# Example config file /etc/vsftpd/vsftpd.conf
( t% K2 z" `! R7 Y- W% k. b#
0 A9 L8 Z: x! P# The default compiled in settings are fairly paranoid. This sample file
0 G- u/ k; {2 c5 [ o# loosens things up a bit, to make the ftp daemon more usable.5 [# M0 z3 D+ p7 _% N0 ]2 E
# Please see vsftpd.conf.5 for all compiled in defaults.0 m! ~' F8 d. j# e2 [0 n
#* g, w5 d( g o B- h
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
) O$ X' ?) w0 v3 f# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
8 x3 i! Y$ f: W( K$ E1 f1 w# capabilities.- `/ p1 H8 I; E6 m
#/ L# Q3 M* r/ C; p3 B4 L. j- E
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
5 u8 Z& M7 y7 d4 a8 |anonymous_enable=NO
7 \1 j: b+ g0 j" W8 z- ^& ^#
" ~/ h! O& e6 R( x- F5 q8 C# Uncomment this to allow local users to log in.
0 ?5 _+ r. D" O7 Q' G7 h# When SELinux is enforcing check for SE bool ftp_home_dir
( P5 j) y( L: W5 o$ h) w2 ylocal_enable=YES
! s2 Z: O- P) y#* p: p& u5 S' o }& C, m/ _
# Uncomment this to enable any form of FTP write command.
: K$ I1 y1 ~3 r8 V% i2 m. ~, Lwrite_enable=YES2 [* o6 d' t7 Y" P9 m. w1 H& ?
#8 H: L) V; V8 A+ _% T9 h- r* N
# Default umask for local users is 077. You may wish to change this to 022,
' g& T$ V1 W; Q7 y: m: W# M2 K# if your users expect that (022 is used by most other ftpd's)7 y( o: Q) Y) b1 o) x$ @$ ^2 T
local_umask=022( H1 C$ G$ T2 K( b1 @. L
#
* w! Q l( L- R% w( R# Uncomment this to allow the anonymous FTP user to upload files. This only! G: W( p! F% e! T& t5 h
# has an effect if the above global write enable is activated. Also, you will0 \3 E$ E0 ]3 x6 M5 I) S4 W
# obviously need to create a directory writable by the FTP user.
1 v6 o+ W8 ?! D" {" X) ~( _! c# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access5 H4 ^; e% }8 K, h! H! ?
#anon_upload_enable=YES, E9 F2 M; T. K# n+ p+ y0 G4 @
#
8 A* e$ O* {6 E# d# Uncomment this if you want the anonymous FTP user to be able to create
4 t: U* s6 g- y# new directories.+ m, E1 `, ~. H
#anon_mkdir_write_enable=YES
( i. A. X' C2 }#: y& R' k) x2 @' {0 A
# Activate directory messages - messages given to remote users when they: g2 G+ {" S; _; o
# go into a certain directory.
; a$ B# i% |2 C& b# t0 w- p6 i! sdirmessage_enable=YES
' `9 H' H* Q5 r5 O! H, Q1 l8 j#
( R, j$ \: |1 e! ]1 o5 ?# Activate logging of uploads/downloads.6 O/ S# z, ~$ ^7 X
xferlog_enable=YES, d+ }- c/ m( w! [9 J2 W
#& w9 M' l, b" y8 ~# H% Q+ I
# Make sure PORT transfer connections originate from port 20 (ftp-data).
; y% R3 }- Q; d7 w( Cconnect_from_port_20=YES
- ~; X# N( c7 P#
' K1 f. N; Z0 |" L k# If you want, you can arrange for uploaded anonymous files to be owned by
3 t( e7 n I( x9 l; V& E# a different user. Note! Using "root" for uploaded files is not
7 k4 M, @6 Z) {, A r# recommended!
# X- o4 Y4 Q* }4 l" m" ?) ?#chown_uploads=YES
: ~( }" [1 H% j( R1 C2 d- a#chown_username=whoever
* Q& P9 h! @ `3 u b% p0 b( {#
2 v9 K4 r! r" R+ s/ g# You may override where the log file goes if you like. The default is shown2 A' t" [9 v3 n4 Q: P4 n% F
# below.7 s- @: T, i' h3 R8 J& E
xferlog_file=/var/log/xferlog
9 p* C% i- l. T' B#5 X9 H. t% s( h
# If you want, you can have your log file in standard ftpd xferlog format./ N2 }" A9 f# N0 Y( ^
# Note that the default log file location is /var/log/xferlog in this case.1 `1 v4 Q% b# p. q/ Y- J
xferlog_std_format=YES
& J/ I) s, }& X+ P% L" f4 r& G#
' V8 O) `3 V/ i% L, V3 C* i1 S# You may change the default value for timing out an idle session.
