# Example config file /etc/vsftpd/vsftpd.conf
2 i6 R4 S' X+ n5 E#
! r9 Z4 Q" E0 A3 j+ e# The default compiled in settings are fairly paranoid. This sample file
" m2 v2 `+ u7 V2 F# ^9 Z# loosens things up a bit, to make the ftp daemon more usable.7 B L- `: q' o; Q
# Please see vsftpd.conf.5 for all compiled in defaults.+ }9 S- P% U: V, U* k: ~
#
) s( _1 j6 S6 i) Z# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
; P9 x! X7 G. J8 s# P1 y# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's/ s/ H/ t2 k7 U* ]1 o
# capabilities.
! ]* n' e! o( G- P6 E#) c" x0 Y+ {. d3 o0 g( g
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
8 w) {' z% r6 t" \0 j6 G* vanonymous_enable=NO
1 R3 a! k! ]% L# N% B1 R/ p6 c0 B. E2 q
# Uncomment this to allow local users to log in.
* k# z5 c! u( ^. ?# _! |' M# When SELinux is enforcing check for SE bool ftp_home_dir# X# m4 l; Z5 m b! n
local_enable=YES
) p( m: W& D4 P" {#9 v0 B- w: r9 ^ H- L
# Uncomment this to enable any form of FTP write command.9 F) |; }, g4 _+ G0 D3 B
write_enable=YES
7 _4 }0 M. [, o6 a: D( d" M#
+ u. |4 O/ }- u$ P5 H0 D& m# Default umask for local users is 077. You may wish to change this to 022,
2 |! o' c7 X j1 Z. S* E# if your users expect that (022 is used by most other ftpd's)
3 a' g' u) D/ _3 q! r9 N6 mlocal_umask=022" m! s# C% K1 F4 @: [3 w9 @
#
8 `9 g* w# i: t7 U, O) ^# Uncomment this to allow the anonymous FTP user to upload files. This only% E1 \6 i# w* _* X ]5 z
# has an effect if the above global write enable is activated. Also, you will
; R: }6 G V; l H& X; A5 ~3 s# obviously need to create a directory writable by the FTP user.& I. K9 [. O" [, G
# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access8 L* i4 v! a3 x5 E3 U0 T
#anon_upload_enable=YES
* K1 J- y$ L: K% b#
) ]5 J: Y3 K+ b! T# Uncomment this if you want the anonymous FTP user to be able to create
" E) t) a [) |1 \( H# new directories. X- H) ?" v+ }
#anon_mkdir_write_enable=YES/ F" _" m! |& }' T N R+ Y
#
8 T5 \) C9 `# T2 O/ Y1 k# G# Activate directory messages - messages given to remote users when they
0 O6 e" s6 \% S1 F ? E# go into a certain directory.' k: O. X9 B# ^9 J
dirmessage_enable=YES
. ~! y* L# o, k' [- g6 K9 P#4 y; i* ^4 z# u' g) d$ o
# Activate logging of uploads/downloads.
+ r$ ~* D/ t; axferlog_enable=YES
8 j. |: n. r, n P9 D. P#) B5 ~! i1 K, O# ], h2 Y' P9 `
# Make sure PORT transfer connections originate from port 20 (ftp-data).8 ? Z P! V, ?7 M5 G! n: z: ^
connect_from_port_20=YES
2 v: h6 {, l7 K o4 E) J% r6 l#' k, G$ @" S6 ]4 |$ \9 j
# If you want, you can arrange for uploaded anonymous files to be owned by
& t/ ^' i9 `1 T6 y1 k2 Q- e# a different user. Note! Using "root" for uploaded files is not
0 g9 k u% s% T# recommended!/ P7 K) c5 U; i2 M B. H
#chown_uploads=YES
5 i4 R( N Q6 o, c% u' z# g#chown_username=whoever2 z2 B, V# {; R6 x d$ E3 h
#
+ Y5 u) a v: S! i9 d- ?* |- I# You may override where the log file goes if you like. The default is shown
8 O4 ?0 Z( N) a7 w* Q# below.
9 x' M. Q0 b7 vxferlog_file=/var/log/xferlog
& R& {9 y8 [( R5 A4 }#
! e; x* d, Q) a8 D5 C2 u9 `. f2 C0 b# If you want, you can have your log file in standard ftpd xferlog format.
