The anonymous FTP directory tree is simple to setup. Often, you don't need to do anything but make sure the directory exists because NcFTPd doesn't rely upon any files in the hierarchy.
The server can be configured to accept only anonymous users, only non-anonymous users, or allow both. This can be configured differently for each virtual domain, if you so choose.
If you don't want to offer shell access, you may find the Virtual Users feature helpful. This lets you have FTP-only accounts without having to worry about shell logins, mail, etc. It is also easy to require these users to be restricted to their home directory. These users do not require any special setup in their home directory -- no copies of system files, /bin/ls, etc. -- and no special hacks in your /etc/passwd file.
Users can retrieve whole directory trees using a TAR download feature, with optional Compress or GZIP compression. This is a convenience feature for users who don't want to download each file separately.
You can have NcFTPd enforce disk quotas for virtual users.
You can establish download (and upload) bandwidth limits, per-domain or per-virtual user.
You can create custom message files to present to a remote user when they change to a particular directory by simply creating a .message file in that directory.
Included with the package is the ncftpd_spy program which allows a site administrator to tell which users are currently logged on, and watch what they're doing.
The server implements the complete modern FTP command set, including support for passive data connections (PASV), remote file size (SIZE), and remote file time (MDTM), primitives, as well as support for file mode change (SITE CHMOD) and umask setting (SITE UMASK).
You can set the default umask for non-anonymous users. This is nice for use on an internal corporate network.
It's a piece of cake to fire up the server on a different port number.
You can have Virtual Users in separate password database files, which can login for FTP only (and not be able to telnet, rlogin, or receive mail). By default, they are also restricted to their home directory.
You can turn off write permission for anonymous users in the server itself, instead of relying upon UNIX file-access permissions being set correctly. This prevents unwelcome use of your server as a drop off point for pirated software, pornographic material, etc.
You can prevent access to users whose remote port number is classified by UNIX as a restricted port number.
You can deny proxy users, whose data connections are to a different host than the host that the control connection originated upon.
Pathname filtering can be done so that files whose pathname contains non-printing characters cannot be created. Similarly, you can prevent .dotfiles from being created.
The built-in /bin/ls can be configured not to display real user or group names in listings. That way the FTP server doesn't give away any clues to which user names really exist on a system.
You can use TCP Wrappers to restrict which remote hosts have access to the server.
Safe coding methods were employed; It was written with the attitude that anything can happen. There should never be an instance where a buffer was overrun, an error ignored, etc. Security is not taken lightly -- the program is frequently regression tested and deliberately attempted to be made to break.
Each virtual host can have its own welcome message, anonymous FTP directory tree, password authentication scheme, logins, user limit, log files, etc.
It doesn't run from /etc/inetd which is a bottleneck for heavily-used systems.
The server caches directory contents for rapid re-use.
The server uses it's own built-in /bin/ls replacement. It does not need to spawn a child process to do a directory listing.
The server can use memory-mapped I/O for faster data transfers, or sendfile() optimization where available.
Does not do needless DNS lookups, which can slow down access to your server and overburden your nameserver.
In particular, the easy virtual-hosting, restricted virtual users, and extra security options are often reason enough to buy it.
Back to NcFTPd Home Page