# Example config file /etc/vsftpd/vsftpd.conf7 ]" n, r9 G7 ~" N7 x+ L
#& L# ]" A- E# W: \; S
# The default compiled in settings are fairly paranoid. This sample file
3 x1 {6 b% `; ^# loosens things up a bit, to make the ftp daemon more usable. v4 i, _4 e5 P3 n) V/ E+ V
# Please see vsftpd.conf.5 for all compiled in defaults.! B4 `% j* z' I' a" D2 _
#
7 r, _6 }2 ?. H" P2 z2 B# READ THIS: This example file is NOT an exhaustive list of vsftpd options.: @* f3 E, p" r6 x( f# E7 b
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's! P: w* \( d' K m2 O+ d% Y S7 f$ C$ U
# capabilities.
1 Q5 @. }5 L1 d' L. k; q( m#! g. L/ ]2 h% H* a
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
3 x' f$ s9 c9 L4 h0 X2 Banonymous_enable=NO
' f* z7 A& M$ ^0 o) e. d7 q% I#
* v# ~; G! Q) H+ R' y2 ^% f# Uncomment this to allow local users to log in./ G$ g- ^$ c5 G
# When SELinux is enforcing check for SE bool ftp_home_dir
, a" P& x7 J% m7 w, h1 klocal_enable=YES
0 d, [; N( }5 P9 [7 I0 [/ H' X#
2 x- C' z" q7 Y! [5 ?# [# Uncomment this to enable any form of FTP write command.% K( t/ ]1 E4 A/ _; j' A4 G. K
write_enable=YES
, D# F+ v. `2 J1 ^#
8 ]6 y2 O1 S2 [# Default umask for local users is 077. You may wish to change this to 022,- r2 U z9 P3 K; Z; y* d" V1 T
# if your users expect that (022 is used by most other ftpd's)
$ G1 X8 }/ l' |7 E; Ilocal_umask=022" w8 O8 W9 V, V' e6 y
#. D3 ^- j l2 {0 g, t& \
# Uncomment this to allow the anonymous FTP user to upload files. This only4 Q) H0 T; n# q' z# I4 s$ D* \
# has an effect if the above global write enable is activated. Also, you will& b# i; @7 S. u3 y
# obviously need to create a directory writable by the FTP user.
: n$ X& Q9 i# L: o4 J6 \+ h# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access) f( G/ r! N& @
#anon_upload_enable=YES& t# _& C. i& I$ q9 p" I* }- l
#5 G+ ]' o/ M' }" E$ }2 `
# Uncomment this if you want the anonymous FTP user to be able to create/ @$ P, e4 `8 W
# new directories.; Y# o7 H/ F- V# f d$ E5 H, \* t
#anon_mkdir_write_enable=YES
7 g1 x. n1 L4 _, G! e#% U$ ?: I. @- F% v
# Activate directory messages - messages given to remote users when they
- t' ?% t6 ], K" g( u; d$ s% X& \# go into a certain directory.
; d9 f, V+ s- M0 l1 N- x" |dirmessage_enable=YES
$ \8 e. g3 N' B: O#$ Z- ?' |0 T, H: P
# Activate logging of uploads/downloads.
/ y. y% k: ]0 Sxferlog_enable=YES# Y* F; L' l# C8 f9 o
#
o8 n5 F; W4 ^' k5 I$ ~# Make sure PORT transfer connections originate from port 20 (ftp-data)., b* S+ |* ]7 d
connect_from_port_20=YES
: [9 \, |4 c; O/ U#
Y; |+ l3 e6 k' Y# If you want, you can arrange for uploaded anonymous files to be owned by6 ?( k' b, U& Z, g# X: |
# a different user. Note! Using "root" for uploaded files is not2 e; Z! F3 y5 u0 `1 w* v
# recommended!$ C" l/ M0 o4 {+ \4 }3 t
#chown_uploads=YES
7 T; p8 k% D& P) {#chown_username=whoever
7 x5 h4 v7 {, \% z: C" Q0 D#
9 p2 Z! N* f r$ [% z% G# You may override where the log file goes if you like. The default is shown: Z: J7 n2 A' A5 H. d" Q
