# Example config file /etc/vsftpd/vsftpd.conf+ J7 s0 h& a) M! m G
#- i/ p. i9 X. j! r4 f. w
# The default compiled in settings are fairly paranoid. This sample file, {9 A2 l1 ]+ l. i$ o- R
# loosens things up a bit, to make the ftp daemon more usable.6 a- M3 Y: y) m( x) G
# Please see vsftpd.conf.5 for all compiled in defaults.
# ?( o1 _: k7 ?' I/ b/ m- K4 W#
6 ]# J0 I" C# C# j9 p! E* Y* T% _# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
/ i- K7 o2 }% R- E+ Y0 Q, v# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
1 E+ L- i; D0 u: w" v/ p# capabilities.
2 S4 N& Y. ]; v2 _" I& F9 c#7 T; Q. b1 N0 ?9 H" h
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).4 s2 Q* y5 U4 c. u: y& v# f
anonymous_enable=NO
$ K+ B# \& F7 e1 j5 c- A#9 n3 S) q; W3 w
# Uncomment this to allow local users to log in.% e: j5 K6 L/ O& t) I
# When SELinux is enforcing check for SE bool ftp_home_dir
* L+ O7 d& r% e: l0 Vlocal_enable=YES
E4 Z0 W, b. L4 l# R0 a5 J; I" K#
. h2 I2 J2 e* }) ~& ~$ H# Uncomment this to enable any form of FTP write command.. W z% Y7 v! D+ e3 z2 o* y
write_enable=YES
, M5 w) R3 I* Q) I( b* |## x% F; K% M5 Z$ Z1 q
# Default umask for local users is 077. You may wish to change this to 022,
2 P) S, X/ i2 ~$ O# if your users expect that (022 is used by most other ftpd's)
' u) J v6 J5 H, y7 U7 Klocal_umask=022
0 U0 s( l4 N) Z' L% f8 U4 R0 A#$ F' V8 o8 v1 }7 a' h" b
# Uncomment this to allow the anonymous FTP user to upload files. This only1 k+ s% I, l- M* N
# has an effect if the above global write enable is activated. Also, you will
# Q7 z4 \8 H) R, y/ \* g+ N# obviously need to create a directory writable by the FTP user.
+ D2 M+ N4 j& C- r J8 @' ~9 [# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access4 v' h, }3 J4 D
#anon_upload_enable=YES
* l+ a) @: L: N3 d6 p" D3 a#
: y) }+ }2 @+ ?1 D+ M8 n- U9 h- u4 n# Uncomment this if you want the anonymous FTP user to be able to create) L% b+ _! f! @" d4 [
# new directories., z9 o2 T; \/ L0 F
#anon_mkdir_write_enable=YES
# a0 ^. r5 Q7 A2 K4 _6 M4 z#" ?& K6 V0 y4 v' N& N; @' U
# Activate directory messages - messages given to remote users when they
t8 m) n$ c4 u- L# go into a certain directory.$ I0 Y5 R+ W: b+ o: ?6 C5 O
dirmessage_enable=YES7 ~( z' C0 `, }/ F" Q
#/ w: P% L1 w7 K& z- r0 n- ?
# Activate logging of uploads/downloads.- n, y- K5 I* f
xferlog_enable=YES
' [. k. j V, N#
* o: H T( S* F. q+ g) w# Make sure PORT transfer connections originate from port 20 (ftp-data).
( Q7 P& X; m) |% |( aconnect_from_port_20=YES
9 r K5 O7 c% [, F! v#
1 }. n% i6 A2 d* A# If you want, you can arrange for uploaded anonymous files to be owned by: M1 X$ r+ ?- T! i5 J0 t8 S; H
# a different user. Note! Using "root" for uploaded files is not
7 b7 p" Q) o+ S1 [2 E/ f# recommended!
$ J; `4 L1 m7 E6 M#chown_uploads=YES
; }8 W! m7 Z: Y#chown_username=whoever
. N T: t a5 p% r#) v4 D9 d! P; M0 n" V
# You may override where the log file goes if you like. The default is shown! D( t& V9 w# d( @& i0 L+ F
# below.6 H% R4 b/ x5 {2 p' g7 e d, e
xferlog_file=/var/log/xferlog' `' |; R4 R8 S2 Q" T1 c6 L
## ~$ Y- m J8 y) _( u6 o' g
# If you want, you can have your log file in standard ftpd xferlog format.
, D3 Q7 B& K4 L/ m+ q) O# Note that the default log file location is /var/log/xferlog in this case.
