This page lists current standard Internet RFCs that define the FTP protocol.
pyftpdlib conforms to the FTP protocol standard as defined in RFC-959 and RFC-1123 implementing all the fundamental commands and features described in them. It also implements some more recent features such as OPTS and FEAT commands defined in RFC-2398, IPv6 support as defined in RFC-2428 and all the new commands defined in RFC-3659.
Future plans for pyftpdlib include the gradual implementation of other standards track RFCs.
Some of the features like ACCT, SMNT or OPTS commands will never be implemented deliberately. Other features described in more recent RFCs like the TLS/SSL support for securing FTP are taken in great consideration and should be implemented in future (Python 2.6 should grant a full SSL support).
The base specification of the current File Transfer Protocol.
| Command | Requirement | Implemented | Milestone | Description | Notes |
| ABOR | MAY | YES | 0.1.0 | Abort data transfer. | |
| ACCT | MAY | NO | --- | Specify account information. | It will never be implemented (useless). |
| ALLO | MAY | YES | 0.1.0 | Ask for server to allocate enough storage space. | Treated as a NOOP (no operation). |
| APPE | MUST | YES | 0.1.0 | Append data to an existing file. | |
| CDUP | MUST | YES | 0.1.0 | Go to parent directory. | |
| CWD | MUST | YES | 0.1.0 | Change current working directory. | |
| DELE | MUST | YES | 0.1.0 | Delete file. | |
| HELP | MUST | YES | 0.1.0 | Show help. | Accept also arguments. |
| LIST | MUST | YES | 0.1.0 | List files. | Accept also bad arguments like "-ls", "-la", ... |
| MKD | MUST | YES | 0.1.0 | Create directory. | |
| MODE | MUST | YES | 0.1.0 | Set data transfer mode. | "STREAM" mode is supported, "Block" and "Compressed" aren't. |
| NLST | MUST | YES | 0.1.0 | List files in a compact form. | |
| NOOP | MUST | YES | 0.1.0 | NOOP (no operation), just do nothing. | |
| PASS | MUST | YES | 0.1.0 | Set user password. | |
| PASV | MUST | YES | 0.1.0 | Set server in passive connection mode. | |
| PORT | MUST | YES | 0.1.0 | Set server in active connection mode. | |
| PWD | MUST | YES | 0.1.0 | Get current working directory. | |
| QUIT | MUST | YES | 0.1.0 | Quit session. | If file transfer is in progress, the connection will remain open until it is finished. |
| REIN | MAY | YES | 0.1.0 | Reinitialize user's current session. | |
| REST | MAY | YES | 0.1.0 | Restart file position. | |
| RETR | MUST | YES | 0.1.0 | Retrieve a file (client's download). | |
| RMD | MUST | YES | 0.1.0 | Remove directory. | |
| RNFR | MUST | YES | 0.1.0 | File renaming (source) | |
| RNTO | MUST | YES | 0.1.0 | File renaming (destination) | |
| SITE | MAY | NO | --- | Site specific server services. | Will never be implemented (if needed it's up to administrator.) |
| SMNT | MAY | NO | --- | Mount file-system structure. | Will never be implemented (too much system-dependent and almost never used). |
| STAT | SHOULD | YES | 0.1.0 | Server's status information / File LIST | |
| STOR | MUST | YES | 0.1.0 | Store a file (client's upload). | |
| STOU | MAY | YES | 0.1.0 | Store a file with a unique name. | |
| STRU | MUST | YES | 0.1.0 | Set file structure (obsolete). | Accept only 'F' (file) type structure by doing a NOOP (no operation). Other structure types (record and page) are obsoleted, system-dependent and thus not implemented. |
| SYST | MUST | YES | 0.1.0 | Get system type. | Always return "UNIX Type: L8" because of the LIST output provided. |
| TYPE | MUST | YES | 0.1.0 | Set current type (Binary/ASCII). | Accept only Binary and ASII TYPEs. Other TYPEs such as EBCDIC are obsoleted, system-dependent and thus not implemented. |
| USER | MUST | YES | 0.1.0 | Set user. | A new USER command could be entered at any point in order to change the access control flushing any user, password, and account information already supplied and beginning the login sequence again. |
Extends and clarifies some aspects of RFC-959. Introduces new response codes 554 and 555.
| Feature | Requirement | Implemented | Milestone | Description | Notes |
| TYPE L 8 as synonym of TYPE I | SHOULD | YES | 0.2.0 | TYPE L 8 command should be treated as synonym of TYPE I ("IMAGE" or binary type). | |
| PASV is per-transfer | MUST | YES | 0.1.0 | PASV must be used for a unique transfer. | If PASV is issued twice data-channel is restarted. |
| Implied type for LIST and NLST | SHOULD | YES | 0.1.0 | The data returned by a LIST or NLST command SHOULD use an implied TYPE AN. | |
| STOU format output | MUST | YES | 0.2.0 | Defined the exact format output which STOU response must respect ("125/150 FILE <filename>"). | |
| Avoid 250 response type on STOU | MUST | YES | 0.2.0 | The 250 positive response indicated in RFC-959 has been declared incorrect in RFC-1123 which requires 125/150 instead. | |
| Handle "Experimental" directory cmds | SHOULD | YES | 0.1.0 | The server should support XCUP, XCWD, XMKD, XPWD and XRMD obsoleted commands and treat them as synonyms for CDUP, CWD, MKD, LIST and RMD commands. | |
| Idle timeout | SHOULD | YES | 0.5.0 | A Server-FTP process SHOULD have a configurable idle timeout of 5 minutes, which will terminate the process and close the control connection if the server is inactive (i.e., no command or data transfer in progress) for a long period of time. | |
| Concurrency of data and control | SHOULD | YES | 0.1.0 | Server-FTP should be able to process STAT or ABOR while a data transfer is in progress | Feature granted natively for ALL commands since we're in an asynchronous environment. |
| 554 response on wrong REST | MUST | YES | 0.2.0 | Return a 554 reply may for a command that follows a REST command. The reply indicates that the existing file at the Server-FTP cannot be repositioned as specified in the REST. |
Specifies several security extensions to the base FTP protocol defined in RFC-959. New commands: AUTH, ADAT, PROT, PBSZ, CCC, MIC, CONF, and ENC. New response codes: 232, 234, 235, 334, 335, 336, 431, 533, 534, 535, 536, 537, 631, 632, and 633.