# below.# h; N2 Z: C2 Y$ r$ k) m
xferlog_file=/var/log/xferlog
0 J/ o0 r6 W& \#3 F& m! L8 ~8 q& u2 e4 |1 W5 X
# If you want, you can have your log file in standard ftpd xferlog format.% l: ^% n8 V; G9 B9 a6 S6 a3 ?
# Note that the default log file location is /var/log/xferlog in this case.3 B( r2 Q* M9 }: ~# A" Z$ v
xferlog_std_format=YES
) P+ { A) q% C" U( s+ I Q#5 t6 o5 d* g# c W4 Q4 k8 X
# You may change the default value for timing out an idle session.
# B3 `4 _) V& E% I' V, H7 ? P#idle_session_timeout=600! k" i& l* \; b( T' `1 B
#3 {2 y$ a ]! `" z( ^' [
# You may change the default value for timing out a data connection.! T- ~; h& M3 t7 Y, P- [6 k5 S! _
#data_connection_timeout=120# b# q; o3 y/ m E" q+ ^
#
) K3 D6 I/ w- S( p8 J1 Z) e5 g# It is recommended that you define on your system a unique user which the$ s* [: D, T/ @/ f% Q0 w& Z* M
# ftp server can use as a totally isolated and unprivileged user." D" N' |+ d, r8 R" F% x, X6 I% Z
#nopriv_user=ftpsecure2 W0 q3 e. @# l$ b8 s: q
#1 H! W. R* T. |: Y6 y9 d
# Enable this and the server will recognise asynchronous ABOR requests. Not
; q7 E8 x* ?/ o4 }1 J# n' E# recommended for security (the code is non-trivial). Not enabling it,/ P- z3 t. s+ a( ~4 i& s* @" b
# however, may confuse older FTP clients.4 N. X' m( v% H( l9 {/ O m/ [. H
#async_abor_enable=YES
' ^( ~" h+ [) M; B, |* C#: R& n: H2 ~! k g
# By default the server will pretend to allow ASCII mode but in fact ignore
& c: B7 S6 j g) K9 M# M2 s# the request. Turn on the below options to have the server actually do ASCII
4 S+ d" r9 z5 c& `/ s. V, ]# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains. p; A1 x$ P* {* U; J7 D2 h
# the behaviour when these options are disabled.0 l" H4 k; ]/ R( V8 F$ Z# \6 f
# Beware that on some FTP servers, ASCII support allows a denial of service; J5 @5 s0 r. C2 D& z) Y! s8 M- R
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd( Q* y" D+ Y" \) w( Z+ h
# predicted this attack and has always been safe, reporting the size of the; j9 K* U& u: N2 j: x/ b
# raw file.
5 m" D# y0 M5 U2 F; K# M! D# ASCII mangling is a horrible feature of the protocol.7 ?" @: M2 i0 d
ascii_upload_enable=YES
+ |: |9 N- y! f' L/ Kascii_download_enable=YES
, s3 T5 y8 V8 H9 o#* M- o/ N; C' a. d
# You may fully customise the login banner string:
7 `$ C2 Z8 b) n#ftpd_banner=Welcome to blah FTP service.$ Y0 I; E- \6 W- f4 J
#! G7 L& B0 `6 t2 [. }
# You may specify a file of disallowed anonymous e-mail addresses. Apparently, y: Q3 l# k4 ]. h8 w. ~
# useful for combatting certain DoS attacks.* d0 z% d2 j; [* q# _
#deny_email_enable=YES
2 `5 b; ?8 }* s K! L+ E( ]# (default follows)
: g+ ^ g* c/ p) h ?3 g* q/ O#banned_email_file=/etc/vsftpd/banned_emails
8 Y. W( M% m3 g: \: r#
0 H/ D% o- V0 H _# q [# You may specify an explicit list of local users to chroot() to their home4 d H/ I! V" e) S# J* S0 f$ z0 Z* z1 `
# directory. If chroot_local_user is YES, then this list becomes a list of, i" ?: p/ e( m0 Y0 h
# users to NOT chroot().
# r* u, ^1 q8 E# v" R7 F: s# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that, }0 X( u6 y! W5 v, }; V7 b
# the user does not have write access to the top level directory within the7 W! z' ]3 d8 P0 ~" b
# chroot). f4 x$ j g' c+ H
chroot_local_user=YES; }; ~: J5 A3 O2 y
#chroot_list_enable=YES( ?. t" i x/ U$ C
# (default follows)2 f1 h1 s$ p! G+ C
#chroot_list_file=/etc/vsftpd/chroot_list
& M& J: k C; k9 m#7 M" z/ [3 \/ R. ]* |3 a" W
# You may activate the "-R" option to the builtin ls. This is disabled by% s. `( U$ O+ }7 S5 a% Y% |
# default to avoid remote users being able to cause excessive I/O on large Z7 Z2 A1 r0 e' f
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume8 X/ _9 i: b5 x8 X0 u/ t5 y
