vsftpd or pureftp addition?

Should DA switch ftp servers?

  • Yes, switch as I don't like all these exploits!

    Votes: 33 78.6%

  • No, keep it as is I like constantly updating proftp.

    Votes: 9 21.4%
  • Total voters
    42
Status
Not open for further replies.
D

Dark_Wizard

Verified User
Joined
Oct 3, 2006
Messages
47
We all know that proftp has always been plagued with security compromises and it gets frustrating to say the least. The 2 that have shown throughout the years regarding security, speed and less memory consumption are vsftpd and pureftp.

I think it may be time for a change with DA...anyone else agree?
 
smtalk said:
+1 vote for pure-ftpd
Click to expand...

That really would be my second choice as vsftp is actually more secure, has a smaller footprint, supports all the protocols and is the fastest one of them all....
 
Now that vsftpd has TLS support I'm much happier with it as an ftp server. That was the main reason for using proftpd.
 
It's doubtful DA will change; DA is written around how it creates and makes changes to ProFTPd.

Jeff
 
jlasman said:
It's doubtful DA will change; DA is written around how it creates and makes changes to ProFTPd.

Jeff
Click to expand...

So they are not up to change? This is really important IMO....if DA wants to be competitive then I would assume that this should be added as cpanel allows for either...
 
Great news :) ProFTPd should be changed in the near future if everything will be okay.
 
Dark_Wizard said:
That really would be my second choice as vsftp is actually more secure, has a smaller footprint, supports all the protocols and is the fastest one of them all....
Click to expand...

Huh, yeah, but it isn't a feature-rich one ;) It is most used for anonymous ftp's, not for hosting. It does not yet support all the functionality DirectAdmin need.
 
we've been looking at other options, but none really provide any of the features we need. The vsftpd doesn't come close. The closest is pure-ftpd, but very large changes are still required in order to accomodate it (it can't accomodate us). It also means that owned IP address are now shared, relating to ftp. As far as I can tell, it doesn't support virtualhosts for multiple ftp password file. It supports multiple IPs for different document roots based on IP, but that's not enough, we need many accounts for an owned IP. The main significance is that 1) huge changes to the DA code.. and 2) owned IPs will no longer be able to have their own "user" login format.. has to be the full [email protected] format for everyone (except the system accounts).

For now, swapping out proftpd with pure-ftpd isn't hard as long as all accounts are on a shared IP. If not, it's very ugly to even think about it.

John
 
Pure-FTPD has enough functionality :) For those who want to test PureFTPd on their systems I've made a convert commands list (only for RedHat based OS). NOTE!: It isn't tested enough and it doesn't have all the features I'm planning to add in the future:

Code: 
rpm -e proftpd proftpd-standalone
cd /usr/local/directadmin/customapache
wget http://download.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-1.0.21.tar.gz
tar -xzf pure-ftpd-1.0.21.tar.gz
cd pure-ftpd-1.0.21
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var/run --mandir=/usr/local/man --without-pam --with-ratios --with-virtualchroot --with-virtualhosts LDFLAGS=-static
make
make install
cp -Rp /etc/proftpd.passwd /etc/pureftpd.passwd
cd configuration-file
cp pure-ftpd.conf /etc
chmod 755 pure-config.pl
perl -pi -e 's/^ExtAuth/# ExtAuth/' /etc/pure-ftpd.conf
./pure-config.pl /etc/pure-ftpd.conf
mkdir /etc/pure-ftpd
perl -pi -e 's/\/etc\/proftpd.conf/\/etc\/pure-ftpd.conf/' /usr/local/directadmin/conf/directadmin.conf
perl -pi -e 's/\/etc\/proftpd.passwd/\/etc\/pureftpd.passwd/' /usr/local/directadmin/conf/directadmin.conf
 
Unless I'm missing something (please let me know if I am), no it doesn't have enough functionality to fit our current setup. Owned IP accounts use their own ftp password files (/usr/local/directadmin/data/users/username/ftp.passwd). As far as I can tell, pureftpd doesn't support multiple password files based on the IP being connected to. If it does, please point me in the direction of that documentation so I can look at it.

The reason the "user" login fomat will no longer work for owned IPs is that if all accounts are in one big ftp password file, then if the domain owned.com on an owned IP has an ftp user named "bob" .. that will butt heads if owned2.com (on an owned IP) also has a user named "bob" .. or if there is a system account named "bob".

That's why you can only use pureftpd right now if all domains are on a shared IP. Once you get into owned IPs, it doesn't work.

John
 
Status
Not open for further replies.
Back
Top