Table of Contents
- pyftpdlib RFC compliance
- RFC-959 - File Transfer Protocol
- RFC-1123 - Requirements for Internet Hosts
- RFC-2228 - FTP Security Extensions
- RFC-2389 - Feature negotiation mechanism for the File Transfer Protocol
- RFC-2428 - FTP Extensions for IPv6 and NATs
- RFC-2577 - FTP Security Considerations
- RFC-2640 - Internationalization of the File Transfer Protocol
- RFC-3659 - Extensions to FTP
- RFC-4217 - Securing FTP with TLS
- Unofficial commands
This page lists current standard Internet RFCs that define the FTP protocol.
pyftpdlib conforms to the FTP protocol standard as defined in RFC-959 and RFC-1123 implementing all the fundamental commands and features described in them. It also implements some more recent features such as OPTS and FEAT commands (RFC-2398), EPRT and EPSV commands covering the IPv6 support (RFC-2428) and MDTM, MLSD, MLST and SIZE commands defined in RFC-3659.
Future plans for pyftpdlib include the gradual implementation of other standards track RFCs.
Some of the features like ACCT or SMNT commands will never be implemented deliberately. Other features described in more recent RFCs like the TLS/SSL support for securing FTP (RFC-4217) are now implemented as a demo script, waiting to reach the proper level of stability to be then included in the standard code base.
The base specification of the current File Transfer Protocol.
- Issued: October 1985
- Status: STANDARD
- Obsoletes: RFC-765
- Updated by: RFC-1123, RFC-2228, RFC-2640, RFC-2773
|ABOR||YES||0.1.0||Abort data transfer.|
|ACCT||NO||—||Specify account information.||It will never be implemented (useless).|
|ALLO||YES||0.1.0||Ask for server to allocate enough storage space.||Treated as a NOOP (no operation).|
|APPE||YES||0.1.0||Append data to an existing file.|
|CDUP||YES||0.1.0||Go to parent directory.|
|CWD||YES||0.1.0||Change current working directory.|
|HELP||YES||0.1.0||Show help.||Accept also arguments.|
|LIST||YES||0.1.0||List files.||Accept also bad arguments like “-ls”, “-la”, …|
|MODE||YES||0.1.0||Set data transfer mode.||“STREAM” mode is supported, “Block” and “Compressed” aren’t.|
|NLST||YES||0.1.0||List files in a compact form.||Globbing of wildcards is not supported (for example,
|NOOP||YES||0.1.0||NOOP (no operation), just do nothing.|
|PASS||YES||0.1.0||Set user password.|
|PASV||YES||0.1.0||Set server in passive connection mode.|
|PORT||YES||0.1.0||Set server in active connection mode.|
|PWD||YES||0.1.0||Get current working directory.|
|QUIT||YES||0.1.0||Quit session.||If file transfer is in progress, the connection will remain open until it is finished.|
|REIN||YES||0.1.0||Reinitialize user’s current session.|
|REST||YES||0.1.0||Restart file position.|
|RETR||YES||0.1.0||Retrieve a file (client’s download).|
|RNFR||YES||0.1.0||File renaming (source)|
|RNTO||YES||0.1.0||File renaming (destination)|
|SITE||YES||0.5.1||Site specific server services.||No SITE commands aside from “SITE HELP” are implemented by default. The user willing to add support for a specific SITE command has to define a new
|SMNT||NO||—||Mount file-system structure.||Will never be implemented (too much system-dependent and almost never used).|
|STAT||YES||0.1.0||Server’s status information / File LIST|
|STOR||YES||0.1.0||Store a file (client’s upload).|
|STOU||YES||0.1.0||Store a file with a unique name.|
|STRU||YES||0.1.0||Set file structure.||Supports only File type structure by doing a NOOP (no operation). Other structure types (Record and Page) are not implemented.|
|SYST||YES||0.1.0||Get system type.||Always return “UNIX Type: L8” because of the LIST output provided.|
|TYPE||YES||0.1.0||Set current type (Binary/ASCII).||Accept only Binary and ASII TYPEs. Other TYPEs such as EBCDIC are obsoleted, system-dependent and thus not implemented.|
|USER||YES||0.1.0||Set user.||A new USER command could be entered at any point in order to change the access control flushing any user, password, and account information already supplied and beginning the login sequence again.|
Extends and clarifies some aspects of RFC-959. Introduces new response codes 554 and 555.
