# Example config file /etc/vsftpd/vsftpd.conf; g" W6 M% P% E- A: C/ R/ I$ q
#: r: @3 Y0 n8 r! _/ Y* D9 \
# The default compiled in settings are fairly paranoid. This sample file
+ C9 y% j2 r" Z q* n# loosens things up a bit, to make the ftp daemon more usable.
% P4 W O" q" O# Please see vsftpd.conf.5 for all compiled in defaults.
: T7 e; Y2 ^6 u* s6 D C#
* ~ A6 K6 X0 P# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
/ `, C7 A; \- o: A! {# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's0 X9 T. {0 D& o) P/ E6 s4 v1 |
# capabilities.
7 w, Q% M0 A$ u2 f- \2 W. M#
* b7 D( k7 p5 b3 [& k' |. U# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
6 c& J4 K* @( [- `5 B; lanonymous_enable=NO
9 _* T, ]+ G, |; v#+ ?. u, u. p, }' U' y/ z
# Uncomment this to allow local users to log in.
, ]: K7 ?' d% \* R( g# When SELinux is enforcing check for SE bool ftp_home_dir
+ c9 H& E; h. q; X5 }0 c# ?local_enable=YES
7 ?( g( D$ @8 d* m7 D' b9 E5 A4 U#* I, T; Z4 {, H6 D' A% y
# Uncomment this to enable any form of FTP write command.6 U" Q0 I+ z6 _7 H3 d
write_enable=YES6 X7 l, J: B; P. E) A4 g' B2 P5 Q( r
#- h# X' D* U- O3 S
# Default umask for local users is 077. You may wish to change this to 022,
8 ?: x; k, P- A9 }# if your users expect that (022 is used by most other ftpd's)0 I! B6 T q$ X+ A
local_umask=022
5 V6 d5 I( u+ r. H7 R#
! V' m- c1 f! D) C+ o0 E# Uncomment this to allow the anonymous FTP user to upload files. This only7 ?- f% X. w+ G
# has an effect if the above global write enable is activated. Also, you will( q1 A7 L# ?5 r, A* b; ?
# obviously need to create a directory writable by the FTP user.) n1 c, t/ V9 X' f
# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access3 Z& a& R$ k& ?$ O$ e
#anon_upload_enable=YES9 @% j) P2 v8 e& S ?' E
#! F X6 m+ I8 T6 _" k
# Uncomment this if you want the anonymous FTP user to be able to create
8 [" B/ m7 Q. H) m# new directories.4 \" L4 u% d7 T* p, L5 ^7 O y
#anon_mkdir_write_enable=YES. }9 ?2 l% e5 s- M& c' K
#3 L b4 H h* ?1 Z7 q' B% ?3 |3 \0 V7 C
# Activate directory messages - messages given to remote users when they
- v" U! A" ~9 [4 S& D1 R) u# go into a certain directory.9 b1 w6 A1 J% |/ K
dirmessage_enable=YES
$ u( F: q1 T) j: C+ f: a#
$ K- f+ u$ }0 I( F# `- S% i# A8 a# Activate logging of uploads/downloads.
* E% ~8 L; H1 u" _( g' {xferlog_enable=YES
" S* | \, X: p4 k! u5 t# a7 N#" O+ g' Q8 W" K& D( W7 ]2 N8 ]/ b: k
# Make sure PORT transfer connections originate from port 20 (ftp-data).) Y( V) E% j( u+ j7 B: J
connect_from_port_20=YES
. s2 k" S% F7 B6 ^, m0 S#+ i5 b3 M# @% \$ [" X3 M2 c8 N
# If you want, you can arrange for uploaded anonymous files to be owned by
" }: K- n6 i7 c# ]/ P$ B: r# a different user. Note! Using "root" for uploaded files is not
/ H2 p/ U! S5 Q; H# recommended!
; P6 g% c; t, o7 f, Q5 g) V9 U#chown_uploads=YES
9 N, ?; E! ?, H$ _* O#chown_username=whoever
6 d5 l" S5 U' c5 g#/ v. @' n! J1 N1 I5 z) H. Y& J: j
# You may override where the log file goes if you like. The default is shown
. \: m) z l6 P0 z2 O# below.
7 N$ A) y' V0 R* ?: h2 f% Z3 |xferlog_file=/var/log/xferlog/ y3 n! R& i! c& C4 m
#! o+ G9 s2 |! X2 m# R) ^
# If you want, you can have your log file in standard ftpd xferlog format.
. Z% H* t F! k$ E1 B1 N* H# Note that the default log file location is /var/log/xferlog in this case.
