# Example config file /etc/vsftpd/vsftpd.conf
" D+ T! U2 S3 G#
% z% t) ?( E+ k8 L# The default compiled in settings are fairly paranoid. This sample file8 P: Q4 a( K% A' g6 R1 g
# loosens things up a bit, to make the ftp daemon more usable.
$ ^3 ?+ [8 v5 { D% j9 v# Please see vsftpd.conf.5 for all compiled in defaults.+ J& l7 {* `9 E' S
#
/ }# _" U: u' L+ j# READ THIS: This example file is NOT an exhaustive list of vsftpd options." H* f/ n+ {6 d O% i
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
6 v2 j* I0 @+ c4 x5 E* o# capabilities.% a5 Q+ K; l1 S: q7 O
#) E- V% M% x8 ^. b8 q# G. w3 e
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).7 Y7 @3 N0 r7 f
anonymous_enable=NO2 T. p) t- U5 o- C5 J! H# i
#
( L& n. }% ~3 i$ N3 t+ u# Uncomment this to allow local users to log in.) z' D* v' B5 [7 w% A
# When SELinux is enforcing check for SE bool ftp_home_dir
0 y h8 F; [2 ^local_enable=YES
8 \6 G4 i. T0 m$ }# w/ T#
+ c" K% H9 e4 {# Uncomment this to enable any form of FTP write command.
" n& J/ N& l: q/ Q/ z5 Awrite_enable=YES8 ?" r w, N/ a1 q7 ^, i" K
#
# i4 b. S2 |3 V& K. `% e: S [6 g# Default umask for local users is 077. You may wish to change this to 022,
0 H1 o3 G! O1 r) I# if your users expect that (022 is used by most other ftpd's)6 u; x. w9 O' k" ^ F- }$ l D5 j
local_umask=0224 \: E' X/ W$ T" {/ U1 d1 z5 [
#* E& Q0 {! H4 M' R( T
# Uncomment this to allow the anonymous FTP user to upload files. This only
, m* B( z( U' a& S# has an effect if the above global write enable is activated. Also, you will l/ ?5 \$ p2 f, K z0 P2 g* j
# obviously need to create a directory writable by the FTP user.1 b" s8 k$ N! a
# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access
* M: z3 S9 H7 c#anon_upload_enable=YES
`. z. @! g% h$ {# n* m/ V3 F#' ]1 F' h) n* L* r# h9 D d5 b. X6 y |
# Uncomment this if you want the anonymous FTP user to be able to create- P. C( \% t. C" R0 n
# new directories.
( U; \/ E+ e3 z! S& _#anon_mkdir_write_enable=YES
. {: g0 E. x/ N5 ~" v& c#- I/ w8 S/ G) A$ t2 M& \9 l
# Activate directory messages - messages given to remote users when they
& s% R9 \2 y; B. A+ R# G" O# go into a certain directory.
* Q& Z* q2 q* s6 w6 kdirmessage_enable=YES
9 h& p k8 t3 M: s/ k5 Y9 H#
0 ]! ]7 U" Z2 H5 T. [ ^' R# Activate logging of uploads/downloads.' Y& F3 {( b+ ^. K. }
xferlog_enable=YES; h7 F: B% R- s1 x% [
#: L' ]( ^+ ?3 {3 O1 u- `
# Make sure PORT transfer connections originate from port 20 (ftp-data).# R/ d( ?7 q; q- g- E# s0 u6 D, S
connect_from_port_20=YES/ r% K2 x9 s5 P2 r n9 X2 ^
#
; \- p( A6 n& d, l! P5 q0 t* l# If you want, you can arrange for uploaded anonymous files to be owned by# N, C, W$ v2 D! {# U
# a different user. Note! Using "root" for uploaded files is not
! H1 P" d" @! }2 k Y. ^" N. _# recommended!1 R6 [3 d" u; ~& `0 [% D: o7 f
#chown_uploads=YES% T! C0 W7 ?3 O2 ^. X
#chown_username=whoever
/ I O( V4 P; g$ ~#
* Z" N! m# S W k: S# You may override where the log file goes if you like. The default is shown' L& r4 I2 _; n0 ?4 P# y8 J
# below.+ I/ M. d& n' @
xferlog_file=/var/log/xferlog
/ G" V4 C& H7 k: K2 w% e* t#0 B' a. i& t0 P5 V. M# e$ T3 B
# If you want, you can have your log file in standard ftpd xferlog format.
7 b" a( z M' G* w# Note that the default log file location is /var/log/xferlog in this case.
