# Example config file /etc/vsftpd/vsftpd.conf
& u) w7 E2 U. D N: p& O }#
; n2 s$ s9 |: K; ~# The default compiled in settings are fairly paranoid. This sample file- C: }4 e, \: E4 C/ @
# loosens things up a bit, to make the ftp daemon more usable.% d1 [4 b+ C4 [8 A. K
# Please see vsftpd.conf.5 for all compiled in defaults.
2 ~ V. P& P! e- L) X#
" |, s5 H# b$ i# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
" V$ e2 i+ m$ D0 p+ [3 w' [# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
1 d6 g, Y( @2 n! Y& p# capabilities." b% i R, J+ Z' @8 m
## ^- ?; U6 _2 n7 ^5 X
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
! E) n/ H9 b+ L, tanonymous_enable=NO
6 ~. ~2 J2 ?+ k' w7 I3 |: N* S7 w#
& A* e; E, I4 L- y1 g$ b8 t# Uncomment this to allow local users to log in.+ G, S5 V8 ]% u! M+ e3 s" l$ B9 C
# When SELinux is enforcing check for SE bool ftp_home_dir
7 F3 E+ F$ o9 c7 }3 E' d7 Xlocal_enable=YES
8 N# G1 K! a6 v' C#
& H5 h: w. S) h, W, }- e4 T3 i# Uncomment this to enable any form of FTP write command.9 w" W" B2 ~8 J/ S
write_enable=YES ?) g# H( G) P3 `
#
# D! h8 Z7 m& L2 T; v& |# Default umask for local users is 077. You may wish to change this to 022,
% W$ f) |/ o& Q3 x' d! f# if your users expect that (022 is used by most other ftpd's)1 l# ^+ R, m( f, F8 E; a M
local_umask=022, ?/ ?) I) k# p, D% g7 Q( a$ r
#6 r, }9 T4 A; l" N6 C$ k* T. h: G
# Uncomment this to allow the anonymous FTP user to upload files. This only; }1 b! M7 S1 g! s2 h' G; r
# has an effect if the above global write enable is activated. Also, you will
3 _6 V N! W& V/ m4 y1 s+ g$ s$ R# obviously need to create a directory writable by the FTP user.1 }6 s% A. e' T! s9 x4 ~
# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access
: _4 z* I1 W/ g7 F#anon_upload_enable=YES
* w* P5 q, Q6 j9 e% H* {/ [0 ~#) A3 B( u# ^5 y' E
# Uncomment this if you want the anonymous FTP user to be able to create
) Q e1 Z j) i$ E6 s9 `9 m# new directories.
# V. @' z7 @$ Y, c$ P#anon_mkdir_write_enable=YES
+ d7 J m& r; }8 K* |# L#& p8 @9 }6 L2 f$ D: Z- N1 M
# Activate directory messages - messages given to remote users when they0 k2 J/ ~4 E# E& {9 Z7 p; e
# go into a certain directory.0 N+ s4 ^3 S' v' W
dirmessage_enable=YES8 e5 M; d; z7 y ]
#
; P1 h+ ` A, q' W) h3 S( u# Activate logging of uploads/downloads.. a( D5 S* W* G+ T& j1 z6 Q
xferlog_enable=YES
/ }4 A* D+ d; {) I#
5 X8 \ M$ g, x, H' R; P# Make sure PORT transfer connections originate from port 20 (ftp-data).
$ D E+ M$ V+ v# a! s: gconnect_from_port_20=YES
* X5 U- T+ a5 `. `2 ?2 T+ g3 Z8 Y! q#
3 o# @- g6 s3 _, [/ B# If you want, you can arrange for uploaded anonymous files to be owned by
* H# } H& O4 K8 P3 K5 S# a different user. Note! Using "root" for uploaded files is not* J* a K- M- Y% q' v: n
# recommended!4 O6 k( g! e* v2 f! e3 p
#chown_uploads=YES4 g( C$ C+ g7 V) y
#chown_username=whoever
2 q+ d4 j/ g$ f" M/ k5 c% c#
( f" i j/ Z0 }! L& L! }# You may override where the log file goes if you like. The default is shown
; s3 n: m' L) x* \# below.
