NcFTPd: What's New

What's New

Here are the changes from each release. To get the most recent version, please visit the download page.

Version 2.8.8 - January 11, 2024

The automated installation scripts have been updated. There is now a install_ncftpd.sh shell script that can be used instead of the Perl version (install_ncftpd.pl). The Perl version remains more fully featured and is able to create an uninstaller, however, the shell script is very convenient and is now recommended unless you already have Perl on the system.
New utility program ncftpd_ping is used to determine if your FTP server (or someone else's) is running.
Processes now change their command line as viewed from ps to reflect a status line appropriate to their process type rather than the original command line parameters that were given to the main process.
The xfer logs now include the peer and local IP addresses for the control and data connection.
The session logs now include the elapsed time for login and the total session, as well as how long it took for the user to do something useful.
New User Class, "Denied", when you want to define groups of users to block/deny.
New general.cf option: allow-pasv-reuse
New general.cf option: allow-utf8
A standard PID file is now created that contains only the process ID of the main process, along side the existing pid.sh file that contains a mini shell script to terminate all individual processes.

Version 2.8.7

The automated installation program (install_ncftpd.pl) has been updated considerably, mostly to support modern startup control systems (Systemd, Upstart, Launchd). It is important to remember that Perl must be installed in order to run install_ncftpd.pl, but you can still install NcFTPd manually if your system lacks Perl (such as FreeBSD 9).
Bug fixed where MFMT command was ignored.
Bug fixed where zero-byte uploads were not logged.
NcFTPd now does more in-depth pre-flight checks for access to the encrypted passwords before logging a warning.
Fixed a problem that could cause initial installation in a Solaris zone to fail.
You can now disable the CLNT or FEAT commands by adding allow-clnt=no or allow-feat=no to the general.cf. We highly recommmend that you leave these commands enabled.

Version 2.8.6

Fix for "remote jail breakout" bug.
Symbolic links that point to items with pathnames longer than 127 characters are now shown in MLS directory listings, and are no longer shown with truncated pathnames in regular directory listings.
The maximum length of allowed usernames and passwords has increased.
Bug fixed where passwords encrypted with SHA were not recognized.
A few interface bugs fixed in the useradmin.pl CGI script (an extra program for managing ncftpd_passwd user databases via the web).
You can now again (as had been in version 1.x) enable/disable verbose logging on-the-fly without restarting NcFTPd, by sending the main process a SIGUSR1 signal.
Similarly, the ncftpd_spy utility program has been upgraded to make it easier to turn on live verbose logging and watch the log file, with these new usages:
ncftpd_spy tail (equivalent to /usr/bin/tail -f on the misc log)
ncftpd_spy toggle verbose logging
ncftpd_spy toggle verbose logging and tail.
The built-in ls no longer truncates the value of symbolic links at 63 characters, so that links pointing to longer paths will be shown.
The new general.cf options log-xfer-starts and log-session-starts are useful for generating a preliminary log record immediately, in addition to the record that is logged when the operation completes.
Bug fixed where MLSx listings could fail on Linux.
Bug fixed where the current domain's set-name (from the domain.cf) was not being logged to the session log.
ncftpd_passwd now has an interactive mode to add or edit user records using the -A or -U flags, respectively. Previously, only a non-interactive mode was available (using the -a or -u flags, respectively) which required passing the entire colon-delimited record to the program as a command-line argument.
A daylight savings time bug has been fixed, which caused some timestamps to be off by an hour.

Version 2.8.5

The new general.cf option ls-date-and-time-format can be used if you want your /bin/ls-style directory listings to use a different date format instead of the UNIX default.
The new general.cf option ls-hide-inaccessible-items removes items from directory listings that the user cannot access. This only affects listings, and does not alter or remove the files themselves.
The new general.cf option allow-paths can be useful in some cases to allow restricted users' access to directories outside the restricted area.
The new general.cf option ascii-mode can be used to tweak the text conversion algorithm.
The new general.cf option ascii-size-mode lets you change how NcFTPd handles the SIZE command for TYPE A (when ASCII mode is selected).
The new general.cf option sleep-seconds-after-active-transfer is available for introducing short delays between data transfers performed with PORT, and is useful for preserving the limited supply of ephemeral port numbers.
The new general.cf option default-transfer-type is only useful if you want to violate the FTP protocol and have binary be the default type instead of ASCII. Don't use this option unless you absolutely must!
The new general.cf option allow-resume is available if you want to disable users' ability to resume transfers.
The new general.cf option log-timestamp-fractional-seconds can be used if you need finer granularity in the log timestamps.
Directory listings are now timed internally, as had already been done for file transfers.
When loading the users (/etc/passwd) or groups file, ignore lines starting with an octothorpe ("#").
Other compatibility and small internal fixes.

Version 2.8.4

Problem fixed where domain-specific logging was sending all log data to the first domain in the domain.cf.
Bug fixed where the option allow-pasv had been ignored.
The ncftpd_repquota utility program has been improved.
Bug fixed where resuming a file at a position larger than 2 GB could fail.
Columns for directory listings are now properly aligned when large files are present. Previously, large files would cause the file size column to become misaligned.
Bug fixed with sendfile-io with large files. There were some other minor bugs with the sendfile implementation that were also fixed.
The xfer logs now indicate at what offset a file was resumed at (or 0 if started from the beginning), and the size of the file when the transfer started.
A few minor bugs with NcFTPd quotas fixed.
The Extended User Permissions' rename permission now requires delete permission when the file to be renamed to already exists.
Possible bug with passive-ip fixed.
Assorted minor fixes and compatibility improvements.
Support for new platforms, including official support for AMD64 (also known as x86_64 or x64) for some operating systems.

