# Example config file /etc/vsftpd/vsftpd.conf
4 z+ }% f: w$ J! e; e2 J* X#
3 |, S+ ^2 F. I1 j/ h0 q) K# The default compiled in settings are fairly paranoid. This sample file
. u2 R+ i8 D7 l' H# loosens things up a bit, to make the ftp daemon more usable./ V1 p- k C* ? O# j, t1 I
# Please see vsftpd.conf.5 for all compiled in defaults.9 g1 r6 V* \8 c( x. {( y) C
#& I8 a% i4 Y; u" r7 ~3 d7 ^
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
5 D6 X7 X3 L7 K+ k# f# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's6 ?5 d7 f4 J& f+ F2 R
# capabilities.9 X/ h0 J! t9 G
#7 s, P! q$ N' S, g2 T7 [1 e
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
' a7 J5 f1 d4 r; V* H% Qanonymous_enable=NO: A/ s- l! J9 @
#3 k% [' P; }3 g& y
# Uncomment this to allow local users to log in.
) i- s. T2 ^8 M) c, t& i9 Z& R' v# m# When SELinux is enforcing check for SE bool ftp_home_dir3 U; C! ^1 n1 {+ |
local_enable=YES1 e% t# F" }' x2 V9 P- M# v
#! \! K# J9 p& h% w" o
# Uncomment this to enable any form of FTP write command.
, T/ f/ [6 y. E- x: Z: g: C! Y9 [write_enable=YES9 q) Z. p7 m8 X- Z9 D
#6 U, @1 U8 s- S& w8 C5 Y( k6 s
# Default umask for local users is 077. You may wish to change this to 022,/ v; h" b R' Y
# if your users expect that (022 is used by most other ftpd's)
( G- y( p( i% hlocal_umask=022, s* J( ^2 q0 w; D
#% ~, N* L" B* u! p" H
# Uncomment this to allow the anonymous FTP user to upload files. This only) n* Q2 f$ A3 W' Q+ }
# has an effect if the above global write enable is activated. Also, you will
7 Y% G/ t% N1 J( y o# obviously need to create a directory writable by the FTP user.
/ j& A& _; h" j5 b0 L) L# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access
' _1 K Q. i& \. k `! W#anon_upload_enable=YES- Y0 g. k' L: m3 R; c
#
! ^( ?1 w/ d, c6 W* b9 X# Uncomment this if you want the anonymous FTP user to be able to create2 j. ^: E4 ^9 Q" l$ g
# new directories.
& p; J# x. u- `+ _/ H$ A* z/ [#anon_mkdir_write_enable=YES1 o) G p F" g5 g7 Q. J
#
1 t+ _( @1 {- c# Activate directory messages - messages given to remote users when they; p: d1 ] B% [: ?% o
# go into a certain directory.
! c) z0 }1 ~+ m1 o E4 R& V1 }dirmessage_enable=YES
% b {2 J5 y& b, o8 k' L#
" \8 _. ~4 X/ }! ]/ v$ E# Activate logging of uploads/downloads.0 y+ v; d$ v+ l2 W3 d3 }
xferlog_enable=YES
) c% b: a: e {" h#
$ g9 X$ c5 r1 x t% |0 k# Make sure PORT transfer connections originate from port 20 (ftp-data).
, p, { R5 f' G7 j) v" c- ~connect_from_port_20=YES
?" d, R7 s6 Y0 z( b6 g' z. g$ W% \#4 s, i9 D" ?( Z I/ o( G+ k0 ~6 p
# If you want, you can arrange for uploaded anonymous files to be owned by& N1 ^* T. R! s% E1 ]
# a different user. Note! Using "root" for uploaded files is not
% k- I6 S' n2 O. F# recommended!
$ Y. c; q6 T; E#chown_uploads=YES" _6 _5 {6 R* S$ v! E! \
#chown_username=whoever5 o+ Z' P0 @/ f! `' m, F
#- w5 I- L1 p1 V6 \/ C1 z% }
# You may override where the log file goes if you like. The default is shown( Y, f6 ?8 V$ l9 F( E* Z
# below.
7 F, U0 S6 o6 {4 y3 b* I) fxferlog_file=/var/log/xferlog
* @7 j9 o4 @$ \0 S#
% s' z/ N) X! H( }; C# If you want, you can have your log file in standard ftpd xferlog format.