* g8 k9 P; v" [8 r0 O; P6 H#idle_session_timeout=600
6 W/ i8 X: ]4 K7 m/ u#
5 i: v+ u# _& f) }& h8 ^# You may change the default value for timing out a data connection.
4 r; b7 y/ _* a- m: H#data_connection_timeout=120. Z' C& K, S5 d' ~$ q* F7 v0 _
#
- z7 }' M0 \- [9 T$ F# It is recommended that you define on your system a unique user which the
0 Y5 E3 U" G0 Y# X( h# ftp server can use as a totally isolated and unprivileged user.
$ r0 M# _7 L% H* |. U#nopriv_user=ftpsecure4 C! ] F# p4 l& L9 V) b% f
#' l% Q9 p$ f$ H3 j
# Enable this and the server will recognise asynchronous ABOR requests. Not
( K2 d0 G" M' ]- {3 f- o* \# recommended for security (the code is non-trivial). Not enabling it,% j, ~& |; E! N' }
# however, may confuse older FTP clients.
: f7 y/ O$ K. S#async_abor_enable=YES
- z/ ?' p3 X" B5 |1 x#
7 A/ m$ B. u" V( d# V# By default the server will pretend to allow ASCII mode but in fact ignore6 @- V/ M; r5 _
# the request. Turn on the below options to have the server actually do ASCII2 k& @) E2 K. p3 a) \
# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains7 p! t v9 ^# w4 r; D/ ^
# the behaviour when these options are disabled., ~8 O% J3 w7 C0 c$ q
# Beware that on some FTP servers, ASCII support allows a denial of service
; D& d# k5 X6 c% Z6 E# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd+ f* s! ~2 b* o/ ^, @
# predicted this attack and has always been safe, reporting the size of the
# G3 L( |1 i5 `$ c' k* C# raw file.
7 F2 K, Z+ o% K; y# ASCII mangling is a horrible feature of the protocol.
5 K8 I) N2 Q5 K) r) }ascii_upload_enable=YES
9 s" c$ ?% u1 w) @ascii_download_enable=YES
' p+ [( _7 w* o1 g#
g* W# o) o m0 ~9 b# You may fully customise the login banner string:) `3 S$ V/ b5 h- i5 h3 g
#ftpd_banner=Welcome to blah FTP service.
4 D8 ~* |: s4 p9 \0 ]#. |7 s$ P3 p1 V, m7 \, d
# You may specify a file of disallowed anonymous e-mail addresses. Apparently( g M1 |# @! R- r D$ S- N
# useful for combatting certain DoS attacks. d8 k6 B+ L, F/ c5 ~ m; [ O4 K
#deny_email_enable=YES6 b" S/ |0 L- x% S$ ?4 Z& _4 S
# (default follows)
/ h0 Y. ?* v8 Y3 X& f#banned_email_file=/etc/vsftpd/banned_emails& {) I& c6 f7 e, X; K
#5 d5 T0 E3 T2 I }
# You may specify an explicit list of local users to chroot() to their home
% S6 I# D6 ]+ Q# directory. If chroot_local_user is YES, then this list becomes a list of
& P- \6 B. X' ^0 B7 R# users to NOT chroot().
8 `/ {/ u5 y& E+ E2 H0 y& P# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that6 Y3 V* }7 a: Q/ x
# the user does not have write access to the top level directory within the
' W& p- _. d" c8 ^! q7 s! U O# chroot)+ W9 ?( ^( f+ m9 ]% f
chroot_local_user=YES
2 ?0 ?% }4 P: V5 M#chroot_list_enable=YES' K2 \" C& v. [; {9 A% j6 i0 C
# (default follows)
7 `6 r3 G" l3 p#chroot_list_file=/etc/vsftpd/chroot_list, P6 O& { P/ }! [# v
#& E$ c4 E, _4 C/ q4 ^! c: {
# You may activate the "-R" option to the builtin ls. This is disabled by
7 e# Y8 O; E/ {) T, H1 s# default to avoid remote users being able to cause excessive I/O on large( Y) d8 i% ?+ p$ A
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume& |: h: _ ~* J6 L2 M N2 k* U" l
