Pure ftp for hosting company
Pure FTP for hosting company
· All accounts can be easily chrooted by default. For easy administration, a “trusted” group with no chroot can be defined.
· System accounts can immediately have FTP access. Authentication via PAM modules is also supported. Accounts below an uid can be disallowed.
· LDAP authentication is also fully supported. Plaintext, Crypt, MD5, SMD5, SHA and SSHA crypto hash functions are implemented. Pure-FTPd was successfully tested with OpenLDAP and iPlanet Directory Server. It uses standard posixAccounts classes.
· Pure-FTPd supports a virtual quota system : accounts can have individual quota (max number of files, max total size) even when they share the same system UID.
· Built-in secure cryptographic hashes (SMD5, SSHA) can be used with any LDAP server, even those that are lacking support for these hashes.
· Bandwidth throttling is supported, with distinct settings for upload and download.
· Custom authentication methods can easily be added. Pure-FTP supports external authentication modules, and writing a new backend can be as simple as a few lines of shell script.
· Every user can be assigned individual quota, ratio and bandwidth.
· Every user can be allowed to connect only from a specific range on IP address, or only to its own virtual host.
· User info can also be centralized in MySQL databases, with or without transactions. All queries are fully customizable, and requests can be built with user names, remote client addresses, local IP addresses and ports. That way, complex web hosting rules can be easily implemented, even with multiple virtual servers on the same host, and multiple virtual domains with many users
· FTP accounts can be distinct from system accounts, stored in an independent database. Multiple accounts can share the same system id. A built-in indexing database allows very fast lookups. It is successfully running with over 1.5 million accounts on the same server. System accounts can be copied to virtual FTP accounts, so that users can have different passwords for shell access and FTP access.
· Multiple authentication methods can be chained in any order. For instance, SQL accounts, LDAP directories and system accounts can be used at the same time.
· An anti-warez system prevents users from trading if they found a public-writeable directory. Files owned by the anonymous ftp users can’t be downloaded (sysadmin has to moderate them by changing their ownership)
· Every user can be individually restricted to his home directory or not.
· Every user can be allowed to connect only during configured time-ranges (e.g. only during business hours).
· . Also, ftp users can’t create directories by default to hide files.
· Downloads can be disallowed if the system load is too high.
· Directory listings list a parametrable max number of files. Recursive listings are fully supported, with a parametrable maximal depth. So you can provide recursive search to your users without providing any simple denial-of-service.
· Any external shell script can be called after a successful upload. Virus scanners and database archiveal can easily be set up
· Multiple virtual FTP servers can be hosted on the same computer, with an independant trusted IP for administration.
· A maximum concurrent connection from the same IP address can be enforced to avoid bandwidth starvation and denial-of-service attacks.
· The pure-ftpwho command provides real-time reports of who’s doing what on the FTP server, including bandwidth usage. The result can be a full web page, and the program can also work like a standard CGI program, compatible with any web server. XML and text reports are also available, as well as a compact and easily parsable format for shell scripts.
· Log files are accurate, and they use standard syslog facilities. Additional Apache-like (CLF) log files can be produced. They are compatible with all web-statistic software. An extended format called “Stats” is also implemented, and works with advanced third-party FTP statistic software like FTPStats and ModLogAn. FTPStats provides detailed per-user statistics.
· Home directories can be created on-demand. This is especially useful with LDAP and SQL backends : just insert a row in the database, and the account is ready to go. No need to create any directory for that user : it will be automatically created the first time he will log in.
· Access to dot-files can be restricted, so that users can’t read/write .ssh directories, .bash_history files, .rhosts files, etc.
· Safe permissions are enforced on users home directories. Customers can’t disable their accounts by mistake with an insecure “chmod 0 /” command. The “chmod” command can also be totally disabled.
· Symbolic links can be followed when users are chrooted, even when they are pointing out of the chroot jail. This unique feature makes shared content easy to set up.
· Pure-FTPd can act as private FTP server and disallow all anonymous connections regardless of the “ftp” system account. With another switch, the server can be anonymous-only, and refuse connections to all shell accounts.
· Multiple Pure-FTPd servers with different settings can run on the same host without any conflict.
· Directory aliases can be enabled, to provide shortcuts to common directories.
· Uploads are truely atomic. Web servers will not serve partial images nor broken PHP scripts when the files are being uploaded, even when content is being updated.
