# Example config file /etc/vsftpd/vsftpd.conf
/ H$ }* f: o U4 W. i4 q#4 t; P: z9 P$ f" V& }
# The default compiled in settings are fairly paranoid. This sample file! N8 e! }9 y8 }% Z! m% J
# loosens things up a bit, to make the ftp daemon more usable.+ D0 R7 _5 C. F; _
# Please see vsftpd.conf.5 for all compiled in defaults.! b3 Y% j. S! F* l7 a# a% D5 }
#% Y% F1 Y6 p, j% c5 Y5 Q# z
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.) w5 Q8 N6 a% K7 v: x2 {
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's2 P, T0 ~4 Y: C- [4 Q1 M" ], L
# capabilities.4 C+ |% u5 _$ D$ ]3 k0 M
#
$ @7 n+ B! p+ S) R$ f+ `# Allow anonymous FTP? (Beware - allowed by default if you comment this out).5 w0 Z5 D8 R3 @/ W: w
anonymous_enable=NO
2 l4 n1 I& V4 \( m) l5 N- r6 o#
, ^( {2 z; R J1 `) e0 q# Uncomment this to allow local users to log in.
% l. H- P/ O, c. v# l# When SELinux is enforcing check for SE bool ftp_home_dir8 V @2 z7 E+ p2 U+ i4 o; Q. O; ^
local_enable=YES& ~: @0 f) u1 M
#3 b$ W: j# \9 G+ L& E5 s+ w
# Uncomment this to enable any form of FTP write command.) G- H3 Y& E. ^; P+ o; R
write_enable=YES
4 a; A% }6 s+ O) O- I* L5 \' a, y#/ M! V! K1 @, Q* S5 v$ \
# Default umask for local users is 077. You may wish to change this to 022, F0 C2 U' E: K0 s
# if your users expect that (022 is used by most other ftpd's)+ T7 U) M2 M# A8 Q# a! g
local_umask=022
; n4 l @' O B5 b#! o" b1 g1 ?7 \
# Uncomment this to allow the anonymous FTP user to upload files. This only; K' C% w/ S _3 L! H& {
# has an effect if the above global write enable is activated. Also, you will
# U; u+ S- t7 i1 D. X! r/ h4 _# obviously need to create a directory writable by the FTP user.
+ c! Y# R n4 w% W& V1 A+ c4 s# K# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access5 b( X4 x- w* Q' @
#anon_upload_enable=YES! @+ s1 t- e( _! z' }% w% r
#+ G, ~+ i' a% S1 T! J9 g1 ^
# Uncomment this if you want the anonymous FTP user to be able to create9 D: b2 f) y4 l# }+ F
# new directories.
( e' C1 M* g* z( ` z9 J( ~#anon_mkdir_write_enable=YES' n2 x: E! z! p" g5 T+ B& Z
#
( E. H7 ?: N; \' G2 S' e# Activate directory messages - messages given to remote users when they( f# R g# e" h0 e [
# go into a certain directory., y6 X0 F8 c7 X; ?$ ^0 g+ D* l
dirmessage_enable=YES
$ {. T/ B) a9 O' {6 u#
$ Q$ z# D/ ^( J( z# Activate logging of uploads/downloads.
% B" p1 e; B8 \8 h( dxferlog_enable=YES
( | y. ~/ s1 H" s4 m; U I1 e$ I#
/ e& ~- B0 X- w3 ~# Make sure PORT transfer connections originate from port 20 (ftp-data).' l8 D9 q8 ^- r3 q x6 n8 _" B
connect_from_port_20=YES: |+ Y0 h6 c2 N4 c: n, }; I8 B
#
% X- ^( W7 a& g M# If you want, you can arrange for uploaded anonymous files to be owned by; A1 p5 p/ H% Z) K/ _5 w# o' O
# a different user. Note! Using "root" for uploaded files is not9 T2 @" j3 {; z2 M' @+ k, i' B
# recommended!
* j* f, E Z3 [2 B( N" Q1 I1 a; ]#chown_uploads=YES2 n0 {- B( M4 ?
#chown_username=whoever% f9 O7 N( ?$ w3 Q5 s
#; G, t) H8 g& ?$ P4 u5 k
# You may override where the log file goes if you like. The default is shown
/ i4 f7 E) @' m* i+ p# below.
