# Example config file /etc/vsftpd/vsftpd.conf
, w$ R+ U* W$ y3 \' c8 X' v9 o: S#+ B/ ~/ L: y1 v4 w; {9 B* |
# The default compiled in settings are fairly paranoid. This sample file4 F g$ Z5 l+ F# k
# loosens things up a bit, to make the ftp daemon more usable.' N/ y* l, U- D3 E, g
# Please see vsftpd.conf.5 for all compiled in defaults.% o4 ]& f c# ]/ F! A' c3 Q& x
#& c6 D/ a" u% F, A: @( r
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.: v( u3 d% f8 \9 }" I t1 {
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
- `6 k6 J* G. N# capabilities.
: k6 p% x) O e$ q1 k& |#
& b: z; z9 H0 H4 k6 u# Allow anonymous FTP? (Beware - allowed by default if you comment this out)., O; J7 R6 d) {5 @
anonymous_enable=NO3 F( p( k5 d$ _0 ?( y3 c
#, p$ ^2 ^! D! f
# Uncomment this to allow local users to log in.- f4 z, G. z! u' z" D- D
# When SELinux is enforcing check for SE bool ftp_home_dir. M: x/ t' ~/ z% B0 P7 N0 r
local_enable=YES. O& O6 |5 C% E- N$ a
#( |- i' D1 N; h" g. C1 b
# Uncomment this to enable any form of FTP write command./ H2 `) v9 r+ c; b
write_enable=YES
! @9 M" P7 m% C. U1 c4 ]1 D2 D" O#: b/ W; e5 {! v. y7 H% ]
# Default umask for local users is 077. You may wish to change this to 022,
. _8 q. i, p* v4 w/ e6 d- A4 k$ ^5 Q# if your users expect that (022 is used by most other ftpd's)
& U6 Y) \" r( J1 p' ?0 }6 y/ \local_umask=022
9 p, N' r0 Q# U) X# P. L& M, ]#2 N7 m. c& {3 p$ l- j2 S6 c& J
# Uncomment this to allow the anonymous FTP user to upload files. This only0 {4 Q5 t( L& u- ~* ~: m& ?' k5 T; Y
# has an effect if the above global write enable is activated. Also, you will. G; y2 B% F% W2 I6 E
# obviously need to create a directory writable by the FTP user.
, |. Q6 ~7 O, H- d W6 ]# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access
! I4 W' N/ N# e4 W! l#anon_upload_enable=YES
; [9 V- h% w3 D#! Y' U* d- L+ M+ K" }
# Uncomment this if you want the anonymous FTP user to be able to create! K* U B) z5 |5 {) I5 p
# new directories.
* S7 d$ e; |2 \2 ]1 }5 J#anon_mkdir_write_enable=YES
! S$ g6 _. }5 [) D6 `#
) X& p0 |8 A5 i# Activate directory messages - messages given to remote users when they
! I/ I0 _( a5 B' e- H7 H6 I" K3 c# go into a certain directory.$ i1 {. F% E7 ^3 M, ?9 R
dirmessage_enable=YES9 S& Z+ W# M4 Y3 p3 H& U! K4 X
#2 p$ T8 t1 v, @$ i9 ?% S$ T
# Activate logging of uploads/downloads.: ~ ~: L9 m2 R( ]* f+ b( m
xferlog_enable=YES
y [6 _' W; w- t; v) Y: N#
5 }8 s: r' B! [* Q5 U$ D' q# Make sure PORT transfer connections originate from port 20 (ftp-data).4 k0 u# `, v0 Z. U
connect_from_port_20=YES3 c. e5 F; q5 k& z
#
# C, T; k# k& X! K7 c) _8 @8 s# If you want, you can arrange for uploaded anonymous files to be owned by
a! X0 f) r& [) e6 I9 W# a different user. Note! Using "root" for uploaded files is not' {! w7 p6 ]4 J" E
# recommended!
- ?3 M! A; _, o: b" ~- I6 J#chown_uploads=YES& E( q, I# Y6 T
#chown_username=whoever
) u0 ^5 a- M, f#
2 a5 M: L; u* ?# You may override where the log file goes if you like. The default is shown" z+ ~2 O1 k# L9 I
