# Example config file /etc/vsftpd/vsftpd.conf# C6 T4 ?# z6 ]: s8 N X) |
#
2 D7 L" j9 h8 j# t# The default compiled in settings are fairly paranoid. This sample file
8 e+ r0 H$ P' [. @1 L9 N4 d# loosens things up a bit, to make the ftp daemon more usable.
9 v1 Q" k2 U$ |& ]2 _4 [! n3 ?# Please see vsftpd.conf.5 for all compiled in defaults.2 _( I+ ], z" D7 h. _5 r$ {/ U
#
" `* B! y s3 i3 V# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
3 F0 O1 B2 a3 n E/ `: B8 `( o+ y$ L# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
2 p! l! t) P* v: o3 u' U' U# capabilities.
* f" |0 T: [* n#+ p7 x% r7 j7 a o+ o1 m
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
0 _7 w9 L% d. C; _anonymous_enable=NO, G: O2 P) r( W4 M& b" ^# t# L
#
7 g- C& n; [/ d ?, [2 _# Uncomment this to allow local users to log in.
- {( \/ ?" T3 E' M; I# When SELinux is enforcing check for SE bool ftp_home_dir$ |) N# a8 e A
local_enable=YES
+ g' O1 H& k3 a#
$ a! K. I* j% m. C# Uncomment this to enable any form of FTP write command.9 Y/ R2 Q J( s/ g& c* y
write_enable=YES, j. z/ x7 P. h/ C3 Q1 m" w9 r
#
+ c+ }! R- C2 L% c) K$ C: A# Default umask for local users is 077. You may wish to change this to 022,; D) _% H' ]4 ~2 A! i( k, g
# if your users expect that (022 is used by most other ftpd's)" Q) ?- [& S8 X8 r! J
local_umask=022) W; d6 ^$ n/ G/ f
#
w3 J% M" O8 [8 R! {, [. ?# Uncomment this to allow the anonymous FTP user to upload files. This only& u% y% J# M+ O
# has an effect if the above global write enable is activated. Also, you will+ s% Y4 j1 i2 H- T# x. a' h
# obviously need to create a directory writable by the FTP user.& `0 x9 B( A$ |4 O1 s, k+ L
# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access: E# e8 ~ o! U$ c# ?7 e
#anon_upload_enable=YES
2 b9 J1 Z$ P3 w j$ i#- D; s0 R' @3 G0 R% P0 X
# Uncomment this if you want the anonymous FTP user to be able to create
; T7 U/ D& P2 S7 G( J3 \# new directories." o( Y8 M2 j% V1 x- `4 x
#anon_mkdir_write_enable=YES) d3 ?, i# |- q1 h2 _
#
. m2 p3 _2 z$ D# X( l# Activate directory messages - messages given to remote users when they
' [1 y0 Z, T5 j7 ^! `- \: [# go into a certain directory.
% |( ?+ |2 |% u! _1 d% w; n* e0 ^dirmessage_enable=YES# g; m9 G( c( [7 [% Y' I& |5 g' C( i
#
2 a x) B3 c" I' j# t# Activate logging of uploads/downloads.3 s* X A X) O2 c9 ?' }+ \8 L0 F
xferlog_enable=YES
# Q5 Z& Z/ ]( C- J#+ l% {5 y' G- H3 p1 Y, N) `
# Make sure PORT transfer connections originate from port 20 (ftp-data).
8 e' p1 Q2 |' N& {) Cconnect_from_port_20=YES
+ H0 j' u8 f9 I; b+ c' D l: b#
H5 y3 X; A: Q4 T# If you want, you can arrange for uploaded anonymous files to be owned by1 z# |' @9 m+ v: H# u6 N5 w% ^
# a different user. Note! Using "root" for uploaded files is not% G9 A Z- f S9 b: a
# recommended!
& R+ t. W* n8 a1 [#chown_uploads=YES8 F4 J+ {: B, m1 W! C+ I
#chown_username=whoever: u0 `4 r8 T L0 \6 D
#
3 C7 } r4 G. q8 }4 n: W/ r# You may override where the log file goes if you like. The default is shown- s1 C8 }) z/ r# X
# below.
* C [% @3 K0 Z2 k/ C4 Nxferlog_file=/var/log/xferlog
- X3 w% w& ]- J9 g- i, G#
4 M6 `% F/ ?& L; K+ g# If you want, you can have your log file in standard ftpd xferlog format.+ l( j! R- a: \4 E0 J* y4 R
