NetBSD's tnftpd compared to other FTP servers

sidetone

sidetone

ftp/tnftpd is for Traditional/Trivial NetBSD FTP Daemon, which is the server. ftp/tnftp is the client. They were formerly lukemftpd & lukemftp. These have SSL/TLS security features. The tnftp client has security features for use with https protocol, however, I'm now unsure if tnftp has other SSL/TLS features. tnftpd may not have tls/ssl features, as I had first thought.

TNFTPD files
notable pkg info -l tnftpd files and relevant manpages
Code: 
/usr/local/libexec/tnftpd
/usr/local/share/examples/tnftpd/ftpd.conf
/usr/local/share/examples/tnftpd/ftpusers
ftpd.conf(5)
ftpusers(5); freebsd also has different version in /etc/
tnftpd(8)

TNFTP files
notable pkg info -l tnftpd files and relevant manpages
Code: 
/usr/local/bin/tnftp
tnftp(1)

Setting up
For help, type tnftp -h.

Older documentation said to create an ftp nologin user and group, however, this is typically already done on FreeBSD.

Turning on FTPD's in FreeBSD
/etc/rc.conf.local
Code: 
ftpd_enable="yes"
ftpd_program="/usr/local/libexec/tnftpd"
Some documentation, especially common among older documentation, wrote: ftp servers can be started through inetd(8) (as through a superserver) using inetd.conf and restarting that service.

Configuration
For configuring tnftpd and other ftpd services, there's commonality of files between /etc/ and /usr/local/etc/. Above configuration files and manpages are relevant. Still need to learn more about ftp and on setting this part up.

https://pub.nethence.com/daemons/lukemftpd

Alternatives with security features
FreeBSD also has /usr/libexec/sftp-server, which can be turned on through the ftpd_program= argument. This is an SSH version of FTPD.

ftp/pure-ftpd has its own service enable function. Also, pure-ftpd comes with lots of files, so it has added complexity.

Wuftpd by Washington University was once popular and highly recommended, however, this is outdated and lacks security features of tnftpd. According to tnftpd's website, "tnftpd provides around 90% of the functionality of wuftpd, but in approximately 30% of the footprint."

ftp/unftp is an ftp server written in Rust, and is under the Apache 2.0 license.

ftp/vsftpd and ftp/proftpd are GPL alternatives.

The default ftpd version that came with FreeBSD doesn't have security features, however, it's suitable as an anonymous public ftp server. Since the FreeBSD 14 series, /usr/libexec/ftpd was intended to have gone into ports as ftp/freebsd-ftpd. As of FreeBSD 14.1: /usr/libexec/ftpd is still in the base system, while the port is still available. Other ftp servers and clients within FreeBSD's base don't seem to be affected.

I was excited about tnftpd, however, because it doesn't appear to be what I thought it was to be, I may look at other ftp servers. For anonymous use, perhaps to the trivial/traditional /usr/libexec/tftpd, and also for ftps servers.
 
Last edited:
Interesting post, thank you mate! 👍
Since I am not really into ftp stuff I appreciate the fact that you described it a bit by giving us some details as well as some alternatives to it, unftp seems interesting too.
Good job mate, I am hooked and will definitively play with ftp one of these days for fun.

I would not be against other posts like this, it's like a port review, I appreciate it.
 
Above, I made corrections that tnftpd might not have ssl/tls features. It was the client which had minimal SSL features to be able to use HTTPS securely. Also, I'm unsure of other potential SSL/TLS features of tnftp (client). It appears that tnftp (client) has SSL dependencies, while the related server (tnftpd) does not. I may look elsewhere for an FTP solution, including default FreeBSD base options for an anonymous server.

For traditional FTP servers, there seemed to be a lack of documentation on how much configuration overlaps from other traditional FTP servers for setting up. At first, I couldn't find anything specific on configuring tnftpd. I figured, perhaps it's about all the same. They often share the same file names and locations, and there's typically a possibility of variances in expected syntax from them.