| Command | Requirement | Implemented | Milestone | Description | Notes |
| AUTH | SHOULD | NO | --- | Authentication/Security Mechanism. | Waiting for Python 2.6 which should grant full SSL support. |
| CCC | SHOULD | NO | --- | Clear Command Channel. | Waiting for Python 2.6 which should grant full SSL support. |
| CONF | SHOULD | NO | --- | Confidentiality Protected Command. | Waiting for Python 2.6 which should grant full SSL support. |
| EENC | SHOULD | NO | --- | Privacy Protected Command. | Waiting for Python 2.6 which should grant full SSL support. |
| MIC | SHOULD | NO | --- | Integrity Protected Command. | Waiting for Python 2.6 which should grant full SSL support. |
| PBSZ | SHOULD | NO | --- | Protection Buffer Size. | Waiting for Python 2.6 which should grant full SSL support. |
| PROT | SHOULD | NO | --- | Data Channel Protection Level. | Waiting for Python 2.6 which should grant full SSL support. |
Introduces the new FEAT and OPTS commands.
| Command | Requirement | Implemented | Milestone | Description | Notes |
| FEAT | SHOULD | YES | 0.3.0 | List new supported commands subsequent RFC-959 | |
| OPTS | MAY | YES | 0.3.0 | Set options for certain commands. | MLST is the only command which could be used with OPTS. |
Introduces the new commands EPRT and EPSV extending FTP to enable its use over various network protocols, and the new response codes 522 and 229.
| Command | Requirement | Implemented | Milestone | Description | Notes |
| EPRT | MAY | YES | 0.4.0 | Set active data connection over IPv4 or IPv6 | |
| EPSV | MAY | YES | 0.4.0 | Set passive data connection over IPv4 or IPv6 |
Provides several configuration and implementation suggestions to mitigate some security concerns, including limiting failed password attempts and third-party "proxy FTP" transfers, which can be used in "bounce attacks".
| Feature | Requirement | Implemented | Milestone | Description | Notes |
| FTP bounce protection | SHOULD | YES | 0.2.0 | Reject PORT if IP address specified in it does not match client IP address. Drop the incoming (PASV) data connection for the same reason. | Configurable. |
| Restrict PASV/PORT to non privileged ports | SHOULD | YES | 0.2.0 | Reject connections to privileged ports. | Configurable. |
| Brute force protection (1) | SHOULD | YES | 0.1.0 | Disconnect client after a certain number (3 or 5) of wrong authentications. | Configurable. |
| Brute force protection (2) | SHOULD | NO | --- | Impose a 5 second delay before replying to an invalid "PASS" command to diminish the efficiency of a brute force attack. | Feature not implemented because asyncore does not provide such functionality natively. A switch to Twisted framework would solve this. |
| Per-source-IP limit | SHOULD | YES | 0.2.0 | Limit the total number of per-ip control connections to avoid parallel brute-force attack attempts. | Configurable. |
| Do not reject wrong usernames | SHOULD | YES | 0.1.0 | Always return 331 to the USER command to prevent client from determining valid usernames on the server. | |
| Port stealing protection | SHOULD | YES | 0.1.1 | Use random-assigned local ports for data connections. |
Extends the FTP protocol to support multiple character sets, in addition to the original 7-bit ASCII. Introduces the new LANG command.
| Feature | Requirement | Implemented | Milestone | Description | Notes |
| LANG command | MAY | NO | --- | Set current response's language. | |
| Support for UNICODE | SHOULD | NO | --- | For support of global compatibility it is rencommended that clients and servers use UTF-8 encoding when exchanging pathnames. |
Four new commands are added: "SIZE", "MDTM", "MLST", and "MLSD". The existing command "REST" is modified.
| Feature | Requirement | Implemented | Milestone | Description | Notes |
| MDTM command | MUST | YES | 0.1.0 | Get file's last modification time | |
| MLSD command | MUST | YES | 0.3.0 | Get directory list in a standardized form. | |
| MLST command | MUST | YES | 0.3.0 | Get file information in a standardized form. | |
| SIZE command | MUST | YES | 0.1.0 | Get file size. | In case of ASCII TYPE it does not perform the ASCII conversion to avoid DoS conditions (see FAQs for more details). |
| TVSF mechanism | SHOULD | YES | 0.1.0 | Provide a file system naming conventions modeled loosely upon those of the unix file system supporting relative and absolute path names. | |
| Minimum required set of MLST facts | SHOULD | YES | 0.3.0 | If conceivably possible, support at least the type, perm, size, unique, and modify MLSX command facts. |