# Example config file /etc/vsftpd/vsftpd.conf
3 M5 u% K7 X" C8 V" g2 Q: B#0 F9 ]) g' Z2 I3 S; q
# The default compiled in settings are fairly paranoid. This sample file) v& S. K) _9 X4 ]
# loosens things up a bit, to make the ftp daemon more usable.; I/ V _* R8 c4 L) F0 i1 B+ x
# Please see vsftpd.conf.5 for all compiled in defaults.: e6 v$ K# R& x- z
#! y7 _ M" ~" R, _3 g! @5 n
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
0 ]. l' r. X+ \" R# t# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's0 e; i' o3 x" b m9 z3 g
# capabilities.
5 @$ b2 ~* m" z" E## [2 O& V1 _8 D. [5 A1 G
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
: l/ N3 O/ t: V( [+ Canonymous_enable=NO
1 ?: O, t4 ~# g# Y3 L#
7 r. R: Z2 p) M' J7 M c# Uncomment this to allow local users to log in.% w \* j, N. m4 a1 Y: [
# When SELinux is enforcing check for SE bool ftp_home_dir
- V/ ^, k( E8 ]3 _. v4 Plocal_enable=YES" {9 k9 r: z% L* N3 @5 c$ l
#
8 N6 S' {2 w! w* s W/ f# Uncomment this to enable any form of FTP write command.1 b- V( `( L1 m; U9 [% d3 x
write_enable=YES
3 J& C4 V* t. C. M' e#& I: M* p3 ?7 j$ C" M0 S" X
# Default umask for local users is 077. You may wish to change this to 022,* ]: q! `2 s, e: p: w# n% | Q7 w
# if your users expect that (022 is used by most other ftpd's) ?. p! ` L. R* B! s
local_umask=022
k2 t5 ~( C* B! @$ ^( O8 ?#7 `$ w* K# A2 ~* |
# Uncomment this to allow the anonymous FTP user to upload files. This only5 J! j0 @* e4 b( `
# has an effect if the above global write enable is activated. Also, you will8 Z: q( S- \5 s8 H4 q: _2 Z2 z
# obviously need to create a directory writable by the FTP user.
: {1 P) c& m. [" |$ f) c! U B# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access
% k1 z' m0 z# L3 o+ O4 a/ v1 Z#anon_upload_enable=YES4 g, G+ X7 r9 s9 D, A+ }% L
#! N. u" Y- Z2 F9 Y
# Uncomment this if you want the anonymous FTP user to be able to create
3 E) x) J$ G5 C5 ^4 c6 s# new directories.5 R% |, s; C$ a7 E
#anon_mkdir_write_enable=YES
, y; L: o6 ~; B9 ]7 h#
y( O, w* V& _. I# Activate directory messages - messages given to remote users when they
W1 |$ {5 C0 X9 D9 [; D# go into a certain directory.' R4 J* H" s8 X' A8 ]& q7 k/ S2 `
dirmessage_enable=YES+ K0 ]) b. W- L
#+ i! g2 w1 `3 e2 [1 q7 o
# Activate logging of uploads/downloads.3 M% Z+ g/ t1 x6 r4 }
xferlog_enable=YES8 x: r8 w, v% Z4 O; S- n' x! H
#
' Q r' r6 C9 M K) Q; f! t8 ~# Make sure PORT transfer connections originate from port 20 (ftp-data).
2 q5 D2 U& I) y( Z8 r9 rconnect_from_port_20=YES
; u; N3 q0 w& V/ S: Q7 Y1 D#! `/ R* Z( {2 k) E
# If you want, you can arrange for uploaded anonymous files to be owned by; V& S7 ?7 _2 ?* Z
# a different user. Note! Using "root" for uploaded files is not& K; \/ f) A% D& |
# recommended!
; P" w! Q( B K% N# a" V#chown_uploads=YES& O* K( ^5 `" I x6 S1 h a2 l
#chown_username=whoever/ W3 O+ j- ~5 ]: n+ T
#; C( N& |" Z# J& ]6 a
# You may override where the log file goes if you like. The default is shown- V/ J" ?- H& K# Y6 s
# below.
; E1 H/ J3 Z) M# ?, \: o: wxferlog_file=/var/log/xferlog
# k% r7 s& M7 K#* U2 A& Q! Y( T! t: S6 Y ?
# If you want, you can have your log file in standard ftpd xferlog format.
* {4 G( t- p* `( `3 O8 o# Note that the default log file location is /var/log/xferlog in this case.9 F: O6 f3 F" i* r/ j4 B* u& n" H
xferlog_std_format=YES
7 L6 T8 v# g, _+ K/ m1 c#
! K5 S$ l' w7 u V+ A# You may change the default value for timing out an idle session.