% |9 {! x# Z& L" W+ g: K( a! ]& Z9 {# Q0 Bxferlog_file=/var/log/xferlog
' a5 v. K* S3 ~) j$ N& H3 S#
1 c g) P% d( t, k0 J( k2 V2 l1 f# If you want, you can have your log file in standard ftpd xferlog format.# g5 N5 J/ N) v w& H1 R1 |
# Note that the default log file location is /var/log/xferlog in this case.2 i1 ]1 G5 U1 D- E: e& x( [- m
xferlog_std_format=YES
9 h6 C! k" W; ]$ M! j#
1 d" }2 @, L6 n! _# You may change the default value for timing out an idle session.
- V' ~% s3 o O! |; W#idle_session_timeout=600
- k3 Q, A, K4 t# l b# n#
" m& r/ m6 c2 l# You may change the default value for timing out a data connection.
' I) C0 U% Z6 E( y#data_connection_timeout=120
2 m i, }9 p9 q9 I* Y3 ~#; D# S8 P$ D1 f- S
# It is recommended that you define on your system a unique user which the
9 @ M: C' c* R+ L K: X# ftp server can use as a totally isolated and unprivileged user.7 t# z3 T( G1 t. r
#nopriv_user=ftpsecure
* B& B0 S8 X% T* h#
- a( S" d" \" ~: T# Enable this and the server will recognise asynchronous ABOR requests. Not
% Q$ z' a% X) J( s- x z# recommended for security (the code is non-trivial). Not enabling it,
5 r$ T, L0 @4 J# however, may confuse older FTP clients.
2 O$ Z9 f, L; {#async_abor_enable=YES9 G5 A( H! O3 V/ F B; p
#8 D5 K/ p+ w- R) A; w( L5 j
# By default the server will pretend to allow ASCII mode but in fact ignore
$ G, l# Z& Y$ s0 b% J) {# the request. Turn on the below options to have the server actually do ASCII4 y `7 w. ~4 D
# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains
% @& n9 z! }. T$ \1 y# the behaviour when these options are disabled.
, g z( X" _ w* E! L" \- ^# Beware that on some FTP servers, ASCII support allows a denial of service6 y. J% m8 s7 O. b2 c. G% S4 H
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd# y6 Z& P+ H P# X2 X0 t# K
# predicted this attack and has always been safe, reporting the size of the1 u* G% H9 @7 Q& W l
# raw file. I) s' r1 W* M: q" R
# ASCII mangling is a horrible feature of the protocol.: u3 Q3 a% t) }
ascii_upload_enable=YES
& L6 N: Y$ m6 [' t7 O- r9 P$ M- Bascii_download_enable=YES
$ W0 x! A+ Z+ j# P$ x }& H/ R2 z: [4 Z#
, }" @1 d D5 C# You may fully customise the login banner string:
4 ]5 |, ~ X; _# p4 P8 i. ?; |- {#ftpd_banner=Welcome to blah FTP service.; O" ? G' t# g; O
#
+ L4 L' _* [% C0 [# You may specify a file of disallowed anonymous e-mail addresses. Apparently: k) \5 T; i$ B5 x6 P) @
# useful for combatting certain DoS attacks.
. A2 J* M; Q7 G% [#deny_email_enable=YES
1 b8 G x2 i# L) Q9 O# e" I# (default follows)
3 F. ?9 Y1 h! E; \5 S/ K7 o#banned_email_file=/etc/vsftpd/banned_emails
7 ^5 w3 g/ J$ v#
( @+ e8 v* ~) l. w& H3 F# You may specify an explicit list of local users to chroot() to their home
- n& A& S) ?) |5 a! h `' |6 @2 x+ ^: ^# directory. If chroot_local_user is YES, then this list becomes a list of$ r9 i5 \6 R2 {4 z, w. V
# users to NOT chroot()., f' ^" n! m6 r# F& ~6 Y. [1 Z, S
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that% W6 `& U+ u* t& S8 t& c8 s
# the user does not have write access to the top level directory within the
! J. a6 Z3 J" R0 X+ b# chroot)3 L7 p/ S) r6 S
chroot_local_user=YES
2 R9 Y* U( T4 s. C4 }! ]) L1 b% D#chroot_list_enable=YES( V$ d' [5 ^* d- U
# (default follows)# B/ E. W6 N! c8 e+ ?
#chroot_list_file=/etc/vsftpd/chroot_list
. l# |$ [# g. K* A8 `) p: [#
& M) @' b/ L2 V( e; l. b5 c+ G6 A# You may activate the "-R" option to the builtin ls. This is disabled by U8 _. P: d$ _: k
# default to avoid remote users being able to cause excessive I/O on large6 Y% |% j! u& F8 Q% b* |
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
; P! u& ]1 t% C7 f# n4 N2 ?# the presence of the "-R" option, so there is a strong case for enabling it.
