# Example config file /etc/vsftpd/vsftpd.conf5 ~4 U0 V9 Z7 Z) h
#
8 c8 M0 @4 K7 d% j3 P1 ?+ U" y# The default compiled in settings are fairly paranoid. This sample file; x% k5 @0 l; v/ L
# loosens things up a bit, to make the ftp daemon more usable.4 t! ^6 U/ @9 N7 M( k
# Please see vsftpd.conf.5 for all compiled in defaults.
1 F; _) [- C6 p O3 [7 N#3 A' b9 Z- n2 f' U
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.7 k2 v3 @/ b" I8 s0 H2 j7 u
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
e. a, M* U- Q! L1 i5 v1 l# capabilities.- m, v) A" n+ l% c- K
#4 C5 t) E. @$ S" L. k
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
/ B7 r& N E# Q( \) banonymous_enable=NO/ ?* v7 ]* `4 z# S* f, w
#
6 c, A& o3 P6 F1 T# Uncomment this to allow local users to log in. S1 g( S; b& z& S. z" \" [& M, Z
# When SELinux is enforcing check for SE bool ftp_home_dir6 D( Q& y/ B2 u! W$ N' w
local_enable=YES
. j/ g: J% X1 u$ [#+ W* d' Y+ d' Q) L5 O( X: g- ]
# Uncomment this to enable any form of FTP write command.8 K1 p* H) p/ p5 v. [2 j
write_enable=YES! t: m8 o+ s% J% y ^# s
#3 k/ z. _* J9 {# t' B: T
# Default umask for local users is 077. You may wish to change this to 022,
: d S q; V, W0 K$ @0 c9 x# if your users expect that (022 is used by most other ftpd's) }# n c/ p/ w4 o/ H4 C
local_umask=022% ~2 }% g* m) D# g5 D( g9 @ p
#
5 L1 T8 T% H# a, v# Uncomment this to allow the anonymous FTP user to upload files. This only
0 v8 M" v3 r2 m/ w+ k$ N# has an effect if the above global write enable is activated. Also, you will6 N& w( v' _9 h4 C, N2 t; R5 E
# obviously need to create a directory writable by the FTP user.
$ m* I5 Z6 m$ o" W) v, ?# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access
) v, G6 s8 }# n2 o6 a/ O- G @#anon_upload_enable=YES4 i. u/ U0 c$ r0 s1 d
#
2 e9 C. d& ~. R& j$ y& h) I# Uncomment this if you want the anonymous FTP user to be able to create% D( S" H% D. g W% S! h% H
# new directories.$ e$ U3 V( V+ S$ M- A
#anon_mkdir_write_enable=YES
' g6 U: {* v9 {$ C#
- Y2 V$ d0 l+ h8 v: U2 L# ?# Activate directory messages - messages given to remote users when they
/ n! W' C3 y: G- L+ g W# go into a certain directory.
9 P& m+ e8 \0 j9 Q; ~dirmessage_enable=YES/ u7 `' x( y4 L4 U8 P
#5 L& t M- y( p4 r# q. l2 |. @
# Activate logging of uploads/downloads.
; X }8 a. V- v% n# C! C* Rxferlog_enable=YES; [' A( @& o' S
#
+ y u* b' a% u/ C; E# Make sure PORT transfer connections originate from port 20 (ftp-data). G- } h- v6 ]- Z0 @' j8 z2 h
connect_from_port_20=YES: O: h/ J+ i+ B
#. A& a8 s0 [% `
# If you want, you can arrange for uploaded anonymous files to be owned by' \& _9 }& g* j# W
# a different user. Note! Using "root" for uploaded files is not5 j6 n; {3 `; Q: }% d+ }- ?6 K
# recommended!
3 [" f& w! n) `: l, f C0 k+ A$ @#chown_uploads=YES
8 S. M- B, t h1 R' m6 V#chown_username=whoever+ c9 S/ y1 K. N, T0 q; ]8 G
#
% S3 a/ u! j, \' h# You may override where the log file goes if you like. The default is shown1 p& b/ D2 L( H+ l
