# Example config file /etc/vsftpd/vsftpd.conf5 a s$ B; P% C# |( H. u2 ` Z: T
#2 N: U2 w' s% G
# The default compiled in settings are fairly paranoid. This sample file
$ U4 R6 t7 u3 u$ p' j# loosens things up a bit, to make the ftp daemon more usable.6 _. E7 o P! ~7 @
# Please see vsftpd.conf.5 for all compiled in defaults.9 F( ?7 |3 s- `5 L2 r+ h' c
#1 K1 q0 z( h: g* }: n/ y# {
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
3 U! e: r9 ]% t# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
% @; ?$ D. z% ~' H& U# capabilities.2 K0 m$ E3 [0 f) j- N# a
#
3 D' o- f6 C% Z# Allow anonymous FTP? (Beware - allowed by default if you comment this out).. c4 a6 r0 {. A: {/ T2 E9 m
anonymous_enable=NO
$ i5 q8 ]* {; Y$ A#
6 a$ ^+ c; \9 D; \' b# Uncomment this to allow local users to log in., c. g& p- X* J) {2 B
# When SELinux is enforcing check for SE bool ftp_home_dir5 K) u( C6 S5 d. \+ J1 e8 S) q- F6 m
local_enable=YES$ P- b7 [; b% z& i7 I9 M1 |& p
#8 {4 e9 H5 a. [2 X2 p8 M. B# f
# Uncomment this to enable any form of FTP write command.
4 l' Q( N d2 E4 l3 [' owrite_enable=YES# W. S( x0 d/ q5 h7 d0 q, a
#
; ~; v8 w) g# m# v+ j. P* l# Default umask for local users is 077. You may wish to change this to 022,5 V: a( |% y- I. _. a9 l4 P) y2 |% z
# if your users expect that (022 is used by most other ftpd's)
8 h( n% C# ]5 h5 P: Dlocal_umask=022
( P/ `. m( j# J G8 N# t- _4 o#
! W' q0 V' `! ]* }+ j: v# Uncomment this to allow the anonymous FTP user to upload files. This only
4 @4 w3 e0 `3 q5 G# has an effect if the above global write enable is activated. Also, you will( L4 L7 j: N* z2 T- ]$ _/ I
# obviously need to create a directory writable by the FTP user.: B" q* ?9 p8 s+ R. q1 a
# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access, a* `8 @ O, `3 }% v7 s
#anon_upload_enable=YES) \8 ]: J! L8 N) r: z1 N5 Z* U
#* P* d) x# G9 G( @
# Uncomment this if you want the anonymous FTP user to be able to create
6 [8 {, b4 ?9 K6 _. _/ {& e# new directories.
1 R+ @; q8 Y f, ^* x+ ]#anon_mkdir_write_enable=YES' v1 e6 q0 t3 N! f
#
# C$ ~% o( B8 F- P# @8 R7 H" y# Activate directory messages - messages given to remote users when they
% P3 f/ T+ |# b7 h0 a# go into a certain directory.
) }5 N+ S' \" M9 mdirmessage_enable=YES+ F6 X/ D+ r. w% L8 y! H
#
+ S& `: s+ \4 f6 Y$ ]$ o/ A3 k4 ^# Activate logging of uploads/downloads.+ G7 p) y, [0 d) T/ U X/ m6 `& @
xferlog_enable=YES. Z& ?: M( _ D. K* c
#( G0 k9 P+ J8 `3 W3 ]7 [
# Make sure PORT transfer connections originate from port 20 (ftp-data).4 [: y$ V4 P8 a ?7 J& d& B$ H; [
connect_from_port_20=YES' _% S- m+ ]: K9 {
#
! m1 e' i% a' Q# X+ o, ~$ \# If you want, you can arrange for uploaded anonymous files to be owned by
% F& R: B( G3 _3 L3 H& V X! w; q+ V, {# a different user. Note! Using "root" for uploaded files is not
4 _5 e- I- L3 G3 U4 F# recommended!
