# Example config file /etc/vsftpd/vsftpd.conf1 Q! h: K1 L- j9 t( J. g# d% l
#
% R& L/ X& t* b( h$ c7 U# The default compiled in settings are fairly paranoid. This sample file
. X% h5 c" L' ]4 }$ k0 o% g4 ~: {# loosens things up a bit, to make the ftp daemon more usable.
) w U. F0 U" h# Please see vsftpd.conf.5 for all compiled in defaults.
! S* H4 L- j1 [& x G#
' s0 c" N7 m1 c: V# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
9 {+ M' l1 e6 v1 `# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's1 W- R# ?- N8 ^; q o; T
# capabilities.
4 V+ ]3 d$ Y: S$ b) U3 X0 r' }# Q0 Z6 L#
# A' | N$ J& n. Y9 X5 w# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
% O: Q" x" F5 Hanonymous_enable=NO
# i. a2 e4 S/ b0 Y#6 b" a" k" @2 ]* k
# Uncomment this to allow local users to log in.
5 O: ^& G- x; T# When SELinux is enforcing check for SE bool ftp_home_dir9 | j$ u( n4 b. u* _3 u0 W8 W
local_enable=YES; H, P! D# k% _, R& s( `# G
#; x. _) \ W" m( v
# Uncomment this to enable any form of FTP write command.
* C/ n6 Y( [; G0 wwrite_enable=YES
4 f/ q J0 z* o8 i3 B/ ^: h1 t#
; f6 ^/ q. u E# Default umask for local users is 077. You may wish to change this to 022,
0 Q5 y9 Y$ s8 x: j* i; o- f; l( o# if your users expect that (022 is used by most other ftpd's)* V8 W) V4 U- S2 s7 v' v0 u
local_umask=022
' T; s. z1 j- k" d3 e9 Q. w: f. \- D#) K% v5 G0 M8 P; i
# Uncomment this to allow the anonymous FTP user to upload files. This only
- O5 M# X9 h9 `# G" m3 ~) F, j- ]# has an effect if the above global write enable is activated. Also, you will
) X" y( ?( K+ m( s: {7 d' X# obviously need to create a directory writable by the FTP user.
$ S- s4 v2 u1 \6 v! e5 k# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access9 W5 R& U/ A& r, T
#anon_upload_enable=YES
2 M2 A I* i, x7 i! M c- N#
" U U" [% ?) z$ |$ K. k# i. B# Uncomment this if you want the anonymous FTP user to be able to create6 X4 f3 P) [/ [! f6 V
# new directories.
1 l2 I; B8 X- t9 y#anon_mkdir_write_enable=YES
1 i! p" t6 ~$ u$ v( O2 C1 {#/ N7 v7 Q, J* @3 v4 G" N! a
# Activate directory messages - messages given to remote users when they4 C4 u! x8 A. X1 ?+ Z
# go into a certain directory.
9 d2 F A. i8 |- G, f9 g1 ldirmessage_enable=YES
1 M* n ~" W; n: G; f#
2 r. F: s& [0 n: W# Activate logging of uploads/downloads.9 `9 M3 n1 Y: R. G
xferlog_enable=YES
! R% K4 P- ]3 N* w1 u7 F#
. J( i% P K5 n& U1 D9 Y& x# Make sure PORT transfer connections originate from port 20 (ftp-data)., `4 P, ?5 J2 u
connect_from_port_20=YES
. y# h6 o- a5 o+ n#' Z; M: N$ u$ e: R. U" ]" z% D
# If you want, you can arrange for uploaded anonymous files to be owned by
8 f+ K2 Y* A1 I3 ^5 Q# a different user. Note! Using "root" for uploaded files is not E1 D3 {/ S2 @- w4 k- d# c! g. J# U7 t
# recommended!7 S) a& _; Y W& J9 r
#chown_uploads=YES. _- o! q$ ^" h8 {& @$ S+ s4 ~
#chown_username=whoever
! S0 @3 B$ Z" G8 D1 \#
9 T% D5 n# S$ `% F; c* v# You may override where the log file goes if you like. The default is shown
# e- V/ V+ _, [% _6 ?# below.
1 b. H! g1 s7 X. kxferlog_file=/var/log/xferlog3 ~% S3 q5 G9 u9 \0 ^
#
: H E+ ]2 h4 b$ U9 D" x) }# If you want, you can have your log file in standard ftpd xferlog format.
7 i/ O- g4 r( H, |* F% [9 c# Note that the default log file location is /var/log/xferlog in this case.
% ]; Y8 f) o, }+ \4 i1 }, xxferlog_std_format=YES
6 `: [. q" y2 [9 u#
& h: K" z* X( R& J# You may change the default value for timing out an idle session.
. y4 z) U% @/ C( P: C#idle_session_timeout=600
; Q5 s$ M# w4 @2 f: w. i$ H/ m/ d#
1 Y; D! p+ `7 D4 @" j# You may change the default value for timing out a data connection.
. i' B6 s& ^, Z#data_connection_timeout=120+ X0 j6 H8 K! c2 o5 P3 k0 L8 t0 c
#
& v* S0 ~# b7 |) B Q# Q2 W# It is recommended that you define on your system a unique user which the
: J3 s' {( R q, H. l+ ]# ftp server can use as a totally isolated and unprivileged user.
