# Install vsftpd with Homebrew, apk, apt, dnf, MacPorts, Nix, pacman, zypper

Secure FTP server for UNIX. Version 3.0.5 via Homebrew; verified 2026-06-19.

## Install

```sh
sudo av install brew:vsftpd
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install vsftpd
```

  Evidence: local Homebrew formula metadata

- MacPorts (94%):

```sh
sudo port install vsftpd
```

  Evidence: MacPorts ports tree: net/vsftpd/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

### Linux

- apk (92%):

```sh
sudo apk add vsftpd
```

  Evidence: Alpine Linux edge package indexes: vsftpd from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz

- Debian apt (92%):

```sh
sudo apt install vsftpd
```

  Evidence: Debian stable package indexes: vsftpd from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz

- dnf (92%):

```sh
sudo dnf install vsftpd
```

  Evidence: Fedora Rawhide package metadata: vsftpd from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst

- Nix (92%):

```sh
nix profile install nixpkgs#vsftpd
```

  Evidence: nixpkgs package indexes: pkgs/by-name/vs/vsftpd/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

- pacman (92%):

```sh
sudo pacman -S vsftpd
```

  Evidence: Arch Linux sync databases: vsftpd from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz

- zypper (92%):

```sh
sudo zypper install vsftpd
```

  Evidence: openSUSE Tumbleweed package metadata: vsftpd from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst

## Package facts

- **Package key:** brew:vsftpd
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/vsftpd>
- **Version:** 3.0.5
- **Source summary:** Secure FTP server for UNIX
- **Homepage:** <https://security.appspot.com/vsftpd.html>
- **Upstream docs:** <https://security.appspot.com/vsftpd.html>
- **License:** GPL-2.0-only
- **Source archive:** <https://security.appspot.com/downloads/vsftpd-3.0.5.tar.gz>
- **Last updated:** 2026-06-19T12:33:04-07:00
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- vsftpd (cli)
- vsftpd (alias)

## Install behavior

- Post-install hook: not defined
- Service: declared
- Caveats: To use chroot, vsftpd requires root privileges, so you will need to run `sudo vsftpd`. You should be certain that you trust any software you grant root privileges. The vsftpd.conf file must be owned by root or vsftpd will refuse to start: sudo chown root $HOMEBREW_PREFIX/etc/vsftpd.conf
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, sonoma, ventura, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 3.0.5
- Package-manager updated: 2026-06-19
- Local data: ok
- Upstream repository: https://security.appspot.com/vsftpd.html
- info: Release/tag comparison is only available for GitHub repositories.
## Project history and usage

vsftpd, the Very Secure FTP Daemon, is a GPL-licensed FTP server for Unix-like systems. Its identity has always been security-first: the official site emphasizes a small, fast daemon, while Red Hat documentation describes it as designed from the ground up to be fast, stable, and secure.

### Project history

The project is associated with Chris Evans and the security-oriented 'scary beasts' site. Its upstream documentation frames vsftpd as a reaction against older FTP daemons whose feature breadth and root-heavy designs made them risky, highlighting capabilities, chroot, privilege separation, and secure coding as design choices.

The 3.x series made security mechanisms more explicit. Version 3.0.0, released in April 2012, added a highly restrictive seccomp filter sandbox on supported 64-bit Linux systems. Later upstream news records SSL and seccomp fixes in 2012 and 2015, and a 2021 modernization release after a six-year gap.

### Adoption history

vsftpd became widely deployed because it fit the conservative Unix server niche: small, stable, and aimed at doing FTP service with fewer privileges. The official site listed prominent FTP mirrors using it as of June 2004, including Red Hat, SUSE, Debian, FreeBSD, GNU, GNOME, KDE, and kernel.org mirrors, while also citing Red Hat's performance use case.

Distribution documentation helped normalize it as a default or preferred FTP daemon. Red Hat Enterprise Linux 6 documented vsftpd as the only standalone FTP server distributed with RHEL because of its ability to handle many connections efficiently and securely.

### How it is used

Administrators use vsftpd to provide anonymous or authenticated FTP service, often with per-user controls, virtual users, virtual IP configurations, bandwidth throttling, per-source limits, IPv6, and SSL/TLS. The upstream man page says the default configuration path is `/etc/vsftpd.conf`, with alternate config files supplied as command-line arguments for virtual-host or inetd/xinetd-style setups.

Its package-nerd appeal is that it is deliberately unflashy infrastructure. FTP itself is old and declining, but when a package archive, appliance, lab, or compatibility environment still needs an FTP daemon, vsftpd is the boring security-conscious answer that many Unix distributions have kept around.

### Why package nerds care

vsftpd is historically important because it represents the post-wu-ftpd era of FTP packaging: the same protocol surface, but with a smaller daemon, explicit privilege boundaries, and distribution-friendly configuration. It is a classic example of a package whose continued relevance is maintenance of legacy protocol infrastructure rather than new feature growth.

### Timeline

- 2004-06: The official site listed major public FTP mirrors using vsftpd, including Red Hat, SUSE, Debian, FreeBSD, GNU, GNOME, KDE, and kernel.org.
- 2012-04: vsftpd 3.0.0 was released with a seccomp filter sandbox.
- 2012-09: vsftpd 3.0.2 fixed seccomp sandbox policy issues.
- 2015-07: vsftpd 3.0.3 focused on SSL fixes and security improvements.
- 2021-08: vsftpd 3.0.4 and 3.0.5 modernized build, seccomp, and SSL behavior; 3.0.5 fixed ALPN selection for current FileZilla clients.
- 2026-06: Debian unstable carried vsftpd 3.0.5 packaging changes and bug-fix patches, showing continued distribution maintenance.

