# Example config file /etc/vsftpd/vsftpd.conf
$ k4 G% R9 j* _, \2 G. O#
. H/ g0 B2 s8 Q6 J/ c, Q# The default compiled in settings are fairly paranoid. This sample file
4 x0 `2 c5 E3 H4 t% Y. S# loosens things up a bit, to make the ftp daemon more usable.
6 q( x; H, ^/ l; E! F- w# Please see vsftpd.conf.5 for all compiled in defaults.
6 ]8 [3 b) Y0 T( m5 B6 z% ?#
9 o5 G1 i: A9 r4 u0 K: [# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
Z5 D, l1 n0 ?# R1 L; n# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
7 g, b9 y: Q! f0 A; k# capabilities.* x9 Z6 @' E4 ~1 j o1 m
#
* X$ K3 o( C' k# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
5 d$ r: P& X+ B9 c6 g! Ganonymous_enable=NO
2 v- H8 X: Q+ V; r$ a j) \#
. n0 e& d6 X9 F# Uncomment this to allow local users to log in.
* F0 L7 I" N2 N# When SELinux is enforcing check for SE bool ftp_home_dir
( q# C& j* L7 H( h S Slocal_enable=YES/ R: {6 K9 h; W, U5 t8 `
#& {. L, { P3 ]+ @6 n6 p
# Uncomment this to enable any form of FTP write command.# l5 H& R9 [) I
write_enable=YES
* C4 d Z7 R8 K5 W#* F7 L; y( n5 g0 A3 [" } o6 {
# Default umask for local users is 077. You may wish to change this to 022,* T) O3 G; X, c
# if your users expect that (022 is used by most other ftpd's)
" V* _( N' ]3 s- {3 o4 Alocal_umask=022
) }0 J+ k; p* c4 m8 n! B#
1 J2 K6 u# I) z5 H* A# Uncomment this to allow the anonymous FTP user to upload files. This only
& o+ M% A: {% ?' L% `# has an effect if the above global write enable is activated. Also, you will
' o( H) f; u7 W+ G v& W% k# obviously need to create a directory writable by the FTP user.6 n. x/ s7 y9 Q& H* f
# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access3 T0 }" |" Z) a& U
#anon_upload_enable=YES
# l0 x$ p$ Y8 I: y7 w$ t## t& {) G0 Z' l8 ?
# Uncomment this if you want the anonymous FTP user to be able to create& @. e) L# J" E4 P# k
# new directories.4 M ~ b" N% V1 \7 _+ ]4 ]
#anon_mkdir_write_enable=YES9 E2 W6 j) Z" \" V% ^5 i8 z2 p3 U
#
4 {$ e- M3 H% q- k$ `3 Q) x( S, W# Activate directory messages - messages given to remote users when they
4 |; \0 A8 ~& J/ H5 s! v) G- g# go into a certain directory.
% a( i' X5 l& `- x7 s; d7 t0 F& F5 jdirmessage_enable=YES; t' M! I, ~1 [5 k8 L! E) `% G
#
9 W% P6 H& V# w b/ @# Activate logging of uploads/downloads.& d" H f8 t! ?" l0 ]' }
xferlog_enable=YES) j6 q. p- Y9 L; A" J) v
#( L, X7 _% [; U; ]
# Make sure PORT transfer connections originate from port 20 (ftp-data).
/ A/ R3 G8 h o# q/ H# x& lconnect_from_port_20=YES
, a0 L( h- o3 P1 C! u1 a#
3 U- F9 O# }, P" Q1 x2 r9 I+ P# If you want, you can arrange for uploaded anonymous files to be owned by3 i: R- A: L( _
# a different user. Note! Using "root" for uploaded files is not
* j% R3 k; B3 X9 U# recommended!
8 D! h/ W/ p! c1 |#chown_uploads=YES0 `9 l1 g/ F$ V/ f# }
#chown_username=whoever6 P d8 S3 C2 V' h0 E, A& a4 G
#
" f! z! L2 R. k3 p7 a# You may override where the log file goes if you like. The default is shown* o4 Y; ]9 d9 A4 s" K O