+ C1 q) h" E5 k% zxferlog_file=/var/log/xferlog5 |0 |4 ?8 O! q
#
4 V, z5 C7 `: a- O. I( B1 n5 S! S# If you want, you can have your log file in standard ftpd xferlog format.
' ~2 H* t* K- j1 U2 e# Note that the default log file location is /var/log/xferlog in this case.: G, |; N y3 u$ }2 M0 Q/ e4 k$ p
xferlog_std_format=YES
0 {4 K2 c% ]4 p4 j3 o#/ [- \. |; ]" Q5 W7 x2 ~- r
# You may change the default value for timing out an idle session.5 U9 a# b. [" I) c: E0 D0 \6 f
#idle_session_timeout=600" R9 l5 e6 q9 w& W- h! n# A) g
#1 ?* Y" w/ V; u. j6 D5 l6 [
# You may change the default value for timing out a data connection.
( } i/ B& q* T/ Y#data_connection_timeout=1205 d" `# Z4 F* R! `
#* m$ v) H0 S6 N+ }) R; S
# It is recommended that you define on your system a unique user which the
5 S7 X) n% N$ p0 y* F; U; ]1 n( i# ftp server can use as a totally isolated and unprivileged user.
! X+ n+ u1 Y0 T7 h) L#nopriv_user=ftpsecure1 P( B, m2 a: _! ?: \8 ~, O0 [$ L
#! Y$ L3 P- l& ]% i
# Enable this and the server will recognise asynchronous ABOR requests. Not
( d+ A& \1 E5 I8 Y# o1 i# recommended for security (the code is non-trivial). Not enabling it,/ P! Y. w; ~8 n; E/ p3 U0 A
# however, may confuse older FTP clients.
3 {: j; p& o/ @- ^#async_abor_enable=YES% |: b3 J% E' U, \6 w |3 S8 `
#+ u, h6 q2 @( W8 q- q. b- ?- k& @# N
# By default the server will pretend to allow ASCII mode but in fact ignore
' ?8 {0 i: {1 X$ ^7 d# the request. Turn on the below options to have the server actually do ASCII' `3 [" [1 E3 p4 l0 A2 D! V2 K4 G
# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains- w: J) O a) X& O
# the behaviour when these options are disabled.
2 ~8 ^2 c* i9 d% W* p M+ ^# Beware that on some FTP servers, ASCII support allows a denial of service
( } `" V4 H% V; w* U# @# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd0 ~, O4 o/ |& N F# o
# predicted this attack and has always been safe, reporting the size of the6 R2 r* P1 N1 r7 K
# raw file.# d1 o7 c$ ]) f1 R$ P5 O" Q, I
# ASCII mangling is a horrible feature of the protocol.
2 h0 v9 c1 u2 F% j) Nascii_upload_enable=YES
$ E& f$ R+ M3 D9 Vascii_download_enable=YES- T+ k% J) G+ ?* ]+ C k+ _) e
# J* r/ f( s+ ?$ S
# You may fully customise the login banner string:
# |$ l4 l+ d$ Q#ftpd_banner=Welcome to blah FTP service.1 [ ?2 a+ p6 M* o$ K G) W
#
/ i- r2 J4 p& o6 Z/ L# You may specify a file of disallowed anonymous e-mail addresses. Apparently. z" z ]# |* x3 M
