# Example config file /etc/vsftpd/vsftpd.conf
. {8 C. Z$ V2 \5 k& V6 b( q#
6 Y, m1 L: G& c$ z4 j# The default compiled in settings are fairly paranoid. This sample file
( E. A+ ? ?) U3 X# loosens things up a bit, to make the ftp daemon more usable.- }$ {4 D4 V8 w+ U5 \
# Please see vsftpd.conf.5 for all compiled in defaults.
# M* [. z9 K. O& U8 ]7 u/ z" |: A#
% V0 v% f( @# K; H7 j0 o) T% k# READ THIS: This example file is NOT an exhaustive list of vsftpd options., k% \' e+ |" l1 H: [& C
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's+ [! |! v/ H9 O" I a/ ~9 J
# capabilities.5 g: c/ t4 P9 h8 n7 @# p. ^9 `( o) G
#2 {/ w M& m; X/ | `
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).' j5 s: N: t! p
anonymous_enable=NO
3 t3 N0 ^/ ^4 a7 E- ~0 z8 v6 K#4 t- J) z$ ^* H, o4 i O( I
# Uncomment this to allow local users to log in.
- [+ Y6 W% C$ u& G Q# When SELinux is enforcing check for SE bool ftp_home_dir& L0 ]1 W4 e s8 x
local_enable=YES
# ]& b- @$ Q- q$ }( N- s#. S$ b5 h! q" d( X* c( y9 J
# Uncomment this to enable any form of FTP write command.+ \( e7 c _, l7 D" N
write_enable=YES, P+ h- U7 h* }6 _$ u5 ~
#7 O. l8 Q' t1 p6 \
# Default umask for local users is 077. You may wish to change this to 022,
& l5 o1 S4 r5 I# if your users expect that (022 is used by most other ftpd's)
1 H0 A( F& } w* h* Ylocal_umask=0222 b, @6 p& c2 K+ t
#
+ m8 m- V/ H2 V. ]3 n; K8 M: U i0 ~# Uncomment this to allow the anonymous FTP user to upload files. This only; i9 c: G/ U" I( l0 D' X& O o
# has an effect if the above global write enable is activated. Also, you will
8 D: Z) K) ^& h# E: }# obviously need to create a directory writable by the FTP user.* h) D6 N5 z( \0 j) \
# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access8 T: o$ _2 Y5 u3 x& ]/ I2 }; @
#anon_upload_enable=YES( @$ e7 c2 V2 ?1 j4 B( S, K
#
9 s; h3 d( Y% w# Uncomment this if you want the anonymous FTP user to be able to create
" i" W, Q3 U- N" i: G& b6 b# new directories.
+ U f4 ?1 l8 s4 F( n#anon_mkdir_write_enable=YES
! V& Z% K# u' b ~! e#* x( M( z+ M6 M$ `/ t3 x9 I" V0 t4 T
# Activate directory messages - messages given to remote users when they
( D1 _+ @: w4 X# go into a certain directory., _! _' f& t. `4 g
dirmessage_enable=YES r9 j$ s+ u/ D& ~8 n
#/ J$ t$ Q$ n6 ? O x7 L
# Activate logging of uploads/downloads.7 v' L: q* c. T( C& \8 L
xferlog_enable=YES$ P) f+ K1 C5 n8 @
#+ d3 C. S, J) N# S. G6 L/ g
# Make sure PORT transfer connections originate from port 20 (ftp-data).* b8 h) i9 @5 [ H; a, ?6 N
connect_from_port_20=YES! g0 r3 g- N5 A/ j) |* T
#
: K; s6 `4 J0 U+ D, S! l `# If you want, you can arrange for uploaded anonymous files to be owned by5 r, u8 Z* b" A4 ~) t! {3 \
# a different user. Note! Using "root" for uploaded files is not+ p3 G+ `; ~9 J/ b2 i5 [% y/ i! j
# recommended!4 G/ i ]" ]5 r: a" q
#chown_uploads=YES( i& p+ E( y L0 P; F& `. I# P$ p3 C+ G
#chown_username=whoever
3 q6 _, {1 Q' K- {7 {; d- [#/ d6 a, @" Y; I' L" \
# You may override where the log file goes if you like. The default is shown( u0 S( ?( L. J/ {, K- J1 {; v( @3 {0 k
# below.
* z, h3 |5 c$ g6 c" o* axferlog_file=/var/log/xferlog
3 \+ c' _' {( b#
2 t" {' u8 y$ w3 f: |4 B+ g, b3 B# If you want, you can have your log file in standard ftpd xferlog format.