# below.) N, x( z& l* c) X3 _1 t( d
xferlog_file=/var/log/xferlog6 Q8 N1 `2 W4 s9 r$ G4 f @
# A" V! q) |+ D
# If you want, you can have your log file in standard ftpd xferlog format.
& `; Q' x, w) A$ _9 m8 a# Note that the default log file location is /var/log/xferlog in this case.& D- B0 O0 W. u5 k/ U0 C) m
xferlog_std_format=YES
! O* s5 o8 h# b1 E#
+ f, G# a- m7 M t# You may change the default value for timing out an idle session.# u, ^' M$ _, }6 F$ {. s
#idle_session_timeout=600
9 ]& e7 ]: b- t5 x5 Q2 n8 C1 W#6 v7 r8 ~) j8 S; N7 D
# You may change the default value for timing out a data connection.) v, I, S2 i6 \9 M7 F8 L
#data_connection_timeout=120
$ P. k! l$ q/ ]' v$ m+ B3 ?0 f4 b#
{' @1 e' w# g- V# It is recommended that you define on your system a unique user which the! G3 X' V3 K' K* [9 T' O
# ftp server can use as a totally isolated and unprivileged user.
# ]( j: B8 F5 q/ \#nopriv_user=ftpsecure
[7 u) x. w' O3 x) X#9 B: Q- Y/ w' K8 G' H
# Enable this and the server will recognise asynchronous ABOR requests. Not$ ~ b' x1 K: T* H0 N/ c
# recommended for security (the code is non-trivial). Not enabling it,% l! K" q4 n1 _
# however, may confuse older FTP clients.
1 |- n' ~' _) C* W5 n$ H#async_abor_enable=YES
) K# m8 }7 i4 l#4 S8 J; k0 B7 L' K, g- e
# By default the server will pretend to allow ASCII mode but in fact ignore% K; |+ ]8 V3 U( B: F
# the request. Turn on the below options to have the server actually do ASCII; O6 m0 C: ?% `# q
# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains
! O# U @. j7 E) G2 }# the behaviour when these options are disabled.
# s; h3 Y5 e( ?- r# Beware that on some FTP servers, ASCII support allows a denial of service
9 r8 A% B5 `: y6 p0 k- u% {& m# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd! f( s- s8 _: s; [8 j, J
# predicted this attack and has always been safe, reporting the size of the# N/ q, o* L; |$ F* P) L
# raw file.% z2 @6 w0 |! M- f& C/ ^6 L
# ASCII mangling is a horrible feature of the protocol.
j( e9 j5 E3 mascii_upload_enable=YES
. u: z. p+ w% }ascii_download_enable=YES
, D$ n1 K1 B( K7 @ y#& ]( k: L! s, J
# You may fully customise the login banner string:6 ~* [; t. D* L$ G' E
#ftpd_banner=Welcome to blah FTP service.' M4 f/ w7 P( B+ s9 J
#
t/ M" M% S* ]" m. |# You may specify a file of disallowed anonymous e-mail addresses. Apparently
3 r- R% i4 q) m" B# useful for combatting certain DoS attacks.9 S$ g8 e* Z5 B1 \
#deny_email_enable=YES
4 w# L- q; Q1 w6 U2 X# (default follows)
9 A, E- i* E: r! `) C#banned_email_file=/etc/vsftpd/banned_emails; J! u( {$ d" W4 |) S
#
4 Y$ ^* u9 A) S# You may specify an explicit list of local users to chroot() to their home* z9 ^3 k1 d( w0 p/ C
# directory. If chroot_local_user is YES, then this list becomes a list of
( [1 W3 n, A- \+ D" o7 c# users to NOT chroot().- @& c+ V6 m* C" n3 ?8 w, q
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that) g6 X8 g) @9 s: X9 w6 ^$ ?
