# Example config file /etc/vsftpd/vsftpd.conf
- Y' c6 \ w# M* T8 W) e## H5 N' P, j0 X& q
# The default compiled in settings are fairly paranoid. This sample file
' e. B% @; a5 @% Z8 R! c! R# Z# loosens things up a bit, to make the ftp daemon more usable.
, H! H$ {2 n5 z) Z2 I# Please see vsftpd.conf.5 for all compiled in defaults.( X' V3 q* A% ^! H/ L( d$ m
#
/ S; J$ Z6 y( u% v/ i" g# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
' A; V5 d; V2 e5 N5 J# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
% \$ f8 n- R, c1 Y# capabilities.
, Y5 K; C5 n: [" h+ M K#) w& o# n' `' C" [) O
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
j1 d4 Z! Q3 G8 [3 Y9 N& a% ganonymous_enable=NO
/ Q6 a! {$ }2 v2 W+ k#: s9 e/ D; \# s/ ?. N: {) I6 w
# Uncomment this to allow local users to log in.
* z5 X! c, @6 E# When SELinux is enforcing check for SE bool ftp_home_dir/ `) K b) y& m3 w8 U
local_enable=YES6 b# j; f. c- S$ a8 n; S, T
#/ O) O) x$ {: Q. I% G* S- r
# Uncomment this to enable any form of FTP write command.
O5 k% k j# B. qwrite_enable=YES
8 y9 O9 [) R& ^; N#
9 G* R& O; U6 Q' ^# Default umask for local users is 077. You may wish to change this to 022,' B( b3 A/ t3 {7 `: Z9 Z0 ~
# if your users expect that (022 is used by most other ftpd's)8 a( s: Z( t& K4 O5 O! ^, W
local_umask=022) q2 ?; A& V! M" ]& l
#$ ^& b" m5 s* x$ C" j
# Uncomment this to allow the anonymous FTP user to upload files. This only/ Q/ m6 w- W$ u# ]) R$ ^" m! g
# has an effect if the above global write enable is activated. Also, you will
) c5 P# U1 J0 T# obviously need to create a directory writable by the FTP user.
! n9 G! O; a8 q$ H+ Y# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access3 O' _0 j5 {/ k. c
#anon_upload_enable=YES. \- c6 I6 G# z( f. v
#
( `# A/ @0 K% T# i! \9 s# Uncomment this if you want the anonymous FTP user to be able to create
' I; F6 _5 ~; c5 L% g# new directories.
/ u+ [# ?' j: K3 I0 I8 S#anon_mkdir_write_enable=YES
7 o" w; I2 Q1 |. J#8 w! j; J# a' {* u0 L
# Activate directory messages - messages given to remote users when they
7 u$ a/ V8 e' y# go into a certain directory.! N1 y( }0 M) e; o8 M) R% j
dirmessage_enable=YES3 x* t6 e9 _ P2 H2 `
#
( ]- I6 `+ Q% U# Activate logging of uploads/downloads.7 _' x& D3 ]/ ^5 j* V( a
xferlog_enable=YES
0 w. f# ]0 H% `) U: i, p' S1 n# I! S4 n, o9 k$ w, \
# Make sure PORT transfer connections originate from port 20 (ftp-data).; H1 K7 ?) J' ]3 W5 U. G+ M3 W
connect_from_port_20=YES8 u `# ~ ?( G& S0 }; r
#
; Q2 M( ]0 l+ e+ {# If you want, you can arrange for uploaded anonymous files to be owned by7 p1 q& {" X! _$ X8 p8 S
# a different user. Note! Using "root" for uploaded files is not: R: i* g6 X# q, F/ y
# recommended!
0 N* I, C& \4 H4 W; f#chown_uploads=YES
9 v9 X. E5 F. b#chown_username=whoever* K; ^( ]6 C) _$ u4 ]8 h9 q6 S5 w
#+ ^2 U8 u% W6 ?# d
# You may override where the log file goes if you like. The default is shown
8 Y( ]9 R: ~3 j3 q# below.
! D3 V0 Z- O; P/ {; D) ^) j; |# Nxferlog_file=/var/log/xferlog+ h. D, |4 c. P/ c k
#
+ g/ L- i1 `& k P R# If you want, you can have your log file in standard ftpd xferlog format. [5 q2 ^! L7 v% G3 S* Z
# Note that the default log file location is /var/log/xferlog in this case.) F: H" @' c# V' U2 ^' ]
xferlog_std_format=YES
: {2 Z0 N# x3 x8 D2 a/ P#0 f* a0 N1 y/ h$ `9 z
# You may change the default value for timing out an idle session.8 w Z0 s/ d0 A7 z
#idle_session_timeout=600; a, ?) i' A- m+ b/ F- [' i2 K0 ?
