# Example config file /etc/vsftpd/vsftpd.conf
0 d& i V" t! y! D% @#' q* U# ~( J, c5 h( P
# The default compiled in settings are fairly paranoid. This sample file
4 m' v* M4 \$ m6 E9 H- S# loosens things up a bit, to make the ftp daemon more usable.
/ P" W) l# A; l# Please see vsftpd.conf.5 for all compiled in defaults.
( n ~, I3 z0 f#' q* I& V5 u. B# |
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
5 o, V3 D5 P; Y0 g( a) m& c* _# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's) Y5 N H' w' V" ]( w3 T) z. b
# capabilities.
" ^, H. q+ \: L; n; k#
; H: K/ A- }% n( U0 J# Allow anonymous FTP? (Beware - allowed by default if you comment this out).% I( n: i. [ W
anonymous_enable=NO& l( `8 j% z1 x
#* y& {& ~/ m2 K- T- c' e5 h
# Uncomment this to allow local users to log in.
4 K4 I2 R# S. ^8 e; _# When SELinux is enforcing check for SE bool ftp_home_dir* ?2 b' D+ [1 }
local_enable=YES
3 K0 _2 N( J {, b( l#
. r; j' B8 A+ ~/ g# Uncomment this to enable any form of FTP write command.+ x9 d% \, k# \, e% m4 K! b9 W' o% h
write_enable=YES
" ^0 w% V1 V6 d9 U2 W( Z, m#
2 V, n7 P# X, |* y( ? u% I# Default umask for local users is 077. You may wish to change this to 022,& _8 m) ]0 c- I) N
# if your users expect that (022 is used by most other ftpd's) J$ s# s% J. n; N. k% N4 x' S) ~
local_umask=022
( l; T: N5 A! Q! a#% U+ w3 {5 N7 {# i2 U1 |, w' X
# Uncomment this to allow the anonymous FTP user to upload files. This only
, c/ w1 ]$ F' R$ _0 z/ l" s% a+ _1 S# has an effect if the above global write enable is activated. Also, you will9 [0 a0 N7 ^) n3 C
# obviously need to create a directory writable by the FTP user.& K6 c" z# q5 ^: M# m
# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access- n* L3 P3 ~4 |) v7 `6 w
#anon_upload_enable=YES- U9 _+ x# Y5 |5 O, J8 i; |
## z% L* q" f7 S. X
# Uncomment this if you want the anonymous FTP user to be able to create
$ U H! w& u$ s7 e. W& @$ h) V# new directories.
/ w: e9 O2 U% U#anon_mkdir_write_enable=YES
1 q" b9 D1 ^4 ^& V; V$ `$ o#: B$ z2 [& z- z7 a7 t2 B) W) y
# Activate directory messages - messages given to remote users when they9 T6 n* z ~5 Z {
# go into a certain directory.# P" g# z$ O& I: y) o6 d8 [
dirmessage_enable=YES; H8 [5 s' Z/ n( p
#: \7 R% l2 N+ X9 ^6 i
# Activate logging of uploads/downloads.! W- X/ @. @. q$ O: k0 K
xferlog_enable=YES
) {/ E1 C ?2 x7 q3 |#
/ T6 O- M/ R, _# b# Make sure PORT transfer connections originate from port 20 (ftp-data).# J4 k/ H3 L$ k8 [* p
connect_from_port_20=YES
, B' @; X* f' O/ A6 U! S v#
+ \) y" q V1 z1 X- a# If you want, you can arrange for uploaded anonymous files to be owned by$ H7 k6 N! @; z) |
# a different user. Note! Using "root" for uploaded files is not
0 {& Z# L* \ T4 z) c# recommended!0 R$ k8 a. r/ H# s* |( x
#chown_uploads=YES% e# A6 j% w4 p8 ~) Q1 T
#chown_username=whoever/ x# }9 i; i2 i% W
#! ], g2 ? v/ G3 y8 i7 \7 w, _
# You may override where the log file goes if you like. The default is shown" U# g) u# O4 x: u, R7 j
# below.- ?) Z# F6 E9 k; M
xferlog_file=/var/log/xferlog' w. T" @8 B- L2 E/ F
#
( v+ K5 W2 C' K6 s& r" K. e ~6 Q# If you want, you can have your log file in standard ftpd xferlog format.' I. s& H4 Q& z2 m) ~5 _, S
