Chapter 12. FAQ

1. General Information
12.1.1. Why is server not running in a chroot ? Is it less secure ?
12.1.2. Can I run several servers on the same machine ?
12.1.3. When I start the server it displays no error but it isn't running (not present in the process list)
12.1.4. Site to site transfer (aka FXP) does not work !
12.1.5. I want to give access to a directory on another disk, should I choose symlinks or VFS ?
2. Compilation
12.2.1. aclocal (bootstrap) fails with error: ac-helpers/tls.m4:25: warning: macro `AM_PATH_LIBGNUTLS' not found in library
3. Linux
12.3.1. When I run the server with uid 0 (root) it complains it can't open file 'users' or commit changes
4. FreeBSD
12.4.1. I run wzdftpd and after that system says 'Bad system call(Core dumped)'
5. Config and commands
12.5.1. How do I add a custom site command ?
6. Backends
12.6.1. Can I edit the file 'users' ?

1. General Information

12.1.1. Why is server not running in a chroot ? Is it less secure ?

Chroot is used to lock up a process inside a directory, and many people consider this to be a sufficient security. However, there are many potential problems: if your process is running with root privileges, this means it can mount the proc or dev filesystems, and thus go out of the chroot, or destroy your partitions !

The real problem is to give root privileges to a process, not restricting these privileges. I personnaly believe that chroot is a bad solution to the security problem, a better solution would be to ensure that the FTP server will never have root privileges. If you want real security, use strong methods like SElinux, and do not rely on things like chroot !

Additionally, chroot is not portable.

12.1.2. Can I run several servers on the same machine ?

Yes ! You will need to have a separate config file for each instance (look the -f option), and to specify at least different ports in each config file.

12.1.3. When I start the server it displays no error but it isn't running (not present in the process list)

Check your log file !

If your server is compiled with TLS enabled, the most frequent error an invalid or absent certificate file. Error looks like:


SSL_CTX_use_certificate_file() error:0906D06C:PEM routines:PEM_read_bio:no start line
TLS subsystem could not be initialized.

12.1.4. Site to site transfer (aka FXP) does not work !

Before ANY complaint, please check that there are no firewall (hardware and/or software) between the two servers. Keep in mind that most of the time FXP and TLS are highly incompatible: firewall open dynamic ports by watching connection, and trying to detect usage of PORT or PASV commands. If you run in TLS mode, it is EVIDENT that the firewall will never detect the command (the connection is encrypted), thus won't open dynamic ports.

NAT (Network Address Translation) can also be a cause of problems, please check that the IP addresses send during port negotiation are correct.

When FXP fails, try to reverse passive and active sides of transfer: in FXP, one server is in PASV mode, the other in PORT mode. Sometimes the connection can fail in one direction and not in the other (often an effect of firewalls or NAT).

12.1.5. I want to give access to a directory on another disk, should I choose symlinks or VFS ?

In the general case, symlinks ! Symlinks are faster than VFS, can easily be manipulated online and are clearly more flexible than VFS.

VFS should only be used when you have several users with different home directories and want to easily give access to a special directory for all (e.g show a INSTALL directory in each user's homedir).

Symlinks can also be manipulated with scripts.

2. Compilation

12.2.1. aclocal (bootstrap) fails with error: ac-helpers/tls.m4:25: warning: macro `AM_PATH_LIBGNUTLS' not found in library

Install package libgnutls-dev (or similar, for your distro) OR copy the .m4 files from another gnutls-dev install to ac-helper/

3. Linux

12.3.1. When I run the server with uid 0 (root) it complains it can't open file 'users' or commit changes

Make sure files 'users' and 'users.OLD' are owned by same uid as specified in the server_uid directive in the config file.

chown ftp users users.OLD

When running the server with root privileges, you can specify a server_uid line in the config file to drop root privileges after binding to port < 1024. Note that this server does not need root privileges to run, it is designed to work in restricted user-mode (this is REALLY more secure !).

4. FreeBSD

12.4.1. I run wzdftpd and after that system says 'Bad system call(Core dumped)'

It means you need to recompile your kernel with shared memory support.

5. Config and commands

12.5.1. How do I add a custom site command ?

Add the definition to your config file:

ex: site_cmd = my_free /usr/local/bin/free.sh

You will also need to authorize users to use the command:

ex: -site_my_free = *

6. Backends

12.6.1. Can I edit the file 'users' ?

Yes, but carefully ! You must edit it offline (or the server will overwrite the file on next modification or at server exit).