( a4 R2 A! V' F* G+ i$ E# Note that the default log file location is /var/log/xferlog in this case.# A# s9 ]; D1 L
xferlog_std_format=YES
4 p3 ~0 v3 ~) S' K m8 ~! ]#( S) V2 B, p+ h
# You may change the default value for timing out an idle session. x" H" k. A0 g. L
#idle_session_timeout=600
/ s( Q- P8 t5 K2 @#
" k+ V# k4 h' v' J2 R# You may change the default value for timing out a data connection.
: \, w; g5 L: C#data_connection_timeout=120
7 Z) I9 ]- h4 W) r## n' o" B+ `2 o4 g3 Q* c0 r
# It is recommended that you define on your system a unique user which the2 I$ u. Z+ s, |$ V+ N8 n
# ftp server can use as a totally isolated and unprivileged user.
6 Q7 m7 ^5 p, w% V#nopriv_user=ftpsecure
# s/ R) R0 W: z' \7 J) S A9 e' n#
6 E4 ^0 R, r, I9 q; w) S# Enable this and the server will recognise asynchronous ABOR requests. Not) Y+ ^) W9 b" _$ f$ X
# recommended for security (the code is non-trivial). Not enabling it,
: H0 [* U8 S0 G8 [# however, may confuse older FTP clients.7 P" M2 K' b2 C+ o
#async_abor_enable=YES) t I2 [: y' }. x) }+ y8 y
#3 k; K" w' i: l* i
# By default the server will pretend to allow ASCII mode but in fact ignore
" Q' A) y9 b0 t& R6 L, O1 B ]0 |# the request. Turn on the below options to have the server actually do ASCII
( p% s% B5 |' S, c# f# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains
7 y& @# U. y p8 i, x) B" D X# the behaviour when these options are disabled.5 I w/ ^; j* U
# Beware that on some FTP servers, ASCII support allows a denial of service0 r+ T/ d+ d# j9 W% `+ Q
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
" U/ b4 @6 _3 s% s/ d' p7 V! V# predicted this attack and has always been safe, reporting the size of the9 Q5 w( E+ s- d8 V: m3 O
# raw file.
" `3 i$ A0 Q9 n% l* D4 M# ASCII mangling is a horrible feature of the protocol.
A' |; }* e- N' X7 y* pascii_upload_enable=YES' {; L8 k, g: b! O6 J8 U/ x t
ascii_download_enable=YES
0 a# {. P Y; V1 i2 L e( K" S#
9 m3 u, K" q' F: ]9 E$ x4 `# You may fully customise the login banner string: A! x8 i/ a6 x, m$ @! N
#ftpd_banner=Welcome to blah FTP service.
( V9 R9 ?4 j% M9 p: q% D#7 f, i( k1 ~4 S' n1 h8 }
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
" \0 m p! r8 }" ]! Y! ]. l8 f# d" l# useful for combatting certain DoS attacks.
- m2 }" ~; v! o- s" n8 F#deny_email_enable=YES6 s$ e3 m! {/ O$ B2 S" l9 }
# (default follows); D0 ]; @% x( `2 H. r; N/ y
#banned_email_file=/etc/vsftpd/banned_emails7 X% ^* U. T2 P) s \
#! h( A( o! _3 Z" @
# You may specify an explicit list of local users to chroot() to their home6 K0 L6 Q: s Z7 u2 r
# directory. If chroot_local_user is YES, then this list becomes a list of
. q4 R- I+ s" A8 v; S# users to NOT chroot().
. k7 E; H0 m+ q5 a# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
5 p2 r2 J+ L; p# the user does not have write access to the top level directory within the) i9 ]6 |9 t) H# ]+ m6 l7 J; t& C2 [
# chroot)& S1 e/ m: G U6 |+ X
chroot_local_user=YES
0 r% y& E% B4 }4 m#chroot_list_enable=YES4 S1 y- F/ w, M! }5 q
# (default follows)9 y( \, e. h6 \5 d- H
#chroot_list_file=/etc/vsftpd/chroot_list
2 X l; C) d. `- `' O9 o#" T6 ^8 N# p# D: m8 U' r
# You may activate the "-R" option to the builtin ls. This is disabled by- K* K: h( A- j& U3 C' r
# default to avoid remote users being able to cause excessive I/O on large
& y& n1 F6 s# D! [5 K# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
' I6 s$ P$ P* z1 @9 X' R- e# a# the presence of the "-R" option, so there is a strong case for enabling it.