# Note that the default log file location is /var/log/xferlog in this case.
+ r: ? x! } h# T9 K2 mxferlog_std_format=YES+ r0 G5 I) p$ T1 ]
#, m. ]4 f! B! g
# You may change the default value for timing out an idle session.
* A6 w1 U0 i1 S( w#idle_session_timeout=6004 Z5 j3 D0 T- z
#' D2 ]6 y: `' l2 C
# You may change the default value for timing out a data connection." j/ i8 c) O2 }* u, P& y+ L
#data_connection_timeout=120
, r. |1 b; N5 J6 W#
# r5 S. x; F6 i" D# It is recommended that you define on your system a unique user which the
( Q) J" b) W, \0 J" z* e0 d' z# ftp server can use as a totally isolated and unprivileged user.
6 V" X& _' w: Q6 h8 c/ f5 s#nopriv_user=ftpsecure
+ s; [- C: |+ `% T7 T8 m2 f ^#
5 f) F3 W2 F4 @! W, ]1 Y; T/ B- b# Enable this and the server will recognise asynchronous ABOR requests. Not3 s6 N" J+ g2 `+ s8 x0 _
# recommended for security (the code is non-trivial). Not enabling it,
+ b% z( {4 C& f8 v0 P# however, may confuse older FTP clients.9 y9 T) T. g! B; |
#async_abor_enable=YES! y% r3 _2 ^: s) N+ y9 D
#
9 f% f$ n! p* Q9 G# By default the server will pretend to allow ASCII mode but in fact ignore
- t& s3 {2 o2 G: | f, n6 v# the request. Turn on the below options to have the server actually do ASCII( b( v/ c5 B1 n) f0 ]. M' R
# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains* W; ?! J- e2 P2 a0 J1 I
# the behaviour when these options are disabled.
9 Q( G& B/ e& @" t: E: g# Beware that on some FTP servers, ASCII support allows a denial of service
% l0 v+ {. G4 ]. u4 K4 Q# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd& ]2 b: Q1 {1 N$ O3 K3 e
# predicted this attack and has always been safe, reporting the size of the) H f: r' r6 A4 F L
# raw file.
0 `. ?) H& f5 I9 P; L, M+ w0 c; N9 W# ASCII mangling is a horrible feature of the protocol.+ P8 q m% B" N+ i9 \1 b+ t+ E
ascii_upload_enable=YES
9 T: i- i+ Y g/ y2 O3 F) Bascii_download_enable=YES
9 g* n/ J/ R& P- Q; j- F#
% b- k9 r5 Y0 ]0 v8 w5 L O# You may fully customise the login banner string:, m& a; \( L1 w$ m% ]+ L
#ftpd_banner=Welcome to blah FTP service.1 b4 X' r, c2 O0 X
#. d! w+ m5 T* I" Z6 G
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
f, F! f1 ^# e1 G# useful for combatting certain DoS attacks.% |' ^/ a! n4 A: ~7 O$ `
#deny_email_enable=YES: J8 w( r; R [4 a& p# ]" ~. `
# (default follows)4 {* U% U1 t) Q- w% p- |0 [
#banned_email_file=/etc/vsftpd/banned_emails
6 l X% ?! M7 X' [" k( p0 m#% H0 |" A4 r4 F! r9 G6 v) P- t
# You may specify an explicit list of local users to chroot() to their home9 A$ c) {2 g5 w& e7 N+ { t
# directory. If chroot_local_user is YES, then this list becomes a list of0 \* B* _+ L! ^- o6 ?
# users to NOT chroot().
u, }# ~( n* I+ g# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
" J+ |. Z) f9 t4 K8 A# the user does not have write access to the top level directory within the
3 {3 n* B& W: r; a$ L1 F# chroot)1 J8 m' `1 E0 K: {" w6 E
chroot_local_user=YES
6 t' o7 j4 w3 w* d" t' N! C#chroot_list_enable=YES
2 I1 O! P1 G; L* @; ~2 U# (default follows)
& v$ \" x3 P; q1 a#chroot_list_file=/etc/vsftpd/chroot_list/ A0 V, q6 M) t! U+ }3 W. S3 l
#
5 S9 [/ ]# }% s1 r# You may activate the "-R" option to the builtin ls. This is disabled by
9 b* X$ t2 t# z9 d7 p+ C# default to avoid remote users being able to cause excessive I/O on large9 R5 p$ z, z, n1 q2 R
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# t2 a* e1 ~& ^5 Z X1 {5 M# the presence of the "-R" option, so there is a strong case for enabling it.$ H$ ~* `" {1 N6 z! n4 e# y0 q% \
#ls_recurse_enable=YES
?0 j6 y& J6 Q) e- v! ^( T#
: ~# \+ l4 R* V1 m# When "listen" directive is enabled, vsftpd runs in standalone mode and! F* @8 ~( j, K y+ A/ t: a+ [
# listens on IPv4 sockets. This directive cannot be used in conjunction
+ R; N! H2 U* p8 C7 B0 d# g# with the listen_ipv6 directive.