! P6 {- M* G# |. Zxferlog_std_format=YES" X2 E9 ]' c7 Y' u/ @' n, p5 L
#- E8 M* ~7 d9 q5 M
# You may change the default value for timing out an idle session.1 L2 p, W5 M3 E" h' R) f4 A( [
#idle_session_timeout=600
% T. x: F7 t2 v8 x#, g. N% H0 t2 k3 l- t
# You may change the default value for timing out a data connection.
4 A7 s7 B+ ]+ e/ t# _6 k, j* v#data_connection_timeout=1208 j8 p. X2 ^! w
#
: W+ _ T, P4 g) Q- U6 i g# It is recommended that you define on your system a unique user which the
: V4 t1 j1 J/ h2 T$ x7 B# ftp server can use as a totally isolated and unprivileged user.
, X! n0 k3 l. @# Q' v& Z1 }#nopriv_user=ftpsecure$ v' {2 w4 ^1 q3 j8 Q. @
#
. d% y) l r5 X% B* A6 |( t# Enable this and the server will recognise asynchronous ABOR requests. Not7 ~! [4 E' W9 d# p7 n( f' C
# recommended for security (the code is non-trivial). Not enabling it,( j2 l3 b4 \; P1 z! v3 C$ _
# however, may confuse older FTP clients.$ r2 f: Y' m6 ], [# `8 u, k- h
#async_abor_enable=YES' q5 b4 R4 [+ [ I7 N0 v+ F2 s
#
+ t% J$ a3 @/ ^# By default the server will pretend to allow ASCII mode but in fact ignore/ G. [* J1 _1 z* G
# the request. Turn on the below options to have the server actually do ASCII
( Z6 e7 t' R+ u4 [+ D# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains7 a( ]7 K6 j" a1 t$ H0 {
# the behaviour when these options are disabled.: T3 e6 {( d5 [0 f. Q
# Beware that on some FTP servers, ASCII support allows a denial of service- Y. s; T7 h8 ^) ~2 P) C2 r
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
& U8 X: {2 U4 h# predicted this attack and has always been safe, reporting the size of the- Y6 d5 U5 o8 @& c0 R% @
# raw file.1 Q/ Y) h3 u% S$ G
# ASCII mangling is a horrible feature of the protocol.) l. G! w6 f8 h$ [* e
ascii_upload_enable=YES
8 r m9 {2 u, x7 z& Zascii_download_enable=YES
6 e2 n6 D8 N- X z) B: b+ x#
) i) K5 k3 R2 N( [: y2 l. k# You may fully customise the login banner string:
4 f* n) h3 Q# T8 V9 B5 |# ?) j#ftpd_banner=Welcome to blah FTP service.( I4 k8 S* M5 U
#- V7 h# T; K: S8 A
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
; s& g! C5 t5 s. {* n( K" s# useful for combatting certain DoS attacks.
, C7 f$ a3 i* t# n#deny_email_enable=YES6 G$ n9 v* X# w9 G7 U( S
# (default follows)' g9 s+ v( t# g3 Y7 A2 E" a
#banned_email_file=/etc/vsftpd/banned_emails2 I2 ^: M, t( [* ~: @
#
3 k9 b! s0 N0 C6 F5 R, D# j6 }4 U# You may specify an explicit list of local users to chroot() to their home- N+ _$ g h' A* W3 q; U
# directory. If chroot_local_user is YES, then this list becomes a list of# O, l: e: A0 Q/ B5 W1 P1 \( y
# users to NOT chroot().
& x4 h9 I4 [6 C8 c4 a6 Y. G! ^) v6 ?# K# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that5 g; r1 @( X6 F1 j* g
# the user does not have write access to the top level directory within the" ^! \! `& x8 N' F
# chroot)( Z1 G* U2 ^' V
chroot_local_user=YES* u' V3 I6 O0 J
#chroot_list_enable=YES3 y O, k2 R1 H/ |* ~
# (default follows)
4 c0 w8 z. q$ z! H) y#chroot_list_file=/etc/vsftpd/chroot_list8 R# G' _& g( N7 S& R* u8 p
#
& [ J5 G/ r7 M: L& n# You may activate the "-R" option to the builtin ls. This is disabled by
1 d0 A f* y9 }& X% l) M# default to avoid remote users being able to cause excessive I/O on large
- h. s$ n5 K+ D% Y, m+ e1 w# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume! }& N# m+ M O( D6 i! |8 d
