README
1twoftpd
2Simple secure efficient FTP server
3Bruce Guenter <bruce@untroubled.org>
4Version 1.43
52015-02-04
6
7This is twoftpd, an FTP server that strives to be secure, simple, and
8efficient. None of the back end commands can cause execution of other
9programs, and the normal model of execution does a chroot to the logged
10in user's directory immediately after authentication.
11
12The name "twoftpd" comes from the fact that there were two parts to the
13server -- an authenticating front end, which contains no file or data
14transfer code, and a back end, which contains all the data transfer
15code.
16
17A mailing list has been set up to discuss this and other packages.
18To subscribe, send an email to:
19 bgware-subscribe@lists.untroubled.org
20A mailing list archive is available at:
21 http://lists.untroubled.org/?list=bgware
22
23Development versions of twoftpd are available at:
24 https://github.com/bruceg/twoftpd
25
26Development of this version has been sponsored by FutureQuest, Inc.
27ossi@FutureQuest.net http://www.FutureQuest.net/
28
29Installation:
30
31Check the build settings in the conf-* files and run "make". As root,
32run "make install".
33
34On 32-bit Linux, to allow access to files 2GB and larger, make sure
35-D_FILE_OFFSET_BITS=64 is in conf-cc.
36
37Programs:
38
39The package is broken down into two main programs: twoftpd-auth is a
40front-end that only accepts USER and PASS (and a few other "built-in")
41commands. Once a user is authenticated, it execs a back end program,
42typically twoftpd-xfer. This program changes to the home directory in
43$HOME, optionally does a chroot, and then drops root UID/GID to lock
44down all privileges.
45
46twoftpd-anon is a stripped-down version of twoftpd-xfer with all the
47filesystem modification commands removed to allow for read-only FTP
48access. It may be used even without twoftpd-auth to provide an
49anonymous FTP server.
50
51twoftpd-drop is another reduced back end. It allows only for uploading
52new files. Downloading, overwriting files, changing permissions,
53renaming, etc are all forbidden. All listings produce an empty result
54to make it harder to guess which file names already exist.
55
56Usage:
57
58For a server handling only non-anonymous logins, optionally set CHROOT
59and use:
60
61 tcpserver -DHRv 0 ftp \
62 /usr/local/bin/twoftpd-auth \
63 /usr/local/bin/cvm-unix \
64 /usr/local/bin/twoftpd-xfer
65
66For a server handling only anonymous logins, set UID, GID, and HOME to
67appropriate values, set CHROOT to 1, and set USER and GROUP to "ftp",
68and use:
69
70 tcpserver -DHRv 0 ftp /usr/local/bin/twoftpd-anon
71
72If you want to have both anonymous and non-anonymous logins on the same
73server, run both of the above two commands with two seperate IPs
74substituted for the "0" parameter. Because the FTP protocol does not
75support name-based virtual hosting, multiple anonymous servers must be
76run on separate IPs.
77
78See the man pages for twoftpd-auth and twoftpd-xfer for more details.
79
80Security notes:
81
82Unless you have specific reason not to, always run with CHROOT or
83SOFTCHROOT set.
84
85Always run twoftpd (and most other servers) with resources limits in
86effect. For example:
87
88 tcpserver -DRHv 0 ftp softlimit -m 2000000 twoftpd-anon
89
90This will allow the server to consume up to 2MB of memory before being
91killed, which should be enough for most OS's, and still prevent memory
92overflow attacks.
93
94This program is Copyright(C) 2015 Bruce Guenter, and may be copied
95according to the GNU GENERAL PUBLIC LICENSE (GPL) Version 2 or a later
96version. A copy of this license is included with this package. This
97package comes with no warranty of any kind.
98