" s+ D6 t& t+ e( u% Elisten=YES5 [2 g$ `2 f# r; S$ F! C
listen_port=990
2 R, ?) e4 H; P: M8 E% A% ?2 \pasv_address=公网IP
?4 W7 _2 P9 e s/ k#
: U5 p7 ]" Q: v% ?% l# This directive enables listening on IPv6 sockets. By default, listening
+ D2 _2 \: @: }, } L) Q7 n& u! V# on the IPv6 "any" address (: will accept connections from both IPv6
/ W) i' E, f- M" p! @# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
( V. ^ y8 b3 O/ {9 O; m# sockets. If you want that (perhaps because you want to listen on specific5 k3 O" @, v* @" `8 u
# addresses) then you must run two copies of vsftpd with two configuration
5 N3 F" ~& Y/ ~- W# files.
: h8 ~& }; t8 b9 {5 l2 [2 [# Make sure, that one of the listen options is commented !!, X; p0 Q8 N) D5 s; w' `- @
listen_ipv6=NO
6 J3 F* Z0 x% ]* Tpam_service_name=vsftpd
* Z/ s5 Y/ ?6 \% ~9 C7 R Iuserlist_enable=NO
. ?7 D1 F- ~$ B0 i/ @4 jtcp_wrappers=YES9 D9 V) i! {% ^1 \& K
allow_writeable_chroot=YES
7 @, Y& J3 p: c5 }& a( c. E. d m4 J, K6 {userlist_file=/etc/vsftpd/userlist# J* q4 X2 s6 \
userlist_deny=NO7 c; g* o$ o8 u5 b
ssl_enable=YES5 f/ z* v$ S$ P5 E; J
ssl_tlsv1_2=YES" m0 x3 T% C6 y+ v
ssl_sslv2=YES+ W5 p6 w. O5 L }- A O2 f
ssl_sslv3=YES
& U# t+ s. L" i$ T+ o& S+ w6 i3 ersa_cert_file=/etc/ssl/private/vsftpd.pem
; u, P0 i; i: ?3 R' W( ~5 _rsa_private_key_file=/etc/ssl/private/vsftpd.pem
8 J0 j7 t! T e. x& K3 Qallow_anon_ssl=NO6 C/ R% ^2 o7 p2 v7 y& z1 E
force_local_data_ssl=YES6 B$ }: q- }( M) X
force_local_logins_ssl=YES
@/ n; I2 X' Vrequire_ssl_reuse=NO
* ` O/ a- `0 w i/ b2 o5 Y, w# Cssl_ciphers=HIGH
& K- t i0 F. a m- t$ {implicit_ssl=YES1 w# Q f0 U, L
ftp_data_port=50000
. i l/ k7 S- _% `! g; `" Qpasv_enable=YES
( n1 g- a Z( g n7 ]pasv_min_port=40000# w5 t3 e/ a: y }9 u2 f6 A& T
pasv_max_port=50000
- `' B* |0 c5 c X$ b, n+ P8 J; C8 N; [port_enable=YES
( v( o; `4 z; w: j$ Jdebug_ssl=YES
, w4 S: {" E! @ E5 R0 e7 b8 I$ R8 kpasv_promiscuous=YES 解决vsftpd连接错误425 Security: Bad IP connecting x" L2 A; M6 ?' N0 _
+ W* C* D8 f% e. X+ T
) [, ]8 c' T0 \' r6 R6 g6 G不知道他们IT修改了哪里 换个IP居然联不上 尼玛 把报错一个一个排查完
- f; R0 c/ \) ~- R: u |
|华强北 电脑城 龙岗电子世界 龙华电脑城 pc4g.com
( 粤ICP备16039863号 )
发表于 2023-1-5 18:35:50