# below.
& y' ? k5 }) ?( L- [ ? b: ?; zxferlog_file=/var/log/xferlog
6 g# L) I( e: F, L#
7 |" A8 l I6 g4 Y+ j# If you want, you can have your log file in standard ftpd xferlog format.) t$ Q2 V, A$ J7 i* N
# Note that the default log file location is /var/log/xferlog in this case." i. P% w, `: A9 Q+ Z+ U t
xferlog_std_format=YES9 C5 p5 C4 I _
#4 U, s5 [2 K7 \ D9 m4 a6 C1 Z
# You may change the default value for timing out an idle session.
4 ?. q; ^( r2 a) ~& f7 ~2 }) Q#idle_session_timeout=600: h: z3 s# Z9 ?! K+ y. F- k3 F
#
& W& i5 Y; N) O: D4 @/ P) M# You may change the default value for timing out a data connection.) D1 ?8 B. r# O" A( `( r4 h- {
#data_connection_timeout=120! a6 V0 t: R7 s. X0 C/ i
#
+ M2 u" _/ _7 b6 K# It is recommended that you define on your system a unique user which the& h0 P* a0 P! [& }
# ftp server can use as a totally isolated and unprivileged user.
$ M, N$ \$ x4 ?6 u2 [#nopriv_user=ftpsecure9 n, U" K- v/ K4 ?5 C" Q5 _8 d x
#
8 `2 t# t8 }' {. ?2 `# Enable this and the server will recognise asynchronous ABOR requests. Not
' N8 a( g, L ^/ H. W! c# recommended for security (the code is non-trivial). Not enabling it,
; x3 C9 k4 _" @) o# however, may confuse older FTP clients./ E* A7 F6 H0 h5 E/ D
#async_abor_enable=YES
# R+ h; c) o$ c#
) P6 f1 ~# b/ G# By default the server will pretend to allow ASCII mode but in fact ignore
9 j1 E( _& C' h9 R9 j- i8 @' a# the request. Turn on the below options to have the server actually do ASCII
& E$ @5 _* R( m9 v1 a6 l# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains
% M2 r; v% k$ k9 X1 z# the behaviour when these options are disabled.
3 {6 b0 b( o6 k( a- F+ s( ^% `" Q& [# Beware that on some FTP servers, ASCII support allows a denial of service% `$ ~6 ]8 e2 u- F
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd8 |( O: p+ \& p7 b, k1 k
# predicted this attack and has always been safe, reporting the size of the$ t7 N; A+ M& S) Q
# raw file.
# }9 c s2 l& `( a! M% w! O# ASCII mangling is a horrible feature of the protocol.4 t# k% h- C0 v: K
ascii_upload_enable=YES
9 U6 o* ]+ V9 r1 c" Lascii_download_enable=YES
/ t; i0 d7 @8 X+ V6 |#
, {# w( t+ p0 C" f/ L' ?# You may fully customise the login banner string:4 c6 M- p* T M' T
#ftpd_banner=Welcome to blah FTP service.6 `6 u* i- ^9 o6 H" ~0 Y! Z0 ^
#9 F( V. d: C5 E) E/ Z' P6 b; I
# You may specify a file of disallowed anonymous e-mail addresses. Apparently+ [' \9 Z$ j+ ]- K% q! o( x0 E
# useful for combatting certain DoS attacks.
8 K' i0 `+ Q+ _! C! r' Y; |7 E#deny_email_enable=YES
- g% B7 |% Z5 \2 c% O8 V# (default follows)4 r9 A& M& ?* E1 b5 A4 h# f
#banned_email_file=/etc/vsftpd/banned_emails
% R$ L% k/ @+ F1 n" Y& w#
% m5 f, C, F! A/ p. `2 v# You may specify an explicit list of local users to chroot() to their home; ?$ z9 d& D1 `6 c4 H
# directory. If chroot_local_user is YES, then this list becomes a list of
8 i' \. d; F7 O& ]& ^% t# users to NOT chroot().
