# Example config file /etc/vsftpd/vsftpd.conf
( O6 s0 l# O- e$ e2 u9 S( C#
2 ~& @" ^; T, m6 L# _2 U* M3 u# The default compiled in settings are fairly paranoid. This sample file
( |& N% }2 S' C" J D0 l# loosens things up a bit, to make the ftp daemon more usable.
$ ~8 S/ [# I4 @9 q+ M# Please see vsftpd.conf.5 for all compiled in defaults.* W/ _6 O$ |1 i
#
1 t8 o1 e2 N3 Y# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
0 H1 @' d: c/ G" W* `8 H ^% b9 N# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
, q$ h* x: _" L- {' I( A& b' m# capabilities.! u) D- b6 K X
#
/ F: R) G( [" d) \0 J5 a# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
! ^8 w# C$ C5 wanonymous_enable=NO
. c1 X( j# n5 {: c% D9 @#
% T- k& d% m, q& R1 y# V# Uncomment this to allow local users to log in.
7 J0 X3 D9 C* F! s3 [8 @# When SELinux is enforcing check for SE bool ftp_home_dir' e7 N6 g0 z9 x, f7 ]" X
local_enable=YES
9 q9 ]# D' G& x#
% j( P V, r. u. `# Uncomment this to enable any form of FTP write command.
( m- S( V7 v4 H% g$ u8 wwrite_enable=YES* u. l3 D( p _+ A! n
#
0 D) R8 c2 d1 N; d+ P! A# Default umask for local users is 077. You may wish to change this to 022,% z9 U! _' g: ~1 X0 J
# if your users expect that (022 is used by most other ftpd's)
5 E4 p0 m' Q( Dlocal_umask=022
- c. r$ T! H- w2 f2 B- ~' e; d+ A#9 y6 F! L% Y4 a5 N5 ]
# Uncomment this to allow the anonymous FTP user to upload files. This only
9 }* P0 w! V# s) I8 ]# has an effect if the above global write enable is activated. Also, you will9 n5 R: ~0 w* n, U, U
# obviously need to create a directory writable by the FTP user.
: L) h7 x/ L$ U4 e! A# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access
# X q1 D; S' h% w#anon_upload_enable=YES7 y5 U/ \. D; R1 o! e3 ~
#2 p4 L$ e3 b# P7 }5 r6 Y4 v/ s& x
# Uncomment this if you want the anonymous FTP user to be able to create
1 K1 X5 { Q' d* T- ^3 Y# new directories.
9 A# e9 }# i T% k7 w7 E#anon_mkdir_write_enable=YES
+ S* i2 Q& @& t/ o#
0 F$ `/ l- J/ h1 F# Activate directory messages - messages given to remote users when they4 l7 E& a5 ], |5 L( e
# go into a certain directory.
' h J, {" |, Y; F( W7 j6 ^dirmessage_enable=YES0 J+ v& J2 L# G; O5 Z; v X
#% w3 u2 ` N. @* \' x
# Activate logging of uploads/downloads./ {0 s# e! n; y7 s4 Q2 d( L
xferlog_enable=YES
0 F4 m9 R7 E1 M. L. P: w& e5 ^1 l' c#
& v6 o# M M- g0 b7 @9 S# Make sure PORT transfer connections originate from port 20 (ftp-data).; {, I. i4 a/ A Q% x" |! V
connect_from_port_20=YES! V! P/ [; Y! |6 ]& k u
#
4 J% Z8 v& R) J8 ?) ?0 @' [# If you want, you can arrange for uploaded anonymous files to be owned by
$ D: A7 E/ v/ `! V1 {% J6 w# a different user. Note! Using "root" for uploaded files is not% { e# Q2 n+ c& I( F0 z. n9 G0 t
# recommended!! e3 ~: Z: Y! _$ Q
#chown_uploads=YES
, l) x# y: d& B% k" W; \# s V#chown_username=whoever5 F @" Q3 ^6 ^, T% u' a1 y
#( \) a" `5 X Z0 L$ K2 |
# You may override where the log file goes if you like. The default is shown$ u$ c. H- Y7 h" m* ]" t
# below.
4 {' |3 e7 w, i( w5 P; ?5 gxferlog_file=/var/log/xferlog
+ X7 R% W R. c/ {$ e1 f#
9 k1 e5 U9 w5 E5 r# If you want, you can have your log file in standard ftpd xferlog format.' G+ ~- k& T$ @4 J- X0 q
# Note that the default log file location is /var/log/xferlog in this case.
! I/ j" I7 h# s; }5 f0 ^: U' Lxferlog_std_format=YES/ p: N7 O4 s( \+ E
#
" z- S$ A5 W8 E7 s* i# You may change the default value for timing out an idle session.