6 e! u' k- u' ^/ d# Note that the default log file location is /var/log/xferlog in this case.
) J$ U5 K& i8 o* l: Mxferlog_std_format=YES
+ }( ~/ O O/ a! \/ {#8 F1 c5 I; G, r# W2 k% q5 M) s
# You may change the default value for timing out an idle session.2 \, L% m2 S! o
#idle_session_timeout=600 p0 U0 ^/ q' \1 M4 j
#" W& N% l4 D1 d4 Q8 M9 S# a
# You may change the default value for timing out a data connection.; X7 W z/ ~) z9 v
#data_connection_timeout=120
' d# l8 l6 Z2 f6 H#9 x3 Y; x8 n! E8 H: p6 l& R
# It is recommended that you define on your system a unique user which the$ T6 c" o) W+ ?7 B" s: B
# ftp server can use as a totally isolated and unprivileged user.: {: k4 D. t& [+ u7 i
#nopriv_user=ftpsecure
' z$ E) \! u5 N1 z# y#4 V+ z. @4 l$ ]1 b1 h; ^. o6 k" B/ e7 P
# Enable this and the server will recognise asynchronous ABOR requests. Not
b$ a/ Z; j* m( Y, ]3 R# recommended for security (the code is non-trivial). Not enabling it,
6 R- X/ q3 e( V3 o' I$ _# ?# however, may confuse older FTP clients.
" J4 N8 r1 u: ]: G* ~$ _#async_abor_enable=YES
* j7 E$ ?' O( R4 y' K#
0 A* V. a& ]2 f$ ?2 c# By default the server will pretend to allow ASCII mode but in fact ignore
! T' S1 G) ~5 X( C: z# the request. Turn on the below options to have the server actually do ASCII
; a# O7 Z- L* M9 r, {9 Z% C# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains5 c" A# R; P* P. T$ w( l
# the behaviour when these options are disabled.& T1 @7 H3 j1 w& A/ Q# w* x/ _8 m
# Beware that on some FTP servers, ASCII support allows a denial of service9 C# l2 s1 y2 I; O1 \
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd! q1 H. i) d6 o1 E/ u6 c. L
# predicted this attack and has always been safe, reporting the size of the' v) @. L7 @. V" K
# raw file.
) I. O$ M# s! V$ l2 V- Q& \# ASCII mangling is a horrible feature of the protocol.# d. ?0 p( E8 B& V# U3 v- w6 t& B
ascii_upload_enable=YES
' i6 h3 r/ d* J8 N4 Yascii_download_enable=YES3 _5 F4 t# s6 R0 ^/ [7 i# e- O, v4 v
#( q3 V1 y2 m9 O4 K w+ r2 Y
# You may fully customise the login banner string:2 u9 X1 J% ~* U1 a" _2 p- d5 N
#ftpd_banner=Welcome to blah FTP service.
2 }! c6 u- q9 j5 i& G4 Q: l#
$ w2 X1 _4 S6 {- g4 V. b0 E# You may specify a file of disallowed anonymous e-mail addresses. Apparently* X g% Z+ C5 _6 T+ [# X/ ]
# useful for combatting certain DoS attacks.
3 E+ \2 r4 q, f p7 L#deny_email_enable=YES g; J$ K" |8 h% }/ {% f
# (default follows)1 n* p. @# l' R. w6 c
#banned_email_file=/etc/vsftpd/banned_emails) j# j" n; ]: ] a6 O) V( [
#4 m) F7 D9 m1 g8 m/ O* e
# You may specify an explicit list of local users to chroot() to their home
9 X2 Z4 r& o: u6 {1 n' p2 {# directory. If chroot_local_user is YES, then this list becomes a list of
# L& l" g* L8 }) Q ?" n7 D) [# users to NOT chroot().9 b& p/ [3 S7 X# k, C* f" X
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that. \6 R- c$ x+ I* y( M8 N! B! l E
# the user does not have write access to the top level directory within the' J8 ?! f' Y& S& g4 a
# chroot)9 n* j1 M9 V" B3 a3 |
chroot_local_user=YES
( I* c9 g+ ^ F/ S#chroot_list_enable=YES
/ c( q! f6 F. t$ f( F* t# (default follows)& k& b4 M' K) [+ t# C
#chroot_list_file=/etc/vsftpd/chroot_list
4 u1 g: M9 Y6 n1 k' I* p" ]5 X: i#
9 z7 V! N; i/ {# T' @# You may activate the "-R" option to the builtin ls. This is disabled by3 Q+ }( Z- V( N/ w. i2 _/ x& A& `
# default to avoid remote users being able to cause excessive I/O on large9 v; }+ e5 A( [0 b$ e" B+ C
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
/ A* P7 [$ G) z& L. [* G# the presence of the "-R" option, so there is a strong case for enabling it.
