# Example config file /etc/vsftpd/vsftpd.conf
" {7 w' Q2 \' h4 e7 R! m- p% `#
5 }8 Y3 l8 q+ D( z# The default compiled in settings are fairly paranoid. This sample file3 y. D3 c, S2 f/ i
# loosens things up a bit, to make the ftp daemon more usable.
: n! f) {& b2 \8 v7 ]0 z, O# Please see vsftpd.conf.5 for all compiled in defaults.
- ~$ u4 W1 b: ]8 O( c#
1 O+ j7 z: p5 {9 P8 o# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
1 Y5 R8 U3 m3 @5 ?8 l3 U C# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
! N& j! M* g0 [- N# capabilities.) d' r) d+ a4 ^
#2 x4 z# |6 H/ E; v5 a# w9 ^: |
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).$ h( I4 N& w7 T+ ~
anonymous_enable=NO
: E) V6 | K- V- y3 c#& y$ @4 L9 V& ~0 Y+ i5 @
# Uncomment this to allow local users to log in.
/ R+ ^1 U0 p" W1 u7 W6 ~7 {2 K# When SELinux is enforcing check for SE bool ftp_home_dir7 n m6 C7 a; z: {" S& K
local_enable=YES
, w+ W4 M) \& K9 w- i#( {0 u( u. V8 l, c: l
# Uncomment this to enable any form of FTP write command.5 g8 S. ~2 O* a: R' c9 ~6 _6 v- x
write_enable=YES
7 s1 J. x- g" z( C+ N9 S; U0 e#! ^' ?1 U1 @" v& D( I3 M
# Default umask for local users is 077. You may wish to change this to 022,
; f/ w1 f* h4 @$ H" p5 Y8 O# if your users expect that (022 is used by most other ftpd's)
) g; y8 ]8 X$ O9 W" V6 k) `' [local_umask=0220 S; p/ J, J; u( M' T- M
#- b7 r- ~! H; r( O
# Uncomment this to allow the anonymous FTP user to upload files. This only
! y/ U8 d7 w6 x# has an effect if the above global write enable is activated. Also, you will
, P9 y1 F. w( M3 @7 r# obviously need to create a directory writable by the FTP user.
1 X( M, ?3 N+ w$ T* M, w# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access
$ {/ o; d+ z" {3 V: i#anon_upload_enable=YES
5 S# P+ L* ]" U+ X& i5 z1 p+ x. R#8 p) P4 n1 v' A% Q" t5 w* ]$ r! Z
# Uncomment this if you want the anonymous FTP user to be able to create
- c1 w, v5 b* Z _+ R# new directories.
0 P% S- P( D; u, W d/ u#anon_mkdir_write_enable=YES
4 F; z/ f! Y1 j# ]2 l+ S& ~#' y6 `: L% W! K6 {2 ?5 L
# Activate directory messages - messages given to remote users when they' H% V: V8 O- c' I; ~; c1 Z0 D
# go into a certain directory.
( B6 K& k: h1 {9 |: Pdirmessage_enable=YES
) f0 Q0 Q( X% B#$ {0 C- J' m5 X. ?3 u
# Activate logging of uploads/downloads.- U3 T- O5 [) y! T; B
xferlog_enable=YES$ n8 V$ d, z! u! Q* }3 J
#. Z7 O$ M5 r4 I3 R; X1 y
# Make sure PORT transfer connections originate from port 20 (ftp-data).7 Z* V0 u+ r+ C7 n: W l* I% W0 j
connect_from_port_20=YES+ r" x% [1 O$ F' ]3 U6 L2 Y3 o
#
( N/ ?( g r$ r: W- N( N% {4 w# If you want, you can arrange for uploaded anonymous files to be owned by2 K4 x7 c/ a6 V! o
# a different user. Note! Using "root" for uploaded files is not& G# p/ V9 f4 H$ w' N2 o* [
# recommended!5 l5 t/ k* f! q+ [+ _" f7 K
#chown_uploads=YES
( \4 }* X% y8 f# _+ X- C* v#chown_username=whoever
" }. t- p4 c1 f. R( F \3 `* T! W' T#1 r! l& s5 |" s9 M
# You may override where the log file goes if you like. The default is shown, ^- ^- x4 M0 Q1 _( `
# below.
# x& ^, S0 Y; Pxferlog_file=/var/log/xferlog
K7 [2 A2 N" z( W# r& @2 A#8 L, @7 |( v0 E8 n' t ?