* h7 ]- H3 p- f#chown_uploads=YES! Q& @9 a; p/ c+ y
#chown_username=whoever% c8 D( J* p, E
#8 a8 e; J8 ?) {. X
# You may override where the log file goes if you like. The default is shown9 O7 G* j* m3 j( U7 E' W! }3 W) y7 V
# below.
5 F+ U {+ R: L7 t8 O* `xferlog_file=/var/log/xferlog
8 S" x. ]/ I) E l#' z" m! a! g9 Q! p) C
# If you want, you can have your log file in standard ftpd xferlog format.! y" q& O6 U4 F2 E6 ]' t! S9 `/ C: b
# Note that the default log file location is /var/log/xferlog in this case.
+ q7 r# `/ {' r# x% _xferlog_std_format=YES; L% K# v) f6 x
#
2 `% q6 _) @5 D2 A9 ]1 s2 |# You may change the default value for timing out an idle session.! K( X8 j! N1 B" ^
#idle_session_timeout=600% z; \2 ]3 `( A' b0 @
#
1 r% Z! n' x( e- s# p- c. Z# You may change the default value for timing out a data connection.
2 W# @! D6 ?! ?7 }#data_connection_timeout=120
9 Y8 U. I2 O) {9 R0 I) Z#0 L$ f8 E$ D5 Y* C: `5 `; f0 Y
# It is recommended that you define on your system a unique user which the
! H: R2 B- Y( g: c' J' @$ {# ftp server can use as a totally isolated and unprivileged user. u6 F4 n& a [% @
#nopriv_user=ftpsecure
f4 s2 J8 i# \; O; r/ V- {#
) O7 m9 h0 w" O7 X9 i# Enable this and the server will recognise asynchronous ABOR requests. Not
! e( E( I: c I* h5 |# recommended for security (the code is non-trivial). Not enabling it,# Z+ [# n0 ]* z; O2 b$ J
# however, may confuse older FTP clients.
0 y$ x5 F; ?9 p! i, t9 c#async_abor_enable=YES
3 V: Q% ^* e/ I$ ?5 g#! O; T8 I0 E( M# h" W
# By default the server will pretend to allow ASCII mode but in fact ignore
) X8 C! ^( h P" K* I8 O# the request. Turn on the below options to have the server actually do ASCII, x! h" I, P3 q* F. ^2 ]
# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains
7 v" l1 G& _, t) @# the behaviour when these options are disabled.
, i+ ~; u1 o- J6 H& `% ?# Beware that on some FTP servers, ASCII support allows a denial of service' B* G6 E: t' K ^9 s
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
5 x, ^3 i M. Z: t( A& |: S# predicted this attack and has always been safe, reporting the size of the
/ ?! @+ O y& z6 ^3 J# raw file.0 w5 Q$ a' U0 } O# H7 o
# ASCII mangling is a horrible feature of the protocol.
2 R) ?" `+ m/ {) s2 @, Hascii_upload_enable=YES
- _7 B- Y, |* a5 q) q. x& Qascii_download_enable=YES; c- K7 C8 v% {/ i8 ?% M
#
- \. e. P+ }8 i6 a4 U; _# You may fully customise the login banner string:
$ d" L' f2 V+ }9 @#ftpd_banner=Welcome to blah FTP service.% i8 w) S7 Z L2 m3 X) m
#
9 k4 ?7 e" E1 Y7 u0 e2 G# You may specify a file of disallowed anonymous e-mail addresses. Apparently
9 Y4 B8 x; d6 T# useful for combatting certain DoS attacks.9 W+ p( w& R9 @2 n
#deny_email_enable=YES7 V, i( [5 U) t+ M: Y3 K
# (default follows)1 \! K4 C: t3 }! k; \. k$ U0 P
#banned_email_file=/etc/vsftpd/banned_emails0 D% W6 E" Z, d q1 w7 V
#2 b) c6 |8 j( C, Y7 \$ k
# You may specify an explicit list of local users to chroot() to their home
4 Z8 [- ?. e( K! Y9 Y( t4 w9 [# directory. If chroot_local_user is YES, then this list becomes a list of
# a& r$ c8 O, w# t: f) L, D# users to NOT chroot().
( r# K% T- B7 B; `# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
* q& ` O* j+ I: L7 ~" m# the user does not have write access to the top level directory within the
+ B, s) V5 P/ p+ \2 y) Q9 c/ l# chroot)
; E; l6 |! Z5 Tchroot_local_user=YES
6 N& E* C4 y( y2 _/ P' T4 w1 @#chroot_list_enable=YES
1 D1 E) \0 i2 p* B# (default follows)
; ^9 c: U8 S: v+ l8 b#chroot_list_file=/etc/vsftpd/chroot_list
2 X I. s7 e( C' F3 F, I#- V4 Z% |1 w0 L {/ J- T! Z
# You may activate the "-R" option to the builtin ls. This is disabled by1 M& O7 K8 F {1 r
# default to avoid remote users being able to cause excessive I/O on large
& G) d" h; o3 a% ?, K- \5 E; j# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
' Z' v8 @2 z7 M, d: x$ V+ I# the presence of the "-R" option, so there is a strong case for enabling it.