# below.
2 g9 P8 S3 P2 c+ Q% bxferlog_file=/var/log/xferlog
# Z7 |! l. [$ e* M! Q# E#' P+ c7 S0 u1 `' y
# If you want, you can have your log file in standard ftpd xferlog format.! T+ i4 }3 ~3 L3 ~7 l
# Note that the default log file location is /var/log/xferlog in this case.7 S) |+ b0 C$ P' `; R7 c0 U
xferlog_std_format=YES% q$ w& W+ f( \5 t
#
% ]# j' J6 P, f2 K+ F# You may change the default value for timing out an idle session.9 E3 Z/ O' T1 m+ D) m" o5 s9 f( Y
#idle_session_timeout=600% G, z- `& T4 n! M
#+ v) b. r* v0 ]0 d# c/ Z5 p
# You may change the default value for timing out a data connection.2 A1 i2 o* K% U) T/ D0 F7 u
#data_connection_timeout=120
0 T. L4 ]0 W8 g/ ?; x#" R# q, T, Y! g& k. K0 N
# It is recommended that you define on your system a unique user which the3 c: A- s. F0 P$ q) s' g
# ftp server can use as a totally isolated and unprivileged user.
$ l9 Z3 W+ E9 V3 W/ F3 d+ R#nopriv_user=ftpsecure2 V" t5 q! b) K
#2 p7 H' h* j D3 R8 _' s3 {
# Enable this and the server will recognise asynchronous ABOR requests. Not) o- u \% L. s5 v
# recommended for security (the code is non-trivial). Not enabling it,
9 j: |+ o6 A, W$ e) k( e Y* O# however, may confuse older FTP clients.9 t' k8 {6 U% ^& H0 s/ S/ ]6 E
#async_abor_enable=YES
" |- z0 S9 l0 \7 L#
& U. z$ |' s1 N4 A8 H# By default the server will pretend to allow ASCII mode but in fact ignore
/ Y- _+ q$ }' N% @# the request. Turn on the below options to have the server actually do ASCII8 p, K5 c0 Y4 c: l% X$ m7 K' J
# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains
9 ]/ `0 V. l2 K3 V. P0 X# the behaviour when these options are disabled.
9 r% A1 c% ?2 I4 A# Beware that on some FTP servers, ASCII support allows a denial of service
4 ?; h2 T: u( v4 s# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd/ j0 a- O1 J7 x" N& E
# predicted this attack and has always been safe, reporting the size of the
0 y* r' n5 T9 m; a. b/ t# T {# raw file.
( S2 h/ I" b) }! I# ASCII mangling is a horrible feature of the protocol.0 N$ T9 y4 k' p1 b m* c2 k
ascii_upload_enable=YES3 r0 t, x, z! s c, H# U5 V
ascii_download_enable=YES6 V2 }' r; }( J3 k9 ?5 a
#
) E7 S6 J! Q: B# P- A5 ~+ {# You may fully customise the login banner string:) L: |+ d$ @. S2 p+ }
#ftpd_banner=Welcome to blah FTP service.* V- z5 ^" k* O6 \
#
' S( h7 r3 B: d) }! c# You may specify a file of disallowed anonymous e-mail addresses. Apparently+ v) Y4 {4 ?. q* `
# useful for combatting certain DoS attacks.0 Y% T3 i9 h/ v9 o
#deny_email_enable=YES5 \' {, J+ w: q: b9 |5 e# B
# (default follows)8 G! S: h' L( g! I& `4 ?/ f7 o4 v" G
#banned_email_file=/etc/vsftpd/banned_emails6 n( b2 T2 C q1 e" |- q! t0 s
#
* f, g8 F, U, X# You may specify an explicit list of local users to chroot() to their home
6 Y0 L. I' _" q/ ]8 L4 j/ q) I# directory. If chroot_local_user is YES, then this list becomes a list of: U5 F) X$ @! e% X
# users to NOT chroot().# o/ U* b; E( l( @
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that; M3 G# x" `5 `1 L. G0 m6 W
# the user does not have write access to the top level directory within the. R( J& ?' h* M) X
# chroot)$ g9 p+ a. t% R/ y; W
chroot_local_user=YES
! x3 _8 l5 Q, w8 F: Q0 |#chroot_list_enable=YES6 `$ K- \% W4 m: I7 t8 @
# (default follows)$ r4 W5 [- W C
#chroot_list_file=/etc/vsftpd/chroot_list, f+ c* {# h% H7 O
#
; E, h. c) |4 H/ U9 P- s9 I$ B; Y+ ?# You may activate the "-R" option to the builtin ls. This is disabled by8 w3 v/ p6 Q' d( i3 U
# default to avoid remote users being able to cause excessive I/O on large
* H6 e+ R+ d% R. ~# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume4 I+ l9 ~' u( i: L: Z7 S# r) B