# If you want, you can have your log file in standard ftpd xferlog format.
( G; Q3 {( O7 Z+ j1 w7 e5 q- D# Note that the default log file location is /var/log/xferlog in this case.: ?# t" p* q7 N) ?5 H" u
xferlog_std_format=YES6 E$ |1 m2 q N8 B- T, N9 k
#
7 Z* |7 i+ m7 f* w7 ~* { Q# You may change the default value for timing out an idle session.
% z9 H% u2 o4 b# s/ ^% s#idle_session_timeout=600; o/ ~" ]" a' t
#$ `' L, z# Z1 V$ l# x3 k
# You may change the default value for timing out a data connection.% a8 h, I5 V; Z* B
#data_connection_timeout=1200 V2 u- j& P9 A* Q2 Y$ [1 v' V
#
0 o& R- W! q8 S7 e; N8 \* e: w( W( o4 ~# It is recommended that you define on your system a unique user which the
i/ |0 Y% t1 a0 g% }# ftp server can use as a totally isolated and unprivileged user.- F# l7 B" M4 A' B1 m- A- b' M
#nopriv_user=ftpsecure
; b7 Y ?$ w- Y6 I- z. t#
[+ v$ \& K0 q# Enable this and the server will recognise asynchronous ABOR requests. Not; ?6 ~1 k! X7 c
# recommended for security (the code is non-trivial). Not enabling it,
0 P# ~+ }2 _$ j. Y. n' d$ t! Y# however, may confuse older FTP clients.
2 A2 p3 k# d$ t2 h#async_abor_enable=YES
, L) Y5 J0 I" O3 J& c9 p#- ?9 W& \$ _* G% V% x0 ^5 k
# By default the server will pretend to allow ASCII mode but in fact ignore9 K, O1 A) e9 y
# the request. Turn on the below options to have the server actually do ASCII) X9 S- K; Q1 o1 d( T o
# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains2 _$ J z# c# P: q e
# the behaviour when these options are disabled.
4 n% w3 Z7 d7 j% i n* X4 `6 G# Beware that on some FTP servers, ASCII support allows a denial of service @( l, `- S2 |& n. h8 u
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd. q& e- |1 F9 A3 `- X0 f
# predicted this attack and has always been safe, reporting the size of the1 k. ^3 x) U5 c0 l
# raw file./ T6 y. ]0 `% L1 `
# ASCII mangling is a horrible feature of the protocol.
6 t4 b' X E" g) H5 u6 |1 q4 oascii_upload_enable=YES( H( g- n- ^' o% o% k
ascii_download_enable=YES- e- p0 e! q& C R; H
#
& v( w' } B) C( H- C. M, r+ P# You may fully customise the login banner string:
6 W7 c. K9 \ t. r#ftpd_banner=Welcome to blah FTP service.0 m8 {! N+ B2 i! w) g6 K4 i* L, Q+ E
#
+ [/ n+ e/ u- |2 G% B. P# You may specify a file of disallowed anonymous e-mail addresses. Apparently
& ?( g! j; x+ Y1 J1 m& ^1 O. b9 ~# useful for combatting certain DoS attacks.