. E& Z& V1 T$ H# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# |% j+ B& |+ K! s* X- f8 C* m# the user does not have write access to the top level directory within the ^9 i' O: a/ ~" ~; }
# chroot)3 O8 `# M8 h. L$ C
chroot_local_user=YES" D7 j$ J/ |- H! u3 T* B' {2 p
#chroot_list_enable=YES
1 O. L/ i: X& r, j+ B) [# (default follows)
' `, P7 m6 R# q4 j- ~, l: {3 e+ y#chroot_list_file=/etc/vsftpd/chroot_list- J, N/ f X$ W* s- j7 x- ^. W' V* T
#; X9 N% X5 Y9 N
# You may activate the "-R" option to the builtin ls. This is disabled by4 K7 t: A9 G, y7 Y0 i, B; b/ Y
# default to avoid remote users being able to cause excessive I/O on large
6 [! C% ?: S. S' B# ]+ i* Y# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
% U3 q* L$ l' g6 |6 H# the presence of the "-R" option, so there is a strong case for enabling it.1 J% J- ~# ~3 h- t$ \+ M
#ls_recurse_enable=YES
* Q/ i3 a5 ?: `& U, R' _& N" m9 D#
5 W& D+ L! H$ v6 N J% f# When "listen" directive is enabled, vsftpd runs in standalone mode and3 o8 X+ p$ K) f& f* }6 P% ~- q
# listens on IPv4 sockets. This directive cannot be used in conjunction0 Z- N1 k8 X* Q+ v$ E* D0 Q
# with the listen_ipv6 directive. s( T9 ^6 [, H, v
listen=YES" U5 Q1 T6 x* @" u
listen_port=990
7 X" Y" z1 R& y( Y! V; ~& g8 Hpasv_address=公网IP
( H9 P7 @6 R" F# Z) k& i! m/ H! ]#! v! i: v- S$ l; U* U8 W, y* ~0 M; b0 }
# This directive enables listening on IPv6 sockets. By default, listening) x5 T$ C! V! P, T. {* h
# on the IPv6 "any" address (: will accept connections from both IPv6
$ e! V; @, o' ~. _- ~# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
; |4 `+ ^+ m: A- t C# sockets. If you want that (perhaps because you want to listen on specific
& M5 G% V& w* S0 C/ x( u# addresses) then you must run two copies of vsftpd with two configuration
4 P X- l) i3 T) \/ c9 {# files.3 s& j& u6 G' @
# Make sure, that one of the listen options is commented !!
8 A6 D7 S6 N/ p* V& llisten_ipv6=NO
" {+ O" U% |; @- }3 z% t5 E$ l+ xpam_service_name=vsftpd- L- N5 n# h2 a& a' g& r: d. Y
userlist_enable=NO$ V _: K& M2 t9 U
tcp_wrappers=YES
% e8 N0 K9 ?7 h9 U8 `0 n$ k! Zallow_writeable_chroot=YES
1 @) ?" J% _& j: Nuserlist_file=/etc/vsftpd/userlist4 q% u: z- S7 k O6 G! F2 w
userlist_deny=NO5 ]* l6 ~: S( W3 f
ssl_enable=YES
& m; \, F4 Y0 n+ K+ Jssl_tlsv1_2=YES
7 T8 [. d+ n4 W% S2 ^ssl_sslv2=YES' b& [4 z$ s" h) M
ssl_sslv3=YES
. h: [; i* B. H) ursa_cert_file=/etc/ssl/private/vsftpd.pem* r8 o% L8 M% O" m8 j4 {
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
7 m( F1 b5 f/ ^( {6 S: X0 e3 e; Aallow_anon_ssl=NO, G2 i6 f! w; z6 y8 w1 t
force_local_data_ssl=YES
: n9 M# m9 e( Dforce_local_logins_ssl=YES- a; N/ |8 v1 x$ u4 I5 d! |, d# K
require_ssl_reuse=NO
# J) B2 v6 p! \9 D/ J& Assl_ciphers=HIGH
# h5 s+ w% m1 F Oimplicit_ssl=YES9 Y3 g, _- {. ^. |$ | p
ftp_data_port=50000" D( {; d1 |. M h
pasv_enable=YES6 P% q8 i, j9 W
pasv_min_port=40000
, x1 H p" p2 {pasv_max_port=50000
" s2 n% C3 N/ K0 P$ Z' Uport_enable=YES
7 W! h. [9 b' q, R; `# D: Xdebug_ssl=YES
! J9 c8 C7 y; C9 X" ypasv_promiscuous=YES 解决vsftpd连接错误425 Security: Bad IP connecting m0 T0 Z! N/ I" P6 O5 U2 x/ T
. L* A" ?1 F, |1 a, b! a- U* `: [0 b8 H* G. D" }$ Z$ y
不知道他们IT修改了哪里 换个IP居然联不上 尼玛 把报错一个一个排查完
! X3 h8 N) _1 q |
|手机版|赛格电脑 华强北 电脑城 南山赛格 龙岗电子世界 龙华电脑城 沙井电脑城 松岗电脑城 pc4g.com
( 粤ICP备16039863号 )
发表于 2023-1-5 18:35:50