# Example config file /etc/vsftpd/vsftpd.conf
0 _+ {5 D3 q2 n) L4 w; u* p: k#, V2 S0 V& }% F: J) g" ~
# The default compiled in settings are fairly paranoid. This sample file) q" s$ p$ f( f' p4 S1 ^
# loosens things up a bit, to make the ftp daemon more usable.
5 t7 G) _, K, g# Please see vsftpd.conf.5 for all compiled in defaults.
0 ~! l% P/ e y( u$ a# j2 Q#
2 |2 g$ {: ?! d- q( l4 T9 b* A# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
$ T2 ?4 v$ ]2 G. S+ O# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
, E- {4 H( v0 x# capabilities.5 C r& U' u: p w! a; I+ E
#
3 X* v1 W: \4 j* s5 Y# Allow anonymous FTP? (Beware - allowed by default if you comment this out).+ n9 K6 @# \7 l6 B8 U6 y
anonymous_enable=NO
1 o2 S/ e, T$ b/ r7 f" B6 l4 t#
- Z: F# _- ~# D# Uncomment this to allow local users to log in.# p+ _# W# s0 m/ W
# When SELinux is enforcing check for SE bool ftp_home_dir
& c3 `2 I4 q4 I7 N; Mlocal_enable=YES
. e; t( M: @+ A6 _( Y, n" K. O#
]! Z" b, ]2 _& {. m# Uncomment this to enable any form of FTP write command.6 w" z9 |* Y& `
write_enable=YES
! }- Z6 C F* P, R#
( O% j% Y3 b* W( i# Default umask for local users is 077. You may wish to change this to 022,
) c4 X* P' e2 r0 e" d# if your users expect that (022 is used by most other ftpd's)" H8 m6 O9 O; n) C) @# c: @
local_umask=022) R: w* x( x$ }" v9 j+ B
#' Z6 e0 b/ u# u4 T& R
# Uncomment this to allow the anonymous FTP user to upload files. This only% W( z' Q' R1 P, G* F4 I0 p# \2 l& z
# has an effect if the above global write enable is activated. Also, you will
- v1 v# \6 q6 h$ m" l0 M# obviously need to create a directory writable by the FTP user.
/ C. h% E# b( b" A7 F' V! {# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access
' ]$ M1 ~0 ]4 [# V. @. B! b0 e#anon_upload_enable=YES' }! E* d ?, ?5 q6 b: x9 t
#6 p# A# W- H. W+ I0 u) K/ b/ s+ r
# Uncomment this if you want the anonymous FTP user to be able to create7 y+ T9 Q' J- r! ?3 V% h% V
# new directories.
% y. r& [( b1 F* I) S#anon_mkdir_write_enable=YES# \; ^8 m+ [) H3 |$ D
#
0 I7 E8 C$ ~3 h* v# Activate directory messages - messages given to remote users when they
$ U6 D2 L9 b( a& R0 |# go into a certain directory.' I1 G3 J' ~" |7 i% M# }
dirmessage_enable=YES
+ t4 n; x$ g* W, ]1 q#
$ F% o" G( I6 N/ K: b4 Z# Activate logging of uploads/downloads.
/ \% e% h* |' _& x5 H* L0 Rxferlog_enable=YES
/ x$ @) R, @7 A: u#: w" E& c8 K- A
# Make sure PORT transfer connections originate from port 20 (ftp-data).4 F; D, X7 U# H" e' g7 T1 z8 o. [
connect_from_port_20=YES
) w, n3 O5 J$ Y: o7 n* U: v4 o#, x8 e" L* {& h) M7 h. B
# If you want, you can arrange for uploaded anonymous files to be owned by
' d! I y) J" B0 M* c% G+ F! C- }% y# a different user. Note! Using "root" for uploaded files is not
+ z+ b8 @& V- q0 A5 G& }' o- U# recommended!% Y. H8 x* @" E0 W5 m
#chown_uploads=YES
8 j4 c. E; P2 D#chown_username=whoever
8 Z: |+ O) o8 `, G6 `% W- _#
3 W) s& n* J/ g1 F4 N# M# s3 @: n( V7 }. e# You may override where the log file goes if you like. The default is shown# h3 ~6 h% q5 A5 K
