A simple FTP server implementation in Go.

• User Authentication: Support for multiple users with configurable credentials
• Anonymous Login: Built-in support for anonymous FTP access
• Passive & Active Mode: Supports both PASV and PORT data connection modes
• Security: Path traversal protection to prevent unauthorized file access
• Graceful Shutdown: Proper signal handling for clean server shutdown
• Core FTP Commands:
  • USER / PASS - Authentication
  • CWD / XCWD / CDUP - Directory navigation
  • PWD / XPWD - Print working directory
  • LIST / NLST - List directory contents
  • RETR - Download files
  • STOR - Upload files
  • MKD / XMKD - Create directories
  • RMD / XRMD - Remove directories
  • DELE - Delete files
  • RNFR / RNTO - Rename files/directories
  • QUIT - Disconnect
  • TYPE - Set transfer type
  • SYST - System information

• Go 1.16 or later

Create a config.json file in the working directory:

{
    "username": {
        "password": "your_password",
        "homeDir": "/path/to/home"
    },
    "anonymous": {
        "password": "",
        "homeDir": "/path/to/anonymous/root"
    }
}

# Build
go build -o ftp-server .

# Run with default port (9021)
./ftp-server

# Run with custom port
./ftp-server -p 2121

# Run with custom config file
./ftp-server -c /path/to/config.json

go test ./... -v

Connect using any FTP client:

ftp localhost 9021

Or use lftp, FileZilla, etc.

The server is organized into the following components:

• main.go - Entry point and CLI handling
• server.go - Server lifecycle and connection management
• connection.go - FTP protocol implementation
• config.go - Configuration loading and validation

• Passwords are transmitted in plaintext (FTP protocol limitation). Use FTPS/FTPS for secure transmission.
• Path traversal attacks are mitigated by validating all file paths against the user's home directory.
• Configuration validation ensures home directories exist before starting.

Apache License 2.0

looluo