files, if permissions allow.
This command is only allowed if the
The supplementary scripts, including the install_ncftpd.pl install script and startup scripts, have been updated for compatibility with new operating system releases.
Fixed a bug where NcFTPd could fail to timeout a stalled connection or become locked up.
ASCII transfers are now more tolerant of malformatted text files.
Introduced some new functionality to recycle the process if the ls cache gets too large. NcFTPd is also more aggressive about decreasing its memory size when the ls cache is near its maximum allowable size.
Workaround some small problems with Internet Explorer.
A few small bugs fixed when using sendfile internally.
Increased the maximum number of user classes to 15 from 5.
A few small bugs with NcFTPd quotas fixed.
NcFTPd is now compliant with the new RFC 3659 specification (although it had also been compliant with the earlier drafts). It is also compliant with RFC 959, 2389, and 2577.
You can now have directory listings show special file types such as
block devices and sockets with the
Improved internal diagnostic messages, so that it is easier for us to help you diagnose a problem when using verbose logging mode.
If your browser issues a NOOP command, the reply now includes how much time you have left before your session will be terminated for no activity.
Bug fixed where Authd logins failed if a umask was not specified.
Bug fixed where SITE UTIME may still have worked, even if you
requested that it be disabled using the
You can now change the name of the incoming directory with the
Can now handle group entries whose lines in /etc/group are longer than 511 characters.
Improved support for alternative password encryption algorithms (such as Blowfish) on Linux.
Compatibility fixes for Solaris 10, HP-UX 10 and SunOS 4.
No longer automatically disconnecting the user if a data connection failed as a result of a firewalled PORT, but after a failure the user will be forced to use PASV.
Bug fixed where a ncftpd_passwd database could be locked for extended periods of time.
Bug fixes for the NcFTPd quota subsystem.
Bug fixed where existing files beginning with a space could not be deleted.
Apparently we didn't make it clear that
Continuing the above theme, all users are now restricted to their home directories by default. All releases prior to 2.8.1 had regular system users not restricted by default.
If you don't want users restricted, you can set
For example, if you were using an
The NcFTPd Reporting Package has been rewritten. The reports are now easier to install, are more robust, and a little more aesthetically pleasing.
A daylight savings time bug fixed, which affected uploaded files and subsequent use of SITE UTIME by the client to set the file's timestamp.
New feature, User Classes, which let you configure multiple sets of restricted users. This is useful for creating read-only, write-only, or add-only users, or customizing them so that, for example, you have an add-only user that can also create directories and rename files. The Extended User Permissions let you have fine-grained control over operations such as read, write, create, append, delete, rename, mkdir, rmdir, list, etc.
Can now authenticate Solaris users with MD5 encrypted passwords. Can also handle Sun's extension of the MD5 algorithm, which produce passwords in a slightly different format than the MD5 passwords used on BSD or Linux.
The custom authentication (Authd, ncftpd_authd) has been enhanced:
You can return values for the user's umask, bandwidth limits, and user permissions string.
You can also return a value to use as a "cookie" which will be relayed by NcFTPd to an Eventd so you can send data from an Authd to an Eventd.
NcFTPd will now send your Authd a unique session identifier which you can use to differentiate login sessions.
You can now request that NcFTPd use its internal user authentication so if a username isn't recognized by your Authd, you can try a regular FTP login with /etc/passwd (or whatever you have set the passwd option to).
Updated compliance with IETF proposed standard Extensions to FTP, "
More tolerant of pathnames with international characters (i.e. UTF-8 character set).
New general.cf option
Data transfers now log if PASV or PORT was used.
Additional internal optimizations which will increase performance on heavily loaded machines.
Bug fixed in the FreeBSD port where transfers could get logged with the incorrect number of bytes transferred.
Bug fixed for wtmp logging option where an extra field could get logged, and throw off the record format.
Trying harder to work-around problems caused when binary files are being incorrectly downloaded by the user in ASCII mode.
A few enhancements to the useradmin.pl script.
Minor Security Issue: NcFTPd no longer accepts FTP commands with leading whitespace. Some firewalls or FTP proxies look at the command and pass the command through; if these proxies do not check for leading space, it would be possible to sneak commands past the proxy by prepending whitespace, such as " USER foobar" in place of "USER foobar".