# the user does not have write access to the top level directory within the
' _. R1 G& Q- A- N S2 |# chroot)
. R3 Y1 ~$ T/ h4 _. M, r+ S+ gchroot_local_user=YES- J$ X0 {" G4 l1 t. G0 m& S; p6 L
#chroot_list_enable=YES
( F$ E) u6 \' w$ n n, A0 g' t, A8 l# (default follows)
9 v# I1 C- O, v @2 X3 T#chroot_list_file=/etc/vsftpd/chroot_list
- t( e7 @# i& u* }#
# i' y& e* ~3 T- B% m# You may activate the "-R" option to the builtin ls. This is disabled by
* k" ~6 e* ], D- F+ p# default to avoid remote users being able to cause excessive I/O on large
) F& }8 [# a) z& @. m/ {8 ^" I9 m4 {# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume/ M/ U. Y+ Y1 J
# the presence of the "-R" option, so there is a strong case for enabling it.2 }- u0 j6 o3 I" \
#ls_recurse_enable=YES
2 g. z U7 c9 ?: ?2 s! F#
' k* b" M" ?' ?5 u1 }. U. o# When "listen" directive is enabled, vsftpd runs in standalone mode and
6 U* m9 T7 R7 d9 [# G. Y+ b# x, F4 f# listens on IPv4 sockets. This directive cannot be used in conjunction: |* b, K- E8 y9 `
# with the listen_ipv6 directive.+ S5 n' L: z: b( v4 {1 Z# G; x
listen=YES
( H& K" F( d3 i* r6 `& Ilisten_port=990
; `1 i- x! Z5 p% U) \pasv_address=公网IP
- s' d7 g2 r, X" H& E#( a6 e' c# u- F" _$ c3 n
# This directive enables listening on IPv6 sockets. By default, listening2 c* j5 X9 e2 w
# on the IPv6 "any" address (: will accept connections from both IPv6( D2 X W4 m5 i& A8 s& O7 v
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
1 \! j/ Q: w7 ~3 a+ @6 L# sockets. If you want that (perhaps because you want to listen on specific/ G3 H, g! F+ H7 P
# addresses) then you must run two copies of vsftpd with two configuration- ~# K [. G- e+ {
# files.! _" s3 a: i- M# |" |; u
# Make sure, that one of the listen options is commented !!: m4 V# C" B# S" ~5 S9 m* r# d/ A
listen_ipv6=NO2 |5 a" K" {* l/ `: j$ S
pam_service_name=vsftpd
7 E9 H; }' M% ]! a8 [* Luserlist_enable=NO1 ]" [ R; P/ t8 Z; E E1 E
tcp_wrappers=YES
" q K; \% w) h9 [$ q5 H9 Sallow_writeable_chroot=YES7 c9 E; s3 `# [7 N. e# s" L2 Q
userlist_file=/etc/vsftpd/userlist
! V3 H1 u7 z' J% \; ?userlist_deny=NO
: B$ }5 e% R2 e9 Ossl_enable=YES) ], Y* B3 e! N, u# G- M! {. [ t
ssl_tlsv1_2=YES
2 x. [, f+ M+ X4 p+ t- Mssl_sslv2=YES/ o* Y: U; x* E7 A! B6 F! n0 D
ssl_sslv3=YES/ o g/ r ~/ I' {! h
rsa_cert_file=/etc/ssl/private/vsftpd.pem0 }( [4 i$ F$ m3 }1 s' M2 h
rsa_private_key_file=/etc/ssl/private/vsftpd.pem' V( W! g4 k, [2 M
allow_anon_ssl=NO
9 ]2 ~/ L- l! [! l# L( Vforce_local_data_ssl=YES
: ^: B( k: ?9 e4 |7 Z6 v( h7 z" Bforce_local_logins_ssl=YES
/ u ~5 p, F0 A7 Z( D; drequire_ssl_reuse=NO
; T6 D, v0 R7 _) Q9 q- C! H7 {ssl_ciphers=HIGH
$ B7 a8 I2 e0 f. X) f- d& t$ x* Nimplicit_ssl=YES
0 C4 C* [. Q4 M8 |' a% `" Yftp_data_port=50000
' I; S+ h4 a9 \8 X! O, \/ @+ H) }pasv_enable=YES8 {/ @7 X. Z4 `1 c5 y6 ?3 R; j/ ~' p
pasv_min_port=40000
# x+ J% @5 i% g2 K* tpasv_max_port=50000( h7 v, Z1 B( n \- J- u/ @7 I
port_enable=YES
5 ~& e/ ?# s& Y0 Gdebug_ssl=YES3 G; t" I* b) ~9 m; r1 c/ _1 t* Y
pasv_promiscuous=YES 解决vsftpd连接错误425 Security: Bad IP connecting3 a/ O8 L% c+ [& e m3 q. _; y
% |) c( ]8 v5 X
i) A: X: |! l+ W3 L) P' X不知道他们IT修改了哪里 换个IP居然联不上 尼玛 把报错一个一个排查完 ' O- Y+ R8 E, ]+ j, h
|
|手机版|小黑屋|赛格电脑 华强北 电脑城 南山赛格 龙岗电子世界 龙华电脑城 沙井电脑城 松岗电脑城 pc4g.com
( 粤ICP备16039863号 )
发表于 2023-1-5 18:35:50