' E9 P$ y0 p: X3 Y#deny_email_enable=YES; N) [- L: f( T
# (default follows)' f' c, E$ W# [" L1 J. ]4 r# C9 D5 |
#banned_email_file=/etc/vsftpd/banned_emails+ i* i1 X" `$ q
#
% @( H. a( Z! o/ c+ O0 V# l. }& N# You may specify an explicit list of local users to chroot() to their home' S* F) ]- }/ ]
# directory. If chroot_local_user is YES, then this list becomes a list of
6 z/ L6 T" \! G- j. J8 A# users to NOT chroot().$ u n4 K/ o& ~ I
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that& z* p7 `2 J5 U- W" j3 Q
# the user does not have write access to the top level directory within the9 i& M1 ]: y: M9 q2 I
# chroot)) i; Q' C9 w" h6 s+ O* h( L+ f
chroot_local_user=YES
3 W2 E1 @$ m4 m; W. c* A' I( \7 ~#chroot_list_enable=YES
% ~4 _ H, Y! U+ m5 K$ Y# (default follows)
+ L0 G; k* N+ I$ E/ H- E9 i#chroot_list_file=/etc/vsftpd/chroot_list% v2 g+ {# ?+ c, T$ ?6 W- \
#
* ^1 k: y4 Z1 U# You may activate the "-R" option to the builtin ls. This is disabled by% P. Z# \5 H+ }5 r0 m( L7 U9 a
# default to avoid remote users being able to cause excessive I/O on large4 p" p5 U' m o# p" W; D
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
7 k% p. ]) V6 Y9 K# the presence of the "-R" option, so there is a strong case for enabling it.) M5 q9 j4 Y2 q6 o
#ls_recurse_enable=YES* h# a5 N2 g/ I+ r( N2 Q V9 B5 A
#
# Y3 P" U2 d% l" A8 t p# When "listen" directive is enabled, vsftpd runs in standalone mode and. P$ N! T$ P' p2 x3 \' Y( T: c% f* L
# listens on IPv4 sockets. This directive cannot be used in conjunction
! L& B7 J; Q3 a5 [' P6 o# L# with the listen_ipv6 directive.2 M* o) I; h4 F
listen=YES
. ?2 B5 H% R0 E1 [2 w2 Y& I& slisten_port=990: _. A6 w7 W4 v |* X
pasv_address=公网IP( w( c: l' o4 f/ f" B
#
0 u, n# z* J, Z2 r: A# This directive enables listening on IPv6 sockets. By default, listening
' P/ r5 u8 d+ i" V0 H0 x6 M7 @1 H& i# on the IPv6 "any" address (: will accept connections from both IPv6
/ A% X/ c' F! P b' m& i# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
0 \/ U; J, h! d! [# sockets. If you want that (perhaps because you want to listen on specific
0 u' a( N( L% p+ f# addresses) then you must run two copies of vsftpd with two configuration8 M7 H+ ]( v* I2 \! P6 m
# files.
! z8 Q! |3 ]/ x5 `# Make sure, that one of the listen options is commented !!
# r$ x. C0 X- ~' t8 O& F$ b3 ?8 Ylisten_ipv6=NO% `2 r. T0 k4 v0 ~9 b
pam_service_name=vsftpd7 E* p$ I2 u8 l: I
userlist_enable=NO
! D6 F9 z* H: K/ t3 _tcp_wrappers=YES2 Z9 e. a( e, l' h& \% \
allow_writeable_chroot=YES
3 f! }: J4 w. ~) Ruserlist_file=/etc/vsftpd/userlist
9 Z9 \3 m5 y m, n/ R) duserlist_deny=NO
9 r" [1 Y1 j8 E3 _2 f. Issl_enable=YES
3 z! t6 X+ A+ D. Ossl_tlsv1_2=YES# s7 `1 N1 C/ C* ^7 x* l( x4 j" o
ssl_sslv2=YES" R w9 F9 E+ T. N% L
ssl_sslv3=YES
4 F+ `9 ^ [0 x# P& E- Trsa_cert_file=/etc/ssl/private/vsftpd.pem
/ |/ S9 l! B1 G, K, a& H3 W0 n, Lrsa_private_key_file=/etc/ssl/private/vsftpd.pem$ w( ~/ G' h- Y/ ]
allow_anon_ssl=NO0 E6 w* A# U! v/ d! S" F
force_local_data_ssl=YES* ~. W" |# F' `# X& O
force_local_logins_ssl=YES
, ~+ p" t( K8 qrequire_ssl_reuse=NO
' T4 L) e( {9 z7 p7 Y9 kssl_ciphers=HIGH# I5 E5 k- O K
implicit_ssl=YES
4 {" D/ E' s) x8 pftp_data_port=50000
3 v* k' V9 Q% B- R6 N) xpasv_enable=YES
" |* L' s$ y. F, O$ r. upasv_min_port=40000
8 H4 t7 y+ q$ W* c) Vpasv_max_port=50000
& _6 I+ F' D9 ^0 U: `% U9 v! mport_enable=YES
8 g9 }9 I4 e% P8 adebug_ssl=YES' Z% B6 b" j t) l9 k! o! k+ Y
pasv_promiscuous=YES 解决vsftpd连接错误425 Security: Bad IP connecting/ v5 Q. g! N6 S* T" R4 U) L
2 r% A8 Y8 D7 d+ @( o- F5 @6 @5 G- r, K% f: ^; i0 P
不知道他们IT修改了哪里 换个IP居然联不上 尼玛 把报错一个一个排查完
* R. T! ^, K$ O$ M& Q |
|华强北 电脑城 龙岗电子世界 龙华电脑城 pc4g.com
( 粤ICP备16039863号 )
发表于 2023-1-5 18:35:50