Stefan Hornburg (Racke)
Pure-FTPd 1.0.23 has been released
Version 1.0.23 has just been released.
Grab it from http://download.pureftpd.org/pub/pure-ftpd/releases/
This version should fix a lot of old-standing issues. Transfers are more
reliable and should flawlessly handle any kind of cancelation and
disconnection. Virtual quotas should also be way better than they used to be.
FTP over TLS is also more reliable, way faster than it used to be and
overall compatibility with clients has been greatly enhanced. Logging also
received some improvement.
Some limitations of the initial TLS support were also lifted, like the
STAT command that used to be intentionally blocked in this context.
Noticeable changes for users and sysadmins :
- LDAP authentication can now be performed through binding in addition to
passwords. In this mode, the server asks the LDAP server to bind as the user
trying to authenticate, and accepts or rejects the session according to the
result. The FTP server doesn't have to retrieve any password, therefore
allowing to use an unprivileged LDAP account.
You can change the authentication method through the LDAPAuthMethod
property in the pureftpd-ldap.conf configuration file.
- Atomic uploads now only happen when they would really be needed, or if
-0 (--notruncate) has been enabled. Using them remain recommended if you're
using virtual quotas, though.
- Dangling .pureftpd-upload-* files should be a thing of past.
- Up to 10000 files per directory are now listed by default instead of 2000.
I still fail to catch why people are piling on so many files in a single
directory, and worse, are listing them all using FTP. But bumping this limit
looks like a common request.
- When a user blows his quota, the upload is immediately aborted. This is a
radical changes from previous versions, where the upload wasn't interrupted,
but the file got deleted afterwards. This logic (giving time to delete other
files in order to make room before the end of the upload) turned out to be
extremely confusing. Also, the ALLO command, as performed by some clients
before an upload, will now immediately tell the client whether an upload can
take place without blowing the quota. So that the upload won't start at all if
there's no room for it.
- The --fortunesfile /path/to/file.txt option now totally disables the
default banner, and only your custom one is displayed (without the << >>
Some noticeable changes for packagers :
- ./configure --with-localstatedir=... can change the base directory for
run-time files like the scoreboard (still defaults to /var).
- man pages have paths (like /etc and /var/run) rewritten according to your
- privsep is on by default. Use --without-privsep if you really want to
- ./configure --without-banner is gone. It's pointless now since the banner
can be totally changed using --fortunesfile=...
- It's recommended (although not absolutely necessary for this version) to
create a dedicated unprivileged user named _pureftpd or pureftpd, without
any shell nor valid home directory. Don't use it for anything, even not for
- PAM support is compiled by default on OSX.
- "enabled" as a value for FTPStatus is accepted again (LDAP)
- ./configure --with-implicittls builds a FTPS (implicit SSL) server. The
protocol is incompatible with FTP and explicit SSL, and the port number is
different (990). Don't enable this unless you absolutely want implicit SSL.
Some third-party projects are listed in the README.Contrib file. Don't
hesitate to report other related projects.
Last but not least, there's now a github repository:
And a mailing-list archive:
(Posted by author Frank Denis on the mailing list).