3 i/ g9 E* m7 Wxferlog_std_format=YES
: K$ ?: B5 X" z/ f# J7 d$ U0 ~8 k#
; L& C' U" M8 e( G# You may change the default value for timing out an idle session.
) i. Z K" f& \. }#idle_session_timeout=600- S; O0 |/ {' x" o6 P
#
" }( E# ]! |! K# y) T7 `7 t3 v# You may change the default value for timing out a data connection.
9 @* a' c7 ]: T" h: y5 ]$ F#data_connection_timeout=120
( R8 R0 F" S) m N6 x# y0 o8 m Y E! N% ^
# It is recommended that you define on your system a unique user which the; |$ N* A1 j1 ~3 l3 }4 C$ t4 g! q
# ftp server can use as a totally isolated and unprivileged user.- ~& C* G3 j& O9 K' p4 D: F+ l9 n
#nopriv_user=ftpsecure
4 F1 U8 i& e6 P3 a# S/ I r, A8 n#, `+ n! @7 P) c; S) e4 {3 L, t, L
# Enable this and the server will recognise asynchronous ABOR requests. Not& v- X9 }7 B" E# x4 m# L
# recommended for security (the code is non-trivial). Not enabling it," B: f* d: y$ a& o- H% a
# however, may confuse older FTP clients." E5 t5 q9 v) M$ A2 Y2 @
#async_abor_enable=YES5 R2 |) w+ V) E2 A1 A5 r
#
5 g4 f( _' ^ n- x5 T# By default the server will pretend to allow ASCII mode but in fact ignore
4 `/ p/ n- D/ t9 ~. p3 h# the request. Turn on the below options to have the server actually do ASCII5 |& B$ e, [# \. V8 O' A$ q: g
# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains: H2 C+ z2 e, I: y: p" A
# the behaviour when these options are disabled.9 N7 h( S5 S7 \- b4 ^+ V
# Beware that on some FTP servers, ASCII support allows a denial of service
% G. w5 q$ k1 e& M8 U$ M' E5 R# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
& c! m6 F* a' T- ?1 i' V# S# predicted this attack and has always been safe, reporting the size of the8 L; {+ h, a2 A5 f+ y* T
# raw file.7 `0 _! z1 ]* b1 @
# ASCII mangling is a horrible feature of the protocol.6 ` g. D& k: h4 ^/ v
ascii_upload_enable=YES/ x* N. e+ P: _3 J2 U
ascii_download_enable=YES1 y# S* x" ~& V" Y5 n0 f4 |
#4 k& ]# ?+ B! L% p
# You may fully customise the login banner string:
( @& ~$ A8 ^7 }5 e' R: T#ftpd_banner=Welcome to blah FTP service." Z* w7 H* }* Z s, Q( t. j; t
#6 F8 }; t6 C; }* V7 l+ }
# You may specify a file of disallowed anonymous e-mail addresses. Apparently. P9 o6 }; G0 [+ h; \4 x0 w
# useful for combatting certain DoS attacks.9 X( K, @# j; K6 n; |% a
#deny_email_enable=YES$ H' j9 u* X! }& L j- I( a9 z/ C# A
# (default follows)& d( M+ i7 h9 h+ g8 v
#banned_email_file=/etc/vsftpd/banned_emails
! @0 x* S* c q- B, T) V#; E5 I) G% Y: n3 }' i
# You may specify an explicit list of local users to chroot() to their home! }" B/ R) E6 x {
# directory. If chroot_local_user is YES, then this list becomes a list of
( t/ o* s. S4 {1 A4 C, W# users to NOT chroot().
0 `: ^+ n$ j: [% h# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
. Q2 H4 [2 K, k, ?; P# the user does not have write access to the top level directory within the( j6 Q4 |, ~1 o, ~: X& f
# chroot)0 k! Q$ d6 t* w) A
chroot_local_user=YES
9 M; O; k) _. e* {#chroot_list_enable=YES
# p* d+ m1 h' W: | V+ m# (default follows)
( ] L0 j+ L' e#chroot_list_file=/etc/vsftpd/chroot_list4 w! g2 v T4 z" |2 s( n$ Z! }
#9 J; f N: [( ~- ]' k
# You may activate the "-R" option to the builtin ls. This is disabled by j( ~, F- v9 d9 L/ d
# default to avoid remote users being able to cause excessive I/O on large; n w) L3 k6 L) l
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
+ d: b0 j4 l1 _" I6 D3 i# e# the presence of the "-R" option, so there is a strong case for enabling it.