. D9 O, O$ v' u r9 T* G0 y# Note that the default log file location is /var/log/xferlog in this case.2 l) f0 J k( l8 z1 m7 c' P
xferlog_std_format=YES6 O1 ]; M* u0 n; g: h- z) I
#
7 ^2 K! D/ z [# You may change the default value for timing out an idle session.: i- {$ q! F# H) D
#idle_session_timeout=600- M8 ?/ z8 w- G
#) A5 w& f2 c4 _
# You may change the default value for timing out a data connection.' s" a4 y* F$ D# S# U9 T' @( g. I
#data_connection_timeout=120
C; Q& B# @; z+ S. ]1 [#
# s2 H0 a! b' f! O( m& r' c, b. `# It is recommended that you define on your system a unique user which the
+ Z0 N. E( f6 |# ftp server can use as a totally isolated and unprivileged user.
e; w' O7 Z. O. C& a+ O#nopriv_user=ftpsecure* @" P: G$ ~$ A& R
#6 f/ v& q/ i+ o& t: ?% @7 M& w V
# Enable this and the server will recognise asynchronous ABOR requests. Not
. u% |+ U& Z5 o# recommended for security (the code is non-trivial). Not enabling it,, Q4 F9 I7 s3 o$ N" `6 n1 J0 z
# however, may confuse older FTP clients.& k0 o7 F9 _, T* h9 M( ~9 |
#async_abor_enable=YES
. A/ I2 ~, ~( w6 O( j#' D# y3 H0 \ {9 u
# By default the server will pretend to allow ASCII mode but in fact ignore
( |0 j8 `5 ?! V- r. u' V# the request. Turn on the below options to have the server actually do ASCII
' {. ~! S2 `5 x9 t! [# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains
; s# Z4 R/ q/ v% H6 `( C8 o7 N# the behaviour when these options are disabled.& `7 A, B- e5 J8 K# c
# Beware that on some FTP servers, ASCII support allows a denial of service1 `7 G$ T1 i Z4 |3 O
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
- ^6 t1 N, _6 G# j- ^8 Z& f# predicted this attack and has always been safe, reporting the size of the
p: n) f# S# ^& b0 X! p+ Z# raw file.
/ K3 k* C. d! r$ o) a6 {# ASCII mangling is a horrible feature of the protocol.( E3 f4 x( S) J5 d
ascii_upload_enable=YES! }- D) X6 z- a7 H
ascii_download_enable=YES
1 K$ M' d$ x% y$ F#/ Q% v- E/ w) k9 H, G
# You may fully customise the login banner string:
) n' t& Z6 e2 h2 b3 j6 J, Z- a#ftpd_banner=Welcome to blah FTP service.
$ g# q% w) k: ?' W n#8 W% c' ]. ]8 T+ W( u4 `
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
& C1 h7 P% w) s# useful for combatting certain DoS attacks.
, B) h: h4 A/ X3 f* G' [2 B$ e: W, v#deny_email_enable=YES
" W3 p- y) U/ _# z# (default follows)
, M; s5 O7 c2 e0 n#banned_email_file=/etc/vsftpd/banned_emails2 }" ^& a$ B7 Q% J5 v" X3 Q' X8 ~# t
#
. h7 t9 f% k/ {; @# You may specify an explicit list of local users to chroot() to their home& ]! S3 T" k* k" g
# directory. If chroot_local_user is YES, then this list becomes a list of
# |6 ~: A# h* V( T# y, d# users to NOT chroot().- s; u) m( F3 a! |4 h- Y/ d
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
2 a' M+ g8 |3 G) T4 F8 Y# the user does not have write access to the top level directory within the
3 G r( v) r+ @9 y5 J9 o# chroot), V/ G5 X, u4 p2 l
chroot_local_user=YES8 }0 O* F) c. E1 B: v
#chroot_list_enable=YES( f7 I0 I6 l, F- ]; R
# (default follows)
, s9 n4 `. {; }#chroot_list_file=/etc/vsftpd/chroot_list/ j$ f! K! p5 P% Q9 @. U) F: v
# t, e8 n5 k: E! E! d
# You may activate the "-R" option to the builtin ls. This is disabled by- z; ~% F& ` Z8 \7 A% M2 P
# default to avoid remote users being able to cause excessive I/O on large) o+ U( Z% F- v+ M7 p
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
U# r! ?, g7 ]# the presence of the "-R" option, so there is a strong case for enabling it." I' i3 F9 y$ Y5 A6 `6 h
#ls_recurse_enable=YES+ w) ?0 o$ N* I2 D+ _9 m
#
4 B, u, p& L) {& B# When "listen" directive is enabled, vsftpd runs in standalone mode and1 w/ N- P( p! L- X {' v( K
# listens on IPv4 sockets. This directive cannot be used in conjunction
7 d( o/ c, y" \* q2 ]# with the listen_ipv6 directive.