Version 2.8.3

The proposed standard command MFMT is now implemented. This allows remote users to change the modification timestamp on local files, if permissions allow. This command is only allowed if the SITE UTIME command is currently enabled via the allowed-site-commands option.
The passive-ip option is now also a domain.cf option, if you want to set it on a per-domain basis.
The supplementary scripts, including the install_ncftpd.pl install script and startup scripts, have been updated for compatibility with new operating system releases.
Fixed a bug where NcFTPd could fail to timeout a stalled connection or become locked up.
ASCII transfers are now more tolerant of malformatted text files.
Introduced some new functionality to recycle the process if the ls cache gets too large. NcFTPd is also more aggressive about decreasing its memory size when the ls cache is near its maximum allowable size.
Workaround some small problems with Internet Explorer.
A few small bugs fixed when using sendfile internally.
Increased the maximum number of user classes to 15 from 5.
A few small bugs with NcFTPd quotas fixed.
NcFTPd is now compliant with the new RFC 3659 specification (although it had also been compliant with the earlier drafts). It is also compliant with RFC 959, 2389, and 2577.
You can now have directory listings show special file types such as block devices and sockets with the ls-show-special-file-types option, although these files usually serve no purpose for FTP.
Improved internal diagnostic messages, so that it is easier for us to help you diagnose a problem when using verbose logging mode.
The a-allow-mkdir-inside-incoming option now works again.
If your browser issues a NOOP command, the reply now includes how much time you have left before your session will be terminated for no activity.
Bug fixed where Authd logins failed if a umask was not specified.
Bug fixed where SITE UTIME may still have worked, even if you requested that it be disabled using the allowed-site-commands option.
You can now change the name of the incoming directory with the a-incoming-dir option.

Version 2.8.2

Can now handle group entries whose lines in /etc/group are longer than 511 characters.
Improved support for alternative password encryption algorithms (such as Blowfish) on Linux.
Compatibility fixes for Solaris 10, HP-UX 10 and SunOS 4.
New general.cf options allow-mls and count-only-files-owned-by-user-towards-quota.
No longer automatically disconnecting the user if a data connection failed as a result of a firewalled PORT, but after a failure the user will be forced to use PASV.
Bug fixed where a ncftpd_passwd database could be locked for extended periods of time.
Bug fixes for the NcFTPd quota subsystem.
Bug fixed where existing files beginning with a space could not be deleted.

Version 2.8.1

Security: Apparently we didn't make it clear that u-restrict-mode=homedir was required for the 2.8.0 release if you wanted users confined to their home directories. Rather than continue that requirement, this release no longer requires that u-restrict-mode be set if you are restricting users with the u-restricted-groups option.
Continuing the above theme, all users are now restricted to their home directories by default. All releases prior to 2.8.1 had regular system users not restricted by default.

If you don't want users restricted, you can set u-restrict-mode=unrestricted in the general.cf.
For example, if you were using an all except line with u-restricted-groups, such as u-restricted-groups=all except admins then replace your existing u-restricted-groups and u-restrict-mode settings and use this instead:

The NcFTPd Reporting Package has been rewritten. The reports are now easier to install, are more robust, and a little more aesthetically pleasing.

A daylight savings time bug fixed, which affected uploaded files and subsequent use of SITE UTIME by the client to set the file's timestamp.

Version 2.8.0

New feature, User Classes, which let you configure multiple sets of restricted users. This is useful for creating read-only, write-only, or add-only users, or customizing them so that, for example, you have an add-only user that can also create directories and rename files. The Extended User Permissions let you have fine-grained control over operations such as read, write, create, append, delete, rename, mkdir, rmdir, list, etc.

Can now authenticate Solaris users with MD5 encrypted passwords. Can also handle Sun's extension of the MD5 algorithm, which produce passwords in a slightly different format than the MD5 passwords used on BSD or Linux.

The custom authentication (Authd, ncftpd_authd) has been enhanced:

You can return values for the user's umask, bandwidth limits, and user permissions string.
You can also return a value to use as a "cookie" which will be relayed by NcFTPd to an Eventd so you can send data from an Authd to an Eventd.
NcFTPd will now send your Authd a unique session identifier which you can use to differentiate login sessions.
You can now request that NcFTPd use its internal user authentication so if a username isn't recognized by your Authd, you can try a regular FTP login with /etc/passwd (or whatever you have set the passwd option to).

Updated compliance with IETF proposed standard Extensions to FTP, "ftpext-mlst-16."
More tolerant of pathnames with international characters (i.e. UTF-8 character set).
New general.cf option allow-proxy-when-control-originates-from-loopback which may be used for those of you experimenting with SSH tunnelling.
New general.cf options allow-downloads-if-quota-exceeded and delete-uploaded-file-if-quota-exceeded let you specify how NcFTPd Quotas handle a quota-exceeded situation.
New general.cf option verbose-mode provides an alternative method to enabling verbose logging mode.
New domain.cf options a-lowercase-pathnames and u-lowercase-pathnames which may be helpful if you need to work in an environment whose filenames are case-insensitive.
Data transfers now log if PASV or PORT was used.
Additional internal optimizations which will increase performance on heavily loaded machines.

Version 2.7.3

Bug fixed in the FreeBSD port where transfers could get logged with the incorrect number of bytes transferred.
Bug fixed for wtmp logging option where an extra field could get logged, and throw off the record format.
Trying harder to work-around problems caused when binary files are being incorrectly downloaded by the user in ASCII mode.
A few enhancements to the useradmin.pl script.

Back to NcFTPd Home Page