2 g# ~6 [" X- m q#ls_recurse_enable=YES
) n+ j' o) m' t( I#
4 ^; G4 C' i C$ e* |7 O# When "listen" directive is enabled, vsftpd runs in standalone mode and# _( m2 z7 u+ X* s
# listens on IPv4 sockets. This directive cannot be used in conjunction$ T7 ?: j! w( @" y/ w# d
# with the listen_ipv6 directive.) R1 [5 Q, y, U* g8 o0 [
listen=YES
+ u+ P( ~1 J% U" b7 [# w5 }listen_port=990' i$ C; b h1 k6 }8 w3 s" }
pasv_address=公网IP- P o% F- V* \/ e' T3 d
#3 g" K1 M, v& l+ Z6 g
# This directive enables listening on IPv6 sockets. By default, listening# M3 x; R( k; Z# W( a7 H1 @
# on the IPv6 "any" address (: will accept connections from both IPv6
( j8 X8 X1 _9 B A# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv69 h3 }0 L7 c* N% r( D
# sockets. If you want that (perhaps because you want to listen on specific
' j# [9 ]+ n0 I# addresses) then you must run two copies of vsftpd with two configuration# d- T: p5 d0 k& E+ V D2 |
# files.
( w' I' R% _3 G4 W) M' J& s# Make sure, that one of the listen options is commented !!
" Q& k% r& W! Z( ]listen_ipv6=NO ^. _( P Z% _) R) o9 z& h3 L
pam_service_name=vsftpd a6 N2 K3 c) n! o' T. r
userlist_enable=NO
& Q8 T+ i8 C( s8 vtcp_wrappers=YES0 {% i% Y8 y. W8 K4 y
allow_writeable_chroot=YES/ }; v1 Z8 T1 L1 G7 P3 ~
userlist_file=/etc/vsftpd/userlist% ~' i% H6 i& g, U% u
userlist_deny=NO
) w/ n2 Q# f7 Cssl_enable=YES/ d% N! K0 B7 p7 `3 f8 Z
ssl_tlsv1_2=YES8 L j# q: E2 O3 D9 ~8 i, f% Q
ssl_sslv2=YES' x/ h7 Z4 l# e. Z: K+ G$ \
ssl_sslv3=YES+ w" r6 ?- w3 j: B1 h' n
rsa_cert_file=/etc/ssl/private/vsftpd.pem
9 J( N6 o* w- i( Y1 }rsa_private_key_file=/etc/ssl/private/vsftpd.pem: v0 c, x7 f) N9 v4 N+ J* C' W) z; v
allow_anon_ssl=NO
" ?% o4 v0 o V/ l8 ?: \force_local_data_ssl=YES. _4 b' n& o/ X3 c8 A: p% N: V
force_local_logins_ssl=YES
" t5 W ?/ m3 ~( c4 B( t$ frequire_ssl_reuse=NO, B7 f# S1 D: q
ssl_ciphers=HIGH
4 \' V+ B- \ k. r7 kimplicit_ssl=YES
! G4 i( Y9 L/ E* ~* \ftp_data_port=50000# [8 d" k& e$ B( r9 I* v
pasv_enable=YES
# |, N( {0 ^" B2 `1 h$ c. zpasv_min_port=400003 t/ Y( J, Y+ n: o2 B
pasv_max_port=50000
" K& \5 }$ `. \3 _; pport_enable=YES6 M( n- z f Y! I
debug_ssl=YES
9 A2 m a7 [; y1 z' ]5 {pasv_promiscuous=YES 解决vsftpd连接错误425 Security: Bad IP connecting
9 G/ f$ L6 O( e( q
2 W/ G1 Z. I L
& k& w/ A1 h' q- @3 ?" ?7 \不知道他们IT修改了哪里 换个IP居然联不上 尼玛 把报错一个一个排查完
+ p& u4 J0 A! H" S4 F& w: Z. R5 ? |
|华强北 电脑城 龙岗电子世界 龙华电脑城 pc4g.com
( 粤ICP备16039863号 )
发表于 2023-1-5 18:35:50