# Example config file /etc/vsftpd/vsftpd.conf5 q9 j7 d) |1 t
#* e s3 y; l+ T" e6 L; F* _
# The default compiled in settings are fairly paranoid. This sample file6 t% N# ]. J/ b, [! N( J# z
# loosens things up a bit, to make the ftp daemon more usable.: q/ i, q! a; J7 R* j
# Please see vsftpd.conf.5 for all compiled in defaults.
_2 O# ?4 w# B# H2 g#5 A/ R6 ?) z. P; B0 l
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
( W% r+ t. O* z) m D# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
5 w0 q* R3 ?/ p3 X; i' S# capabilities.8 Q5 b2 f3 f+ `* v7 V
#
+ D! F+ m7 u$ d* Q+ h9 S# Allow anonymous FTP? (Beware - allowed by default if you comment this out).0 m0 K7 C, l$ W, a- f! v+ q
anonymous_enable=NO
& H- P" c( e, y9 k+ ^. S#7 O ^' h6 [2 m$ U1 ~* |# `, H4 t1 H
# Uncomment this to allow local users to log in.
' Y0 v8 {8 x/ K% f2 Y: z# When SELinux is enforcing check for SE bool ftp_home_dir7 k+ \. ?0 g$ h7 \. i% @. M3 s S' V
local_enable=YES1 s B* t6 F- S. X9 |$ H
#! d# j, B+ a) _8 w
# Uncomment this to enable any form of FTP write command.6 n9 p$ y k @# x9 u1 W) Z
write_enable=YES6 n) l! O2 q# ?
#" l: G0 a, K# E/ ~
# Default umask for local users is 077. You may wish to change this to 022,9 L7 q8 s! x1 @7 p" C% T5 L \: H
# if your users expect that (022 is used by most other ftpd's)
/ V" V5 W! K olocal_umask=0225 E: Y1 \! I: C$ l( X
#9 U7 M6 {2 e9 M0 m* [
# Uncomment this to allow the anonymous FTP user to upload files. This only( I) g7 L) b$ w; k" [9 T1 H
# has an effect if the above global write enable is activated. Also, you will
. w$ t7 R. A+ T5 z, w, j3 v# obviously need to create a directory writable by the FTP user.
" _5 \6 \" F' S2 R6 D7 t0 b- v# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access
9 J0 ?8 Q# C" A; f; @ v0 V6 R#anon_upload_enable=YES2 X; [+ `1 e! b/ x6 r: `, N+ s
#
* j( j V: m g; v, Y/ }! `# Uncomment this if you want the anonymous FTP user to be able to create
# y7 u+ z) u5 C) m# new directories.$ P5 M0 Z0 g$ A
#anon_mkdir_write_enable=YES* C N+ T1 ^ [: o
#' ?+ I$ C r; U+ B, Q
# Activate directory messages - messages given to remote users when they. r: I' [; T K
# go into a certain directory.) B) |; m/ ^. _1 Y' X# ?
dirmessage_enable=YES5 O2 v; L+ h( b' T0 t% n
#) j Z3 _" T" D' Z- m
# Activate logging of uploads/downloads.
# \0 q- X* R& s6 nxferlog_enable=YES
9 ^# i. u8 f- i#
6 B" F0 O" S' }, h# Make sure PORT transfer connections originate from port 20 (ftp-data)., C$ N3 G3 f( d' V8 o; [. c4 g
connect_from_port_20=YES, T6 w2 B* ?5 _8 p, U; H' o
#
( I5 t) q: c7 V/ }4 o4 X- U# O/ g# If you want, you can arrange for uploaded anonymous files to be owned by
$ B& Z) ]2 Y. o# a different user. Note! Using "root" for uploaded files is not2 ^; {9 ~1 O3 a3 C& Y i" ?0 M. r' G
# recommended!
5 r% J( D# g6 B4 r% A& j0 d#chown_uploads=YES+ v3 a/ V6 p4 Z% s* _" \
#chown_username=whoever3 ^: ]9 ^$ V0 _: l2 \- }9 |6 x* S
#
3 }9 K+ ]0 r" s, T6 |: ]1 D# You may override where the log file goes if you like. The default is shown! h6 j8 H5 C8 u m( @
# below.
+ ?: l2 y! E( x/ T- T6 v2 {8 fxferlog_file=/var/log/xferlog+ Z3 `8 |! ]" @- W) J
#
! f9 j0 X3 U" g5 P& Z% y# If you want, you can have your log file in standard ftpd xferlog format.