The default behavior for handling proxy data connections has changed. Previous versions of NcFTPd made a compromise by allowing proxy connections except for obvious attempts to circumvent security (such as connecting to a low port number). With transparent FTP proxies becoming more widespread (thus reducing the need for connecting to different IP addresses explicitly), we feel that it is safe to disable all proxy behavior so that other services on high port numbers are protected. Therefore, the new default is to disallow all proxy data connections.
In exchange for this stricter default behavior, we have split out the allow-proxy-connections option into two new options, allow-outgoing-proxy-data-connections (for PORT) and allow-incoming-proxy-data-connections (for PASV). That way, if your site does require proxy functionality be enabled, hopefully you can get by with enabling just one of those two types. See the documentation for those options for the security implications involved with proxy data connections.
New bonus Perl script, useradmin.pl, replaces the old useradmin.cgi shell script. This script (located in the extra directory of the download package) can be used to provide a Web interface to ncftpd_passwd. Open the script in a text editor to view the installation instructions.
The installer has been updated for better compatbility with SuSE Linux.
Our user login diagnostic program, tspwd, has been revised to be on the lookout for non-standard DES passwords in /etc/shadow with an invalid salt created by Red Hat Linux 7.3. If you are having problems logging in and tspwd tells you that your system has this problem, the only way to fix this is to manually re-run /bin/passwd to reset the password which should fix the problem.
Bug fixed with allowed-site-commands option which was ignoring the quota parameter.
The allowed-site-commands option has always let you decide if SITE UTIME is allowed, but now doing so also controls whether the equivalent non-standard action, MDTM <date> <pathname> is allowed.
The a-password-mode option now accepts an exactly parameter if you wish to require that anonymous users login with one particular password.
The automatic file descriptor leak detection and correction feature which was introduced in version 2.7.1 has been enhanced to be a little more aggressive by default.
Minor enhancements to ncftpd_passwd.
Bug fixed with Authd logins which were ignoring supplementary groups.
Bug fixed on Linux port where sendfile was failing in an unexpected manner.
Bug fixed where SITE CHMOD was not accepting pathnames with spaces in them.
Fixed SITE DF on Solaris, which was reporting incorrect number of bytes due to incorrect blocksize used for the computation.
New general.cf option require-implicit-ack-for-uploads, which is the equivalent of the existing option require-implicit-ack-for-downloads for uploads. This option became necessary with the increasing number of poorly-written FTP client programs which close data connections improperly (i.e. in response to a user cancelling the upload). Both require-implicit-ack-for-uploads and require-implicit-ack-for-downloads are enabled by default.
Compatibility with NFS-mounted home directories has been improved.
ASCII transfers now try harder to convert non-UNIX text files (i.e. MS-DOS files with CR+LFs and Mac OS files with CRs only) to text before sending the files to client programs downloading in ASCII mode.
When a listing would fail, the error message is now sent via the control connection (i.e. 553 Permission denied) rather than as the contents of a separate data connection.
Users with Blowfish passwords on FreeBSD 4.x and later systems can now be authenticated.
The Eventd architecture has been extended to support System V Message Queues, which provides implementors an alternative to the UDP/IP message type.
The install script has been improved so it chooses an optimal set of binaries rather than the first set that works.
The install script has improved compatibility with SuSE 7, Mac OS X, and OpenBSD.
Sendfile support has been improved, and is now also available on Solaris 8 if the system supports it (i.e. Solaris 8 July 2001).
A file descriptor leak has been found and fixed. Also, there is now functionality which can detect leaks caused by the system libraries.
Fixed a loophole with virtual quotas which was letting users rename an uploaded file in progress to escape the file being counted.
Bug fixed with upload-tmp-then-rename which would sometimes leave failed .upload. files around.
A few bugs fixed with a-allow-mkdir-inside-incoming option.
Socket "KeepAlive" is now used on the control connection, but your server's TCP stack should be tuned so that the KeepAlive probes are sent much sooner than every two hours.
New %Cookies which are intended for use in goodbye message files.
SITE BUFSIZE is now recognized in addition to the plethora of other SITE command synonyms which all do the same thing.
You can now put ftp in /etc/ftpusers if you wish to deny anonymous access, but the recommended way is still to do this in the domain.cf using the server-type option.
Improved support for TCP Large Windows on AIX.
A daylight savings time bug has been fixed.
If a data transfer times out, NcFTPd now immediately closes the entire session rather than waiting for the control connection to time out.
The sendfile function is now implemented and enabled on Solaris 8. It can be disabled using the sendfile-io option.
The installation instructions have been changed to instruct the person installing NcFTPd to use a system startup script rather than an /etc/inittab entry.
