Virtual Users are users that aren't a real user in the /etc/passwd file, but instead only exist for FTP to NcFTPd. Virtual Users are much more secure simply because that means no one can telnet in as that user, send/receive mail as that user, etc. They give you the capability to designate a portion of your filesystem as accessible by FTP but without the hassle or worry of letting them have a real account on the server. By default, these users only have access to the directory and it's contents that you specify (i.e. they're restricted from accessing other directories outside their own, such as /etc or /usr.)
Another benefit by using Virtual Users is that it requires you use a NcFTPd Password Database, which are much more efficient than old-fashioned use of the /etc/passwd file which is just a plain-text list of users.
No, not yet! More customers are
asking for this, so it is likely it will be supported.
Until then, you can use NcFTPd’s Authentication API.
NcFTPd does not (and most likely will not ever) have direct support
for these databases, but you can do this by using NcFTPd’s Authentication API.
These are database files which are created and maintained by the ncftpd_passwd utility program that comes with the NcFTPd package. These databases are much faster than scanning the /etc/passwd file and are suited thousands of users. The database files are also used to store individual quota and bandwidth information, so if you want those features you have to use a password database.
No, but perhaps for a future release. If you require PAM, you can still use PAM now by taking advantage of NcFTPd’s Authentication API. This would require to you to write a program which would do the authentication however you like, and communicate this information back to NcFTPd.
NcFTPd can communicate with a separate process, the guts of which you write, to do user authentication. Basically, NcFTPd sends a message to this process, and this process does the validation. If the user is authenticated, the process returns information such as the user's home directory, access privileges, etc.
This isn't as hard as it sounds. The Authentication API comes with C source code for a sample implementation; all you have to do is write the code that does the authentication.
Remove “/etc/passwd” from the list of files to check in the passwd line in the domain.cf for the domain in question. For example, if you had “passwd=/etc/passwd,/etc/ftppasswd.db”, simply change this to “passwd=/etc/ftppasswd.db”.
Yes. The passwd line in the domain.cf is comma-delimited, with each token being one password file to check. NcFTPd will check the files in the order you list them, so if you have “passwd=/etc/passwd,/etc/ftppasswd.db”, then a user in /etc/passwd would take precedence over a user by the same name in /etc/ftppasswd.db.
No. With the exception of /etc/passwd in the passwd line in the domain.cf, all other items must be password databases (which are not text files). What actually happens is that NcFTPd special-cases the item named /etc/passwd; if this item is in the list, NcFTPd uses standard library functions like getpwnam(). NcFTPd doesn’t open up the file and read from it directly.
For real users in the system password file, NcFTPd has the same limit as your operating system. This is usually 8 characters.
For virtual users (NcFTPd password database users),the username can be up to 63 characters long.
