New general.cf options: single-server-address, authd-allow-root-logins, eventd-transaction-types.
Both the Eventd and the Authd SDKs have been enhanced to support Perl 5.
The Eventd architecture has been extended to support System V Message Queues, which provides implementors an alternative to the UDP/IP message type.
The install script has been improved so it chooses an optimal set of binaries rather than the first set that works.
The install script has improved compatibility with SuSE 7, Mac OS X, and OpenBSD.
Sendfile support has been improved, and is now also available on Solaris 8 if the system supports it (i.e. Solaris 8 July 2001).
A file descriptor leak has been found and fixed. Also, there is now functionality which can detect leaks caused by the system libraries.
Fixed a loophole with virtual quotas which was letting users rename an uploaded file in progress to escape the file being counted.
Bug fixed with upload-tmp-then-rename which would sometimes leave failed .upload. files around.
A few bugs fixed with a-allow-mkdir-inside-incoming option.
Socket "KeepAlive" is now used on the control connection, but your server's TCP stack should be tuned so that the KeepAlive probes are sent much sooner than every two hours.
New %Cookies which are intended for use in goodbye message files.
SITE BUFSIZE is now recognized in addition to the plethora of other SITE command synonyms which all do the same thing.
You can now put ftp in /etc/ftpusers if you wish to deny anonymous access, but the recommended way is still to do this in the domain.cf using the server-type option.
Improved support for TCP Large Windows on AIX.
A daylight savings time bug has been fixed.
If a data transfer times out, NcFTPd now immediately closes the entire session rather than waiting for the control connection to time out.
The installation instructions have been changed to instruct the person installing NcFTPd to use a system startup script rather than an /etc/inittab entry.
The NcFTPd package now includes the install_ncftpd.pl installation program, which can be used to quickly install a standard NcFTPd configuration. The script requires Perl (version 5 or later) to be installed on the system.
Several portability problems with the reporting package have been fixed. A few problems with the reporting utility programs have also been fixed.
Bug fixed where directory cache entries were not invalidated when the directory was modified (uploaded into, mkdir'ed, removed item from, etc).
New general.cf options: a-allow-mkdir-inside-incoming, authd-message-timeout, banner, log-xfer-transaction-types, require-implicit-ack-for-downloads, u-add-only-groups, u-read-only-groups, u-write-only-groups.
NcFTPd now uses two fewer file descriptors per-process. Also, two file descriptor leaks were fixed.
The ftp user is no longer mandatory, as long as a suitable alternate user is already present (ncftpd, ncftp, www, web, daemon, nobody). This user's system privileges are used as the anonymous user's privileges.
Mac OS X is now supported (the consumer release, i.e. not Mac OS X Server). Currently Mac OS X Server is not supported because of binary incompatibilities with regular Mac OS X, but this will be supported soon after Apple updates Mac OS X Server.
OpenBSD is now supported.
Tweaks for ncftpd_passwd.
The soft quotas for NcFTPd quotas have been implemented, solely to log warning messages to the misc logs.
Fixed long-standing implementation errors in NcFTPd's handling of the FTP's default data port specification. Since almost all FTP client programs do not use that feature, this change will affect very few (any?) users.
There is now a SITE DF command which can be used similarly to the "df -k" command to determine disk usage.
Bug fixed where the ephemeral-port-range option was not working properly on every platform.
Support non-standard functionality to MDTM where a file's modification time can be changed (i.e. MDTM 19930602204445 /the/file/name). One client which does this is WS_FTP.
You can now disable a domain in the domain.cf by setting server-type=disabled. This is useful for creating domain entries that should not be allowed FTP access.
Bug where using a freed pointer in internal /bin/ls was causing a crash.
Improved directory listing performance for non-anonymous users.
Bug fixed where quotas were being recomputed at logout, which could also cause NcFTPd to lock up.
Bug fixed where a pathname containing a comma could cause event logging to fail.
Working around a memory leak in Linux C library's initgroups() function, but unfortunately this cannot be entirely solved until glibc is updated.
Improved performance of NcFTPd quota calculation.
Use IP_PORTRANGE_HIGH socket option on systems that support it (i.e. FreeBSD) so high port numbers (i.e. 49152 through 65535 for FreeBSD) are used for PASV.
Bug fixed where u-restrict-mode=homedir was not the default behavior if u-restrict-mode was not present in the general.cf and you had u-vchroot-restricted-users=no.
Bug fixed where a restricted user whose home directory was set to / could not access any files.
Security: Bug fixed where restricted users could access directory paths that were prefixed by the entire pathname of the home directory and if the user's UID/GID privileges allowed it. For example, a user bill with home directory /home/users/bill may have been able to access the directory /home/users/billybob if bill's privileges allowed it.
Worked-around problem with MLST directory listings on Digital Unix.
Large File (files larger than 2 GB) support improved.
By popular demand, more misc log messages now include the remote host of the user so you don't have to get it from the session logs.
A message is logged if a user exits while over their (NcFTPd, not OS) quota.