# below.4 U% T' `, m! K! f& a
xferlog_file=/var/log/xferlog% }, C x5 S. p1 P
#$ R2 U1 F* ?! y: s
# If you want, you can have your log file in standard ftpd xferlog format.' A, l0 U( `6 D2 j7 m& g
# Note that the default log file location is /var/log/xferlog in this case.
/ p- Q5 C; q4 _# N$ d/ pxferlog_std_format=YES
( B) e w4 d6 U+ ]8 _#
9 I" F( W4 |. a% J; _# g" `' F# You may change the default value for timing out an idle session.
" R8 r8 b5 r: n) X. `#idle_session_timeout=600
2 ^0 h, F( f. ^7 r#/ X9 q- V0 E( u6 R9 J* l* O
# You may change the default value for timing out a data connection.
$ N/ R y7 p/ }' `0 Q+ v' d) ~+ K j2 N#data_connection_timeout=120
- l( h9 C; k* Q9 L#
3 F6 `% w0 h0 K- Y N# It is recommended that you define on your system a unique user which the3 L4 _: ]( x' ]( z7 l% T1 T
# ftp server can use as a totally isolated and unprivileged user.
% R5 U# d& |) N#nopriv_user=ftpsecure
" z/ B: H9 S" F#
* k$ b+ M8 e/ I+ S3 Z8 R# Enable this and the server will recognise asynchronous ABOR requests. Not9 ?" B/ l# c2 ]. m# d3 {6 [1 r
# recommended for security (the code is non-trivial). Not enabling it,
: S6 n( P% z3 n- ]. ?" M# however, may confuse older FTP clients., h( y% V% |, z3 L* t3 n
#async_abor_enable=YES7 Z" Y6 v# A' k$ V7 [2 }
#
& Q9 Y" H8 c/ R4 Q" W# By default the server will pretend to allow ASCII mode but in fact ignore
1 u( {5 T2 [" a* T# the request. Turn on the below options to have the server actually do ASCII- }1 X0 i9 [9 [: Z! v* y
# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains
) E4 M1 B" Z' [( }. W1 c* r# the behaviour when these options are disabled.
# Q: [+ c# ~% J3 L3 Y9 n: N$ I: p# Beware that on some FTP servers, ASCII support allows a denial of service+ s" t9 @6 u# |( h
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd) j$ h5 y i6 L- T% J3 e4 o/ B
# predicted this attack and has always been safe, reporting the size of the. W4 s5 P1 @( S* [
# raw file.3 y4 [7 E& ~- ]' k0 j, {
# ASCII mangling is a horrible feature of the protocol.! `0 E7 z8 r$ f- D5 j: C
ascii_upload_enable=YES# w' A; B* v5 E4 ^
ascii_download_enable=YES
6 @$ M+ ^/ A( `3 v& D n#2 t5 S- X7 D6 b* R* N
# You may fully customise the login banner string:7 l8 y* c5 E0 l7 a9 v, f6 E6 I0 w" [
#ftpd_banner=Welcome to blah FTP service.
