NetBSD's tnftpd compared to other FTP servers

S

sidetone

ftp/tnftpd is for Traditional/Trivial the NetBSD FTP Daemon, which is the server. ftp/tnftp is the client. They were formerly lukemftpd & lukemftp. These have SSL/TLS security features. The tnftp client has security features for use with https protocol, however, I'm now unsure if tnftp has other SSL/TLS features. tnftpd may not have tls/ssl features, as I had first thought.

TNFTPD files
notable pkg info -l tnftpd files and relevant manpages
Code: 
/usr/local/libexec/tnftpd
/usr/local/share/examples/tnftpd/ftpd.conf
/usr/local/share/examples/tnftpd/ftpusers
ftpd.conf(5)
ftpusers(5); freebsd also has different version in /etc/
tnftpd(8)

TNFTP files
notable pkg info -l tnftpd files and relevant manpages
Code: 
/usr/local/bin/tnftp
tnftp(1)

Setting up
For help, type tnftp -h.

Older documentation said to create an ftp nologin user and group, however, this is typically already done on FreeBSD.

Turning on FTPD's in FreeBSD
/etc/rc.conf.local
Code: 
ftpd_enable="yes"
ftpd_program="/usr/local/libexec/tnftpd"
Some documentation, especially common among older documentation, wrote: ftp servers can be started through inetd(8) (as through a superserver) using inetd.conf and restarting that service.

Configuration
For configuring tnftpd and other ftpd services, there's commonality of files between /etc/ and /usr/local/etc/. Above configuration files and manpages are relevant. Still need to learn more about ftp and on setting this part up.

https://pub.nethence.com/daemons/lukemftpd

Alternatives with security features
FreeBSD also has /usr/libexec/sftp-server, which can be turned on through the ftpd_program= argument. This is an SSH version of FTPD.

ftp/pure-ftpd has its own service enable function. Also, pure-ftpd comes with lots of files, so it has added complexity.

Wuftpd by Washington University was once popular and highly recommended, however, this is outdated and lacks security features of tnftpd. According to tnftpd's website, "tnftpd provides around 90% of the functionality of wuftpd, but in approximately 30% of the footprint."

ftp/unftp is an ftp server written in Rust, and is under the Apache 2.0 license.

ftp/vsftpd and ftp/proftpd are GPL alternatives.

The default ftpd version that came with FreeBSD doesn't have security features, however, it's suitable as an anonymous public ftp server. Since the FreeBSD 14 series, /usr/libexec/ftpd was intended to have gone into ports as ftp/freebsd-ftpd. As of FreeBSD 14.1: /usr/libexec/ftpd is still in the base system, while the port is still available. Other ftp servers and clients within FreeBSD's base don't seem to be affected.

I was excited about tnftpd, however, because it doesn't appear to be what I thought it was to be, I may look at other ftp servers. For anonymous use, I'll try this, and I'll try ftps for when security is needed.

I mistook the first t in tnftpd for trivial/traditional ftp. tftp is more limited, that it doesn't allow commands, such as ls. traditional/trivial ftp has more limited use, which would be interesting to try, though would be a challenge.
 
Last edited:
Interesting post, thank you mate! ?
Since I am not really into ftp stuff I appreciate the fact that you described it a bit by giving us some details as well as some alternatives to it, unftp seems interesting too.
Good job mate, I am hooked and will definitively play with ftp one of these days for fun.

I would not be against other posts like this, it's like a port review, I appreciate it.
 
Above, I made corrections that tnftpd might not have ssl/tls features. It was the client which had minimal SSL features to be able to use HTTPS securely. Also, I'm unsure of other potential SSL/TLS features of tnftp (client). It appears that tnftp (client) has SSL dependencies, while the related server (tnftpd) does not. I may look elsewhere for an FTP solution, including default FreeBSD base options for an anonymous server.

For traditional FTP servers, there seemed to be a lack of documentation on how much configuration overlaps from other traditional FTP servers for setting up. At first, I couldn't find anything specific on configuring tnftpd. I figured, perhaps it's about all the same. They often share the same file names and locations, and there's typically a possibility of variances in expected syntax from them.

On the plus side, NetBSD's tnftpd and FreeBSD's tftpd follow a few IETF (through RFC) standards and recommendations for FTP or TFTP as noted by tnftpd(8) and tftpd(8). The relevant directories go under an $CUSTOM/ftp/ subdirectory as well: for instance /mydirectory/ftp/public/, for the publicly accessible directory. Trivial or Traditional FTP servers typically follow RFC specifications. There are a few other traditional/trivial FTP servers in ports, which mostly are under GPL.

It appears that tftpd will stay in FreeBSD, and it's the near equivalent of NetBSD's tnftpd, as both are trivial or traditional FTP standardized versions. The advantage that NetBSD had was in its related tnftp client. /usr/libexec/ftpd is which is leaving FreeBSD's base, not necessarily other FTP servers and clients.

gotnull said:
unftp seems interesting too.
Click to expand...
I may go with this, as as nice as tnftp was, it wasn't what I thought it was. The client allows security for use with HTTPS, and it may possibly not with ftps. Their server or client doesn't say it has other TLS/SSL features. FreeBSD, basically still has an FTP server and an sftp server in the base system. I might use two programs, an un-secure one for anonymous file transfers, and ftp/unftp for when security is needed. https://unftp.rs/server/ is documentation. It seems a bit different, as I haven't seen configuration files for it, however, configuration looks easier to understand from the command line.