# Note that the default log file location is /var/log/xferlog in this case.
. {# B0 @6 {; v9 y9 @. S# d4 X6 w2 Axferlog_std_format=YES
9 j! {1 |9 S# x0 M1 E0 ~1 U3 J#: S1 p M. H+ R
# You may change the default value for timing out an idle session.
( F1 R3 ?6 ~2 w3 t#idle_session_timeout=600
6 P5 F& a$ a/ q/ B) @#0 Y4 j2 l' d6 y% ^$ Z$ O
# You may change the default value for timing out a data connection.
, i, b9 a3 s2 L v: P+ V a3 J#data_connection_timeout=120# o" N+ @# J7 W# w
#
8 l5 J( J/ k2 A# k; y# It is recommended that you define on your system a unique user which the+ n+ O3 w) p$ ^
# ftp server can use as a totally isolated and unprivileged user.
- P5 |4 B, n2 b. K% e) _#nopriv_user=ftpsecure! |+ ?* k: w- Y! e$ @+ Y* R0 H
#9 @, Q& |" R% J" |8 ]) A
# Enable this and the server will recognise asynchronous ABOR requests. Not. \. f0 e6 d% U! D* F1 x
# recommended for security (the code is non-trivial). Not enabling it,; g/ v% b: ~9 g) y) M: j+ w+ L( Z; ?
# however, may confuse older FTP clients.
7 z* N5 ?3 O6 `3 w- @* X# J#async_abor_enable=YES
: W. P3 @1 o( H% Z% A#
, |1 Y+ V5 J, X: k# By default the server will pretend to allow ASCII mode but in fact ignore/ a4 ]2 S$ e" X; _
# the request. Turn on the below options to have the server actually do ASCII
$ u9 c) J+ }+ P( o8 ?! ]/ k# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains+ d: V* I c0 A% s) k% ]: J
# the behaviour when these options are disabled./ r. @. T8 [$ Z
# Beware that on some FTP servers, ASCII support allows a denial of service- T/ z/ e0 G& k# M7 i
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd3 h; ]7 w, ^ {# R- U
# predicted this attack and has always been safe, reporting the size of the) X# P. d- H, l
# raw file.
! X, u3 W; y2 s6 ]. _8 A5 V& P# ASCII mangling is a horrible feature of the protocol.1 o& \" L, S9 _1 M
ascii_upload_enable=YES
+ i. Z4 Q% Q9 P2 t- iascii_download_enable=YES
. a. Y7 P+ ]3 F2 [#, m$ P8 Y# S2 x6 [! i7 [* P
# You may fully customise the login banner string:
) k4 z! E6 k- E* w#ftpd_banner=Welcome to blah FTP service.0 r X: w- T, t0 N3 p' W
#( Y) v5 F6 v) C; J7 K! Q$ Q3 Q2 L
# You may specify a file of disallowed anonymous e-mail addresses. Apparently3 _0 k! X9 F0 r E: h
# useful for combatting certain DoS attacks.# c1 F& D: }) V6 F2 C$ n* g: o5 b
#deny_email_enable=YES8 R+ H8 {4 b/ d C$ n( a- ?. ]
# (default follows)4 z/ M; w& X; Y0 a
#banned_email_file=/etc/vsftpd/banned_emails, D; N' A3 E7 b0 c1 z( [6 ]
#
+ M5 @; D5 W) [/ T3 g# You may specify an explicit list of local users to chroot() to their home" p4 M" y7 N$ f) |( u( n
# directory. If chroot_local_user is YES, then this list becomes a list of! S, S0 u/ J% o( u- i7 e
# users to NOT chroot().# G, a; z8 j. Q0 m5 o
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
% t; Z' B) i' W! X2 e1 H5 T Y# T( M# the user does not have write access to the top level directory within the4 Y- O0 I# r2 O: t7 X
# chroot)
0 w- a; \' a2 R# w. D( fchroot_local_user=YES
* e' K" T8 Y7 D4 A2 d; @#chroot_list_enable=YES
9 D- ^* Z5 f5 U9 m$ F6 K- M0 G# (default follows)
: j& F, z- B* b6 Y- z, ~#chroot_list_file=/etc/vsftpd/chroot_list
7 c# p5 Q( W8 l I- _#
9 k( @3 P/ X: I# You may activate the "-R" option to the builtin ls. This is disabled by7 h+ |. E |5 q8 T, t2 p( \$ ~