# the presence of the "-R" option, so there is a strong case for enabling it.
) d& P" W" g/ C. _2 N' e l$ b- X#ls_recurse_enable=YES; @( Q/ F( D: V1 G* i
#
+ k: h' z3 j% t; d" L# When "listen" directive is enabled, vsftpd runs in standalone mode and
% @9 ]' w' u( j+ J# listens on IPv4 sockets. This directive cannot be used in conjunction
' {3 z/ T3 r' E# with the listen_ipv6 directive.
6 t- e4 o5 f! Z: e& F3 @listen=YES
" l w- @( D7 W& slisten_port=990/ r- y$ E. J+ Y6 F6 s
pasv_address=公网IP
( _' a: }$ X0 @6 J/ D" i4 N) n) h9 }#' |. |, [4 J0 z6 [; a" D
# This directive enables listening on IPv6 sockets. By default, listening
% \$ a i- Y) H' x: B' F# on the IPv6 "any" address (: will accept connections from both IPv6! ~& x7 u4 O" I- Y0 Y# Z
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
" E; @, }" s9 v' o: q# sockets. If you want that (perhaps because you want to listen on specific
( F9 m* b2 m: ?2 `5 y# addresses) then you must run two copies of vsftpd with two configuration
5 X( `1 L* a1 i# files.# Z% {0 a+ _" @+ m% P9 E: ]
# Make sure, that one of the listen options is commented !!3 H: V9 S( G& [5 }; s2 ^( ~1 j
listen_ipv6=NO
7 U5 Y, f6 k7 F5 {pam_service_name=vsftpd
6 N8 @1 X: |" D' w* ^/ zuserlist_enable=NO
/ Z; z* P1 Q2 R0 atcp_wrappers=YES# b' u( D2 O3 @6 s' t3 J: I
allow_writeable_chroot=YES9 @3 q" { b6 b7 X7 p
userlist_file=/etc/vsftpd/userlist! f4 t1 q2 Z, w7 M
userlist_deny=NO
5 t3 u- e/ J/ |ssl_enable=YES
2 G% d. h; ?: [, s, N% [ssl_tlsv1_2=YES
% {+ l" s# ]6 ^, p' ^& V$ j9 Ussl_sslv2=YES5 P1 ?7 |% M0 d/ p
ssl_sslv3=YES! J) m7 h) d6 A- L( V! w& E/ D) e0 P; O
rsa_cert_file=/etc/ssl/private/vsftpd.pem
7 X# w* o+ ~( Rrsa_private_key_file=/etc/ssl/private/vsftpd.pem
( A2 [& l6 s, q5 ]- f7 N0 Xallow_anon_ssl=NO5 z9 |/ I0 h/ {6 M& A$ W6 E; q4 A
force_local_data_ssl=YES
+ M, W# V1 y' X( t3 P( x+ uforce_local_logins_ssl=YES3 Q- L( S; _5 G
require_ssl_reuse=NO
# @) h1 k4 Z. b- S2 d. [ c, ~ssl_ciphers=HIGH
3 o% Q* T2 y8 ^implicit_ssl=YES
' ]5 Q2 L! Y9 a# H$ Tftp_data_port=50000
% V1 l$ w: r7 v2 zpasv_enable=YES9 N2 n t$ R4 E, D7 d
pasv_min_port=40000
6 d2 n+ f6 }+ ?; Kpasv_max_port=50000' H% G! x$ |3 T, m3 j" \! o
port_enable=YES
0 z- ?" D$ a4 P' M' Ldebug_ssl=YES+ ~" z. P+ S& ?. d# S4 G7 c( A8 `
pasv_promiscuous=YES 解决vsftpd连接错误425 Security: Bad IP connecting) d1 \0 J; M6 I2 H
. o& f! F$ ^' k( w4 w; s3 i% o7 Y: _6 E$ [0 p+ I& O8 O0 g, e. F+ a
不知道他们IT修改了哪里 换个IP居然联不上 尼玛 把报错一个一个排查完
( M# r' R' w/ Y/ | |
|华强北 电脑城 龙岗电子世界 龙华电脑城 pc4g.com
( 粤ICP备16039863号 )
发表于 2023-1-5 18:35:50