As long as I use the package, and don't have to build rust dependencies, unftp may be the ideal way to go, so long as I don't need a dedicated daemon to start up. It's noteworthy that pkg info -l unftp shows only one binary file, as opposed to a libexec file. The rest are license files, without any manpages or configuration files.
Code: 
unftp-0.14.7_2:
        /usr/local/bin/unftp
        /usr/local/share/licenses/unftp-0.14.7_2/APACHE20
        /usr/local/share/licenses/unftp-0.14.7_2/LICENSE
        /usr/local/share/licenses/unftp-0.14.7_2/catalog.m
Use unftp -h for help. I might use unftp for everything, including for an anonymous server.

gotnull said:
I am hooked and will definitively play with ftp one of these days for fun.

I would not be against other posts like this, it's like a port review, I appreciate it.
Click to expand...
Thanks. The forum needed something like this. I didn't know enough to fully do what I wanted to, but it's a start. It's good, that it got you interested in wanting to try using FTP. Your response also made me realize to look at unftp more instead of other alternatives. The Rust dependency turned me away at first, but through packages, it's not troublesome. It's likely the better and more secure product of the permissively licensed ones. This thread went from tnftpd to recommending similar BSD style servers plus unftp.


I'll likely use tftpd that comes with FreeBSD, and will likely remain in FreeBSD for a LAN public anonymous server, now that I figured out how to find the standardized documentation about trivial/traditional FTP. Then, I might use unftp over LAN which requires security.

Above, I mistook tnftpd for traditional/trivial ftp. I edited to correct much of this, but may have left in some inaccuracies from an earlier misconception in. It wasn't clear what the first t was for. It appears that tnftpd has more functions, which are needed in my case, than what would be from the limited tftp. The first "t" might just be for "the". This is what can happen, when I learn as I go. It may have been messy to reedit this, but at least, early misconceptions are cleared up to the best of my knowledge, which it's often difficult to find information or sort through it. At this time, I don't have a use for tftp until, I decide I may want to experiment with network booting, which is interesting, but may be for another time.

More about alternatives
ftp/tftp-hpa is an MIT licensed product which has security features, but it may not necessarily have tls/ssl. It's a traditional/trivial FTP suite, which the port on FreeBSD comes with a server and client.

ftp/smbftpd is an ftp server port with a BSD-like license. However, I'm unsure of how much it's distinguished from Samba or SMB, as the question is: if it's SMB in name only. Its homepage and documentation: https://www.twbsd.org/enu/smbftpd/.

I wrote about ftp/pure-ftpd above: while it's not a traditional/trivial FTP program, it does have TLS/SSL features.

There's also ftp/bsdftpd-ssl which was once hosted from bsdftpd-ssl.sc.ru.

ftp/proftpd was another successor to (Washington University FTPD) wuftpd like ftp/tnftpd, except in the GPL flavor. ftp/wzdftpd is another FTP server in the flavor of GPL with compatibility with wuftpd.

ftp/twoftpd is another GPL FTP server. There are a few other GPL licensed FTP servers, which can be found in the ports tree.
 
Last edited:
Thanks for the info!

I use vsftpd on Linux without encryption (my NAS's Phenom II CPU looses like 20MB/s with AES and I'm the only one that accesses it :p) and had no issues with it for years. I haven't tried it yet on FreeBSD but saw a pkg for it and figure it'll be no problem and easy.

With vsftpd on Linux I generated certs with openssl and tossed config for it in the main vsftpd conf file (notes).
 
/usr/libexec/tftpd doesn't seem to work, by trying it on the command line. The answer doesn't seem to be in its manpages. I've seen other threads saying they had difficulty, but those were unresolved. Unsure if Thread tftpd-without-inetd-rc-d.88928 is related to this.

ftp/tftp-hpa is an equivalent version of FreeBSD's tftp. This port is outdated, and perhaps is outdated upstream too. This version starts. in.tftpd(8) is its manpage, while the tftpd man page that comes with it is a link to this previously posted man page. ftpd(8) of the same name is the manpage of the tftp in FreeBSD's base. tftp-hpa is a BSD licensed version that has been stewarded at the Linux Kernel; the hpa is for the maintainer's initials.

Now, there's duplicate manpages for tftp-hpa's client with the FreeBSD manpage. The FreeBSD manpage is the default. Use man -a tftpd on the command line to see both manpages, if you have the port installed.

ftp/oftpd was once a highly regarded anonymous ftp server in the BSD flavor. Though it may be obsolete, it's easy to run. Its manpage: oftpd(8). Use oftpd [username] /ftpdir.

ftp servers have to be started with the correct daemon, listening or other options for them to start.

So, after learning a bit, I'm back to trying NetBSD's ftp/tnftpd. It looks like the best choice for an anonymous BSD tftp server which doesn't need TLS/SSL. Then, I'll use ftp/unftp for an FTP server which needs file security. There's a few corrections and improvements needed to be made on what I wrote above, than to re-edit it again. Still learning, as how to make a functional ftp server.

Espionage724 said:
With vsftpd on Linux I generated certs with openssl and tossed config for it in the main vsftpd conf file (notes).
Click to expand...
Pretty cool. firewall, ssl encryption, basic ftp configuration, and fstab mounting for the ftp server.
 
You must log in or register to reply here.
Back
Top