# Example config file /etc/vsftpd/vsftpd.conf
7 z! A1 h5 I4 H/ `* ? y#
3 j0 R: [/ {- n# The default compiled in settings are fairly paranoid. This sample file
, j+ I1 O! y! y1 g+ }3 m# loosens things up a bit, to make the ftp daemon more usable.3 x3 G# }2 _, N* p
# Please see vsftpd.conf.5 for all compiled in defaults.
6 L, `+ _& Z5 I# y1 O& ^#
' j6 U _; @4 H0 _# READ THIS: This example file is NOT an exhaustive list of vsftpd options.+ s5 o/ X, H( S+ N
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's z8 E, E6 Q5 V8 s
# capabilities.
8 }% c; U* L. R# S, Y#
% e$ r* E( B! t) ]( C5 [# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
7 T2 a( e% e/ d6 v' i; Zanonymous_enable=NO
; [: C: Y. V, ]) m5 d E) y3 K#
; i$ P$ H* t; {- p! i& f8 T# Uncomment this to allow local users to log in.
* A$ ]+ g" _( G: p# When SELinux is enforcing check for SE bool ftp_home_dir% K4 Q( R9 H+ _1 [; A J6 m7 n
local_enable=YES
7 e: i8 {2 i& [$ P#
7 E7 n+ ]+ i4 w9 p# Uncomment this to enable any form of FTP write command.9 O* x% H3 b( C) w& j
write_enable=YES' \/ F8 Q5 y# J- r+ b
#: h7 p0 s# ~- L! r7 L5 |
# Default umask for local users is 077. You may wish to change this to 022,/ J8 w) J. Z9 l, t) l
# if your users expect that (022 is used by most other ftpd's)- @0 L! \/ [1 T
local_umask=022. h" u! h& ~' `" S3 z/ L
#" H/ Y/ }. E, r0 ^
# Uncomment this to allow the anonymous FTP user to upload files. This only. t2 u0 `9 C# u
# has an effect if the above global write enable is activated. Also, you will/ }3 a5 u6 o. |; w
# obviously need to create a directory writable by the FTP user.
# L# ^. J& g7 M/ Y& R5 J3 r, g# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access1 S+ C+ c f0 d$ x( w3 _
#anon_upload_enable=YES- t/ @7 d3 U+ D3 w4 Y$ M% t- X" q
#
# [& o5 c* q4 d0 W1 q$ {# Uncomment this if you want the anonymous FTP user to be able to create
! W- G4 P6 p* A6 C# new directories.
. n, v) J1 N$ v P; j. G#anon_mkdir_write_enable=YES" }7 [7 y% z/ a8 N
#
2 ?3 Q6 b V& A; g4 A, s$ b# Activate directory messages - messages given to remote users when they% V# t2 w9 L; h6 P( l& @, ]' P
# go into a certain directory.2 C! l* j. w( c) H
dirmessage_enable=YES
; g% ] `' A* _# d#, `2 {# d( F9 z* S
# Activate logging of uploads/downloads.
# @3 W" ^) N' n' D+ F' wxferlog_enable=YES
& c! j2 j0 C s0 Z5 H8 i#, J1 n/ H2 p) B
# Make sure PORT transfer connections originate from port 20 (ftp-data).) N/ ~* H( c7 z5 S4 u" m: X
connect_from_port_20=YES
; z+ D' w/ G' i2 _#4 p0 @$ O0 c7 ^ n7 `" F1 F$ s
# If you want, you can arrange for uploaded anonymous files to be owned by) _7 N- a# x9 A2 F2 w1 Z
# a different user. Note! Using "root" for uploaded files is not
" w9 q# n9 n& ~/ s7 Y3 Q# recommended!
% F' l( B$ S. d6 A6 r#chown_uploads=YES
% {0 F5 ~) `1 |) B- y: h+ X' u#chown_username=whoever9 M9 ]# M# d9 R/ E4 E. s
#
4 ~4 ^7 d7 t/ j. Z3 Q! g" G ?2 B# You may override where the log file goes if you like. The default is shown! C7 k3 V, Y/ F3 b3 x( j2 [
# below.
" Y7 V/ z3 w" Q, u' Sxferlog_file=/var/log/xferlog. T& n: a+ \: {! l% c7 l& n2 z! i
#
& J0 i/ L f2 U# If you want, you can have your log file in standard ftpd xferlog format.
