#title Pure-FTPd 1.0.23 has been released #author Stefan Hornburg (Racke) #topics blog; Pure-FTPd #date 2009-10-23 #pubdate 2009-10-23T17:06:59+02:00 #lang en Version 1.0.23 has just been released. Grab it from [[http://download.pureftpd.org/pub/pure-ftpd/releases/][http://download.pureftpd.org/pub/pure-ftpd/releases/]] This version should fix a lot of old-standing issues. Transfers are more reliable and should flawlessly handle any kind of cancelation and disconnection. Virtual quotas should also be way better than they used to be. FTP over TLS is also more reliable, way faster than it used to be and overall compatibility with clients has been greatly enhanced. Logging also received some improvement. Some limitations of the initial TLS support were also lifted, like the STAT command that used to be intentionally blocked in this context. Noticeable changes for users and sysadmins : - LDAP authentication can now be performed through binding in addition to passwords. In this mode, the server asks the LDAP server to bind as the user trying to authenticate, and accepts or rejects the session according to the result. The FTP server doesn't have to retrieve any password, therefore allowing to use an unprivileged LDAP account. You can change the authentication method through the LDAPAuthMethod property in the pureftpd-ldap.conf configuration file. - Atomic uploads now only happen when they would really be needed, or if -0 (--notruncate) has been enabled. Using them remain recommended if you're using virtual quotas, though. - Dangling .pureftpd-upload-* files should be a thing of past. - Up to 10000 files per directory are now listed by default instead of 2000. I still fail to catch why people are piling on so many files in a single directory, and worse, are listing them all using FTP. But bumping this limit looks like a common request. - When a user blows his quota, the upload is immediately aborted. This is a radical changes from previous versions, where the upload wasn't interrupted, but the file got deleted afterwards. This logic (giving time to delete other files in order to make room before the end of the upload) turned out to be extremely confusing. Also, the ALLO command, as performed by some clients before an upload, will now immediately tell the client whether an upload can take place without blowing the quota. So that the upload won't start at all if there's no room for it. - The --fortunesfile /path/to/file.txt option now totally disables the default banner, and only your custom one is displayed (without the << >> quotes). Some noticeable changes for packagers : - ./configure --with-localstatedir=... can change the base directory for run-time files like the scoreboard (still defaults to /var). - man pages have paths (like /etc and /var/run) rewritten according to your confinguration. - privsep is on by default. Use --without-privsep if you really want to disable this. - ./configure --without-banner is gone. It's pointless now since the banner can be totally changed using --fortunesfile=... - It's recommended (although not absolutely necessary for this version) to create a dedicated unprivileged user named _pureftpd or pureftpd, without any shell nor valid home directory. Don't use it for anything, even not for virtual users. - PAM support is compiled by default on OSX. - "enabled" as a value for FTPStatus is accepted again (LDAP) - ./configure --with-implicittls builds a FTPS (implicit SSL) server. The protocol is incompatible with FTP and explicit SSL, and the port number is different (990). Don't enable this unless you absolutely want implicit SSL. Some third-party projects are listed in the README.Contrib file. Don't hesitate to report other related projects. Last but not least, there's now a github repository: [[http://github.com/jedisct1/pure-ftpd][http://github.com/jedisct1/pure-ftpd]] And a mailing-list archive: [[http://archives.pureftpd.org/archives.cgi?100][http://archives.pureftpd.org/archives.cgi?100]] (Posted by author Frank Denis on the mailing list).