The NcFTPd package now includes the install_ncftpd.pl installation program, which can be used to quickly install a standard NcFTPd configuration. The script requires Perl (version 5 or later) to be installed on the system.
Several portability problems with the reporting package have been fixed. A few problems with the reporting utility programs have also been fixed.
Bug fixed where directory cache entries were not invalidated when the directory was modified (uploaded into, mkdir'ed, removed item from, etc).
New general.cf options: a-allow-mkdir-inside-incoming, authd-message-timeout, banner, log-xfer-transaction-types, require-implicit-ack-for-downloads, u-add-only-groups, u-read-only-groups, u-write-only-groups.
NcFTPd now uses two fewer file descriptors per-process. Also, two file descriptor leaks were fixed.
The ftp user is no longer mandatory, as long as a suitable alternate user is already present (ncftpd, ncftp, www, web, daemon, nobody). This user's system privileges are used as the anonymous user's privileges.
Mac OS X is now supported (the consumer release, i.e. not Mac OS X Server). Currently Mac OS X Server is not supported because of binary incompatibilities with regular Mac OS X, but this will be supported soon after Apple updates Mac OS X Server.
OpenBSD is now supported.
Tweaks for ncftpd_passwd.
The soft quotas for NcFTPd quotas have been implemented, solely to log warning messages to the misc logs.
Fixed long-standing implementation errors in NcFTPd's handling of the FTP's default data port specification. Since almost all FTP client programs do not use that feature, this change will affect very few (any?) users.
There is now a SITE DF command which can be used similarly to the "df -k" command to determine disk usage.
Bug fixed where the ephemeral-port-range option was not working properly on every platform.
Support non-standard functionality to MDTM where a file's modification time can be changed (i.e. MDTM 19930602204445 /the/file/name). One client which does this is WS_FTP.
You can now disable a domain in the domain.cf by setting server-type=disabled. This is useful for creating domain entries that should not be allowed FTP access.
Bug where using a freed pointer in internal /bin/ls was causing a crash.
Improved directory listing performance for non-anonymous users.
Bug fixed where quotas were being recomputed at logout, which could also cause NcFTPd to lock up.
Bug fixed where a pathname containing a comma could cause event logging to fail.
Working around a memory leak in Linux C library's initgroups() function, but unfortunately this cannot be entirely solved until glibc is updated.
Improved performance of NcFTPd quota calculation.
Use IP_PORTRANGE_HIGH socket option on systems that support it (i.e. FreeBSD) so high port numbers (i.e. 49152 through 65535 for FreeBSD) are used for PASV.
Bug fixed where u-restrict-mode=homedir was not the default behavior if u-restrict-mode was not present in the general.cf and you had u-vchroot-restricted-users=no.
Bug fixed where a restricted user whose home directory was set to / could not access any files.
Security: Bug fixed where restricted users could access directory paths that were prefixed by the entire pathname of the home directory and if the user's UID/GID privileges allowed it. For example, a user bill with home directory /home/users/bill may have been able to access the directory /home/users/billybob if bill's privileges allowed it.
Worked-around problem with MLST directory listings on Digital Unix.
Large File (files larger than 2 GB) support improved.
By popular demand, more misc log messages now include the remote host of the user so you don't have to get it from the session logs.
A message is logged if a user exits while over their (NcFTPd, not OS) quota.
The ncftpd_repquota utility can now report on specific users, using the -l flag.
Now recognizing non-standard command primitive BYE as a synonym for QUIT.
Increased space used for buffers to improve performance.
Two memory leaks fixed.
Improved portability of wtmp logging.
Re-implemented work-around for problem with Internet Explorer, since the work-around that was used for NcFTPd 2.6.0 was found to be incompatible with Netscape Navigator and a different portion of Internet Explorer (IE apparently has several different internal implementations of FTP).
Text of idle timeout message changed to "421 Disconnecting you since you were inactive for XX seconds".
Bug fixed where if u-write-permission was set to no, the user could still upload to a directory named incoming.
Work-around bug in Internet Explorer's FTP client implementation, which could cause IE to err-out if it tried to download the file before it was supposed to.
Security: NcFTPd now includes an extra sanity check for ncftpd_authd message exchanges. At least two sites have reported a problem where a user login received the wrong login reply, which resulted in the user being logged into the wrong directory! If you're using a ncftpd_authd for user authentication, you're strongly urged to upgrade to this version. This of NcFTPd version verifies that the incoming message matches the username keyed in, so that this condition can be prevented. A side-effect of this check is that it breaks authds which like to change the username of a login.
