Thanks for the reply botg! Any comments below are not meant out of disrespect only arguing my points and use cases. I have the utmost respect for you and the great product you have created over the many years you have given the community so much of your valuable time and acknowledgement. Thanks for taking the time to read all our posts and questions/comments!
SSL is an insecure legacy technology. It has been completely replaced by TLS over two decades ago.
Not to split hairs but SSL and TLS are really the same thing aren't they? I mean in the same sense that SSL version 1.0 is the same thing as SSL version 2.0 etc. TLS is just the newest versions. The only reason it was changed to TLS from SSL is to split from Netscape development. But my apologies, when I said SSL support I was talking about any type of encryption really. You have some old versions that do NOT support SSL/TLS/encryption and I was just making it a point to include this as one of the requirements we now have when looking for FTP server software.
What's the point?
To be honest and blunt, the point is it used to be a feature and it was taken away in later versions of FileZilla. I would not think it would hurt or even affect your user base in any way by adding this back. With the exception of making a few that might depend on it (like me) happy. I don't think it would be much effort either. I would assume you have logic to deny the command if LIST is not enabled so simply removing that would solve the issue of it not working I would think.
To elaborate on our use case:
We have a single site/login used by multiple vendors. We have them set up to all share the same home directory. They send in work for us to process and we have a process that watches that one folder and moves the files where they need to go. For extra security and privacy we deny directory listing to that home directory and only allow write (for files) access so they can all upload the work to us. We only allow the following check mark "Write" on the old version with these access choices...
None of the other check marks are enabled. This way, the users can connect then not see what's on the server and blindly upload a single file with a unique name that will never have nick collisions. We also do not allow them to create or remove directories, append to files, read files or delete them. The issue that we end up having with this change that has been made is that is was available in older versions of FileZilla Server and now our vendors depend on it. It has been impossible to upgrade FileZilla to newer versions because this feature was taken out. The reason we use it is because after the vendor blindly uploads a file, all of their propitiatory applications check the size of the file after the upload completes. They tend to not trust the FTP server telling them the upload was successful and want confirmation etc.
What the old server called aliases is now called mount points.
Yes sir and this seems to work great. Thanks!
An extended permission system is planned for a future version. Note that permissions won't be exactly as in the old server, the old server allowed many nonsensical combinations of permissions.
Great news, a few things about this comment. I beg you to please consider adding the same permissions like you did before. Nonsensical in your mind might not actually be nonsensical to everyone's use case (as shown above in my explanation). Wouldn't the best approach just be to give the users the power and let them be able to set crazy permissions that make no sense? Let us make the mistakes or more to the point give us the freedom to set it up the way we would like the server to run. Taking away features is never a good idea, adding features is where developers should focus. Honestly, with the old permissions system I could argue a use case for any permissions combo you could come up with.
I would love to be using the FileZilla Server product right now but out of the three choices I have all have non-usable scenarios in them that force me to seek out a different product like Cerberus or Titan.
Scenario #1
Intention: Install the newest version (1.1.0) and use it in production.
Fault: The permission system is lacking any type of customization outside of read or write everything. Not usable.
Scenario #2
Intention: Install the latest version (0.9.60.2) of the beta branch and use it in production.
Fault: Does not allow the
SIZE command with directory
LIST command disabled. Not usable.
Scenario #3
Intention: Install the last version (0.9.13b) of the beta branch that supported (ssl/tls, SIZE command with no LIST, and supports aliases) and use it in production.
Fault: The newest versions of FileZilla Client expect FTP servers to account for an orderly SSL/TLS shutdown. This was not patched until FileZilla Server version 0.9.31 beta. Somewhat usable.