6 D- U4 w. {8 |+ R9 p. W# Note that the default log file location is /var/log/xferlog in this case.' p5 w Z" l- k6 N: {7 {) S
xferlog_std_format=YES U0 i3 g' B6 y) z: R
#. c8 V! h9 P1 ^+ E. Z8 N! o
# You may change the default value for timing out an idle session.
% B$ h0 ^0 P: m- H4 ]( A3 k#idle_session_timeout=600) W( y) I+ a: o
#
$ M, X, S# p% A, E( O9 F) p. K7 m# You may change the default value for timing out a data connection.
% b% r, M- [& p# e* _) Z4 g#data_connection_timeout=1203 `2 o; |) ]$ n# ~8 J& i) _8 J
#* u% f7 G* k+ h" P+ A" e9 U
# It is recommended that you define on your system a unique user which the
/ F3 u, F# C, q$ `6 |: {# ftp server can use as a totally isolated and unprivileged user.6 q- }6 k7 c* V# ]- x
#nopriv_user=ftpsecure6 ?+ p' ^& a g" E
#
; B6 \/ ?) B# \# Enable this and the server will recognise asynchronous ABOR requests. Not
% [ T" z3 t; w9 M0 v* z9 M; F* }# recommended for security (the code is non-trivial). Not enabling it,$ u9 `/ M/ ~" O9 `. V
# however, may confuse older FTP clients.
3 Q7 K/ M5 {5 U; x#async_abor_enable=YES! W. M! e" i g
#" d, D) b6 l( c1 Z$ }
# By default the server will pretend to allow ASCII mode but in fact ignore
1 g; [9 B) K: I7 g1 D/ q' x# the request. Turn on the below options to have the server actually do ASCII
' i1 Q4 F# Q/ [ q7 T5 I5 C% i# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains8 z0 G: Y/ F/ W. q
# the behaviour when these options are disabled.' ?6 p, o3 J) W" v: x* o
# Beware that on some FTP servers, ASCII support allows a denial of service
5 B4 w0 t7 `( `# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
; U( h# N! j1 n4 m# predicted this attack and has always been safe, reporting the size of the
/ [2 G3 k) j) w) A% I# raw file.
! A( j8 T" L* r- @# ASCII mangling is a horrible feature of the protocol.
! ~% V& l& E8 I0 Bascii_upload_enable=YES
' k/ e; Y, T. R+ xascii_download_enable=YES
' W$ G4 W! a. d! b- T: X% f: [#0 z: H2 t# i! R9 Y6 m, M. N: ^, ]
# You may fully customise the login banner string:
9 G. g! d9 C2 s: h8 ~#ftpd_banner=Welcome to blah FTP service.
$ z" `/ p4 w* c: G# z$ F#
; i& ~5 K% u3 ^5 a' G! v# You may specify a file of disallowed anonymous e-mail addresses. Apparently
5 K4 M" V* O% o+ d' z" c1 y# useful for combatting certain DoS attacks.
- E5 [3 D# w$ j7 y- a. |#deny_email_enable=YES: `* Z% U0 A4 x- V. |5 H/ f
# (default follows)3 Q4 U; V* O- \0 b1 @: h
#banned_email_file=/etc/vsftpd/banned_emails
# w1 T1 V! E3 Z' y#
# I" r) ?" _5 g+ M; }# You may specify an explicit list of local users to chroot() to their home
( R! ^& j; _$ i% M Q, b5 f# directory. If chroot_local_user is YES, then this list becomes a list of
7 q/ i& Y$ X! y; ]2 y2 L# users to NOT chroot().0 @2 y( o7 k9 z4 ]( g
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that) Z* O' t& o) c, j
# the user does not have write access to the top level directory within the7 M6 k! X5 ]9 X
# chroot)
, [( h, p6 m# \3 x9 Dchroot_local_user=YES
" M9 ~/ d3 _; P9 C#chroot_list_enable=YES; q% Y4 R5 s7 d( Q% ?- N/ g( y9 u