#0 T; U" U+ J4 h& g1 e2 u7 i
# You may change the default value for timing out a data connection.
. H0 Z/ h, e4 U' w#data_connection_timeout=120
& j* z1 Z) O: g$ [. F T#
& n7 X7 F* f" ~# It is recommended that you define on your system a unique user which the
! Q8 Q" L6 ~' R/ `; b# ftp server can use as a totally isolated and unprivileged user.
6 ]' l8 b3 M- n# i- X) s" O8 H* K4 A) F, Z#nopriv_user=ftpsecure6 n: `) H1 H6 t! j
#
# r. z/ G' \! w# Enable this and the server will recognise asynchronous ABOR requests. Not& J; a. [$ H; |7 u$ B8 m. c
# recommended for security (the code is non-trivial). Not enabling it,
; ~+ A$ ^; I, K" q3 C. G# however, may confuse older FTP clients.
- K* e! X. m" g' k#async_abor_enable=YES6 ?: S9 m/ t @) a
#
7 F4 } J$ Z, I4 C" }# By default the server will pretend to allow ASCII mode but in fact ignore0 A V* V: @5 y% L2 }
# the request. Turn on the below options to have the server actually do ASCII3 Y) @$ X2 \% i" c$ t
# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains% |& }( P5 \7 b
# the behaviour when these options are disabled.
% A; X2 ~! O1 L/ }9 N* `! X# Beware that on some FTP servers, ASCII support allows a denial of service
8 o4 s; ?. w% q4 a1 b# @& {# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd! @4 s- G, N4 s0 \2 K+ i& h* t" a
# predicted this attack and has always been safe, reporting the size of the
$ @2 ^, ?$ R! S- A# raw file.
8 ^ N1 M1 I& X: y2 A$ i3 \6 a# ASCII mangling is a horrible feature of the protocol.: m* U8 }( Q4 j- G8 J. E1 P3 o
ascii_upload_enable=YES5 Y! D& Y% y; E) F
ascii_download_enable=YES
- R _ w8 g0 u9 m4 V. t4 i/ z#( O: Z, U* T8 ^9 e, n
# You may fully customise the login banner string:" J0 c z- P, _; \1 F/ c
#ftpd_banner=Welcome to blah FTP service.
7 P3 Z1 u7 B/ z9 D#
" X5 l- o+ h/ z# You may specify a file of disallowed anonymous e-mail addresses. Apparently+ a& L! U. C4 N& z) B# l4 U6 Z" H
# useful for combatting certain DoS attacks.7 {5 I0 w' h6 _! n0 I. Z7 Z* Y
#deny_email_enable=YES
/ f9 l3 ~% p7 c. E3 p* d( \, Z+ f# (default follows); ~% h8 M6 Q& J- Z! M% j+ i1 l/ n
#banned_email_file=/etc/vsftpd/banned_emails
8 D& m8 c- D6 T% l2 I#
w4 b. {7 s1 k) i" D5 R# You may specify an explicit list of local users to chroot() to their home
' Y& `% ~0 o! K3 N, W6 f# |# directory. If chroot_local_user is YES, then this list becomes a list of) h% b9 S2 [/ d h
# users to NOT chroot().
- m& j2 W. T# H( I/ L# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that3 y. Y/ x5 V, e: q/ y5 m! Y9 n
# the user does not have write access to the top level directory within the1 v0 K& l6 @" p) `7 k
# chroot)
" m. k' _, e% b+ Schroot_local_user=YES
' R" ^9 K! @+ W+ ~; m#chroot_list_enable=YES. W( F) | r7 d) l6 _$ _+ S7 X" j
# (default follows)5 z h9 i' c/ K2 [! b/ L
#chroot_list_file=/etc/vsftpd/chroot_list
+ n' Y$ t" B( J% ?4 H#7 _0 B! T$ j8 M6 |# K* d% W
# You may activate the "-R" option to the builtin ls. This is disabled by
% b$ F: X9 `7 x! ^# i# default to avoid remote users being able to cause excessive I/O on large+ z$ G6 g0 l' S9 s
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
) M0 L! t! ], u5 J# the presence of the "-R" option, so there is a strong case for enabling it.
