# Example config file /etc/vsftpd/vsftpd.conf
& N; P3 N! G& a5 w. n0 }" ]#
1 m. l1 ^2 c( z7 N( Z" c& `# The default compiled in settings are fairly paranoid. This sample file, S9 j6 O( [* {% ~9 `
# loosens things up a bit, to make the ftp daemon more usable.
/ z$ m+ F' }) O F5 g* S# Please see vsftpd.conf.5 for all compiled in defaults.4 |3 r- u8 t- p, M
#4 {+ c9 k1 S ]% {5 E( C
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.& b: b' m' l* Z. G
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's9 V8 a0 T$ I& }
# capabilities." U8 a9 m3 e5 Q2 Z% y9 x: a
#
4 [4 R/ w; @: y# u# u: e# Allow anonymous FTP? (Beware - allowed by default if you comment this out).) D& I1 `, a3 I2 U0 X4 G
anonymous_enable=NO
7 t' C3 v- i( j6 u. G6 I4 Z' Q#
' E& Z# _ r3 D# Uncomment this to allow local users to log in.
' _0 L# f9 U8 h0 F! f" v# When SELinux is enforcing check for SE bool ftp_home_dir3 p# K' P' G/ R
local_enable=YES- ^# z' N' u- r, n% B- n0 ?
#0 Q! G# P8 h5 [
# Uncomment this to enable any form of FTP write command.9 i4 t# D# j0 d, y1 B% \( s4 v
write_enable=YES
1 r' J! @, m% r+ q8 I. L2 n#: F: [9 K1 m- n; C& B! R; T
# Default umask for local users is 077. You may wish to change this to 022,: A4 X1 O* J* r) \) i, O$ @/ t
# if your users expect that (022 is used by most other ftpd's)) a' x( g$ l$ v D, t8 c- V% `* t+ u
local_umask=0223 n3 H% K3 O5 U F
#2 T5 U. f% O& f/ i4 v
# Uncomment this to allow the anonymous FTP user to upload files. This only
8 ]9 q$ {7 s: \9 Z# has an effect if the above global write enable is activated. Also, you will0 [2 M) x' @/ G- O; z$ q1 n
# obviously need to create a directory writable by the FTP user.8 P8 T1 w7 g2 v: y$ B, Z1 o+ x- B
# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access
+ Q8 ^+ s: Q+ G! A#anon_upload_enable=YES
% X* ~* }" _8 F: ^- l5 }9 D- j* J#: l( a; h z7 u/ x
# Uncomment this if you want the anonymous FTP user to be able to create
- t8 j( N& ?6 v( k& S! }; J# new directories.; M& |4 y* m( R" g0 t6 P
#anon_mkdir_write_enable=YES
* A9 J# {+ n& C9 E& D$ y# u#
% r" ^3 p L3 v+ d6 Y7 J7 L' P# Activate directory messages - messages given to remote users when they
8 P* `( ^$ v8 f9 x5 P6 a2 h# go into a certain directory.
, V2 b. a0 U+ \, h. Pdirmessage_enable=YES
B5 F6 V# N& |3 K# k7 V#6 j+ p+ z- n4 v' ~/ g( l/ W
# Activate logging of uploads/downloads.3 A; O; Y+ V/ o6 Q
xferlog_enable=YES
% c1 d. a ] ~/ @4 m#
: X7 J" d% Z5 ?) B i# Make sure PORT transfer connections originate from port 20 (ftp-data)./ _. K( ^% _1 z1 ~; c8 }- w
connect_from_port_20=YES! ?) G0 z( x8 D! D0 m6 o7 E
#% S: |; T3 D/ @4 C* G+ Z
# If you want, you can arrange for uploaded anonymous files to be owned by
& D& e! d" t' Z, M) s9 H# a different user. Note! Using "root" for uploaded files is not
3 s- A$ ?0 H& o$ R# V7 O, g- Y$ N# recommended!0 ~6 J' ~8 g) O8 `3 L# w/ [# Z3 o
#chown_uploads=YES. S$ x. ` W2 c8 a! Q
#chown_username=whoever
O2 z- a) M o1 e#) ^+ S9 w% l, Y7 \$ m2 q. \+ x
# You may override where the log file goes if you like. The default is shown; Z \1 ~% P8 G& ?
# below.
& R& \ {0 w0 P! C' J8 ]& \xferlog_file=/var/log/xferlog
* y( S# C3 B; m }#
' D+ v- Z. ]) f# If you want, you can have your log file in standard ftpd xferlog format.