### Related projects

- The official site explicitly contrasts vsftpd with older or broader FTP daemons such as wu-ftpd, ProFTPD, and BSD ftpd.
- OpenSSH/SFTP is the modern neighboring ecosystem for many use cases, while vsftpd remains focused on the FTP/FTPS protocol family.

### Sources

- Debian changelog: https://metadata.ftp-master.debian.org/changelogs/main/v/vsftpd/unstable_changelog
- Official configuration manual: https://security.appspot.com/vsftpd/vsftpd_conf.html
- Official site and release notes: https://security.appspot.com/vsftpd.html
- Red Hat Enterprise Linux deployment guide: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/6/html/deployment_guide/s2-ftp-servers-vsftpd


## Security Notes

broad file, network, media, or database tool signal. formula declares a Homebrew service.

- **Geiger risk:** orange / medium
- broad file, network, media, or database tool signal
- formula declares a Homebrew service


## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: /etc/vsftpd.conf
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** vsftpd
- **Version Scheme:** 0
- **Revision:** 0
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** stable

## Other Package-Manager Records

- Debian apt - vsftpd - 3.0.5-0.2: normalized package name match | Debian stable package indexes: vsftpd from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | lightweight, efficient FTP server written for security | http://vsftpd.beasts.org/
- Debian apt - vsftpd-dbg - 3.0.5-0.2: normalized package name match | Debian stable package indexes: vsftpd-dbg from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | lightweight, efficient FTP server written for security (debug) | http://vsftpd.beasts.org/
- Nix - vsftpd: normalized package name match | nixpkgs package indexes: pkgs/by-name/vs/vsftpd/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
- Ubuntu apt - vsftpd - 3.0.5-0ubuntu3: normalized package name match | Ubuntu 24.04 LTS package indexes: vsftpd from https://archive.ubuntu.com/ubuntu/dists/noble/main/binary-amd64/Packages.gz | lightweight, efficient FTP server written for security | http://vsftpd.beasts.org/
- Ubuntu apt - vsftpd-dbg - 3.0.5-0ubuntu3: normalized package name match | Ubuntu 24.04 LTS package indexes: vsftpd-dbg from https://archive.ubuntu.com/ubuntu/dists/noble/main/binary-amd64/Packages.gz | lightweight, efficient FTP server written for security (debug) | http://vsftpd.beasts.org/
- apk - vsftpd - 3.0.5-r3: normalized package name match | Alpine Linux edge package indexes: vsftpd from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz | Very secure ftpd | http://vsftpd.beasts.org
- apk - vsftpd-doc - 3.0.5-r3: normalized package name match | Alpine Linux edge package indexes: vsftpd-doc from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz | Very secure ftpd (documentation) | http://vsftpd.beasts.org
- apk - vsftpd-openrc - 3.0.5-r3: normalized package name match | Alpine Linux edge package indexes: vsftpd-openrc from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz | Very secure ftpd (OpenRC init scripts) | http://vsftpd.beasts.org
- dnf - vsftpd - 3.0.5-15.fc44: normalized package name match | Fedora Rawhide package metadata: vsftpd from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst | Very Secure Ftp Daemon | https://security.appspot.com/vsftpd.html
- pacman - vsftpd - 3.0.5-2: normalized package name match | Arch Linux sync databases: vsftpd from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz | Very Secure FTP daemon | https://security.appspot.com/vsftpd.html
- zypper - vsftpd - 3.0.5-18.3: normalized package name match | openSUSE Tumbleweed package metadata: vsftpd from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst | Very Secure FTP Daemon - Written from Scratch | https://security.appspot.com/vsftpd.html
- MacPorts - vsftpd: normalized package name match | MacPorts ports tree: net/vsftpd/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1


## Related links

- [Secret-risk packages](https://www.automicvault.com/pkg/secret-risk-packages/) - Has protected-tool coverage, approval-gate, or non-low Geiger security signals.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [proftpd](https://www.automicvault.com/pkg/brew/proftpd/) - Shares av.db curated category or tags: cli, ftp, ftp-server, networking, server.
- [pure-ftpd](https://www.automicvault.com/pkg/brew/pure-ftpd/) - Shares av.db curated category or tags: cli, ftp, ftp-server, networking, security.
- [bind](https://www.automicvault.com/pkg/brew/bind/) - Shares av.db curated category or tags: cli, networking, server.
- [dante](https://www.automicvault.com/pkg/brew/dante/) - Shares av.db curated category or tags: cli, networking, server.
- [freediameter](https://www.automicvault.com/pkg/brew/freediameter/) - Shares av.db curated category or tags: cli, networking, server.
- [ghostunnel](https://www.automicvault.com/pkg/brew/ghostunnel/) - Shares av.db curated category or tags: cli, networking, security.
- [hubble](https://www.automicvault.com/pkg/brew/hubble/) - Shares av.db curated category or tags: cli, networking, security.
- [inetutils](https://www.automicvault.com/pkg/brew/inetutils/) - Shares av.db curated category or tags: cli, ftp, networking.
- [go-camo](https://www.automicvault.com/pkg/brew/go-camo/) - Security-sensitive metadata or terminology overlaps. Shared terms: cli, networking, secure, security, server.

## Combined YAML source

View the package source record on GitHub. [combined/vsftpd.yml](https://github.com/automic-vault/db/blob/main/combined/vsftpd.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