# default to avoid remote users being able to cause excessive I/O on large5 F5 R8 g1 e7 l0 l' a
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume# Z! D3 ]( S2 g0 b
# the presence of the "-R" option, so there is a strong case for enabling it.
4 T3 N+ M! g' I5 s0 o5 }1 k- o3 z6 E#ls_recurse_enable=YES5 ~: d) B/ O9 p9 d/ P3 P
#
: C& J* G9 E! `! B' l1 g5 X# When "listen" directive is enabled, vsftpd runs in standalone mode and
- j0 Y% `7 _9 f# listens on IPv4 sockets. This directive cannot be used in conjunction
; m3 Y- X9 r8 T! x- I# with the listen_ipv6 directive., j4 s+ j; L5 U
listen=YES
* D( I* H& ~+ e+ ?7 Hlisten_port=990. w. ^* @1 ?- n: Y) P" B3 I0 d: S
pasv_address=公网IP' y6 b* N) U$ k, w. j' ^
#
* o) y# z) s7 `! O* m# This directive enables listening on IPv6 sockets. By default, listening0 y7 J7 K+ B( g
# on the IPv6 "any" address (: will accept connections from both IPv62 O% z: d0 C* f: P" k5 l+ F9 ]" @
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
9 s' @( p2 ^. W8 e4 m0 S6 N# sockets. If you want that (perhaps because you want to listen on specific0 \! Q3 j8 ?5 v' V- d% [% S
# addresses) then you must run two copies of vsftpd with two configuration& u% l. i5 m$ G- f& b; w! ?/ g5 P
# files.1 l- t+ m/ _; s4 E$ ?. d3 d4 S
# Make sure, that one of the listen options is commented !!
3 ~. ^; D( F: y' U) ?' Mlisten_ipv6=NO* u6 D9 C/ T! |* o
pam_service_name=vsftpd
/ D* ^% k6 q+ Auserlist_enable=NO, t" {, R9 i- f7 L! i. d7 z$ _
tcp_wrappers=YES' \4 a; {' N: k* b4 Y# E
allow_writeable_chroot=YES- |- z! I( n% V; o" p# O
userlist_file=/etc/vsftpd/userlist, f1 I$ p) h9 S$ r& E
userlist_deny=NO* M, Z! [8 [1 b0 F( j0 D& _
ssl_enable=YES8 }4 C# f7 ?! D( }
ssl_tlsv1_2=YES
" ]5 E/ O" B. Assl_sslv2=YES
+ y/ ]4 e# ?) G$ M# b( z, kssl_sslv3=YES
& t1 E7 a) n a) f, m2 Mrsa_cert_file=/etc/ssl/private/vsftpd.pem
8 V( q3 M, X6 b3 \' V. ~2 Vrsa_private_key_file=/etc/ssl/private/vsftpd.pem8 j9 @* S# e: |
allow_anon_ssl=NO5 ?' h! f+ j3 \2 m' \) a, f
force_local_data_ssl=YES
) }, s5 N6 g5 [2 L7 h2 s mforce_local_logins_ssl=YES! |) _7 P6 l! r
require_ssl_reuse=NO6 M# t) D4 Q( \2 \ ~
ssl_ciphers=HIGH8 k$ ]1 Z. s- C( b* Z8 n( Z& ~
implicit_ssl=YES8 `8 n0 y3 \. w3 a! H8 b n5 t5 J
ftp_data_port=50000- A0 M6 \! h( Z
pasv_enable=YES8 f, ^9 H' ~. B1 p- c. c( i; F
pasv_min_port=40000# e! b+ n4 b. L: r
pasv_max_port=50000! Q4 X, S7 _2 r
port_enable=YES# j! _! Y2 `. D) R
debug_ssl=YES
& }& }! Y; G8 Dpasv_promiscuous=YES 解决vsftpd连接错误425 Security: Bad IP connecting' J7 o: ?7 a8 }
9 T3 o* i' y/ z: e
( S- y8 H! l J' Q, c7 K
不知道他们IT修改了哪里 换个IP居然联不上 尼玛 把报错一个一个排查完 7 [1 v/ z# _( _( T
|
|华强北 电脑城 龙岗电子世界 龙华电脑城 pc4g.com
( 粤ICP备16039863号 )
发表于 2023-1-5 18:35:50