The NcFTPd Reporting Package now include support for .PNG, as well as the deprecated .GIF format. New versions of gnuplot are now available for download which support .PNG.
There is now a max-domain-users-per-username option to limit simultaneous logins by users with the same name.
Logging has been enhanced to provide more details on how users ended their session. See the log file documentation for details.
TCP Wrappers support now includes support for the extended file format of /etc/hosts.allow.
Fixed a very rare memory leak in ls caching.
Fixed a rare case where a file could remain locked if you were using the lock downloads feature.
ncftpd_passwd includes some extra modes to facilitate password validation feasible from shell scripts.
Implement support for SIZE in ASCII mode, to work-around buggy FTP clients which don't change to binary mode prior to issuing SIZE.
Bug fixed where quota cookies weren't displaying correctly in messages. Quota and other message cookies are now fully documented online.
Directory listings are now logged in the transaction (xfer) logs. See the log file documentation for details.
Now including a new CGI script which serves as a sample web frontend to ncftpd_passwd. The script is called useradmin.cgi and is in the extra directory of the distribution.
NcFTPd now supports quotas. See the documentation for details. NcFTPd quotas work on all platforms since they are not related to the operating system's quota implementation, if any.
The format of the password databases has changed (because of quotas). Databases created with ncftpd_passwd from a release earlier than 2.5.0 are not compatible with NcFTPd 2.5.0. Use the updatepwdb utility (in the extra directory of the distribution) to convert an old database to the new format.
Simple bandwidth limiting added. There are new domain.cf options, a-download-bandwidth-per-user, u-download-bandwidth-per-user, a-upload-bandwidth-per-user, and u-upload-bandwidth-per-user, which can be set to an integer denoting the number of kilobytes per second each anonymous or regular user is allowed.
In addition, if you use NcFTPd password databases, you can use the same utility program you use to control virtual user quotas (ncftpd_edquota) to also set customized individual bandwidth controls, rather than assign one limit which applies to everyone in the domain.
ncftpd_passwd can now be used again in CGI scripts. See the documentation and read the portion detailing "Mode 4". A sample CGI script is included in the distribution's extra directory.
NcFTPd now takes advantage of the optimized kernel function sendfile() on FreeBSD and Linux. This function can greatly increase overall system performance since sendfile() can do an entire data transfer without switching context.
There is a new general.cf option, wtmp-log-mode, to support wtmp logging, although most sites should continue to only use NcFTPd's session logs instead. See the documentation for details.
A command throttle has been implemented, so that errant processes or malicious users can't spam the server with FTP commands.
The event-pipe functionality has been superceded by the ncftpd_eventd feature, which allows you to have a daemon process to process user activity in near real-time. See the documentation for details.
Items in the /etc directory are now always off-limits for (non-root) users, even for unrestricted users. If you don't want that behavior, set the general.cf option u-restrict-etc to no.
You can now set the general.cf option u-try-truncated-passwords to yes if your users think they have long passwords (9 or more characters) but in reality the system only wants 8.
Introductory support for some new SITE commands to try larger TCP window sizes. Only a few special-purpose FTP clients may end up using this, since it isn't standardized in any RFC.
There is a new general.cf option, a-allow-incoming, which can be set to no if you want to disable the special handling of the incoming directory. This can be useful if you have incoming directories but don't want users to upload into them.
A few tweaks to work better on Linux 2.2.
Linux versions of NcFTPd 2.4.0 were incorrectly built using static linking instead of dynamic linking.
Off-by-one bug fixed where a malformed PORT command could corrupt exactly one byte of data, causing a crash.
New platform support for FreeBSD 3, BSD/OS 4.0, Solaris 7 (32-bit), HP-UX 11, and IRIX 6.5.
Large file support on systems with both 64-bit integral types (long long) and an lseek function that accepts a 64-bit offset.
Long-standing problem fixed where the ls emulator wouldn't show files whose names lengths exceeded 63 characters.
The special incoming directories now have uploaded files' owner and group set to that of the directory. This can be overridden with the suddenly less-useful a-file-owner and a-file-group options.
Bug fixed where resumption of uploads resulted in a corrupted upload.
NcFTPd now supresses extended messages if the user logged in with a dash character as the first character of their password.
Bug fixed where the logger was not creating new directories with the owner and group specified.