5 X. R; e) u$ |. c+ C2 x# b! N#idle_session_timeout=600
7 E* {. i: L U' R4 |7 `#7 [) E; Y+ s# p1 c; Z/ b& g
# You may change the default value for timing out a data connection.
( V! M) [1 v" g, `# |3 k4 }$ A#data_connection_timeout=120
# h( q5 F. V2 g% k1 b" o4 J#$ d Q) [ ~: c5 ]+ K: p
# It is recommended that you define on your system a unique user which the ?3 g0 Y& `3 n& C* K8 p. O
# ftp server can use as a totally isolated and unprivileged user.
2 i9 x" }: a' p#nopriv_user=ftpsecure9 y1 H( S- O7 U0 P7 d
#
& B/ Y- O3 Y/ N1 j6 o# @# Enable this and the server will recognise asynchronous ABOR requests. Not, p* \6 }+ x$ a0 Q2 t6 Z! E) n
# recommended for security (the code is non-trivial). Not enabling it,5 V9 X5 f. E6 i r% `) L5 |+ v
# however, may confuse older FTP clients.( S7 Q- O0 C6 O. b' S9 [8 w7 h
#async_abor_enable=YES
W. u4 l: ~" A/ D( ~% ?#; Y1 y o6 h8 h
# By default the server will pretend to allow ASCII mode but in fact ignore
! Y, F5 N: w# |) v( r% ?. |# the request. Turn on the below options to have the server actually do ASCII! M8 o) w4 \9 y
# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains+ K4 a9 \* T4 u, u% l; D+ \
# the behaviour when these options are disabled.
" e7 X1 |; g/ z. n* ?# ?; u$ m# Beware that on some FTP servers, ASCII support allows a denial of service
3 e" l1 L$ @6 ?: V# X# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
7 B3 B% [% [4 C& s# N- d# predicted this attack and has always been safe, reporting the size of the
3 G' T5 c0 f- o* g# [# raw file.
1 N! \3 D5 V( S3 ?: k- M# ASCII mangling is a horrible feature of the protocol.
# J' l3 T! H5 l+ e" {- F( ~ascii_upload_enable=YES5 {: J4 e- N/ U+ U' ?" T: k6 \! [
ascii_download_enable=YES8 @3 { F: `% K- V" l- m
#! P/ `; T( ^% w/ I; I- E. l s. H$ T
# You may fully customise the login banner string:( R( o2 u0 y7 Y+ {
#ftpd_banner=Welcome to blah FTP service." E: [9 y* @/ ]. K# z, P; e
#
* h3 G. O$ N& K/ [# Y1 k# You may specify a file of disallowed anonymous e-mail addresses. Apparently
$ c: {: }& D& W$ Y% s5 l& z# useful for combatting certain DoS attacks.
. x4 a' |% k- Q0 d#deny_email_enable=YES) O' t! t) U9 U, D ~8 q6 i' `
# (default follows)0 ]# c7 _- i) Z+ Y9 [
#banned_email_file=/etc/vsftpd/banned_emails
, R+ M2 `' G3 d8 X# \. P2 \#
: A: k% a+ N4 T5 Y8 _/ h# You may specify an explicit list of local users to chroot() to their home
6 K( M5 b) q3 s6 D, F8 {2 J# directory. If chroot_local_user is YES, then this list becomes a list of
1 H/ U! O- N @3 }: P: u) R9 p# users to NOT chroot().. d% P+ m, N' ?9 @2 X
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that" J) G7 u2 B+ `
# the user does not have write access to the top level directory within the' K, e' c) N5 y2 H$ v- _
# chroot)9 r2 i: V6 P3 m/ H9 A! g& R
chroot_local_user=YES3 o( B- Z9 |) c
#chroot_list_enable=YES! Q7 w9 m3 `6 \8 H1 ?/ M1 F6 \3 A0 o
# (default follows)8 q1 |0 ~/ h- N, z& l7 b+ K
#chroot_list_file=/etc/vsftpd/chroot_list
" e. B2 t+ C a5 i7 d#( s1 w+ |" i$ n9 K2 i8 Z$ k d
# You may activate the "-R" option to the builtin ls. This is disabled by* i7 H/ I! P) {9 G3 g8 Z+ `0 ~
# default to avoid remote users being able to cause excessive I/O on large
* D3 ?/ x" r+ ?8 g* u3 b: S1 [3 `& N3 D# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume7 `" Q9 u8 ~9 p. |. f p+ R, i
# the presence of the "-R" option, so there is a strong case for enabling it.3 C+ v9 X- v% l+ k. J* p
#ls_recurse_enable=YES
% Q% Y& O8 x% W# B#
/ u0 I" c8 E4 v! ^( x# When "listen" directive is enabled, vsftpd runs in standalone mode and
. B5 I, b: Y; I( A# listens on IPv4 sockets. This directive cannot be used in conjunction