- Issued: October 1989
- Status: STANDARD
|TYPE L 8 as synonym of TYPE I||YES||0.2.0||TYPE L 8 command should be treated as synonym of TYPE I (“IMAGE” or binary type).|
|PASV is per-transfer||YES||0.1.0||PASV must be used for a unique transfer.||If PASV is issued twice data-channel is restarted.|
|Implied type for LIST and NLST||YES||0.1.0||The data returned by a LIST or NLST command SHOULD use an implied TYPE AN.|
|STOU format output||YES||0.2.0||Defined the exact format output which STOU response must respect (“125/150 FILE filename”).|
|Avoid 250 response type on STOU||YES||0.2.0||The 250 positive response indicated in RFC-959 has been declared incorrect in RFC-1123 which requires 125/150 instead.|
|Handle “Experimental” directory cmds||YES||0.1.0||The server should support XCUP, XCWD, XMKD, XPWD and XRMD obsoleted commands and treat them as synonyms for CDUP, CWD, MKD, LIST and RMD commands.|
|Idle timeout||YES||0.5.0||A Server-FTP process SHOULD have a configurable idle timeout of 5 minutes, which will terminate the process and close the control connection if the server is inactive (i.e., no command or data transfer in progress) for a long period of time.|
|Concurrency of data and control||YES||0.1.0||Server-FTP should be able to process STAT or ABOR while a data transfer is in progress||Feature granted natively for ALL commands since we’re in an asynchronous environment.|
|554 response on wrong REST||YES||0.2.0||Return a 554 reply may for a command that follows a REST command. The reply indicates that the existing file at the Server-FTP cannot be repositioned as specified in the REST.|
Specifies several security extensions to the base FTP protocol defined in RFC-959. New commands: AUTH, ADAT, PROT, PBSZ, CCC, MIC, CONF, and ENC. New response codes: 232, 234, 235, 334, 335, 336, 431, 533, 534, 535, 536, 537, 631, 632, and 633.
|AUTH||NO||—||Authentication/Security Mechanism.||Implemented as demo script by following the RFC=4217 guide line.|
|CCC||NO||—||Clear Command Channel.|
|CONF||NO||—||Confidentiality Protected Command.||Somewhat obsoleted by RFC-4217.|
|EENC||NO||—||Privacy Protected Command.||Somewhat obsoleted by RFC-4217.|
|MIC||NO||—||Integrity Protected Command.||Somewhat obsoleted by RFC-4217.|
|PBSZ||NO||—||Protection Buffer Size.||Implemented as demo script by following the RFC-4217 guide line as a no-op command.|
|PROT||NO||—||Data Channel Protection Level.||Implemented as demo script by following the RFC-4217 guide line supporting only “P” and “C” protection levels.|
Introduces the new FEAT and OPTS commands.
- Issued: August 1998
- Status: PROPOSED STANDARD
|FEAT||YES||0.3.0||List new supported commands subsequent RFC-959|
|OPTS||YES||0.3.0||Set options for certain commands.||MLST is the only command which could be used with OPTS.|
Introduces the new commands EPRT and EPSV extending FTP to enable its use over various network protocols, and the new response codes 522 and 229.
- Issued: September 1998
- Status: PROPOSED STANDARD
|EPRT||YES||0.4.0||Set active data connection over IPv4 or IPv6|
|EPSV||YES||0.4.0||Set passive data connection over IPv4 or IPv6|
Provides several configuration and implementation suggestions to mitigate some security concerns, including limiting failed password attempts and third-party “proxy FTP” transfers, which can be used in “bounce attacks”.
- Issued: May 1999
- Status: INFORMATIONAL
|FTP bounce protection||YES||0.2.0||Reject PORT if IP address specified in it does not match client IP address. Drop the incoming (PASV) data connection for the same reason.||Configurable.|
|Restrict PASV/PORT to non privileged ports||YES||0.2.0||Reject connections to privileged ports.||Configurable.|
|Brute force protection (1)||YES||0.1.0||Disconnect client after a certain number (3 or 5) of wrong authentications.||Configurable.|
|Brute force protection (2)||YES||0.5.0||Impose a 5 second delay before replying to an invalid “PASS” command to diminish the efficiency of a brute force attack.|
|Per-source-IP limit||YES||0.2.0||Limit the total number of per-ip control connections to avoid parallel brute-force attack attempts.||Configurable.|
|Do not reject wrong usernames||YES||0.1.0||Always return 331 to the USER command to prevent client from determining valid usernames on the server.|
|Port stealing protection||YES||0.1.1||Use random-assigned local ports for data connections.|
Extends the FTP protocol to support multiple character sets, in addition to the original 7-bit ASCII. Introduces the new LANG command.
|LANG command||NO||—||Set current response’s language.|
|Support for UNICODE||YES||1.0.0||For support of global compatibility it is rencommended that clients and servers use UTF-8 encoding when exchanging pathnames.|
Four new commands are added: “SIZE”, “MDTM”, “MLST”, and “MLSD”. The existing command “REST” is modified.
|MDTM command||YES||0.1.0||Get file’s last modification time|
|MLSD command||YES||0.3.0||Get directory list in a standardized form.|
|MLST command||YES||0.3.0||Get file information in a standardized form.|
|SIZE command||YES||0.1.0||Get file size.||In case of ASCII TYPE it does not perform the ASCII conversion to avoid DoS conditions (see FAQs for more details).|
|TVSF mechanism||YES||0.1.0||Provide a file system naming conventions modeled loosely upon those of the Unix file system supporting relative and absolute path names.|
|Minimum required set of MLST facts||YES||0.3.0||If conceivably possible, support at least the type, perm, size, unique, and modify MLSX command facts.|
|GMT should be used for timestamps||YES||0.6.0||All times reported by MDTM, LIST, MLSD and MLST commands must be in GMT times||Possibility to change time display between GMT and local time provided as “use_gmt_times” attribute|
Provides a description on how to implement TLS as a security mechanism to secure FTP clients and/or servers.
|CCC||NO||—||Clear Command Channel.|
|PBSZ||YES||—||Protection Buffer Size.||Implemented as as a no-op as recommended.|
|PROT||YES||—||Data Channel Protection Level.||Support only “P” and “C” protection levels.|