# (default follows)
) x x0 R. [; U" B4 n s( j* f#chroot_list_file=/etc/vsftpd/chroot_list
2 Y) x. r+ |# \2 ^ D9 h+ s#6 m$ X8 p" H0 R2 l q% E6 z
# You may activate the "-R" option to the builtin ls. This is disabled by) v o1 |) E3 t2 T5 Z
# default to avoid remote users being able to cause excessive I/O on large
0 P3 h7 W$ n8 v2 z6 h' u3 v# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
8 G) z" p+ A& s" ~, R" M1 y7 T# the presence of the "-R" option, so there is a strong case for enabling it.8 d* H: l8 V4 B; I5 i1 J
#ls_recurse_enable=YES+ f) L$ C0 x6 e% @& Y' Y- c
#
. t6 K2 ?' l" y) ^, }+ }2 e# When "listen" directive is enabled, vsftpd runs in standalone mode and
4 l' G4 W" [2 j* R' C$ P* H( D# listens on IPv4 sockets. This directive cannot be used in conjunction
0 [, z" A5 v! l1 @9 y' Y* M# with the listen_ipv6 directive.- t$ u9 q" v. \5 M& a
listen=YES
+ P& ~, Z: d P1 |listen_port=9901 b, o% G( s' O: u
pasv_address=公网IP
* K0 N, e& i# y9 r% o' }# D#* b) U1 r7 _4 Z4 D
# This directive enables listening on IPv6 sockets. By default, listening
- F/ V6 _* c$ i b. o) k& F# on the IPv6 "any" address (: will accept connections from both IPv6) ?2 _/ X; h* W( u( J+ [6 _
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
9 ?2 Q, O2 M( F+ C$ z# sockets. If you want that (perhaps because you want to listen on specific8 A+ I7 E5 y6 S$ ]# G
# addresses) then you must run two copies of vsftpd with two configuration
3 D# p/ H* O6 k" Z# files.; w6 ?3 `9 ]7 w2 O+ r/ E% I
# Make sure, that one of the listen options is commented !!/ e! l7 b% A6 u0 D% v
listen_ipv6=NO L) P) ?: u7 y+ d: b K+ o6 _4 c
pam_service_name=vsftpd
2 H4 h: X/ b2 ]" }, l# }9 huserlist_enable=NO
0 W2 d0 h+ x% Stcp_wrappers=YES
6 y/ Q" G2 T9 u; `) [$ T! wallow_writeable_chroot=YES7 W; V& ?4 u& Y' s
userlist_file=/etc/vsftpd/userlist
. ^: y( t0 A, p; k4 Xuserlist_deny=NO0 u, s+ ~( P/ ]
ssl_enable=YES8 T% v/ ], C+ f9 y
ssl_tlsv1_2=YES
( Z3 Q1 @* y8 q" `ssl_sslv2=YES! O% W+ Y# f9 K; }( r% S6 B" `* ^- W
ssl_sslv3=YES
% A5 ], Q4 _, W9 F; B( xrsa_cert_file=/etc/ssl/private/vsftpd.pem
: h3 M: G' O4 b9 G0 F5 v& @rsa_private_key_file=/etc/ssl/private/vsftpd.pem2 H; _# m; }$ z) p: m+ X; z, s5 @
allow_anon_ssl=NO
. m" T% X- W. h9 M% Tforce_local_data_ssl=YES) ^* P/ J, h. m$ _
force_local_logins_ssl=YES
! P3 `1 ]6 n8 B* K9 Xrequire_ssl_reuse=NO% p% G* T- W r. o2 |# }
ssl_ciphers=HIGH0 ?. V( N- k* ], @5 m
implicit_ssl=YES6 x! L o% E' S4 b9 l
ftp_data_port=50000
6 {: I3 `1 R0 g5 v, T, @1 B3 B) \0 tpasv_enable=YES2 h% j& s: a* z7 R8 t
pasv_min_port=40000
1 I% e/ x7 E% q% S& O% ?- V5 ^pasv_max_port=50000/ u) i N& k3 g" S
port_enable=YES" }3 h. Z# p; S: a
debug_ssl=YES
4 r5 Q4 H* a0 _, D5 D0 i/ }. C9 epasv_promiscuous=YES 解决vsftpd连接错误425 Security: Bad IP connecting
1 V& R* ~: R1 K/ o. x0 Y. _7 ~; R5 R4 O1 I2 E& @; y
8 T2 D3 K# ^2 a; Q. I, @( G不知道他们IT修改了哪里 换个IP居然联不上 尼玛 把报错一个一个排查完
3 M; ~+ O- U( X2 B0 p |
|手机版|小黑屋|赛格电脑 华强北 电脑城 南山赛格 龙岗电子世界 龙华电脑城 沙井电脑城 松岗电脑城 pc4g.com
( 粤ICP备16039863号 )
发表于 2023-1-5 18:35:50