: F) r. L/ m! G0 `#idle_session_timeout=600
* B' G2 m- T. e5 z## l8 B% d s# K* s
# You may change the default value for timing out a data connection.4 n: w; L! ]" A+ T# l
#data_connection_timeout=120
$ o+ B& J1 Z+ ^- _. k/ J#: K" S: C# B* W9 {! Q0 Y# t5 j* p
# It is recommended that you define on your system a unique user which the1 Z+ S$ b; J8 k+ L3 O
# ftp server can use as a totally isolated and unprivileged user.4 R# N3 u* Q% M* ]
#nopriv_user=ftpsecure
5 ~% @. n& S. e5 S' O#& s3 g6 e& d. u
# Enable this and the server will recognise asynchronous ABOR requests. Not
8 P z2 {. t( B1 }) e8 u% L# recommended for security (the code is non-trivial). Not enabling it,4 k3 J% K$ d' k4 s S
# however, may confuse older FTP clients.2 ]+ H. h# y, n8 w
#async_abor_enable=YES2 _6 e( p: u6 a2 M2 U5 ]
#
- P+ x" W! u' u) E" A. A- }# By default the server will pretend to allow ASCII mode but in fact ignore3 [ w% j. S6 I k5 P
# the request. Turn on the below options to have the server actually do ASCII
4 K7 m k4 h, L+ U3 @! y) d0 F0 {& U# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains
/ b2 E4 ]* ?0 r# the behaviour when these options are disabled.. g* [, b- E7 K: b$ ?: \
# Beware that on some FTP servers, ASCII support allows a denial of service0 U9 r/ U# I5 X+ r9 U; c
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd. ~$ c9 T+ _. Y) B2 m
# predicted this attack and has always been safe, reporting the size of the
( l2 G' U( ~# I8 E2 K# raw file.
L; c; P; ?1 H8 V4 S( J/ t# ASCII mangling is a horrible feature of the protocol.! M% o; F) V3 C5 D# T
ascii_upload_enable=YES
$ C( ]' Q# [' A# {7 Nascii_download_enable=YES
/ n( |- G, D# ]6 ]/ g7 E$ x/ u#
) _% [& h* ^, Z9 j# You may fully customise the login banner string:1 N' c) f: `7 |' |" t% u/ ?- G) z
#ftpd_banner=Welcome to blah FTP service.
7 `5 R& z7 ?1 @#! \# o7 G' T! p
# You may specify a file of disallowed anonymous e-mail addresses. Apparently' N2 j) S- y6 I s
# useful for combatting certain DoS attacks.4 Y- M3 |2 Z x4 n
#deny_email_enable=YES2 L, L& y6 O" [1 H9 p. X! w
# (default follows); z% i) V m* b5 N% P
#banned_email_file=/etc/vsftpd/banned_emails
+ x, T" Y1 j6 i# M X* \9 E## @! f- Q$ F$ R2 z# O- y4 F
# You may specify an explicit list of local users to chroot() to their home
1 X+ S- w: y8 }+ t# directory. If chroot_local_user is YES, then this list becomes a list of
: |- c* d' W- l3 K. b* g9 ~( _# users to NOT chroot().8 n3 A. k6 A- f/ t8 b% W6 s/ F' I
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
7 O+ i% E& ^; `3 Z7 I# the user does not have write access to the top level directory within the
* {5 _4 Z' R* Y" g# chroot)/ Y( C# m$ `% \7 @7 l& e
chroot_local_user=YES
( N* }/ W: V9 P( ^6 f4 ~4 N0 m" F#chroot_list_enable=YES
" a# [' q( r h) f# T4 o7 }$ O# (default follows)
" V. z' |" \. o' n( M5 s% \#chroot_list_file=/etc/vsftpd/chroot_list
4 v3 q* c, d7 N7 N9 e. M#
4 }" ^% C6 \* G. m# You may activate the "-R" option to the builtin ls. This is disabled by4 i' ~5 N3 h) D. l" w
# default to avoid remote users being able to cause excessive I/O on large
/ e: L5 |/ L' S: j6 P- @2 \: T) T" k# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume( s" q( t: x8 D9 V( A