# the presence of the "-R" option, so there is a strong case for enabling it.
, R9 t- y: Q" S5 p/ ^3 l#ls_recurse_enable=YES0 g: r2 }) e5 K a' j' F
#
% S. p" N9 I" n' B" W j# When "listen" directive is enabled, vsftpd runs in standalone mode and" [/ z4 }. G l8 v2 j* x2 \
# listens on IPv4 sockets. This directive cannot be used in conjunction+ a' i, B* u9 Q% z1 B' V7 m
# with the listen_ipv6 directive.
# r3 M% o5 c) glisten=YES; A" v7 G7 _6 u8 Z; ~
listen_port=990# d4 C1 H* V3 W8 G# E
pasv_address=公网IP* W; B/ t: O7 {4 u3 I4 ]6 W
#
8 O8 z' J3 X: ]& \! S5 ~/ j# This directive enables listening on IPv6 sockets. By default, listening
' s. Z% |% ^3 x: w- @" @# on the IPv6 "any" address (: will accept connections from both IPv6 l3 A( v7 u, H1 j, I$ A1 v5 \
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6( A4 k$ g) _, r' g! F& z) U
# sockets. If you want that (perhaps because you want to listen on specific" T! H* K% B, L K
# addresses) then you must run two copies of vsftpd with two configuration
$ P' L! O' L' F) S( z& H* ^1 ]( ?# files.
) r: }- z" Z5 w/ _# ~9 O# Make sure, that one of the listen options is commented !!
$ u9 ~9 H& O9 P# qlisten_ipv6=NO
; ]- M6 k! o/ t+ R+ i0 f) ?- Upam_service_name=vsftpd3 L. P6 {1 X6 }5 H, P. {7 O6 Q
userlist_enable=NO
8 d) {9 q1 t/ L( G* otcp_wrappers=YES
: A5 h V1 R0 F' |! X9 l: vallow_writeable_chroot=YES# U; k$ ~ j) U6 Z. s5 o9 C3 p
userlist_file=/etc/vsftpd/userlist
% G* }" T- V# l s2 m' ]userlist_deny=NO
$ d, b7 @; @$ }2 t/ g: Wssl_enable=YES
# `# F% T# S( ]) I0 B/ b2 {% P) k Nssl_tlsv1_2=YES$ j7 w/ o6 `6 i% |
ssl_sslv2=YES( i) W% Y$ Y, ]3 v; t7 h, t5 D6 t
ssl_sslv3=YES
/ e3 `# l7 A" M% m1 l0 ?rsa_cert_file=/etc/ssl/private/vsftpd.pem
3 q/ e) d- Z8 v/ ?* R3 m6 grsa_private_key_file=/etc/ssl/private/vsftpd.pem
/ o' @' }& A \; F& t- I. A3 {allow_anon_ssl=NO0 ?' q3 {( p' T W# C: ?
force_local_data_ssl=YES
- v0 O& z" V. @4 ~! W! H+ o- ~force_local_logins_ssl=YES
$ @6 Y y }( Prequire_ssl_reuse=NO0 P' ~! h1 x8 D9 c: ^
ssl_ciphers=HIGH. s i3 X+ `( q( F4 l, U& p. ~
implicit_ssl=YES/ l* D0 d0 [: x: g( m% b
ftp_data_port=50000
: ]' T0 _& M3 B- A. kpasv_enable=YES6 ]3 c+ h% q8 D
pasv_min_port=40000' S* s+ ~; \/ m
pasv_max_port=50000
d; [! J2 N( Q* I& c1 t- \port_enable=YES
* h9 ]% R# @2 v9 F% V/ H2 }debug_ssl=YES- E6 E6 {; C7 ~
pasv_promiscuous=YES 解决vsftpd连接错误425 Security: Bad IP connecting( u; ]. m/ b3 X) V, U4 A D7 Z2 y
4 {" `2 P% r, E5 A3 y% N# \8 i1 H0 G* \9 w8 @
不知道他们IT修改了哪里 换个IP居然联不上 尼玛 把报错一个一个排查完
. B. ^$ U; u8 s2 M |
|手机版|赛格电脑 华强北 电脑城 南山赛格 龙岗电子世界 龙华电脑城 沙井电脑城 松岗电脑城 pc4g.com
( 粤ICP备16039863号 )
发表于 2023-1-5 18:35:50