The ncftpd_repquota utility can now report on specific users, using the -l flag.
Now recognizing non-standard command primitive BYE as a synonym for QUIT.
Increased space used for buffers to improve performance.
Two memory leaks fixed.
Improved portability of wtmp logging.
Re-implemented work-around for problem with Internet Explorer, since the work-around that was used for NcFTPd 2.6.0 was found to be incompatible with Netscape Navigator and a different portion of Internet Explorer (IE apparently has several different internal implementations of FTP).
Text of idle timeout message changed to "421 Disconnecting you since you were inactive for XX seconds".
Bug fixed where if u-write-permission was set to no, the user could still upload to a directory named incoming.
The online documentation has been updated, as well as including a section on Frequently Asked Questions .
Work-around bug in Internet Explorer's FTP client implementation, which could cause IE to err-out if it tried to download the file before it was supposed to.
Security: NcFTPd now includes an extra sanity check for ncftpd_authd message exchanges. At least two sites have reported a problem where a user login received the wrong login reply, which resulted in the user being logged into the wrong directory! If you're using a ncftpd_authd for user authentication, you're strongly urged to upgrade to this version. This of NcFTPd version verifies that the incoming message matches the username keyed in, so that this condition can be prevented. A side-effect of this check is that it breaks authds which like to change the username of a login.
The NcFTPd Reporting Package now include support for .PNG, as well as the deprecated .GIF format. New versions of gnuplot are now available for download which support .PNG.
There is now a max-domain-users-per-username option to limit simultaneous logins by users with the same name.
There are now a-read-permission and u-read-permission options for the bizarre case where you want a write-only server.
Logging has been enhanced to provide more details on how users ended their session. See the log file documentation for details.
TCP Wrappers support now includes support for the extended file format of /etc/hosts.allow.
Fixed a very rare memory leak in ls caching.
Fixed a rare case where a file could remain locked if you were using the lock downloads feature.
ncftpd_passwd includes some extra modes to facilitate password validation feasible from shell scripts.
Implement support for SIZE in ASCII mode, to work-around buggy FTP clients which don't change to binary mode prior to issuing SIZE.
Bug fixed where quota cookies weren't displaying correctly in messages. Quota and other message cookies are now fully documented online.
Directory listings are now logged in the transaction (xfer) logs. See the log file documentation for details.
Now including a new CGI script which serves as a sample web frontend to ncftpd_passwd. The script is called useradmin.cgi and is in the extra directory of the distribution.
NcFTPd now supports quotas. See the documentation for details. NcFTPd quotas work on all platforms since they are not related to the operating system's quota implementation, if any.
The format of the password databases has changed (because of quotas). Databases created with ncftpd_passwd from a release earlier than 2.5.0 are not compatible with NcFTPd 2.5.0. Use the updatepwdb utility (in the extra directory of the distribution) to convert an old database to the new format.
Simple bandwidth limiting added. There are new domain.cf options, a-download-bandwidth-per-user, u-download-bandwidth-per-user, a-upload-bandwidth-per-user, and u-upload-bandwidth-per-user, which can be set to an integer denoting the number of kilobytes per second each anonymous or regular user is allowed.
In addition, if you use NcFTPd password databases, you can use the same utility program you use to control virtual user quotas (ncftpd_edquota) to also set customized individual bandwidth controls, rather than assign one limit which applies to everyone in the domain.
ncftpd_passwd can now be used again in CGI scripts. See the documentation and read the portion detailing "Mode 4". A sample CGI script is included in the distribution's extra directory.
NcFTPd now takes advantage of the optimized kernel function sendfile() on FreeBSD and Linux. This function can greatly increase overall system performance since sendfile() can do an entire data transfer without switching context.
There is a new general.cf option, wtmp-log-mode, to support wtmp logging, although most sites should continue to only use NcFTPd's session logs instead. See the documentation for details.
A command throttle has been implemented, so that errant processes or malicious users can't spam the server with FTP commands.
The event-pipe functionality has been superceded by the ncftpd_eventd feature, which allows you to have a daemon process to process user activity in near real-time. See the documentation for details.
Items in the /etc directory are now always off-limits for (non-root) users, even for unrestricted users. If you don't want that behavior, set the general.cf option u-restrict-etc to no.
You can now set the general.cf option u-try-truncated-passwords to yes if your users think they have long passwords (9 or more characters) but in reality the system only wants 8.
Introductory support for some new SITE commands to try larger TCP window sizes. Only a few special-purpose FTP clients may end up using this, since it isn't standardized in any RFC.
There is a new general.cf option, a-allow-incoming, which can be set to no if you want to disable the special handling of the incoming directory. This can be useful if you have incoming directories but don't want users to upload into them.
A few tweaks to work better on Linux 2.2.
Linux versions of NcFTPd 2.4.0 were incorrectly built using static linking instead of dynamic linking.
Off-by-one bug fixed where a malformed PORT command could corrupt exactly one byte of data, causing a crash.
New platform support for FreeBSD 3, BSD/OS 4.0, Solaris 7 (32-bit), HP-UX 11, and IRIX 6.5.