# the presence of the "-R" option, so there is a strong case for enabling it.
3 ?# d D+ L3 Z H1 v) u#ls_recurse_enable=YES8 A' a, c- c8 T* s
#
; i. I1 x* v+ }/ l# When "listen" directive is enabled, vsftpd runs in standalone mode and6 _" N* a# _9 G+ n$ P6 o
# listens on IPv4 sockets. This directive cannot be used in conjunction
0 d4 Y- e$ o1 A% @# with the listen_ipv6 directive. X b- S/ J8 ^9 q B0 `$ P
listen=YES& e1 f, W3 n3 g) h u
listen_port=990
- y$ U# f9 M( @! d! G+ G8 `pasv_address=公网IP: w- n6 a9 e! o9 {; D
#
$ b$ h L5 S6 T. C# This directive enables listening on IPv6 sockets. By default, listening7 c+ U0 G" ?% ]& T. j$ l5 z4 T
# on the IPv6 "any" address (: will accept connections from both IPv6
, w( V' `& E6 W. b& y5 m$ T! b# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
# _+ M- c6 \( i; n$ ~6 X# sockets. If you want that (perhaps because you want to listen on specific
' [$ e2 S: z0 j: R6 Z# addresses) then you must run two copies of vsftpd with two configuration
Z6 I8 k+ {$ X0 j- N0 @6 `# files.6 W) w* M9 I2 `1 m1 J# R
# Make sure, that one of the listen options is commented !!3 W- o* G# x( _; b
listen_ipv6=NO
4 T% P7 [- P1 u2 [- f Vpam_service_name=vsftpd8 }( z- L+ M- {4 Y$ a
userlist_enable=NO
4 k2 c( D' M' z( w+ H" Y% N5 xtcp_wrappers=YES
/ h3 n% [( l9 U* F3 e& Tallow_writeable_chroot=YES
3 B3 ~8 g, G H: f. }" [userlist_file=/etc/vsftpd/userlist
5 T% C7 i* g; u% kuserlist_deny=NO4 w* D" I1 C9 q2 O5 Q9 I
ssl_enable=YES
4 c8 |' l/ d7 s, v; Tssl_tlsv1_2=YES
4 A# s3 F# d0 Z9 L! V# c% P+ lssl_sslv2=YES
6 X/ x3 I v5 Q& _* ^ssl_sslv3=YES
- j4 I$ H4 w/ f, c |$ Hrsa_cert_file=/etc/ssl/private/vsftpd.pem- `% h3 `8 C1 _, w* U2 [
rsa_private_key_file=/etc/ssl/private/vsftpd.pem7 F$ q7 s# P. O) V& k
allow_anon_ssl=NO
$ ?2 _! C, F+ \/ Q& A' [force_local_data_ssl=YES
8 u2 r! u4 H$ C2 @" f6 {force_local_logins_ssl=YES" J+ X, O5 `8 a# L4 T8 Z
require_ssl_reuse=NO0 H, p8 p' ^# Z, l' ]
ssl_ciphers=HIGH$ {& C$ b- M* I- s: L4 C- l
implicit_ssl=YES' l; d2 _" A! G' A3 c
ftp_data_port=50000# s2 [7 M2 _$ e
pasv_enable=YES' }/ T E" O% a7 M3 S H& t1 C3 I; I0 s
pasv_min_port=40000; k; y R# e1 }3 O7 T
pasv_max_port=50000' J# v% y( h, [0 z/ ?3 _# t; d* ]
port_enable=YES
% t$ [; ~$ b# E7 M. M5 _debug_ssl=YES
' G* B! G- n# V6 t/ wpasv_promiscuous=YES 解决vsftpd连接错误425 Security: Bad IP connecting$ L7 ]! m6 j2 z; u; q
+ y, ~5 \" _' P( W4 ~. A
( O) S# D5 j: h/ t: S" Z0 {不知道他们IT修改了哪里 换个IP居然联不上 尼玛 把报错一个一个排查完 ; C% U& L+ D: B" C8 C
|
|手机版|小黑屋|赛格电脑 华强北 电脑城 南山赛格 龙岗电子世界 龙华电脑城 沙井电脑城 松岗电脑城 pc4g.com
( 粤ICP备16039863号 )
发表于 2023-1-5 18:35:50