" K/ J9 ]0 ?- u* Z#ls_recurse_enable=YES* p& G( Q# t/ ~
#: I- r9 h0 j% k! e3 l: |9 Q' X
# When "listen" directive is enabled, vsftpd runs in standalone mode and
7 ^/ `. U/ c- K& d( {# listens on IPv4 sockets. This directive cannot be used in conjunction
7 J* W3 q D% Y# with the listen_ipv6 directive.
, G+ y1 _# q ^ hlisten=YES c) o0 b9 r2 Z7 L* I
listen_port=9901 }5 G4 T/ Y, e( \
pasv_address=公网IP
3 m7 D. \" i$ b+ {' \3 I M; I#& e- h5 C" [( w3 ~' T3 q, f
# This directive enables listening on IPv6 sockets. By default, listening
2 w" z* e9 b7 q% B" t; o* r2 h# on the IPv6 "any" address (: will accept connections from both IPv6
' G; i* X! D3 ?; V/ ^4 e# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
# E0 n; O2 b( Y D- I# k# sockets. If you want that (perhaps because you want to listen on specific+ J& f$ s$ G+ I( [+ [% R
# addresses) then you must run two copies of vsftpd with two configuration
3 m4 h/ Q, }+ g/ q# files.
4 \( J0 b& N3 f, y# Make sure, that one of the listen options is commented !!2 ~9 i6 a7 [$ w8 R, \& k* |
listen_ipv6=NO
/ L& A$ R9 v4 e/ upam_service_name=vsftpd
4 }! M+ k8 v% c8 I, x4 f }userlist_enable=NO
* r$ ^. n$ @! @tcp_wrappers=YES
/ C3 D$ ^6 p6 z) |4 l9 ~allow_writeable_chroot=YES
; X& i* Z1 O5 `4 y6 u$ d$ Luserlist_file=/etc/vsftpd/userlist
( R! W7 b- E7 Q/ luserlist_deny=NO
2 E3 y2 D$ f& v' q5 z: X! e, S: rssl_enable=YES
0 k" \6 H- t7 V [. d. p4 wssl_tlsv1_2=YES
7 F' w: o6 }$ ~0 j7 Fssl_sslv2=YES
( V+ N2 [/ x7 {. sssl_sslv3=YES
& m% Y* O! L$ |rsa_cert_file=/etc/ssl/private/vsftpd.pem0 B5 W$ ^' {2 x3 u9 z
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
, Q+ z6 |; H! w m- S; sallow_anon_ssl=NO5 s& Y" p4 n4 I# o8 m. ~
force_local_data_ssl=YES" ^ X3 n- N4 i5 \ ~* ~ ~( F
force_local_logins_ssl=YES
: {$ A$ s' ^3 d: G6 Y M4 d. @2 J* mrequire_ssl_reuse=NO
# x& V, m' T, Vssl_ciphers=HIGH
& C8 z; U+ G# p$ N3 U, w$ J8 wimplicit_ssl=YES5 m. J$ [" {# x/ @
ftp_data_port=50000- G* z. z+ ]5 \3 Y
pasv_enable=YES" ]' g) y+ W5 X0 M' X
pasv_min_port=40000: z w, ` E- f- Q# S0 B3 f
pasv_max_port=50000% i5 y4 h( t; I1 o) Q
port_enable=YES
( n7 {2 ~$ m) a# u6 A. j: a r: sdebug_ssl=YES
$ K1 m- M* r0 u* V1 ?& C7 spasv_promiscuous=YES 解决vsftpd连接错误425 Security: Bad IP connecting" h6 F1 f6 t7 i* I5 w* B
( H; I6 @% b4 @ P# N
1 A0 m$ G$ `0 V- u不知道他们IT修改了哪里 换个IP居然联不上 尼玛 把报错一个一个排查完 " l# |+ H, N+ T6 R8 u7 D# F* ]
|
|华强北 电脑城 龙岗电子世界 龙华电脑城 pc4g.com
( 粤ICP备16039863号 )
发表于 2023-1-5 18:35:50