# the presence of the "-R" option, so there is a strong case for enabling it.
9 T" P( [5 p7 E- i" F. N1 j- L#ls_recurse_enable=YES/ J1 }$ r2 @8 d* e" l# k
#5 R! k; P0 D/ Z/ o- n7 A( [
# When "listen" directive is enabled, vsftpd runs in standalone mode and
, H2 _, i: Y. b ?0 T# listens on IPv4 sockets. This directive cannot be used in conjunction# |" W! O( m3 `* o. S0 x& s
# with the listen_ipv6 directive.
% a6 D+ ~1 o" Y# |! T. U7 Dlisten=YES
; p, d" b( x8 N$ J, t/ s8 Clisten_port=990* F& C l+ E# f! \0 {$ D4 \3 Q8 I
pasv_address=公网IP
0 h. X% I6 r$ h! z0 t#: ?/ r& X( ]* v1 i# ]$ p% w) W
# This directive enables listening on IPv6 sockets. By default, listening; O1 i- \! F: ^* p+ t; _
# on the IPv6 "any" address (: will accept connections from both IPv6' {! o! R; O% D5 r. u1 C
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6/ i, T6 i0 Y$ p# `% e3 @! ?% q2 ^
# sockets. If you want that (perhaps because you want to listen on specific
' J) }; G! f: M# f% C# addresses) then you must run two copies of vsftpd with two configuration
. a9 @, {, r4 |# Q- y) ~# files.
1 C+ |: _+ w1 N1 P: l7 Z& {9 N# Make sure, that one of the listen options is commented !!' ?: W* q% i4 J8 O1 Z6 T$ v
listen_ipv6=NO
- {) ?! J( q4 b( `pam_service_name=vsftpd
" E6 t% m1 z3 V" d0 F3 h- j) Zuserlist_enable=NO% t' p% R/ W( ?" X6 L0 c
tcp_wrappers=YES' z8 e; F! j0 A% u
allow_writeable_chroot=YES: X" j# l. }# M8 q& U; b, q" e
userlist_file=/etc/vsftpd/userlist9 b& T& N& z" t
userlist_deny=NO
' Q1 s. T! `: Z( Wssl_enable=YES
* V+ i8 `$ O9 \) ~ssl_tlsv1_2=YES
9 E; ?% j! U; A/ Jssl_sslv2=YES$ I( J2 m2 ] [% W
ssl_sslv3=YES
" v5 _' e( f" a: I+ A4 |- z& Vrsa_cert_file=/etc/ssl/private/vsftpd.pem
( S& M T$ A) q% c0 |# T1 yrsa_private_key_file=/etc/ssl/private/vsftpd.pem, C0 j3 ]! [ z
allow_anon_ssl=NO( W, P" f, Q4 ]" w% P7 c. w; D
force_local_data_ssl=YES
' M1 J; ~6 r: z8 Eforce_local_logins_ssl=YES% A* B9 E3 j7 |2 _
require_ssl_reuse=NO' x) F$ U7 ]5 C4 \* |9 |
ssl_ciphers=HIGH
2 W# P; ], }' _' Pimplicit_ssl=YES
; b5 g* m" F& U+ P4 Vftp_data_port=50000
' ]7 \4 Q. K: E9 Opasv_enable=YES; L- d9 u; O" V' F+ [/ l0 h$ }7 {
pasv_min_port=400006 c/ m- Z) j* I- r
pasv_max_port=50000% M8 Z. D: ~% \3 M9 |* z
port_enable=YES
( n! N. _, \; [; K& ]% j5 S3 Ddebug_ssl=YES n v; Y# P1 I5 |# }
pasv_promiscuous=YES 解决vsftpd连接错误425 Security: Bad IP connecting0 g) m+ l' Z8 H. H
7 D& G% ^$ F: X
+ \9 k- {8 d( K1 ?, ?不知道他们IT修改了哪里 换个IP居然联不上 尼玛 把报错一个一个排查完
4 S2 w+ s' w/ I" N+ s& [+ c: O. c |
|手机版|赛格电脑 华强北 电脑城 南山赛格 龙岗电子世界 龙华电脑城 沙井电脑城 松岗电脑城 pc4g.com
( 粤ICP备16039863号 )
发表于 2023-1-5 18:35:50