# Example config file /etc/vsftpd/vsftpd.conf W# E* A$ D @8 M, n ]
#( ~: F0 w: l$ b5 A
# The default compiled in settings are fairly paranoid. This sample file
; o! n. T$ F3 C7 u% N& @, N# M6 M# loosens things up a bit, to make the ftp daemon more usable.: r, e- T; S( E5 X" [. @. t
# Please see vsftpd.conf.5 for all compiled in defaults.9 Q! W+ v. r. V' i1 L
#
- ?6 E- ^& z2 h, K9 d; @- [# READ THIS: This example file is NOT an exhaustive list of vsftpd options. ]& o: p2 _% Q; r3 ^
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
3 {, x q* r; ~, p; P# capabilities.
1 n$ ?7 Z1 o* F/ u# b9 N#/ V$ q' I6 g2 \& ^( A8 J4 T, \! G
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).* R% T& Z! |+ n( ]! K, W
anonymous_enable=NO) Q0 L+ q; H$ [/ @
#
& m; w+ C3 U* u( B8 V J$ m5 x# Uncomment this to allow local users to log in.; q2 W# J) ~2 s8 I
# When SELinux is enforcing check for SE bool ftp_home_dir
Y$ P6 O5 M, d( L# ^local_enable=YES
& Q5 P: e$ d' X! V' b) L$ X& u" \) E#
* x7 z) ^( y n. B: ?! S& Z# Uncomment this to enable any form of FTP write command.( z: W1 D1 c4 ?1 O
write_enable=YES
& d5 r" E. ~* J7 N/ i& @. w, d#6 L. m4 H( \& N5 ]9 Y) O+ m: g6 k! K
# Default umask for local users is 077. You may wish to change this to 022,* |; f0 U! L4 g: s% ~0 S" L3 q3 b [# a
# if your users expect that (022 is used by most other ftpd's)/ o/ s% [: I4 K6 N' }" g2 I
local_umask=022
, s( Z/ M/ w8 M* j7 F" d#: K6 S0 d R3 s1 H
# Uncomment this to allow the anonymous FTP user to upload files. This only3 @/ [5 w, E: u; T8 d6 W
# has an effect if the above global write enable is activated. Also, you will8 T- o2 ], X* E) @
# obviously need to create a directory writable by the FTP user.- J p6 c/ g& w- V2 Q
# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access7 b9 x* l$ O5 { } H
#anon_upload_enable=YES
2 G- L* l% |" }7 U8 i#
C4 \7 t/ Y5 u$ s# Uncomment this if you want the anonymous FTP user to be able to create1 e$ z' i" {+ D3 q( a
# new directories.
F- M# \. y g$ J# m: \#anon_mkdir_write_enable=YES
2 ^0 u: ]' d3 r#
, R3 H+ w2 E- \# Activate directory messages - messages given to remote users when they
9 n& K1 ?5 Q- L9 K' _# go into a certain directory.
9 @" l6 k' t4 F) |' Qdirmessage_enable=YES
5 _+ C, |1 @$ h#
- T0 Y' R1 t! e# Activate logging of uploads/downloads.; T/ z& A; \4 k" }8 ^
xferlog_enable=YES
% L( e7 J# {% D! B# @ o6 J$ ?#% V+ m, D2 u( s
# Make sure PORT transfer connections originate from port 20 (ftp-data).$ b$ ^$ v5 m$ h/ E( r
connect_from_port_20=YES9 G `9 Z8 ?4 m; T+ p5 r1 J/ }" r
#
2 f2 C/ \6 U' ~# If you want, you can arrange for uploaded anonymous files to be owned by
- \0 A6 n2 `' F9 X# a different user. Note! Using "root" for uploaded files is not y# \" a5 W# [( r3 b
# recommended!
4 b9 |1 \9 S7 W+ }9 ^1 w. j7 s9 _#chown_uploads=YES; g5 n4 q5 \3 k9 j+ m6 c: M
#chown_username=whoever) X2 S. @! X9 |5 q {
#
, L8 X! I5 N- W( ?# You may override where the log file goes if you like. The default is shown
3 c9 _: V; N, [7 |; Z# n# below.
3 Q( Z+ e( o( A$ T! U4 u. Kxferlog_file=/var/log/xferlog5 M/ _( ?2 P( U. H# [
#1 f4 I$ B# e' c; s
# If you want, you can have your log file in standard ftpd xferlog format.
( k/ G8 b O% U6 B, G# Note that the default log file location is /var/log/xferlog in this case.