On the plus side, NetBSD's tnftpd and FreeBSD's tftpd follow a few IETF (through RFC) standards and recommendations for TFTP as noted by tnftpd(8) and tftpd(8). The relevant directories go under an $CUSTOM/ftp/ subdirectory as well: for instance /mydirectory/ftp/public/, for the publicly accessible directory. Trivial or Traditional FTP servers typically follow RFC specifications. There are a few other traditional/trivial FTP servers in ports, which mostly are under GPL.

It appears that tftpd will stay in FreeBSD, and it's the near equivalent of NetBSD's tnftpd, as both are trivial or traditional FTP standardized versions. The advantage that NetBSD had was in its related tnftp client. It's /usr/libexec/ftpd which is leaving FreeBSD's base, not necessarily other FTP servers and clients.

gotnull said:
unftp seems interesting too.
Click to expand...
I may go with this, as as nice as tnftp was, it wasn't what I thought it was. The client allows security for use with HTTPS, and it may possibly not with ftps. Their server or client doesn't say it has other TLS/SSL features. FreeBSD, basically still has an FTP server and an sftp server in the base system. I might use two programs, an un-secure one for anonymous file transfers, and ftp/unftp for when security is needed. https://unftp.rs/server/ is documentation. It seems a bit different, as I haven't seen configuration files for it, however, configuration looks easier to understand from the command line.

As long as I use the package, and don't have to build rust dependencies, unftp may be the ideal way to go, so long as I don't need a dedicated daemon to start up. It's noteworthy that pkg info -l unftp shows only one binary file, as opposed to a libexec file. The rest are license files, without any manpages or configuration files.
Code: 
unftp-0.14.7_2:
        /usr/local/bin/unftp
        /usr/local/share/licenses/unftp-0.14.7_2/APACHE20
        /usr/local/share/licenses/unftp-0.14.7_2/LICENSE
        /usr/local/share/licenses/unftp-0.14.7_2/catalog.m
Use unftp -h for help. I might use unftp for everything, including for an anonymous server.

gotnull said:
I am hooked and will definitively play with ftp one of these days for fun.

I would not be against other posts like this, it's like a port review, I appreciate it.
Click to expand...
Thanks. The forum needed something like this. I didn't know enough to fully do what I wanted to, but it's a start. It's good, that it got you interested in wanting to try using FTP. Your response also made me realize to look at unftp more instead of other alternatives. The Rust dependency turned me away at first, but through packages, it's not troublesome. It's likely the better and more secure product of the permissively licensed ones. This thread went from tnftpd to recommending similar BSD style servers plus unftp.


I'll likely use tftpd that comes with FreeBSD, and will likely remain in FreeBSD for a LAN public anonymous server, now that I figured out how to find the standardized documentation about trivial/traditional FTP. Then, I might use unftp for a local host FTP which requires security.

More about alternatives
ftp/tftp-hpa is an MIT licensed product which has security features, but it may not necessarily have tls/ssl. It's a traditional/trivial FTP suite, which the port on FreeBSD comes with a server and client.

ftp/smbftpd is an ftp server port with a BSD-like license. However, I'm unsure of how much it's distinguished from Samba or SMB, as the question is: if it's SMB in name only. Its homepage and documentation: https://www.twbsd.org/enu/smbftpd/.

I wrote about ftp/pure-ftpd above: while it's not a traditional/trivial FTP program, it does have TLS/SSL features.

There's also ftp/bsdftpd-ssl which was once hosted from bsdftpd-ssl.sc.ru.

ftp/proftpd was another successor to (Washington University FTPD) wuftpd like ftp/tnftpd, except in the GPL flavor. ftp/wzdftpd is another FTP server in the flavor of GPL with compatibility with wuftpd.

ftp/twoftpd is another GPL FTP server. There are a few other GPL licensed FTP servers, which can be found in the ports tree.
 
Thanks for the info!

I use vsftpd on Linux without encryption (my NAS's Phenom II CPU looses like 20MB/s with AES and I'm the only one that accesses it :p) and had no issues with it for years. I haven't tried it yet on FreeBSD but saw a pkg for it and figure it'll be no problem and easy.

With vsftpd on Linux I generated certs with openssl and tossed config for it in the main vsftpd conf file (notes).
 
You must log in or register to reply here.
Back
Top