3 h, n" p) t4 x$ M6 O: H, w( }# Note that the default log file location is /var/log/xferlog in this case.3 m) M" s$ p* j. H
xferlog_std_format=YES9 h0 J! D% W6 c& L" R
#
# L3 F" _. q+ |- i, G, B( m# You may change the default value for timing out an idle session." J- c' p* \0 r/ Z, J
#idle_session_timeout=6003 j; {8 b% y2 j! i, Z" d
#
2 n( G' t1 q1 u0 m) x! Z; }# You may change the default value for timing out a data connection.
1 R6 D( y4 B. x5 W1 n5 Q0 p, u8 J#data_connection_timeout=120
2 u$ T& r: x" G#
; F' F$ A( B+ ]3 A/ }# It is recommended that you define on your system a unique user which the
4 ] W5 H# l$ e6 J# ftp server can use as a totally isolated and unprivileged user.
* l# t- L! l# v1 O H. z3 a#nopriv_user=ftpsecure
+ X! n2 r* z; `#
5 X9 K( |: h H k; c7 `# Enable this and the server will recognise asynchronous ABOR requests. Not" L( G" S! A. z. W1 y" y
# recommended for security (the code is non-trivial). Not enabling it,* c! a* d5 f! b) L( n" c
# however, may confuse older FTP clients.
& m% O& J5 b! g l8 |2 E" p#async_abor_enable=YES- D: E( w# C* y
#
: A1 b* P+ C. `# By default the server will pretend to allow ASCII mode but in fact ignore
) b8 A5 f B, I. _3 g# the request. Turn on the below options to have the server actually do ASCII
8 ]. Q. X' T/ M" f# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains
( {( s' c5 ^: L: S# the behaviour when these options are disabled.
2 [/ J% b5 e V/ D# Beware that on some FTP servers, ASCII support allows a denial of service+ ?* T+ }& ]( O- _7 S
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd0 c, u* B. ]' j# @ x! _8 h0 C
# predicted this attack and has always been safe, reporting the size of the
/ u, h* n6 }4 r: H# raw file.
( d2 M! H7 Z$ h& d p# ASCII mangling is a horrible feature of the protocol.
* ], ^" x, _( ?* a2 ]ascii_upload_enable=YES( a% {1 I# S# }1 @, h M
ascii_download_enable=YES
! W' C: n7 {6 }8 U/ S#
2 }5 v! F3 |' r. u& T9 {# You may fully customise the login banner string:
7 W1 h0 S2 x. [# d/ a+ S! j#ftpd_banner=Welcome to blah FTP service.2 T& _# N! t6 E% ~ G9 P
#0 y& ^! ~3 P2 g) C1 C' H
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
6 m$ O3 H; T. ^; a# useful for combatting certain DoS attacks.' D' E5 U7 T; r3 L* ^1 J- ]
#deny_email_enable=YES1 g9 |2 R4 p. e! S
# (default follows)
. f1 E) A6 s s8 w& K4 s6 P#banned_email_file=/etc/vsftpd/banned_emails
4 P( F( n3 f2 L; G3 S* l/ z#
/ d' u; E" X2 q* p! ?- C# You may specify an explicit list of local users to chroot() to their home
( b ~6 r7 L0 T% `5 A" |2 [) T0 `# directory. If chroot_local_user is YES, then this list becomes a list of
- b( E* S) |+ d& v! \# users to NOT chroot().6 K* M9 [& k3 f, }4 z8 v1 W
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that$ E% U, q& f. {$ `
# the user does not have write access to the top level directory within the
9 P1 b( T8 y w ~' W; y1 B# {# chroot)0 i+ |8 i* h* A. r/ G4 j
chroot_local_user=YES: o& u/ O+ ~, A
#chroot_list_enable=YES
& Q; r' r! S: Y* N' X# (default follows)
$ J# o9 K/ J3 V#chroot_list_file=/etc/vsftpd/chroot_list9 o/ X! ^' u: `, i+ A) L
#$ ?2 M4 W" M2 A- b9 E
# You may activate the "-R" option to the builtin ls. This is disabled by+ ?) w3 Z6 N; v& R2 @9 R$ R) Y
# default to avoid remote users being able to cause excessive I/O on large
; f) C' z7 h- Z. G& |# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume5 s' s5 Y4 Q% I# P