# the presence of the "-R" option, so there is a strong case for enabling it.
. I6 y7 M: g2 L s#ls_recurse_enable=YES
( [/ e7 P+ h5 D) q" w3 r#8 G% e. h# O5 I r6 Y* Y
# When "listen" directive is enabled, vsftpd runs in standalone mode and3 l- w5 G" Q3 m% l
# listens on IPv4 sockets. This directive cannot be used in conjunction
' d+ C9 Q" z% K; M/ B) A& o# with the listen_ipv6 directive.
; l( u! d {( H" m' P- Blisten=YES5 O: K- F' R4 e1 D. U/ Z' V
listen_port=990
9 l! r h0 N' ]6 t' s/ ]pasv_address=公网IP
- I( U z% q$ s3 K#
H5 d: u3 T" T. `4 c5 I5 x6 [# This directive enables listening on IPv6 sockets. By default, listening/ J/ E$ B2 |; P' I
# on the IPv6 "any" address (: will accept connections from both IPv6) u4 O7 \! `+ |7 t8 L/ t, d
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
2 o' O5 o+ J+ H& D2 }4 k# sockets. If you want that (perhaps because you want to listen on specific
# r; G. U! U4 U) g5 `' E; l4 j( |# addresses) then you must run two copies of vsftpd with two configuration
! \3 l0 ?% T3 h7 Y. u# files.
! n' x$ F4 V" Y; Z, k. ~# Make sure, that one of the listen options is commented !!
8 c2 \4 z7 }' o( dlisten_ipv6=NO
% j5 Q0 j1 |. m3 D. |pam_service_name=vsftpd
/ b$ d- x8 O/ P7 R0 s* [6 O& \3 Muserlist_enable=NO, y% m9 A% u- K, J6 l6 Z' D
tcp_wrappers=YES Q/ g$ N& ^0 M
allow_writeable_chroot=YES
" y t% z Z. }0 a2 q$ iuserlist_file=/etc/vsftpd/userlist% N3 d* F( A, M! E+ w$ q" o
userlist_deny=NO
$ b9 E0 H0 R5 t( X. {0 E/ z$ yssl_enable=YES# c; W$ l/ F' q' R& j
ssl_tlsv1_2=YES) j- z4 W) C; B+ m& W
ssl_sslv2=YES/ R( c2 ~! b( y: w/ \
ssl_sslv3=YES
( |8 M6 @9 f, p5 }! Krsa_cert_file=/etc/ssl/private/vsftpd.pem
0 _! u/ ~; }! i7 z6 i9 L' a% frsa_private_key_file=/etc/ssl/private/vsftpd.pem6 |. V. B+ K: o$ y1 h! |
allow_anon_ssl=NO& d* ?# R$ I, s! m* Q9 l* a
force_local_data_ssl=YES/ H5 r2 p/ m% z0 x
force_local_logins_ssl=YES5 q) L% W% ~5 n7 C
require_ssl_reuse=NO
# @3 F* S& `% \5 e: G- }ssl_ciphers=HIGH
6 p$ o2 \8 A( pimplicit_ssl=YES
% m3 D/ V; Z* `8 c0 Wftp_data_port=50000+ r# y/ v: W }% f9 O+ f6 P
pasv_enable=YES
F. Q% f2 X+ ?( Ypasv_min_port=40000
3 Y" }/ a1 l6 i! y& G: E4 Y5 upasv_max_port=50000
( i, Z+ o, C3 [+ Z# R1 c3 H$ B/ }8 tport_enable=YES9 h7 b1 k- `, K% w2 m
debug_ssl=YES
1 m4 T s& e& t! s) jpasv_promiscuous=YES 解决vsftpd连接错误425 Security: Bad IP connecting' K9 [& s! n( }
& G+ s9 b5 ?9 {3 k$ c6 d; Y |6 L2 s2 t# ^
不知道他们IT修改了哪里 换个IP居然联不上 尼玛 把报错一个一个排查完 5 A* s* q1 L6 }* a S; L4 u
|
|手机版|小黑屋|赛格电脑 华强北 电脑城 南山赛格 龙岗电子世界 龙华电脑城 沙井电脑城 松岗电脑城 pc4g.com
( 粤ICP备16039863号 )
发表于 2023-1-5 18:35:50