, ^& }* {" N- x* J6 r#ls_recurse_enable=YES0 a J3 W" b8 w& }# A% M$ v. y
#
; q" M r+ @0 _- v1 X4 M% ~) u* G0 T# When "listen" directive is enabled, vsftpd runs in standalone mode and
' b/ p; v: ]5 y% p2 d W# listens on IPv4 sockets. This directive cannot be used in conjunction
, |1 t# X% ]/ o" ^2 O9 M' N. F2 o8 n# with the listen_ipv6 directive.
" W* [/ m! z4 U; I; s* Zlisten=YES
4 G7 m$ v) ], K: K; h# L* klisten_port=990
. h1 D3 G5 V! `1 Cpasv_address=公网IP5 t. {" c ^0 A" ` U
#
7 z U8 J4 N/ u! p; h' H# o: ]; k3 O# This directive enables listening on IPv6 sockets. By default, listening6 B' f6 c0 s! Y5 z1 T
# on the IPv6 "any" address (: will accept connections from both IPv6/ S8 z4 W. h, D
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
" r- q4 ^0 i+ A; I- U# sockets. If you want that (perhaps because you want to listen on specific" Z" W* d: s& |' s- p3 s4 ^
# addresses) then you must run two copies of vsftpd with two configuration k/ D+ o. {# O8 V( u w3 E/ o
# files.2 D$ U* H, Y$ ]& j
# Make sure, that one of the listen options is commented !!/ v$ R7 B/ y- y$ P& N
listen_ipv6=NO; _; g. K( d- |: u# A6 b
pam_service_name=vsftpd. Q! K- K: U, F
userlist_enable=NO1 M! D0 O7 L$ k0 |# m$ T
tcp_wrappers=YES/ P+ Q7 o: g5 h0 e% k. u
allow_writeable_chroot=YES% V/ j! W3 T. ]# X# h: V+ r! E
userlist_file=/etc/vsftpd/userlist) @4 E) F! i" h
userlist_deny=NO
$ {+ L- u! M% S' vssl_enable=YES2 `0 e5 J/ h# T
ssl_tlsv1_2=YES) X! y8 ~# U1 L. ~
ssl_sslv2=YES
3 ~' G, M) l( ]# z) u, {4 rssl_sslv3=YES: c& }: `0 y( }9 R; n2 \9 x0 \& t
rsa_cert_file=/etc/ssl/private/vsftpd.pem
" ?* i% V/ p- j: d7 Yrsa_private_key_file=/etc/ssl/private/vsftpd.pem F- O! U' R. h7 _& q
allow_anon_ssl=NO- o; w# R B5 T" n
force_local_data_ssl=YES
& O# z3 n8 r; Y2 M1 }force_local_logins_ssl=YES5 O/ e* i4 H2 e' u \. G
require_ssl_reuse=NO
4 J- [# g/ U0 R1 c0 {2 kssl_ciphers=HIGH
{1 \* o2 {9 ]8 o, }. B4 l5 N+ rimplicit_ssl=YES
2 k+ L" R7 O6 V: k7 z# ^8 s% C P- @ftp_data_port=50000
J2 q& G( I$ tpasv_enable=YES9 O3 k1 t1 B1 [5 V$ d8 a( S
pasv_min_port=40000
+ b0 v1 s2 I* mpasv_max_port=50000
* K1 P0 ?7 d+ Z8 ^port_enable=YES
% y" _ A( v2 ^4 R3 Y0 fdebug_ssl=YES2 k/ _. j' [8 E# c s! |0 w
pasv_promiscuous=YES 解决vsftpd连接错误425 Security: Bad IP connecting
: i. O! v& y P" P1 n' j: W# g
0 P+ l! B+ S: N+ K
! t/ Z8 @% i8 o2 Z! u不知道他们IT修改了哪里 换个IP居然联不上 尼玛 把报错一个一个排查完 ( q' Q: v# K7 H+ K
|
|手机版|小黑屋|赛格电脑 华强北 电脑城 南山赛格 龙岗电子世界 龙华电脑城 沙井电脑城 松岗电脑城 pc4g.com
( 粤ICP备16039863号 )
发表于 2023-1-5 18:35:50