/ H; c( Y! Y& ^2 E7 N' n' f#ls_recurse_enable=YES: ?$ u2 j" i( S( v1 p0 o" F
#
2 D4 J) t# S7 s; W& z2 i# When "listen" directive is enabled, vsftpd runs in standalone mode and+ m/ g) o ?2 _ e+ O: A
# listens on IPv4 sockets. This directive cannot be used in conjunction4 Z# ~6 D0 S' {5 U9 W2 M# j T
# with the listen_ipv6 directive.
- m$ d f8 m6 z3 W8 P9 wlisten=YES
! X- x+ b( q$ t8 _4 wlisten_port=990, V" _3 ~6 y: V; Y0 P/ @
pasv_address=公网IP0 Z* D2 i W! y: m
#/ r U: ]( n3 Z
# This directive enables listening on IPv6 sockets. By default, listening
- Y4 l- v1 Q# a* R$ ?# on the IPv6 "any" address (: will accept connections from both IPv6
8 E) t" M1 C' {7 t1 D- U3 ?( h# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
. L- i6 Z+ {% s8 x# sockets. If you want that (perhaps because you want to listen on specific! c" [9 Z& [$ _# F, q' ]5 c7 \
# addresses) then you must run two copies of vsftpd with two configuration) A5 }, i- b! k! p
# files.
) s( D- N# ^* R: _% M, j# Make sure, that one of the listen options is commented !!
0 r+ `! w8 ?) D; N% r/ \$ Elisten_ipv6=NO' M3 ~' v5 h# k7 k `2 X8 k. R
pam_service_name=vsftpd8 L6 y. W C3 f; `2 L& ]; {, r0 M
userlist_enable=NO
; |; U5 V0 N5 \$ C6 J/ s2 utcp_wrappers=YES+ P, Q( B1 V6 j1 U" p1 c8 J: y
allow_writeable_chroot=YES" L N/ _( v* [4 e" @" b/ p
userlist_file=/etc/vsftpd/userlist5 b* Y5 K h% U" V3 n
userlist_deny=NO
8 H. K x( ~5 ?. `ssl_enable=YES! J p/ y U' f% p. H
ssl_tlsv1_2=YES: W4 t9 z+ L; H: y# g7 W$ p
ssl_sslv2=YES
' S. U# J& p/ c/ B- c, Y [1 Mssl_sslv3=YES
0 B- y$ p2 ?9 [ ^rsa_cert_file=/etc/ssl/private/vsftpd.pem/ T8 v$ R+ l) ]+ T. g" D* ~
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
3 U/ U4 K" q5 Rallow_anon_ssl=NO
( O+ a3 K' b4 R6 Gforce_local_data_ssl=YES
' b+ x* U* N( F7 H) A4 ~0 iforce_local_logins_ssl=YES8 } x( y g1 R7 ] w0 w
require_ssl_reuse=NO
% m& _; p7 q% f5 Lssl_ciphers=HIGH5 b5 j& _' D1 X. ?1 j4 T4 _1 t
implicit_ssl=YES
6 Q5 e( e* a9 g8 S4 j* P- Iftp_data_port=50000; f' S7 Y5 E, f7 O$ {9 V
pasv_enable=YES
. Y* X3 M( d( [. Apasv_min_port=40000/ ]( m; @4 B% L" U: l, P3 U
pasv_max_port=50000
, O9 a! x9 W! F% Uport_enable=YES
+ y: L& ^ E5 e( L! _3 N! {$ D+ _debug_ssl=YES3 C5 x9 G; K/ t# F
pasv_promiscuous=YES 解决vsftpd连接错误425 Security: Bad IP connecting0 c4 H. [/ _# r! e' y
+ J* v7 U- s& e* L- P/ P
% c6 ?) o7 i, ?$ y4 N! `
不知道他们IT修改了哪里 换个IP居然联不上 尼玛 把报错一个一个排查完
% F: s9 I; r' g; s |
|华强北 电脑城 龙岗电子世界 龙华电脑城 pc4g.com
( 粤ICP备16039863号 )
发表于 2023-1-5 18:35:50