0 l& X0 s- s% P; W# Note that the default log file location is /var/log/xferlog in this case.
$ p. z+ M4 S9 W, sxferlog_std_format=YES$ o7 X) |7 l; C5 z- l% c
#
. l% ^) j+ u0 ^5 y2 Y o# You may change the default value for timing out an idle session.
; K& M" ~( C! Z. ~' k#idle_session_timeout=600
: W2 J* v6 r( N% J$ B& e" `#
7 \1 u+ ^0 S2 Z! s- Z6 ~" e# You may change the default value for timing out a data connection.( y6 M7 \ K' e3 h Q% y( Y
#data_connection_timeout=120
3 W# q7 e" S! V! T8 d#$ @% j9 o: q/ t- w
# It is recommended that you define on your system a unique user which the
$ H( n7 @- @" @& f* X% g z4 l# ftp server can use as a totally isolated and unprivileged user.
& e6 `0 q1 o9 B2 d7 V, f1 f#nopriv_user=ftpsecure* } e, s. V5 Z. \" m2 Z5 c
#: q; b: X+ b% C7 A' D- N
# Enable this and the server will recognise asynchronous ABOR requests. Not/ ^3 @5 m8 Q) C2 |: l" U
# recommended for security (the code is non-trivial). Not enabling it,% s" _& W0 u, e( b1 w: U
# however, may confuse older FTP clients.2 z) C' W7 t8 d# R
#async_abor_enable=YES
( D& y8 }8 F2 b$ N0 f" a& @#" E- E4 N) q( [7 \" ~3 P9 o$ c
# By default the server will pretend to allow ASCII mode but in fact ignore
3 q7 g* _6 i" F& i# the request. Turn on the below options to have the server actually do ASCII
# T3 ~4 j( s2 T2 Q, K W( a/ _# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains
3 L+ P. P% v" c6 @/ b; \* R# L/ D# the behaviour when these options are disabled.) v# ]1 ?5 r5 C
# Beware that on some FTP servers, ASCII support allows a denial of service
9 h, w' l! ^* V8 V" o# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd$ A# p/ v( W+ r, E! s* P
# predicted this attack and has always been safe, reporting the size of the
: L, s9 `( [& j1 a$ t2 R# p3 K# raw file.( I# f2 s0 z' c a3 q; u4 W6 U# z
# ASCII mangling is a horrible feature of the protocol.7 W" |/ P2 v. `
ascii_upload_enable=YES
# R/ W. |" z1 c% e5 K nascii_download_enable=YES' u3 G7 R2 a( z. a5 [
#9 R/ ?' R# _# I4 s4 E0 G
# You may fully customise the login banner string:
- r* B! P; I4 ?5 @#ftpd_banner=Welcome to blah FTP service.6 p. Q" N0 Z4 {+ K; b
#/ y& c5 ]( T7 f* e& x
# You may specify a file of disallowed anonymous e-mail addresses. Apparently9 [/ @9 E$ k! Y4 Y
# useful for combatting certain DoS attacks.+ m2 F& J6 ?+ N2 g* [1 M9 E2 _/ s
#deny_email_enable=YES
4 u* ]/ e/ G4 v6 i3 W3 q* ]" F% b* B# (default follows); i6 G5 m7 q: x# U+ h y2 j
#banned_email_file=/etc/vsftpd/banned_emails# O8 h& D5 y3 d" S7 x# Z# t
#. D! g A3 {; ], J2 Y* D( U
# You may specify an explicit list of local users to chroot() to their home
7 H7 }& M0 n( g# D# directory. If chroot_local_user is YES, then this list becomes a list of
" W* `% D$ U1 ^* J# users to NOT chroot().$ N4 c' t2 q+ [0 x: |7 \9 C
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that; J. i- w4 O+ ^1 J/ U& e
# the user does not have write access to the top level directory within the2 ]: Y) a, ]: |* ~" e
# chroot)
3 I! n& w, H( C0 y' ~chroot_local_user=YES0 b- q5 Q- g3 v2 d
#chroot_list_enable=YES5 x1 p* L3 J2 o8 p
# (default follows), e" A3 I7 O2 Q- X# E9 {0 f7 z/ f& Z
#chroot_list_file=/etc/vsftpd/chroot_list
|! l9 c* C; u+ u0 u3 ^) Y" ^#9 B7 W$ b0 K: f6 X$ y
# You may activate the "-R" option to the builtin ls. This is disabled by
R- R+ }2 e% g' x# default to avoid remote users being able to cause excessive I/O on large
