# Example config file /etc/vsftpd/vsftpd.conf
' A9 k" K, T# B0 D' L0 {2 H6 S#4 ~: T# J. R7 R0 Y7 W6 }
# The default compiled in settings are fairly paranoid. This sample file
+ t9 S2 t+ l1 O9 h5 G, }# loosens things up a bit, to make the ftp daemon more usable.; i% H: m* y& Z! X( o: k$ O9 x
# Please see vsftpd.conf.5 for all compiled in defaults.
: V+ a2 g$ V0 F1 D# _#* F& B7 l8 U6 e4 {- f M: w1 {
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.9 H0 M& w1 M: M4 l0 N2 E
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's: c( T1 d3 _; D3 S. H: \
# capabilities.
) f6 @' N O- u3 Z" f) J, Y#7 L; B' O4 y8 i" O
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
5 R) T8 i: }1 |6 k5 a2 [4 O9 vanonymous_enable=NO5 q& r( K$ c6 Q. g# X2 ^8 y
#
* Y, D4 k- S' M$ H v* e7 M# Uncomment this to allow local users to log in.# |2 d. V3 P, U% I1 M7 R2 `. K
# When SELinux is enforcing check for SE bool ftp_home_dir6 t b: A; g" B
local_enable=YES, p! z" J! E) j; ?
#
3 M0 H, j {% X2 B5 Y# Uncomment this to enable any form of FTP write command.3 C( N2 z& z5 Y% {2 f' R7 ~$ ?
write_enable=YES
4 _4 n3 R, j7 @) y6 F+ v) J$ x" _, w#; W, D b1 E }" B- s y8 Q
# Default umask for local users is 077. You may wish to change this to 022," h% B/ L: M5 }3 A$ H' ^
# if your users expect that (022 is used by most other ftpd's)
8 I' C# a/ ]3 K# ?. s$ xlocal_umask=022, J7 ~ Q/ V r( \
#
, }1 w, V4 p3 s1 E# Uncomment this to allow the anonymous FTP user to upload files. This only7 D. V% E- C' D1 e: [3 [/ h$ D9 _
# has an effect if the above global write enable is activated. Also, you will$ |0 m9 E0 B, g' w0 M
# obviously need to create a directory writable by the FTP user.
5 V. q% }9 g4 F+ ]7 K, b* W; u1 X4 Q# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access
! T" e- p9 {# `#anon_upload_enable=YES
2 S' m n M- `4 R#
+ n( K) P" a/ s) x3 t# Uncomment this if you want the anonymous FTP user to be able to create
+ Y7 p- P+ T$ ^8 A5 p2 g# n# new directories.: z& u A. a: g4 y( s
#anon_mkdir_write_enable=YES
2 G! R+ ?/ x' A1 U8 H#
) X, S$ V1 ~- X0 w2 Z' Y& @# Activate directory messages - messages given to remote users when they
! L+ o. J& y2 `, t m* Z# go into a certain directory.
; Y! { v3 f4 v. Ldirmessage_enable=YES+ p7 F# Q% @5 R
#4 D* |/ L2 R8 B2 s" C
# Activate logging of uploads/downloads.# P" c5 [5 Q) i5 } p
xferlog_enable=YES
+ I P. d4 c" t+ S8 ?. \$ v#
) S5 s/ Q7 k; U3 Y7 y$ q5 H# Make sure PORT transfer connections originate from port 20 (ftp-data).
7 y; F3 p* ~7 Q" ^% ^% mconnect_from_port_20=YES
0 P6 @7 G2 A/ h% s3 q6 |, C#% Y) v6 Q* Z0 n# d/ f5 ]
# If you want, you can arrange for uploaded anonymous files to be owned by
: T( S, u) Q/ o+ d$ O' U' U8 _$ V# a different user. Note! Using "root" for uploaded files is not
( c C; n; D0 D0 A, N7 [5 B# recommended!0 i1 K; X! m3 V" m4 i% b, F
#chown_uploads=YES
7 W% I" g0 a; y" ?4 h+ H#chown_username=whoever! w: J) B2 N! G h: _( P! S% J
#
; O8 V2 ?. D. ^* h; L# You may override where the log file goes if you like. The default is shown
% p7 y; o: ~5 {9 G# below.+ ^" K& z; I& N. t$ V
xferlog_file=/var/log/xferlog8 R/ x% y1 T- g8 \% `: D9 ~' ?
