vsftpd Delivers Speed and Security to the FTP World
December 1, 2004
vsftpd: Secure, lightweight FTP server
As the Internet has matured, the specter of security vulnerabilities has evolved from potential nuisance to potential disaster. Now more than ever, software developers are pushing security to the top of their agenda, particularly when it comes to technologies that have been around awhile. FTP is one area where this is evident. While there's nothing new about FTP for moving files across networks, the old stalwarts in the arena have come under attack, and a few players dominate in the enterprise space. Recently, exploits and security holes have been discovered in wu-ftpd and pro-ftpd, opening the door for a product like vsftpd, an FTP daemon designed from the ground up to prioritize security.
Like many third-party software packages for Unix-like operating systems, vsftpd is typically available in two ways as a source download from the developer's site and as a precompiled package from the operating system vendor. Today, many of the major Linux vendors include vsftpd with their distributions. However, often it is not the latest release though the vendors may offer updated packages. Since this varies widely from one platform to another, we recommend downloading the source distribution directly from the vsftpd site.
Downloading is fairly simple. The almost lighter-than-air TAR bundle is a mere 140 KB, but vsftpd does not include an installation routine. The included documentation describes a typical install, which first involves compiling the source code, customizing the configuration files, and integrating the server into an operating system (e.g., assuming you want it to launch on boot). In other words, setting up vsftpd is a completely hands-on procedure and not for the novice admin.
Configuring vsftpd is equally hands-on. The software possesses a wide range of capabilities. You can create configurations that support virtual hosts and virtual users, or are segregated on a per-user or per-IP basis. The software supports xinetd encapsulation, chroot, and SSL for powerful security, and IPv6 for scalability. All of these parameters are specified in the vsftpd.conf text file, which is simply a flat list of parameters and values. The documentation includes a full list of parameters along with several sample configuration files tuned to certain usages, such as virtual hosting and per-IP configurations.
As far as functionality, there is very little other FTP servers can do that vsftpd cannot, though often some time must be invested up front to determine how to perform the task.
Despite its bare bones admin amenities, vsftpd has become the FTP server of choice for many of the major Unix-like distribution sites, including Red Hat, SUSE, Debian, and OpenBSD. This in and of itself is an endorsement especially when one considers that OpenBSD is a platform designed first and foremost with security in mind. The fact that it downloads using vsftpd speaks highly of the "vs" (very secure) in its name. In this case, vsftpd does not trade performance for security.In the field, vsftpd has been demonstrated to support thousands of concurrent users and achieve bandwidth speeds in excess of peer products, such as BSD-ftpd and Red Hat's enterprise-level TUX. Ultimately, vsftpd demands an investment of time and knowledge from an admin, but in return is capable of providing significant rewards namely, peace of mind and high performance.
Pros: High security; High performance; High scalability.
Reviewed by: Aaron Weiss