# useful for combatting certain DoS attacks.
4 Y2 L1 _, E7 c! a$ G#deny_email_enable=YES7 h# u2 h" b$ Y( [' ]
# (default follows)+ p' j3 D2 v$ V+ I" k8 B7 E( V3 ^
#banned_email_file=/etc/vsftpd/banned_emails {/ _, h* a: D2 T# b. `
#4 K# c& _% f2 \* u4 `8 n' J
# You may specify an explicit list of local users to chroot() to their home- M, I5 n+ G4 A/ G
# directory. If chroot_local_user is YES, then this list becomes a list of
# B; w" w/ @$ r0 {* l0 M# ~. H# Y# users to NOT chroot().
+ _: |1 _0 R$ T7 ~7 j( P" t# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
2 j' b. q: q9 V( Y# the user does not have write access to the top level directory within the% w& e/ I; c; e/ c/ _! {
# chroot)
" q! y2 U: T _* kchroot_local_user=YES
) X D1 M4 @& N#chroot_list_enable=YES
/ y$ M* H8 q- C6 {% k' @1 J3 Q; u" J# (default follows)( R) U/ d. t) N; z+ j8 \# m, o
#chroot_list_file=/etc/vsftpd/chroot_list0 o) j" K" @! i5 ]! c, V5 ]7 |
#/ w0 l/ H/ N2 k5 Q, q
# You may activate the "-R" option to the builtin ls. This is disabled by
4 o& t: p) A! r* f7 Q# default to avoid remote users being able to cause excessive I/O on large
- J9 Z7 U2 R. G# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
8 t5 p- n4 s E, P# the presence of the "-R" option, so there is a strong case for enabling it.2 H7 ]: W9 d( f) m! e0 C# I) k; u
#ls_recurse_enable=YES
- x" s N2 A# Z8 E/ d#3 t3 I) p4 Q& k" Z& f& T; S
# When "listen" directive is enabled, vsftpd runs in standalone mode and) {% r0 \) [0 G) m* D
# listens on IPv4 sockets. This directive cannot be used in conjunction8 B6 J# e+ W, U% h$ k; O
# with the listen_ipv6 directive.
1 j+ d4 A; ~1 Wlisten=YES
9 P2 C) x- s/ H) A4 |- Zlisten_port=990
7 e4 k" ^8 ]" n0 R4 |pasv_address=公网IP
; Q# l) t9 ~ G, O: T#
# a" b% r: [3 r W B% `# p# This directive enables listening on IPv6 sockets. By default, listening
1 T( o& [5 P2 T# d- `8 w# on the IPv6 "any" address (: will accept connections from both IPv6
3 K- c3 w% p' A4 w3 A# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
0 A# A9 W& T9 l: D: x# sockets. If you want that (perhaps because you want to listen on specific
: _7 F3 ?- D, \; r% {! n; Y* s# addresses) then you must run two copies of vsftpd with two configuration; U( t3 } B+ |; w9 v
# files.+ G" t: {6 ~6 ^2 u" U
# Make sure, that one of the listen options is commented !!
+ m; Z2 l n: o: r- Elisten_ipv6=NO: W8 N9 p7 O, e- B) V
pam_service_name=vsftpd
+ \* \4 n0 K5 T4 w1 L9 Tuserlist_enable=NO
7 a" n* E& a$ |tcp_wrappers=YES
# M) T' i- M$ K( n( ~allow_writeable_chroot=YES
) D+ A6 C& o1 Kuserlist_file=/etc/vsftpd/userlist
( e7 ~, [2 }$ y, ~' o& Z muserlist_deny=NO7 T' _$ r- m3 ]* B) B% D
ssl_enable=YES
U3 P+ T/ ?1 x& ?, Q" `* {" E, essl_tlsv1_2=YES4 y: r5 c$ K1 F5 H; `1 ^' B; e- C
ssl_sslv2=YES! K- \; t" ?8 g3 G9 D
ssl_sslv3=YES
C- n, {! G; f6 P' F$ drsa_cert_file=/etc/ssl/private/vsftpd.pem7 w( v8 e7 p3 e# @& |" H2 X5 f
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
! x* e1 J( p; ]' s/ {allow_anon_ssl=NO
( x5 a& f3 A7 sforce_local_data_ssl=YES. I) B% B# u1 ~1 ^( E1 B! q+ i
force_local_logins_ssl=YES
& A: O; }( I! M' T" \# u, }require_ssl_reuse=NO
; j- ?3 |! w) X9 B: a2 }ssl_ciphers=HIGH
8 j: Y6 Q! } d0 uimplicit_ssl=YES, y1 k' \2 A* R! v# C
ftp_data_port=50000
! U- W" o F. P' Fpasv_enable=YES
! g7 Z1 }' w& H& Tpasv_min_port=40000
v: G# j; M* t. b/ g" E7 A2 E0 ppasv_max_port=500004 k0 }+ ?0 Z; H& r
port_enable=YES
0 _& _9 K- V0 k. fdebug_ssl=YES; E# \+ C9 H9 l6 N6 t2 ^! r x
pasv_promiscuous=YES 解决vsftpd连接错误425 Security: Bad IP connecting
3 q2 d: Q4 D7 ]; O8 ~- i% r, S: w6 o$ s2 u
6 J2 H% Y* T' C$ u7 C( R, {/ Z不知道他们IT修改了哪里 换个IP居然联不上 尼玛 把报错一个一个排查完
. r) x( j" [# F& ~, ? |
|手机版|小黑屋|赛格电脑 华强北 电脑城 南山赛格 龙岗电子世界 龙华电脑城 沙井电脑城 松岗电脑城 pc4g.com
( 粤ICP备16039863号 )
发表于 2023-1-5 18:35:50