/ W% h0 U2 C2 r# Z5 t6 q& R A#
9 C3 P1 F j! M1 p# H* A# You may specify a file of disallowed anonymous e-mail addresses. Apparently1 U, x" D# @9 W
# useful for combatting certain DoS attacks.
1 b) z* J! u j#deny_email_enable=YES% @: n ]. ~ ^0 f% J
# (default follows); }. j, i1 w5 Z* C( y
#banned_email_file=/etc/vsftpd/banned_emails4 W8 t1 B1 y2 d( M0 ^& m6 V
#0 I$ z, p/ R/ ~/ |* W7 F2 X
# You may specify an explicit list of local users to chroot() to their home3 g4 |- T% L' M" H( `
# directory. If chroot_local_user is YES, then this list becomes a list of
, q" W# h8 L9 J' I4 I# users to NOT chroot().6 ^# t. D \2 O4 ^+ `
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that: k9 ]# D1 \' P
# the user does not have write access to the top level directory within the% X, D7 S" l; Y
# chroot)
5 ]. F1 r& V1 z" e+ Hchroot_local_user=YES1 F5 V, e( w- @5 R
#chroot_list_enable=YES
$ X- R! ` O8 L) q# (default follows)# R# `+ O+ C: l5 |6 H: M
#chroot_list_file=/etc/vsftpd/chroot_list
- I. {0 K% E8 p#
. b" z& _ l) J/ w1 _' b$ b. p# You may activate the "-R" option to the builtin ls. This is disabled by
! s- J# |6 F- i, G+ m! C1 u# default to avoid remote users being able to cause excessive I/O on large
% t0 E/ a3 F+ a* H# c# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
' q1 v: {2 c; q% X4 ]# the presence of the "-R" option, so there is a strong case for enabling it.6 R/ K% M* ~3 k
#ls_recurse_enable=YES
" c- u# g9 F, y1 U#
- ^- d: u2 i% {( @3 L# When "listen" directive is enabled, vsftpd runs in standalone mode and
! l$ X: }4 B3 `5 ]! p' b! \# listens on IPv4 sockets. This directive cannot be used in conjunction% I' ^$ R9 s5 k$ z' o) u" [
# with the listen_ipv6 directive.7 ~, l. M7 q0 N l1 Y
listen=YES; l5 L& ]9 T' k
listen_port=9904 w) P, _9 _% H1 H( X
pasv_address=公网IP
. |7 I# ?3 d- X#
% M9 h {7 N7 L* R6 e1 x$ G# This directive enables listening on IPv6 sockets. By default, listening
) d2 Q( F0 }2 h( d5 p" T# on the IPv6 "any" address (: will accept connections from both IPv6- n3 l: R7 @3 n1 s( S$ L3 \
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
5 x( z8 v7 q1 {% R; f( R! W# sockets. If you want that (perhaps because you want to listen on specific' s" d3 Z3 Z1 R( Z4 ]
# addresses) then you must run two copies of vsftpd with two configuration
Z. r6 m0 R. P Y# files.
: z6 l. ?% u! Q* r4 |' [# Make sure, that one of the listen options is commented !!1 _1 k, f% d/ O: e: N
listen_ipv6=NO# y9 P, r- z- c9 t
pam_service_name=vsftpd6 M7 [+ o) `- I/ j6 [
userlist_enable=NO
# N' w8 o V$ H- c# E- ztcp_wrappers=YES* `( p# q F1 u
allow_writeable_chroot=YES! I/ Y A: O9 ^3 v
userlist_file=/etc/vsftpd/userlist
: \3 w7 i# p- @& N" d7 N1 s- R1 Zuserlist_deny=NO* W% H8 ~" A0 F0 R T5 ^% ]/ L4 h
ssl_enable=YES
9 X/ \, [$ ` |' y( A0 N- _6 i9 Gssl_tlsv1_2=YES
+ k, V! q U! x/ H- D' z4 Pssl_sslv2=YES5 I7 A; o. ?" `& `
ssl_sslv3=YES9 {0 \( M5 L/ j L2 F4 i# y
rsa_cert_file=/etc/ssl/private/vsftpd.pem
5 F) K& y. P" r( Y; ]: ~rsa_private_key_file=/etc/ssl/private/vsftpd.pem
* T0 p3 g% f& A6 Yallow_anon_ssl=NO
3 ]. o1 s- e; _/ Bforce_local_data_ssl=YES7 [' ~% @! _/ }- I! {. C% m
force_local_logins_ssl=YES
0 ~4 \; V# H4 h# e* K/ l# Crequire_ssl_reuse=NO7 W0 W Z4 Q8 H2 L9 ^! `9 ~9 ^
ssl_ciphers=HIGH
! a- N4 Q! ?2 k& ]implicit_ssl=YES
4 C8 [# A' ~0 I% B- \3 Jftp_data_port=50000% v9 v# e( ~0 F1 x/ h7 V" X+ t- p
pasv_enable=YES
+ X1 h7 y5 S( X5 B! v Z% }pasv_min_port=40000' g- A5 l% P# [2 W
pasv_max_port=50000
r5 g4 J! g4 I& F3 ]port_enable=YES
7 J' d8 S5 H/ F$ u9 z4 Rdebug_ssl=YES: z$ O& l& U) Y+ w6 F4 [+ I( f
pasv_promiscuous=YES 解决vsftpd连接错误425 Security: Bad IP connecting8 x4 c- ^; ?" K, \' b0 V- n
3 C. x) f2 h) a5 Q
) S2 L" R0 e9 w \* f* Y# s& d' w" t
不知道他们IT修改了哪里 换个IP居然联不上 尼玛 把报错一个一个排查完
( @+ j. C3 e+ h$ @$ V |
|手机版|赛格电脑 华强北 电脑城 南山赛格 龙岗电子世界 龙华电脑城 沙井电脑城 松岗电脑城 pc4g.com
( 粤ICP备16039863号 )
发表于 2023-1-5 18:35:50