# the presence of the "-R" option, so there is a strong case for enabling it.
: y: |0 b. d, b7 t6 @- ]. \* H#ls_recurse_enable=YES
6 `) [6 i/ |; l# k+ T#2 C. R* z! A) O* v3 ^ `, u/ q
# When "listen" directive is enabled, vsftpd runs in standalone mode and
- e1 j& B; [+ t; y# listens on IPv4 sockets. This directive cannot be used in conjunction& S& E6 a6 ?1 ]% Z3 y2 ]
# with the listen_ipv6 directive.
% Z/ t2 W% t5 u. B" Klisten=YES
5 N5 q7 x" R. b0 i* e4 Nlisten_port=990
3 L; U" L$ [, Ppasv_address=公网IP1 g. \' R! e- _- H
## [ c3 [. J. X
# This directive enables listening on IPv6 sockets. By default, listening
! U" V9 H+ W; U: m4 O5 ~, j8 k# on the IPv6 "any" address (: will accept connections from both IPv6
' w7 o6 k S7 G3 g9 C- s# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
0 i' `9 X6 o, e. U; _# sockets. If you want that (perhaps because you want to listen on specific
: L* J% w" D) l+ Z& }4 U9 ]# addresses) then you must run two copies of vsftpd with two configuration
1 R9 O% G3 q# V! N# files.
) n# [6 T( ]" f* q2 h4 Z3 _# Make sure, that one of the listen options is commented !!
' }8 h0 X- E! `listen_ipv6=NO4 r9 X3 I) g- Q1 k" R0 ]
pam_service_name=vsftpd9 d% B8 A/ ? @ }3 g
userlist_enable=NO, p) U3 y& H e
tcp_wrappers=YES
" D; E1 c$ C0 ]/ d( v8 Iallow_writeable_chroot=YES
: E& D- l5 V8 O: P& i/ s) r8 Guserlist_file=/etc/vsftpd/userlist
" c+ X, x% A, n0 o6 `" C, Muserlist_deny=NO4 h; ]7 p$ a! b9 B" a
ssl_enable=YES
+ a9 P4 J6 Z. ]) I0 H- k- issl_tlsv1_2=YES9 ?! j; n9 W" ?: {( Q
ssl_sslv2=YES& Z5 m. S& Q* Z( s- r$ `
ssl_sslv3=YES; f; f2 B, n4 t: f4 R5 F
rsa_cert_file=/etc/ssl/private/vsftpd.pem
$ ^0 `3 q. T. W5 P+ g7 Y Irsa_private_key_file=/etc/ssl/private/vsftpd.pem
9 E/ k' G. a2 D9 N0 a6 T( zallow_anon_ssl=NO
; X) `# Y) W- o6 J( t2 z7 sforce_local_data_ssl=YES
3 X/ W( a8 O6 G# Z' n' @force_local_logins_ssl=YES9 z, e2 V% W9 B8 p4 a
require_ssl_reuse=NO. g# O @* M1 b
ssl_ciphers=HIGH" K4 f9 ^3 R- @4 _
implicit_ssl=YES
" w- b3 ~3 \* c; cftp_data_port=50000
3 z6 w: m- e9 U! x e$ p8 J7 }0 kpasv_enable=YES
% @2 g3 C5 j3 X" l1 Bpasv_min_port=40000! Q- j# A+ ~- Y: ^0 E* l1 c8 `0 ]' Z, F
pasv_max_port=50000
3 r' N8 G/ I& ?: K6 {- |port_enable=YES5 r# U) L: y3 w6 J; L. u
debug_ssl=YES% H' c6 W1 \& A: m; y% e5 [# M$ p
pasv_promiscuous=YES 解决vsftpd连接错误425 Security: Bad IP connecting- b& N% `7 f x# n) e! U& I5 x
8 M& D8 g/ W% A4 s' }, Z2 ^
: _) b* I! c% v4 r4 J& p3 e8 A2 ?不知道他们IT修改了哪里 换个IP居然联不上 尼玛 把报错一个一个排查完
; [' C9 H @2 T2 f; U! |* d |
|手机版|小黑屋|赛格电脑 华强北 电脑城 南山赛格 龙岗电子世界 龙华电脑城 沙井电脑城 松岗电脑城 pc4g.com
( 粤ICP备16039863号 )
发表于 2023-1-5 18:35:50