Improved support for experimental FTP commands by the IETF's FTPEXT Working Group.
event-pipe option is no longer supported.
It is now easier to setup a second instance of NcFTPd on the same machine since now all it takes is changing the port setting in the general.cf.
New general.cf options for TCP Large Window support, ctrl-rbuf-size, ctrl-sbuf-size, data-rbuf-size, data-sbuf-size. See the online documentation for details.
Bug fixed where the general.cf configuration option max-users-per-ip option failed to work.
Bug fixed in ncftpd_passwd which was limiting user names to 31 characters instead of 63.
NcFTPd now avoids printing the directory .message file if the user has already seen it in the same session.
NcFTPd now supresses extended messages if the user logged in with a dash character as the first character of their username.
NcFTPd no longer requires that the domains in the domain.cf be valid at the time of startup.
New general.cf option, a-umask, lets you set the anonymous users' umask, like you can do already for non-anonymous users with u-umask.
Bug fixed where removing a symbolic link actually removed the original item, permissions permitting.
Rare bug fixed where building a passive data connection would fail if there was already a passive data connection specified.
Bug fixed where sending NcFTPd a SIGHUP to have the domain configuration reloaded on some platforms (i.e. Solaris) was disconnecting the active users.
Problem fixed where a user with a long username (9+ characters) may not have been able to login.
New general.cf option, rmdir-recurisve, may be set to yes to have an FTP RMD command behave like /bin/rm -r. The default is no, which means that a directory is only removed if it is empty.
Virtual users are now required to have their home directory be a real directory, and not a symbolic link. This will help for those of you who are trying to pass off virtual user management to actual end users.
Bug fixed in the %U cookie that was not working unless the user was anonymous.
Virtual users are no longer checked against /etc/shells and /etc/ftpusers.
Fixed bug introduced in 2.3.0 that was causing the xfer and session logs for all domains to go to the default domain's logs, instead of each domain's logs.
The connect banner no longer displays NcFTPd's version number.
Bug fixed which was limiting the rename command.
Welcome, Login, Goodbye, and cd messages can now contain cookies:
Important security-related bug fixed where directories consisting of an even number >= 4 of periods could cause local users to obtain unintended access to portions of the filesystem that the logged-in user's UID has access to.
The extra subdirectory of the distribution now includes a shell script to convert NcFTPd xfer logs to wu-ftpd xferlog format.
You can now modify existing domains or add new domains to the domain.cf file and kill -HUP the main ncftpd process to load the new domain configuration without shutting down NcFTPd or disrupting existing client connections. (Inspect the ncftpd.pid.sh script to find the process ID of the main process.)
A ls-always-resolve-links option can be set to yes in the general.cf file if you want ls -L behavior by default.
The welcome, login, and goodbye message files are no longer pre-loaded at startup. You can now change the contents of these files at any time without having to restart the server.
The ncftpd_passwd utility has been enhanced so a system administrator can allow non-superusers to modify password databases. See the documentation for details.
Introductory support for new FTP commands introduced by the IETF's FTPEXT Working Group.
Virtual user account names can now be 63 characters instead of 31. This will also require custom ncftpd_authd processors to be recompiled using the revised SDK to be compatible.
New login-timeout setting helps prevent denial-of-service attacks by placing a short timelimit that a user has to login before being disconnected. After a successful login, the user is limited by the usual idle-timeout setting.
You can now control the number of simultaneous remote FTP sessions each remote user can have with the max-users-per-ip setting. This can be helpful if you have users who insist on hogging the available connection slots to themselves. It can also be used in conjunction with the new login-timeout option to further limit DoS attempts.
The xfer logs are now more like transaction logs, since in addition to uploads and downloads being logged, they now log deletes, mkdirs, chmods, and renames.
Bug fixed where a .message file was not being displayed for the directory the user starts the login from.
Bug fixed on Linux with glibc where connections would not timeout properly.
Bug fixed on Linux with glibc where NcFTPd did not always shutdown properly.
Bug fixed which refused sessions could be logged twice.
Users can now use ~ in pathnames to denote their home directory.
Better support for alternate password encryption algorithms on Digital UNIX.
Better auto-detection of free Canadian and European university domains.
Since so many people were cheating on the free educational and non-profit license, this version reflects the new policy of free for educational use only (and only on auto-recognized domains).
Fixed a problem where using ncftpd_passwd with the -I flag could cause an infinite loop on some platforms.
Back to NcFTPd Home Page