, o3 C3 y6 \1 l( c% Fxferlog_std_format=YES; s1 M) M# b2 C3 S5 p: d
#
0 W: a' z0 \3 a& M# You may change the default value for timing out an idle session.
1 j+ P2 |/ G3 t9 o/ C6 S1 t1 ]2 R2 ~#idle_session_timeout=600
, A: h3 L& m: ?" r( `, r1 N6 l#
& I y5 q n4 C: V5 U# You may change the default value for timing out a data connection.! N/ O7 w( G7 v. z' w
#data_connection_timeout=120& b0 R a: a0 u; U
#
/ }) l; P7 D) R# It is recommended that you define on your system a unique user which the
. V. X9 P6 d7 O5 x/ g9 D) U$ \# ftp server can use as a totally isolated and unprivileged user.
( Q! @/ J3 t4 p% s5 B#nopriv_user=ftpsecure% ~" b! v3 G5 K" ~
#( I! @/ g0 W/ E/ B
# Enable this and the server will recognise asynchronous ABOR requests. Not$ c" s9 V+ E% o
# recommended for security (the code is non-trivial). Not enabling it,
. e' ^2 o. W- g9 D# s O+ E# however, may confuse older FTP clients.- Y3 O7 v* v2 Q' x& s2 N: {
#async_abor_enable=YES) i$ d9 Q0 `# a _" h
#2 b H) t$ W, }% y$ o& ?6 [
# By default the server will pretend to allow ASCII mode but in fact ignore
4 x% Q7 K$ Z! e! w3 s# the request. Turn on the below options to have the server actually do ASCII5 U8 y% T( Z3 l0 m' R+ i1 w
# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains, z! q" p4 \- v2 P8 W, o
# the behaviour when these options are disabled.
* y' u4 V( t0 C8 v/ r) F# Beware that on some FTP servers, ASCII support allows a denial of service: U. D) k) B1 S' l- `, D1 w
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
1 y5 f# B0 L, `; }7 v" ^# a# predicted this attack and has always been safe, reporting the size of the
8 s* H/ `- G( [. q5 o2 B# raw file.
% Q5 C' \% I' k8 n/ v5 M# ASCII mangling is a horrible feature of the protocol.
Z, b. _& I/ @; |$ s1 e) E+ aascii_upload_enable=YES
' Z- [, a2 a! l4 d. I& Tascii_download_enable=YES, V$ ]% U0 j( W% d4 n# x0 P
#8 a, a& @" ?1 \% A$ G) x: Y" k: \
# You may fully customise the login banner string:
8 K( _. ^8 m+ u, J- N* X' u#ftpd_banner=Welcome to blah FTP service.
! a- i/ {- ^5 H+ b* Q; [#
. g4 y( J; z5 g! Y9 V# You may specify a file of disallowed anonymous e-mail addresses. Apparently& U4 m4 t; e. z6 \
# useful for combatting certain DoS attacks.
& x/ l- T- e; y" o* U% r: q#deny_email_enable=YES0 l1 K2 G3 O! e7 N8 z8 W j
# (default follows)
6 W; v& _4 c1 ?8 {( I6 q#banned_email_file=/etc/vsftpd/banned_emails
- W1 ~7 y8 C6 h+ X#! _( c0 M; r2 { ]
# You may specify an explicit list of local users to chroot() to their home3 C8 g9 W) X& e: ?) _
# directory. If chroot_local_user is YES, then this list becomes a list of7 ~5 Q! D- U+ D2 T, k3 `8 I6 X
# users to NOT chroot().1 T+ D N) ^0 W) b9 h
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
7 X0 S1 @; k. q7 `# the user does not have write access to the top level directory within the( R4 J$ ?; {, n/ K
# chroot)) Z- v' x4 }8 ]4 i `8 T1 L" T
chroot_local_user=YES) H2 }$ t; J; \1 Q% [5 B- i; F
#chroot_list_enable=YES
4 R/ |/ Y# o3 q2 v5 n# (default follows). l, `0 \% h( {! I3 Y4 A2 A3 H