+ O- @! ` i" \8 [5 S _xferlog_std_format=YES
5 O6 p9 D; U$ {0 A' W% G#
5 Y; W2 F! H* g4 B$ x& p( i# You may change the default value for timing out an idle session.
% L9 Y* a* T/ L4 S( g) d#idle_session_timeout=600: D$ E3 N% O- S+ g$ c$ q9 {3 F
#
6 Q) w8 V) ^0 F* r$ V; Q9 m8 K0 W" I# You may change the default value for timing out a data connection.
' | o0 ?5 M$ q" f8 u* H% |+ G#data_connection_timeout=120' Z0 ?# h2 {. c# a! i0 }
#
$ S l b9 O) F- r; ^* E# It is recommended that you define on your system a unique user which the2 p* L/ ~0 p$ ?% S* U
# ftp server can use as a totally isolated and unprivileged user.
2 i* p. X. A) O( k8 a) Q( d v#nopriv_user=ftpsecure
6 R5 M( b: {8 W#8 {: [# r1 A# L% p3 A9 J
# Enable this and the server will recognise asynchronous ABOR requests. Not
( L0 _' m2 w# `3 m6 h' z( U1 a# recommended for security (the code is non-trivial). Not enabling it,
4 Q2 ^; C/ U# k) B# however, may confuse older FTP clients.2 I) p+ g3 H- x7 h2 @
#async_abor_enable=YES
6 J2 k- J) v1 C2 t, D6 H#9 e+ z9 P$ N& o3 k$ w0 Z9 @( H
# By default the server will pretend to allow ASCII mode but in fact ignore" z3 B2 p6 [# B
# the request. Turn on the below options to have the server actually do ASCII% B5 A |- y: ?$ }) F* G& p% g
# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains
9 _: C4 ?1 Y" v* C1 ~& J* ~4 e# the behaviour when these options are disabled.; v8 N% Z% B/ u* |, \/ t0 I
# Beware that on some FTP servers, ASCII support allows a denial of service: |6 t& ]5 d) D8 i4 E- O
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
- F( {7 _4 M O+ E4 r8 f% @# predicted this attack and has always been safe, reporting the size of the6 B' j1 E& v2 I$ n5 J8 n! [$ \0 P3 F
# raw file.& d" W& {& A. K
# ASCII mangling is a horrible feature of the protocol.
9 A) x, ]; B3 R iascii_upload_enable=YES
6 v$ N7 H \2 h P+ k7 S, Mascii_download_enable=YES# y0 \3 l5 A, H4 s% w. D7 b/ K
#
3 b f, z, ^" m e3 q; \+ n; k# You may fully customise the login banner string:
2 r0 u* E/ l Q' W- X2 L6 J#ftpd_banner=Welcome to blah FTP service.
; H3 h: _, T$ U: G2 l/ u#5 R. B6 Y% \/ W5 j
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
) Y, a7 H) C+ ]. Z7 s3 Z4 F# useful for combatting certain DoS attacks.* Z+ B/ w! N; O- M8 M0 m( ^
#deny_email_enable=YES5 t5 G& r |2 {3 H( [
# (default follows)0 g1 @& K2 {0 S! w0 W7 U& a
#banned_email_file=/etc/vsftpd/banned_emails! Q2 g9 n, [* \
#2 H" s0 m$ G; ^
# You may specify an explicit list of local users to chroot() to their home* l- [! n/ b8 J# c7 Z4 S6 z- ?
# directory. If chroot_local_user is YES, then this list becomes a list of
: P; D' N: E4 `4 o8 p# users to NOT chroot(). v6 I0 v# l- O+ e% t' d
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
' V* }' M( o1 e( t# the user does not have write access to the top level directory within the7 ]* u3 T% v& G9 v! v9 K
# chroot)9 s' r% Z: X- G( z) M- v
chroot_local_user=YES& M* V* H! ~8 t$ y& E
#chroot_list_enable=YES
5 W% K/ c, S h: ~+ T% t" j# (default follows). i& a# H1 Y2 M2 j' i5 r& L
#chroot_list_file=/etc/vsftpd/chroot_list1 \& M1 h0 t0 s9 L- _8 @6 j
#. l s# R; L w
# You may activate the "-R" option to the builtin ls. This is disabled by
5 g$ d; D' P/ a3 j+ v# default to avoid remote users being able to cause excessive I/O on large
" o7 _* |1 ? J& M- \# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume& l6 U4 z/ X% s' Q1 N3 v