7 L1 `# O0 A1 }/ X( c- f) {# with the listen_ipv6 directive.
+ s7 ^8 g2 ?6 \( b/ i Dlisten=YES
8 F1 r$ ?: S7 [* z. P9 T' p Wlisten_port=990
" l# X9 @7 S4 t6 N& L4 V" hpasv_address=公网IP0 m* f% }3 I& Q' ?/ \
## k; m6 U# D0 m9 \5 A' S, N
# This directive enables listening on IPv6 sockets. By default, listening4 L+ |: G* y a; ~1 |/ o, G- o
# on the IPv6 "any" address (: will accept connections from both IPv62 C0 B8 Y3 {2 D" P x
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6. F' m. {7 r/ B9 x' |4 D
# sockets. If you want that (perhaps because you want to listen on specific0 @0 \7 |! T2 h9 v8 a
# addresses) then you must run two copies of vsftpd with two configuration8 a a' Q7 n1 W
# files., Z2 m/ q- j" z( X$ _
# Make sure, that one of the listen options is commented !!, L& |4 [4 S6 D2 h
listen_ipv6=NO% X. W( X5 a4 L$ f
pam_service_name=vsftpd
3 n; m9 v6 i s' K0 z, S- Y2 Duserlist_enable=NO
$ |4 P& O$ u7 h5 Q* ~2 J8 C7 rtcp_wrappers=YES
$ E5 S. D# C' _/ e6 Y2 C/ s- r+ wallow_writeable_chroot=YES! {; @1 w: B5 t& ~
userlist_file=/etc/vsftpd/userlist
+ i5 z C+ L) _4 Vuserlist_deny=NO; x; O! w$ z7 v
ssl_enable=YES
. [" u5 D+ i4 Wssl_tlsv1_2=YES
& _9 z8 F: p* g( ^5 B+ Qssl_sslv2=YES1 R' e+ ?* x" l" f# p; D% `9 M
ssl_sslv3=YES
* r, w7 q8 r0 Rrsa_cert_file=/etc/ssl/private/vsftpd.pem
- E7 Y1 ?# q; Q( J: Prsa_private_key_file=/etc/ssl/private/vsftpd.pem
9 O' G6 C k* W5 Ballow_anon_ssl=NO
/ T5 h" y( S: G3 lforce_local_data_ssl=YES! g0 J6 Z% ^3 p. c9 h/ P
force_local_logins_ssl=YES
7 E" Q8 b7 Y, Q; G' _8 Yrequire_ssl_reuse=NO+ z% d1 a7 m- A$ O4 C0 s5 { [
ssl_ciphers=HIGH4 ` v8 g! F) s& V h" |
implicit_ssl=YES
" C1 ?; H' e `0 v8 ^ftp_data_port=50000. e! F. ]; t6 j0 Z: l1 d l) t
pasv_enable=YES
* {' T+ H2 o$ T( J9 C) X8 N! Tpasv_min_port=40000
0 k/ O% g6 r8 m* R, Hpasv_max_port=50000
9 B- s& U1 _# x! t# i" h. iport_enable=YES5 ?) i' R4 G6 i2 h: H9 P+ v2 h
debug_ssl=YES
6 E5 j9 p* J/ F" _pasv_promiscuous=YES 解决vsftpd连接错误425 Security: Bad IP connecting$ x6 U7 W* f% o2 e8 e
, e7 \; a; T5 z, H% M
1 V6 C" r. [! k( d" l6 O+ v不知道他们IT修改了哪里 换个IP居然联不上 尼玛 把报错一个一个排查完 ( X# A, E+ C* y0 N# [: C
|
|华强北 电脑城 龙岗电子世界 龙华电脑城 pc4g.com
( 粤ICP备16039863号 )
发表于 2023-1-5 18:35:50