# B9 s. S; V+ B( E; V, m3 @#ls_recurse_enable=YES
- z8 L" f6 }4 h1 C9 M4 R#
" Y* f+ o: U* O3 K5 L# When "listen" directive is enabled, vsftpd runs in standalone mode and
1 X" {. b5 B) g# P# listens on IPv4 sockets. This directive cannot be used in conjunction, u) Z! j/ M; U
# with the listen_ipv6 directive.2 F+ G' }+ s$ |* H/ L7 i$ @
listen=YES
, z7 {1 K2 v" x$ Nlisten_port=990 v6 Z: g# Z$ i# J" T" F4 T, }% x. H
pasv_address=公网IP
8 d5 K3 d2 C3 O$ ~ g% G4 z) \#1 r. \0 `, ]5 D
# This directive enables listening on IPv6 sockets. By default, listening# \/ s6 o, C( b7 J
# on the IPv6 "any" address (: will accept connections from both IPv62 ]4 d0 `( [& U$ H& e
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
- W! _, L7 { p. @$ P# sockets. If you want that (perhaps because you want to listen on specific
% R+ U, Y9 P# w+ O+ m/ j# addresses) then you must run two copies of vsftpd with two configuration
" ^6 |" _: f$ F+ X" @/ R# files.' Z# M! J0 X4 E, n
# Make sure, that one of the listen options is commented !!' o! }2 f% P; }+ x% V, t4 i x
listen_ipv6=NO
) T, ]. _. Y' r& xpam_service_name=vsftpd
5 n! h c) p2 V2 H: e1 `* Duserlist_enable=NO
% u5 B9 l7 b1 e5 D) _tcp_wrappers=YES- D8 v6 d6 v5 @1 [& j
allow_writeable_chroot=YES
/ N: P9 P, {/ B0 T, Guserlist_file=/etc/vsftpd/userlist6 u! ~' V. k, K
userlist_deny=NO
/ X, s) h& ^, ^ T0 P! Ussl_enable=YES2 R# B: w& @7 z, `
ssl_tlsv1_2=YES
3 S! @; f9 h( |" i3 J0 xssl_sslv2=YES* C- i1 d: Q& ]0 ?2 Z8 ~# [8 _
ssl_sslv3=YES
6 d, Z9 O2 s+ L& vrsa_cert_file=/etc/ssl/private/vsftpd.pem
/ ^% F% o A1 D( @0 T0 ]rsa_private_key_file=/etc/ssl/private/vsftpd.pem
* K9 ~* p( g6 p0 i) Iallow_anon_ssl=NO
# F8 Y' r. P" e# sforce_local_data_ssl=YES/ c, T% M" b q. z Y) T; ^
force_local_logins_ssl=YES. I# g1 E S8 G: O9 r% c
require_ssl_reuse=NO
, t' J6 r F- y, i0 D. Y' w! n3 hssl_ciphers=HIGH4 n1 r' G: A7 h6 \5 K
implicit_ssl=YES
6 V u ]. a4 z2 R* M' _" Hftp_data_port=50000
& D8 y+ B$ R1 G3 O, fpasv_enable=YES) z6 Q3 X+ R; \8 y, U4 o) l; v( ]
pasv_min_port=40000
7 C- ^3 V7 ?5 B, O1 t7 ?pasv_max_port=50000
% f( l+ J' f0 l' n9 N& D. T/ v. _, `, kport_enable=YES
) E7 U8 }+ R9 ]' Y4 G+ Vdebug_ssl=YES
! W6 b; c7 R/ K* p: opasv_promiscuous=YES 解决vsftpd连接错误425 Security: Bad IP connecting Y) a& g: b6 ~
. z$ Z5 j& L& g# O( ?
: K2 e1 K% j5 k+ k9 R( T不知道他们IT修改了哪里 换个IP居然联不上 尼玛 把报错一个一个排查完 t" ?4 ~2 B& Y' {! l [
|
|手机版|小黑屋|赛格电脑 华强北 电脑城 南山赛格 龙岗电子世界 龙华电脑城 沙井电脑城 松岗电脑城 pc4g.com
( 粤ICP备16039863号 )
发表于 2023-1-5 18:35:50