# the presence of the "-R" option, so there is a strong case for enabling it.
7 M# U7 q* \# V7 ^#ls_recurse_enable=YES5 u! ?, r4 ~4 i
#
# C8 I ]( e9 `! R3 u `# When "listen" directive is enabled, vsftpd runs in standalone mode and
: H# H& R* _& t, w3 o8 k# listens on IPv4 sockets. This directive cannot be used in conjunction
4 X+ ~% T0 \+ t# with the listen_ipv6 directive.
9 ~/ x' g: H" V. A% t% }9 j5 rlisten=YES
4 O3 g. v, S0 \& E6 s+ ^listen_port=990
6 T. K+ |& A* z3 L+ Opasv_address=公网IP
/ P7 x; i; ?- U' ?. V6 R. i#) N L- s% @$ e' @' v
# This directive enables listening on IPv6 sockets. By default, listening$ n5 m' [% s7 L6 w' U2 H& p
# on the IPv6 "any" address (: will accept connections from both IPv6
+ J$ [8 r) _9 K2 |: `) |# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
: m9 Z5 J% r/ X3 F0 j# sockets. If you want that (perhaps because you want to listen on specific/ g- X- S) L! A! T+ ~! D$ V2 I
# addresses) then you must run two copies of vsftpd with two configuration6 B5 O6 Y9 a" A7 q% Q" S3 Z2 T9 B @
# files.
# ^& p0 C1 R: s$ p% w1 }! ^. ~# Make sure, that one of the listen options is commented !!4 I7 ~- j- {# r' z
listen_ipv6=NO
! @( b% }1 a; r3 bpam_service_name=vsftpd
0 u5 ]& e$ U1 m% N. C* zuserlist_enable=NO( G6 h5 w2 l3 P( ?1 p. ?, T
tcp_wrappers=YES
! y* p% n* Q8 \& f# L) qallow_writeable_chroot=YES
3 a7 i, W. Z8 xuserlist_file=/etc/vsftpd/userlist; r Z3 U7 F0 ~; `
userlist_deny=NO
3 w- T7 W( C; J9 k lssl_enable=YES& |& F. M& d2 ^4 ?8 P! n/ X3 E
ssl_tlsv1_2=YES6 o* K+ p y/ k
ssl_sslv2=YES( Q: ~2 B0 k% Q5 {# w) \3 d* i! Q
ssl_sslv3=YES# Y: a6 _3 { J3 Y, V
rsa_cert_file=/etc/ssl/private/vsftpd.pem2 X0 Y- Q5 E9 Z+ c- ?: u
rsa_private_key_file=/etc/ssl/private/vsftpd.pem9 s* j0 h# }8 E5 M
allow_anon_ssl=NO
6 g1 k9 C7 h/ W7 I- V( R$ f+ X5 cforce_local_data_ssl=YES$ U+ X! X a1 k, G
force_local_logins_ssl=YES8 T! M7 D9 H" }+ k4 Q/ o
require_ssl_reuse=NO
! ^" g o2 Z9 T- N" x0 x) ]) v% @ssl_ciphers=HIGH
n- v% } Z+ }0 ~implicit_ssl=YES
+ Y0 |- v4 \$ ]. rftp_data_port=500008 B) f6 D4 ^1 S5 E; `
pasv_enable=YES( M* q/ G p3 O8 H
pasv_min_port=400002 u: t' S& f" c* J# H" i
pasv_max_port=50000( q- _& I' K: i: Y$ _( _+ s- ?
port_enable=YES
6 ]! E4 \& K: G* J8 \debug_ssl=YES- n0 e7 b1 i* ^; {6 N7 B
pasv_promiscuous=YES 解决vsftpd连接错误425 Security: Bad IP connecting
/ g; x4 G5 O6 P4 d* \/ s' }1 g1 t2 D9 R: i# R
9 N3 w3 \7 _( b" o
不知道他们IT修改了哪里 换个IP居然联不上 尼玛 把报错一个一个排查完 . h$ B- ~) w: H1 T
|
|手机版|小黑屋|赛格电脑 华强北 电脑城 南山赛格 龙岗电子世界 龙华电脑城 沙井电脑城 松岗电脑城 pc4g.com
( 粤ICP备16039863号 )
发表于 2023-1-5 18:35:50