#3 n4 a6 _0 T$ d
# If you want, you can have your log file in standard ftpd xferlog format.0 n3 B I" ^5 \8 i4 A0 H9 ^) X
# Note that the default log file location is /var/log/xferlog in this case.& j6 ]; _, i+ O
xferlog_std_format=YES
: ]6 R3 V1 `0 I( Z% a% Q5 y#
8 k6 c1 O# w! [- h5 t# You may change the default value for timing out an idle session.
|+ {3 D8 O$ d9 d( z1 t#idle_session_timeout=600 R) P0 H& C7 c; @
#" Q9 M2 l3 U" P$ S% }9 k7 u# z8 [
# You may change the default value for timing out a data connection.' P1 _5 J8 o9 C: Q5 ~* N- n
#data_connection_timeout=120. x7 y8 p3 `7 V6 A
#' c$ v' L+ Y# `
# It is recommended that you define on your system a unique user which the- A9 ]7 ~/ @2 M* P
# ftp server can use as a totally isolated and unprivileged user.
& P" x" j1 d% g/ E4 ?: a# A7 X4 k#nopriv_user=ftpsecure$ T3 u' }1 C6 O' s/ }% z& T9 S
#& ~& g9 h$ g% q$ I) f. g( l; }0 O8 h
# Enable this and the server will recognise asynchronous ABOR requests. Not
, U) ]3 v% i4 @1 c0 j- G8 s# recommended for security (the code is non-trivial). Not enabling it,5 i, F& y `$ `" M( W W
# however, may confuse older FTP clients.
* j: z! ?+ F) `2 Q5 C+ u#async_abor_enable=YES' L w6 @$ R& `6 ]4 Z
#7 t% c( `' I J
# By default the server will pretend to allow ASCII mode but in fact ignore
n9 z& [1 x3 q3 Z) S7 n# the request. Turn on the below options to have the server actually do ASCII. s( [& Z9 C6 c9 B( }
# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains) L! X8 x1 I3 Z8 ]$ c
# the behaviour when these options are disabled.
" g+ Q) g2 t I- F( r# Beware that on some FTP servers, ASCII support allows a denial of service m, E8 x' O: a0 V, \
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd: P5 P5 n3 \- T0 k
# predicted this attack and has always been safe, reporting the size of the* Q- A; q& l1 {. ~
# raw file.. W& _( y/ f* m
# ASCII mangling is a horrible feature of the protocol.
9 S# p; s- s U7 X% t3 s$ Dascii_upload_enable=YES6 e8 z. M8 E1 F+ e2 u. X7 ?: \1 j1 j
ascii_download_enable=YES9 G2 a1 p( K, l: j7 u6 H
#1 {' P; g/ u J
# You may fully customise the login banner string:
' V. o- l- O% T& {#ftpd_banner=Welcome to blah FTP service.1 d9 w3 J7 |7 t& B
#* R4 b) t( e$ k, i! D
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
2 m8 p' |: h* P! }* i1 B0 _# useful for combatting certain DoS attacks.( [! [, o8 p6 r- \0 v) Q
#deny_email_enable=YES1 ]$ B6 e" J- B2 c
# (default follows)
N* W3 R0 @- u3 c8 R3 p+ i! K#banned_email_file=/etc/vsftpd/banned_emails: a/ W7 t5 G4 ^, d
#2 [) m2 q/ Q& I$ |$ \6 d6 [
# You may specify an explicit list of local users to chroot() to their home
3 p6 f! Z) ~; }2 l: k8 ~# directory. If chroot_local_user is YES, then this list becomes a list of6 z9 M9 s' y- C& d. R
# users to NOT chroot().6 K* k: l* a5 S7 M
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
' B- E+ V/ Q2 f* \( M& Q# the user does not have write access to the top level directory within the
' g$ L( h+ K+ }# chroot)4 }! N5 k$ p7 b# s/ P4 W
chroot_local_user=YES
& C! M- D, w2 w! [4 F$ D! T4 ? W$ e#chroot_list_enable=YES
' t1 Z5 c4 G4 n# (default follows)- a6 q* @, q9 g% O
#chroot_list_file=/etc/vsftpd/chroot_list
V. F3 p0 g1 @( x0 {" I5 C#- ^7 Z9 e+ y; ^3 B# G
# You may activate the "-R" option to the builtin ls. This is disabled by
+ g% H8 q- V' ]/ i# default to avoid remote users being able to cause excessive I/O on large& G2 I$ u, S0 L' k
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
0 h' H1 ^3 J. n, |( \$ L# the presence of the "-R" option, so there is a strong case for enabling it.