#chroot_list_file=/etc/vsftpd/chroot_list
7 o ]0 {' T3 [9 Y2 K) O% b#
+ G+ Y8 i( e* X# You may activate the "-R" option to the builtin ls. This is disabled by$ S/ o) W7 f1 b$ ?5 P( [4 s
# default to avoid remote users being able to cause excessive I/O on large# @& p% n$ b/ g' M! Y( ^
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
. O) ]' p0 S: V# the presence of the "-R" option, so there is a strong case for enabling it.3 K; u+ S, ?( U! v5 @
#ls_recurse_enable=YES) y Y/ b' ?7 o) u4 ]. F! Z9 Q7 T$ E' \
#
! V3 z/ V4 ~; M: y& u# When "listen" directive is enabled, vsftpd runs in standalone mode and
4 T# M. @2 F I: d2 [5 E8 G5 S# listens on IPv4 sockets. This directive cannot be used in conjunction( [8 c" ^ x( n3 w; ~/ q
# with the listen_ipv6 directive.4 o" o; W( q: U, v, d1 h' \9 X
listen=YES7 z- b! G: M+ Y4 x
listen_port=990' ]. O9 L/ R4 `+ h
pasv_address=公网IP4 c7 n8 _8 u- p. k
#
- Y8 Z8 X5 H, k* N+ H) K# This directive enables listening on IPv6 sockets. By default, listening
- C- `3 n- N4 p8 |$ e# on the IPv6 "any" address (: will accept connections from both IPv6! a# z8 T1 h; V9 t1 l% y; L
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
1 |: `$ E, [( r, }* Y# sockets. If you want that (perhaps because you want to listen on specific
( m7 {" \7 [0 y2 p' j: n# addresses) then you must run two copies of vsftpd with two configuration& f9 i2 _* |, ?! l# | x
# files.; w/ X% N* d6 M+ c8 m
# Make sure, that one of the listen options is commented !!
/ [# N1 a i7 K2 |5 b% Slisten_ipv6=NO5 `$ H, @- h* J4 V) Q5 O
pam_service_name=vsftpd& V+ m. h6 V5 @9 T' j
userlist_enable=NO
W! ?8 u0 B: R5 {9 Jtcp_wrappers=YES
6 m8 p% T6 f* N$ q) z0 ]! p6 x l+ Xallow_writeable_chroot=YES
) u, L" X! _2 T+ V7 S$ ?; \userlist_file=/etc/vsftpd/userlist
1 }' u) d4 r) x P. \userlist_deny=NO& e2 F4 Y1 D: J# [" l/ ~
ssl_enable=YES
/ v* | n+ q6 n& r, K8 _0 Y$ ?; Hssl_tlsv1_2=YES# s4 s8 |/ q ~5 X" w2 F
ssl_sslv2=YES: m6 s2 ~/ Z: l' A. G; ` s
ssl_sslv3=YES
+ X |1 G/ F' y% x1 @2 q0 Grsa_cert_file=/etc/ssl/private/vsftpd.pem
6 N& e f$ u, Z9 {rsa_private_key_file=/etc/ssl/private/vsftpd.pem
: }5 D. p# I! S. \! i8 m+ ~allow_anon_ssl=NO
0 f. f2 e# t' h6 P0 s: _5 X7 lforce_local_data_ssl=YES! \ B: T ]$ l
force_local_logins_ssl=YES. ?$ u# M/ k( {& o& |( v0 f" n
require_ssl_reuse=NO; G' N, @" A% V0 @! n
ssl_ciphers=HIGH$ m7 ]) V5 Z7 r B O1 ?% t
implicit_ssl=YES0 v. D) K% p5 Z/ O- W& t M
ftp_data_port=500001 f4 r& E0 l- D& e
pasv_enable=YES3 b6 a# s8 O6 i2 _7 P* `
pasv_min_port=40000' L. k2 Y/ y0 c. c. b4 A( T
pasv_max_port=50000# I4 k5 c H/ v6 B( C% b7 Z
port_enable=YES
! u6 @5 k' g6 |: Z1 d- kdebug_ssl=YES
0 V" Z. X! M! B: P* D% ipasv_promiscuous=YES 解决vsftpd连接错误425 Security: Bad IP connecting
$ y$ q( n/ z) Z3 {2 J5 g5 ~8 v- `3 U2 i
7 w0 a$ f; |4 m9 F+ \5 k
不知道他们IT修改了哪里 换个IP居然联不上 尼玛 把报错一个一个排查完 & W1 n. a; A0 k& [, m$ n
|
|手机版|小黑屋|赛格电脑 华强北 电脑城 南山赛格 龙岗电子世界 龙华电脑城 沙井电脑城 松岗电脑城 pc4g.com
( 粤ICP备16039863号 )
发表于 2023-1-5 18:35:50