- u" ~0 e6 ~2 q1 ^5 Y# @listen=YES( f0 d1 D+ a' o& W1 Z, N6 y
listen_port=990
8 { p+ F) T' q) G4 kpasv_address=公网IP5 I: m8 Z) S+ L7 T% Q
#
+ ?: |+ m) c# ~, {3 m5 c9 k+ o2 x# This directive enables listening on IPv6 sockets. By default, listening: F3 x G$ {% @$ I/ g; e
# on the IPv6 "any" address (: will accept connections from both IPv6% V4 p `6 Q4 ?- Z3 }1 \ }! A
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6. d' R2 v; e9 D
# sockets. If you want that (perhaps because you want to listen on specific
( Y( [3 x3 y9 d, x# addresses) then you must run two copies of vsftpd with two configuration
, y7 f) h+ y- r- u: b4 f! X# files.0 S/ |: }+ K: A6 D# P6 A6 {: F1 N1 j
# Make sure, that one of the listen options is commented !!" v* N4 [5 ^3 J3 g6 F4 Q
listen_ipv6=NO1 B+ f. u. a# @) a# v& V1 ^ I
pam_service_name=vsftpd
2 R8 }2 K( ?. C; {1 t& auserlist_enable=NO
: V" \: |9 s% H5 r8 `tcp_wrappers=YES
, x' ^5 ?; N3 J3 vallow_writeable_chroot=YES
9 h- A8 _, R# m, U2 C/ _userlist_file=/etc/vsftpd/userlist' I$ n+ F% ?. g m, e6 r
userlist_deny=NO
4 F5 [" Z3 v$ i! V u& o! \ssl_enable=YES& D# N% v9 z# b8 W9 U5 p" X: v( M3 U7 T- t
ssl_tlsv1_2=YES
; q4 p7 d Z* S2 y3 f! m+ L) F/ cssl_sslv2=YES1 e* h* ] o2 I! U. R0 _9 \, s: n
ssl_sslv3=YES" H2 i* m( c7 ?1 |* j( O9 s' ?
rsa_cert_file=/etc/ssl/private/vsftpd.pem
p, D1 P8 K* }! l p5 b2 grsa_private_key_file=/etc/ssl/private/vsftpd.pem
, t1 ]' A( \4 n K5 N* `" W5 jallow_anon_ssl=NO% w0 r- P/ D% K" }8 D+ p
force_local_data_ssl=YES
. N% o1 p4 H" ?force_local_logins_ssl=YES& x9 L) U* d: K+ @
require_ssl_reuse=NO
3 `' P# z0 }8 G: Mssl_ciphers=HIGH* @7 J$ d. w8 `( c" _
implicit_ssl=YES
. F4 e( ]2 x6 Lftp_data_port=50000& a* { Q0 N" o( Y
pasv_enable=YES3 I9 s; m6 p, I5 Q
pasv_min_port=40000
& P3 f3 b- ^8 V" D* \2 Q- h) _ k6 Ppasv_max_port=500007 L. {( P4 Z* X9 p/ Y1 O9 c8 C
port_enable=YES0 l7 |8 @+ e6 N' J" P& Q8 I
debug_ssl=YES
! ]( B# X: v y7 C- W- C; @pasv_promiscuous=YES 解决vsftpd连接错误425 Security: Bad IP connecting& q. e! k1 H7 o1 [! Y
* P' S7 V1 u/ O0 j/ ]
) {2 y3 ^) c% n# q& L不知道他们IT修改了哪里 换个IP居然联不上 尼玛 把报错一个一个排查完
8 ?% _6 {- e3 h |
|手机版|赛格电脑 华强北 电脑城 南山赛格 龙岗电子世界 龙华电脑城 沙井电脑城 松岗电脑城 pc4g.com
( 粤ICP备16039863号 )
发表于 2023-1-5 18:35:50