Large file support on systems with both 64-bit integral types (long long) and an lseek function that accepts a 64-bit offset.
Long-standing problem fixed where the ls emulator wouldn't show files whose names lengths exceeded 63 characters.
The special incoming directories now have uploaded files' owner and group set to that of the directory. This can be overridden with the suddenly less-useful a-file-owner and a-file-group options.
Bug fixed where resumption of uploads resulted in a corrupted upload.
NcFTPd now supresses extended messages if the user logged in with a dash character as the first character of their password.
Bug fixed where the logger was not creating new directories with the owner and group specified.
Improved support for experimental FTP commands by the IETF's FTPEXT Working Group.
event-pipe option is no longer supported.
It is now easier to setup a second instance of NcFTPd on the same machine since now all it takes is changing the port setting in the general.cf.
New general.cf options for TCP Large Window support, ctrl-rbuf-size, ctrl-sbuf-size, data-rbuf-size, data-sbuf-size. See the online documentation for details.
Bug fixed where the general.cf configuration option max-users-per-ip option failed to work.
Bug fixed in ncftpd_passwd which was limiting user names to 31 characters instead of 63.
NcFTPd now avoids printing the directory .message file if the user has already seen it in the same session.
NcFTPd now supresses extended messages if the user logged in with a dash character as the first character of their username.
NcFTPd no longer requires that the domains in the domain.cf be valid at the time of startup.
New general.cf option, a-umask, lets you set the anonymous users' umask, like you can do already for non-anonymous users with u-umask.
Bug fixed where removing a symbolic link actually removed the original item, permissions permitting.
Rare bug fixed where building a passive data connection would fail if there was already a passive data connection specified.
Bug fixed where sending NcFTPd a SIGHUP to have the domain configuration reloaded on some platforms (i.e. Solaris) was disconnecting the active users.
Problem fixed where a user with a long username (9+ characters) may not have been able to login.
New general.cf option, rmdir-recurisve, may be set to yes to have an FTP RMD command behave like /bin/rm -r. The default is no, which means that a directory is only removed if it is empty.
Virtual users are now required to have their home directory be a real directory, and not a symbolic link. This will help for those of you who are trying to pass off virtual user management to actual end users.
Bug fixed in the %U cookie that was not working unless the user was anonymous.
Virtual users are no longer checked against /etc/shells and /etc/ftpusers.
Fixed bug introduced in 2.3.0 that was causing the xfer and session logs for all domains to go to the default domain's logs, instead of each domain's logs.
The connect banner no longer displays NcFTPd's version number.
Bug fixed which was limiting the rename command.
Welcome, Login, Goodbye, and cd messages can now contain cookies:
Important security-related bug fixed where directories consisting of an even number >= 4 of periods could cause local users to obtain unintended access to portions of the filesystem that the logged-in user's UID has access to.
The extra subdirectory of the distribution now includes a shell script to convert NcFTPd xfer logs to wu-ftpd xferlog format.
You can now modify existing domains or add new domains to the domain.cf file and kill -HUP the main ncftpd process to load the new domain configuration without shutting down NcFTPd or disrupting existing client connections. (Inspect the ncftpd.pid.sh script to find the process ID of the main process.)
A ls-always-resolve-links option can be set to yes in the general.cf file if you want ls -L behavior by default.
The welcome, login, and goodbye message files are no longer pre-loaded at startup. You can now change the contents of these files at any time without having to restart the server.
The ncftpd_passwd utility has been enhanced so a system administrator can allow non-superusers to modify password databases. See the documentation for details.
Introductory support for new FTP commands introduced by the IETF's FTPEXT Working Group.
Virtual user account names can now be 63 characters instead of 31. This will also require custom ncftpd_authd processors to be recompiled using the revised SDK to be compatible.
New login-timeout setting helps prevent denial-of-service attacks by placing a short timelimit that a user has to login before being disconnected. After a successful login, the user is limited by the usual idle-timeout setting.
You can now control the number of simultaneous remote FTP sessions each remote user can have with the max-users-per-ip setting. This can be helpful if you have users who insist on hogging the available connection slots to themselves. It can also be used in conjunction with the new login-timeout option to further limit DoS attempts.
The xfer logs are now more like transaction logs, since in addition to uploads and downloads being logged, they now log deletes, mkdirs, chmods, and renames.
Bug fixed where a .message file was not being displayed for the directory the user starts the login from.
Bug fixed on Linux with glibc where connections would not timeout properly.
Bug fixed on Linux with glibc where NcFTPd did not always shutdown properly.
Bug fixed which refused sessions could be logged twice.
Users can now use ~ in pathnames to denote their home directory.
Better support for alternate password encryption algorithms on Digital UNIX.
Better auto-detection of free Canadian and European university domains.
Since so many people were cheating on the free educational and non-profit license, this version reflects the new policy of free for educational use only (and only on auto-recognized domains).
Fixed a problem where using ncftpd_passwd with the -I flag could cause an infinite loop on some platforms.