Virtual Users · PAM Auth · Chroot Jail · IP Blocking

Secure FTP.
Built Right In.

Onifast FTP is a production-ready FTP server bundled with Onifast Panel. Supports both virtual panel users and Linux system accounts — each safely jailed to their own directory with full activity logging.

Get Onifast Panel Auth Modes
FTP session — ftp.example.com:21
220 Onifast FTP Server ready.
ftp> open ftp.example.com 21
331 Please specify the password.
ftp> user alice ••••••••
230 Login successful. // Virtual user chrooted to /home/alice/public_html
ftp> ls
150 Here comes the directory listing.
drwxr-xr-x 2 alice alice 4096 Jun 11 07:30 public_html
-rw-r--r-- 1 alice alice 1482 Jun 10 14:22 index.php
226 Directory send OK.
ftp> put index.php
226 Transfer complete. // Upload logged → panel activity log
ftp>
2modes
Virtual + PAM Auth
101ports
Passive Range (30000–30100)
jail
Chroot per User
0dep
No Extra Config
FTP Users
What's included

Everything a production FTP server needs

From dual-mode authentication to per-file transfer logging — Onifast FTP is fully integrated with the panel ecosystem.

Virtual FTP Users
Create panel-managed FTP users with custom usernames, passwords, and root directories — completely independent of Linux system accounts.
Linux PAM Authentication
Falls back to full Linux PAM authentication for system users. Root gets /root, other users land in their real home directories.
Chroot Jail per User
Every authenticated user is confined to their configured root directory using a memory-safe chroot implementation. No path traversal possible.
Passive Mode (PASV)
Full passive transfer support on ports 30000–30100. Works reliably behind NAT and firewalls with client-initiated data connections.
IP Blocker Integration
Shares the panel's IP blocker database. Blocked IPs are denied at connection time with exact match and CIDR range support, plus a whitelist.
Full Activity Logging
Every login attempt, connection, directory listing, upload, and download is logged to the Onifast Panel activity log with IP and username.
Login Notifications
Push notifications for both successful and failed login attempts are sent to the owner's notification channel configured in the panel.
Upload & Download Tracking
File opens are intercepted to distinguish uploads (O_WRONLY) from downloads (O_RDONLY). Each operation is individually logged with filename.
Configurable Port
FTP listening port is driven by the panel's serverconfig.json. Change it once in the panel and the FTP server picks it up automatically.
SQLite User Storage
Virtual user accounts are stored in a WAL-mode SQLite database (onifast-ftp.db). No flat files, no manual config edits needed.
Owner-Scoped Users
Each virtual FTP user is linked to a panel owner account. Notifications and activity logs are routed to the correct user automatically.
Panel API Management
Create, list, and delete FTP users directly from the Onifast Panel UI or REST API without touching the server manually.
Authentication

Two auth modes, one server

Onifast FTP tries virtual users first, then falls back to Linux PAM — so both panel-managed and system users just work.

Mode 1 — Virtual
Panel-Managed Virtual Users
Users created in the Onifast Panel with a custom username, password, and an explicit root directory. Stored in SQLite, completely isolated from Linux.
  • Any username — no Linux account needed
  • Root dir scoped to any path you choose
  • Managed entirely from the panel UI
  • Notification sent to owner on login
  • Ideal for client or developer access
Mode 2 — PAM System
Linux System Users via PAM
Falls through to full PAM authentication if no virtual user matches. Authenticates real Linux users using their system password and maps to their home directory.
  • Uses real Linux credentials via PAM
  • Root → /root, others → actual home dir
  • No extra setup — just uses existing users
  • Notification sent on login attempt
  • Works with any PAM-compatible auth source
Security & Ports

Secure by design,
transparent by default

Every aspect of the FTP connection lifecycle is secured and observable — from IP check at connect time to file-level transfer logging.

  • IP blocked at ClientConnected() before any auth attempt
  • Chroot applied via afero.BasePathFs — zero native setuid needed
  • Failed logins trigger notification + activity log entry
  • CIDR-aware IP whitelist prevents accidental lockout
  • Passive ports 30000–30100 are predictable and firewall-friendly
Port Assignment
:21
Control channel (configurable)
30000–30100
Passive data transfers (PASV)
connection flow — onifast-ftp 
# 1. Client connects
ClientConnected(clientContext)
  → extract clientIPisIPBlocked() → check whitelist
                 → check CIDR blocklist
  → blocked? → deny immediately

# 2. Authentication
AuthUser(username, password)
  → try SQLite virtual users first
  → if found → verify password
  → else → PAM authenticate
  → success → resolve root_dir
             → apply chroot (afero)
  → fail    → log + notify owner

# 3. File Operations (logged)
Open(name)     → DOWNLOAD detected
OpenFile(name) → UPLOAD (O_WRONLY)
ReadDir(name)  → LIST directory
  → all reported to panel activity log
panel API — manage FTP users 
# List all FTP users
GET  /api/ftp/users

# Add a virtual FTP user
POST /api/ftp/user/add
{
  "username": "alice",
  "password": "••••••••",
  "root_dir": "/home/alice/public_html"
}

# Delete an FTP user
DELETE /api/ftp/user/delete
{
  "username": "alice"
}

# FileZilla / WinSCP connection
Host:     ftp.example.com
Port:     21
Protocol: FTP  (plain or Explicit TLS)
Mode:     Passive
User:     alice   # virtual or system
Getting Started

FTP ready the moment
you install the panel

No separate FTP daemon to install or configure. Onifast FTP starts automatically with the panel and integrates with all its services.

  • Install Onifast Panel
    FTP is bundled — no separate installation step needed.
  • Create FTP users in the panel
    Go to Panel → FTP → Add User and assign a directory.
  • Open port 21 & 30000–30100
    Allow these in your firewall for control and passive data connections.
  • Connect with any FTP client
    FileZilla, WinSCP, Cyberduck — all work. Use passive mode for best compatibility.

File transfers your way.
Self-hosted, no limits.

Get Onifast Panel and have your FTP server running in under 2 minutes.

Get Onifast Panel Onifast.com