9 I9 O! c7 j# u3 k- M# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume. d+ d* A& a# P/ q
# the presence of the "-R" option, so there is a strong case for enabling it.
3 Z% p! D5 O' ]! |7 w( h#ls_recurse_enable=YES0 M) f% [1 R; l
# l" w0 S9 J) X6 S( {) Y
# When "listen" directive is enabled, vsftpd runs in standalone mode and: D& O/ h4 G2 Y; s% g
# listens on IPv4 sockets. This directive cannot be used in conjunction- b, i# r6 q9 i% D1 _
# with the listen_ipv6 directive.
; m: s* c: _* F" [! Glisten=YES
% J, B* {: `$ o3 X9 Zlisten_port=9903 w7 C# X3 ]3 U7 s/ B, b* Q6 Q- g
pasv_address=公网IP
( |3 T* W. j: d#
7 V" J4 R/ y# t& k- g. A# This directive enables listening on IPv6 sockets. By default, listening
. F7 y }: ?" A5 x0 w# on the IPv6 "any" address (: will accept connections from both IPv6# _! ^# x6 c# c* i/ T
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv68 h7 M7 v- E7 r6 H0 {; y
# sockets. If you want that (perhaps because you want to listen on specific
4 ]/ i$ Z9 I) V* Q3 c6 `# addresses) then you must run two copies of vsftpd with two configuration
3 M# X4 L( w, L, h1 N# U* V2 s q/ o# files.8 e' Q0 Q4 R8 E
# Make sure, that one of the listen options is commented !!
# i3 e2 L" W; L7 A, ^* e$ o/ Klisten_ipv6=NO
1 h0 e' z9 {- [# j. J N- ppam_service_name=vsftpd$ y2 M( r$ e( p# ^; O8 P6 @
userlist_enable=NO
! G; ]! j( J$ A9 l# Dtcp_wrappers=YES. q) @3 |' n+ H/ S$ l/ V' N
allow_writeable_chroot=YES K8 [- G' D& C
userlist_file=/etc/vsftpd/userlist3 }3 t2 l+ A9 G+ R! j* ~
userlist_deny=NO
' d% W) v5 S& j3 V% T, ]ssl_enable=YES& L, I/ f S& \! X1 ^' x
ssl_tlsv1_2=YES8 Q% }8 M6 ~5 }" W& K# S! m
ssl_sslv2=YES
& R7 V3 k7 X( r0 k) U @1 nssl_sslv3=YES
; m4 G9 x# R' r' brsa_cert_file=/etc/ssl/private/vsftpd.pem
1 U, R- ~5 ]% \9 grsa_private_key_file=/etc/ssl/private/vsftpd.pem
* o8 Y: ~- Y, ^- }& v, r4 F! lallow_anon_ssl=NO
5 z' S% U- L! K$ m& E% i5 r) t# i1 u Tforce_local_data_ssl=YES
( k- w7 y2 y9 ?5 fforce_local_logins_ssl=YES' E. \- _& F8 ^" A3 {
require_ssl_reuse=NO
% K! ^. z% [( @ \3 cssl_ciphers=HIGH
# F, U, a9 ?9 l- bimplicit_ssl=YES
" k. q. c i, m0 l& c: }7 T! b# oftp_data_port=500004 j- H. @! G, t; f0 R @" U* T' N% M
pasv_enable=YES
- ?7 h% N1 |2 o4 J7 }/ v2 z: i2 Qpasv_min_port=40000
4 @; Q9 a+ O& Q( r6 Epasv_max_port=500006 D: `% t. L/ f: }' r
port_enable=YES
$ a+ m1 ^. l/ ^0 c7 [: a, wdebug_ssl=YES
; S2 q1 l1 i4 b& y, a- |- ?6 n. y& upasv_promiscuous=YES 解决vsftpd连接错误425 Security: Bad IP connecting
; S2 M0 s0 ~8 z3 D3 q7 X3 }
* R) o( A9 Z$ P! J2 ?6 L4 g3 W) ^5 Q! D, g: r( L" V* o8 e
不知道他们IT修改了哪里 换个IP居然联不上 尼玛 把报错一个一个排查完 5 `, G2 Y! @- X
|
|手机版|赛格电脑 华强北 电脑城 南山赛格 龙岗电子世界 龙华电脑城 沙井电脑城 松岗电脑城 pc4g.com
( 粤ICP备16039863号 )
发表于 2023-1-5 18:35:50