! x7 ]9 G( d8 C+ e% Q1 a2 }#ls_recurse_enable=YES, f/ M; R O' n
#( M; k( _2 S8 b8 s
# When "listen" directive is enabled, vsftpd runs in standalone mode and4 |5 w1 d1 I$ ^7 ]* `# l6 w
# listens on IPv4 sockets. This directive cannot be used in conjunction) b. V% |3 l$ y# u, @- f
# with the listen_ipv6 directive.: x# Z5 Z! m# G+ B" y" ~8 r
listen=YES
4 @8 I. [5 `/ plisten_port=990
# \8 e5 h0 X; }$ N, M2 Ypasv_address=公网IP8 K- w: G0 ]( s" l- m1 T+ |: j
#
: k5 R! P# l3 ]! _& W+ g# This directive enables listening on IPv6 sockets. By default, listening- ^; g3 ?1 {/ C" |6 ]% Z0 {* b
# on the IPv6 "any" address (: will accept connections from both IPv60 D8 ^4 Q$ b$ p( q7 c$ }# x4 N
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
5 I, O9 g* ]: \6 H" e# sockets. If you want that (perhaps because you want to listen on specific; T* u5 {) ?; ]5 G: m; A! `
# addresses) then you must run two copies of vsftpd with two configuration' ~' C6 Z) Z- r, a& q5 l6 x% x
# files. T: e# P$ {2 d% J% ]
# Make sure, that one of the listen options is commented !!0 ~$ c- {$ c1 s. {' E0 ]0 R
listen_ipv6=NO) D- g1 P) e0 d/ y8 V
pam_service_name=vsftpd
( R9 P+ m- E. B, s+ f& duserlist_enable=NO
2 {- A9 [3 X( r0 f: o' f( e2 Btcp_wrappers=YES
; w, |. o8 r/ T3 N- i' Y8 Lallow_writeable_chroot=YES
% Y% x# j& {+ buserlist_file=/etc/vsftpd/userlist, b. m7 S" u; `! E
userlist_deny=NO
# ]! _( i' I) y# N7 assl_enable=YES8 ?0 N9 A. M- k4 w! [. e2 \
ssl_tlsv1_2=YES
3 h& x) q% J# o+ Nssl_sslv2=YES
1 z6 L2 a& b4 E, m8 c3 H3 Assl_sslv3=YES* M* H) n( A2 k \0 z
rsa_cert_file=/etc/ssl/private/vsftpd.pem
A$ @7 _& n/ t6 D7 T9 D2 Lrsa_private_key_file=/etc/ssl/private/vsftpd.pem ]0 Q+ k0 ]; h6 Y# i! u
allow_anon_ssl=NO0 R( Q/ O3 m8 a8 p; N
force_local_data_ssl=YES
* w. {, l! m( [$ R- ^force_local_logins_ssl=YES
. |7 C6 S6 P( f: yrequire_ssl_reuse=NO; H( F) v/ e6 i0 l& X5 a
ssl_ciphers=HIGH
: ?$ ?9 }9 ?+ x9 G: j: aimplicit_ssl=YES
" Y( Y, A/ k; X$ e5 D3 qftp_data_port=500009 ^2 {% a3 m- T" h ]1 W+ V
pasv_enable=YES3 b( |2 v6 K4 B% `
pasv_min_port=40000
* w; e5 h, m/ h4 h( F& R- z# M! Kpasv_max_port=50000
' ~% B+ `9 f+ Qport_enable=YES8 `- Y' z, m9 u# X$ @
debug_ssl=YES6 p) p+ d! i5 j5 o! u
pasv_promiscuous=YES 解决vsftpd连接错误425 Security: Bad IP connecting8 B" m, H. Z( p; |, q8 c+ ]' N
6 G) j% E. @/ M& B& p" D9 K0 j
. M; Q l) ~5 k6 \# u不知道他们IT修改了哪里 换个IP居然联不上 尼玛 把报错一个一个排查完 N8 u- i. p! o8 g+ ]7 z
|
|手机版|赛格电脑 华强北 电脑城 南山赛格 龙岗电子世界 龙华电脑城 沙井电脑城 松岗电脑城 pc4g.com
( 粤ICP备16039863号 )
发表于 2023-1-5 18:35:50