; h4 X2 r& w+ L4 c$ j" V/ F" ]' ^#ls_recurse_enable=YES
3 i. _ V9 s+ ?$ a% j. P% o& g3 l: D#2 R5 h5 W1 }1 s5 w
# When "listen" directive is enabled, vsftpd runs in standalone mode and- N- n# H' S# w+ ?6 u
# listens on IPv4 sockets. This directive cannot be used in conjunction4 c9 p. }: Y( a( Y8 R9 W1 s5 F
# with the listen_ipv6 directive.
$ ?4 x8 s2 r0 C0 b8 Y7 I* l8 llisten=YES1 i9 S6 W: A( N+ K$ O4 E! R" U5 S
listen_port=990* ?* B* o7 R) x( w# `8 r; B+ v: l
pasv_address=公网IP
5 D; ^5 g; G- M#
5 W8 Y/ t- {$ e# This directive enables listening on IPv6 sockets. By default, listening
( f3 e0 \" j9 g# on the IPv6 "any" address (: will accept connections from both IPv6- {% i9 c" i% r; v( M
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
6 O) l$ K+ v" l& l# sockets. If you want that (perhaps because you want to listen on specific( @7 A) [" J/ U, ~
# addresses) then you must run two copies of vsftpd with two configuration
4 e' C/ G3 k4 B9 ~$ O0 ~# files.
! U; @1 ]: P. M: Z2 s) W b# Make sure, that one of the listen options is commented !!$ [! t( \/ m* z ~
listen_ipv6=NO& p8 K0 X4 \7 ^3 P; E4 g m
pam_service_name=vsftpd+ f8 U4 ~$ @% V4 F% z% g
userlist_enable=NO
9 H: J) c/ ], j2 P( [$ ^tcp_wrappers=YES
; g# Q+ B2 N# \: U5 ^allow_writeable_chroot=YES6 n5 Q3 Z" R! H+ n# t$ u. j
userlist_file=/etc/vsftpd/userlist' [+ ^% d5 U5 @. l2 Y
userlist_deny=NO
" U6 ?& [! j' J2 Y0 Essl_enable=YES# W( x# G& v) `$ V7 e0 {! x
ssl_tlsv1_2=YES3 J- u" H( R" ^7 k- T$ [
ssl_sslv2=YES
% U- b& m8 d# H! q0 E" }ssl_sslv3=YES
& x( P3 ]4 x1 {, hrsa_cert_file=/etc/ssl/private/vsftpd.pem' s& }8 x- K7 a% V
rsa_private_key_file=/etc/ssl/private/vsftpd.pem( q3 a l8 N: T) N2 w
allow_anon_ssl=NO1 G, F1 s0 h7 M) C* R0 I1 M: I
force_local_data_ssl=YES
0 a5 E: r; z- P8 Y' rforce_local_logins_ssl=YES7 k" `8 a, A5 }* d2 F/ K
require_ssl_reuse=NO
: ^' v; P, h" N7 Nssl_ciphers=HIGH
3 a1 S Q4 {8 J" bimplicit_ssl=YES( W3 Y4 R/ j+ k/ g2 n& b1 p8 o$ v8 z9 n! q
ftp_data_port=50000; Q: L) w. v3 p7 B4 w
pasv_enable=YES
: `) @6 F: l( i$ B4 W* q, @pasv_min_port=40000
+ D4 n8 |$ y& F$ N- Hpasv_max_port=50000" @! Z8 f" A1 M4 S! v6 ^
port_enable=YES: {7 [' z3 L% _
debug_ssl=YES* [5 [) \+ L- d+ s" {3 \* ?* R
pasv_promiscuous=YES 解决vsftpd连接错误425 Security: Bad IP connecting2 O2 F9 l' s7 B
3 p/ x4 U+ L2 w O4 V( P& c
+ U/ y+ I _" T0 t" T不知道他们IT修改了哪里 换个IP居然联不上 尼玛 把报错一个一个排查完 A; n9 Q7 s. T$ S E
|
|华强北 电脑城 龙岗电子世界 龙华电脑城 pc4g.com
( 粤ICP备16039863号 )
发表于 2023-1-5 18:35:50