; Z% i' ]5 \6 ` y- W: k#nopriv_user=ftpsecure9 o1 T; ^2 f/ y3 A9 z1 t( I
#8 O! F# E3 g- _& L5 i' ~
# Enable this and the server will recognise asynchronous ABOR requests. Not
! K4 q- l5 w" w' F" X. t9 I# recommended for security (the code is non-trivial). Not enabling it,
. ~6 q& n: T7 b7 v8 _4 K+ B" m# however, may confuse older FTP clients.# W: k# Z' x" _* } _7 X$ R
#async_abor_enable=YES2 k* i& r( |" P2 z
#
! F, T# I* G, r# ?# By default the server will pretend to allow ASCII mode but in fact ignore
: P+ z3 L7 c" g6 [& C5 O4 n+ D( I# the request. Turn on the below options to have the server actually do ASCII
+ Q9 z3 q* J- j/ l9 s* h, Y# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains2 z8 O( T8 ^; s( d( ^
# the behaviour when these options are disabled.
7 e5 e$ o! f9 A. I" L6 v" q3 h# Beware that on some FTP servers, ASCII support allows a denial of service
& p3 ?! \$ ~( Q2 I {0 Z0 G# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# z% U4 @: ~5 j, h& d, j# predicted this attack and has always been safe, reporting the size of the2 w' j- N; E* |0 \* H
# raw file.
& w1 x7 D9 y+ l3 ~2 I# x8 T# ASCII mangling is a horrible feature of the protocol.
R; m) E! i2 B" n( |. U7 tascii_upload_enable=YES
/ R' @/ p# b jascii_download_enable=YES
3 `8 @ A& @1 _#3 ^1 F' {4 H; F9 o" V2 h' I
# You may fully customise the login banner string:
$ h7 Z5 _( z5 |: i: [3 N#ftpd_banner=Welcome to blah FTP service.
, G* Y. H" f. J+ }/ J$ h# u3 t#. w) L7 z1 O4 D
# You may specify a file of disallowed anonymous e-mail addresses. Apparently8 A: u C+ x! H- Z7 b; Y1 {) s
# useful for combatting certain DoS attacks.% d( Q$ f, g# | d
#deny_email_enable=YES( k4 R9 s8 f! d1 O5 @$ }! C
# (default follows)' Y+ `$ U+ f, c; Z4 B0 |6 I4 k
#banned_email_file=/etc/vsftpd/banned_emails
0 H( R5 ~2 m- }) A6 {#
4 B6 F" B/ |: `1 ]: ^# You may specify an explicit list of local users to chroot() to their home
& O: u0 X- j+ _8 S) f; s# directory. If chroot_local_user is YES, then this list becomes a list of
& Q* Y4 W) p3 Q# users to NOT chroot().
9 n! Y* B2 k# q# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
7 t* }6 Y8 \( j0 f# the user does not have write access to the top level directory within the
* n; P' V8 u1 T' n1 Z# chroot)
8 L/ H( O# d' {7 |; Ochroot_local_user=YES# x: n/ L9 e, {3 y3 v7 i
#chroot_list_enable=YES1 h. h1 h. z3 h8 `
# (default follows)% I( U, R& l, x/ m$ e
#chroot_list_file=/etc/vsftpd/chroot_list, C. V2 i+ r \6 C% _, A; j
#/ a3 ^- M6 }) x4 C
# You may activate the "-R" option to the builtin ls. This is disabled by; B$ Z2 g$ X" }* O* t2 I
# default to avoid remote users being able to cause excessive I/O on large& Z$ B( ?- M0 ~$ ?# {! A
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
2 A0 r' r# t9 a2 A+ b4 P( S' F# the presence of the "-R" option, so there is a strong case for enabling it.% _# F2 k3 i1 M1 o" O4 P; [
#ls_recurse_enable=YES8 }4 s T5 i5 L* G7 [, j/ k( G
#1 u, D: c: j+ {, p
# When "listen" directive is enabled, vsftpd runs in standalone mode and
2 t) v c/ u) X- X: X4 A7 F' y+ h3 V* _# listens on IPv4 sockets. This directive cannot be used in conjunction. q; {0 y! B9 \ T6 Y
# with the listen_ipv6 directive.1 a9 ^- p) k, O
listen=YES
, O9 d9 V1 O. hlisten_port=990- a0 I7 y# a: p5 l- U5 B* E
pasv_address=公网IP7 C) @9 D+ y8 f* O0 M3 `
#
" P/ }& v6 R8 w3 e' w# This directive enables listening on IPv6 sockets. By default, listening# H. C6 O: U0 V! M. `
# on the IPv6 "any" address (: will accept connections from both IPv6
7 Q. F+ J$ c5 M& i# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
/ u1 w. y: C" N$ f( I# sockets. If you want that (perhaps because you want to listen on specific- ~6 C2 [8 p* L; z! K% A
# addresses) then you must run two copies of vsftpd with two configuration
6 V% S& e$ g. x" R8 b7 _# files.
$ T, {# \/ }# A8 |: x5 n. M9 z# Make sure, that one of the listen options is commented !!& V$ Z0 Q" t/ |5 W' H/ [$ C
listen_ipv6=NO" J- P& [8 ]( ]' Z
pam_service_name=vsftpd: z ^$ K+ Z1 n9 X; ^7 ^
userlist_enable=NO
! S; {* U) y: D# u/ atcp_wrappers=YES
5 j! W$ M: O/ P. `5 @allow_writeable_chroot=YES
+ D1 o8 T" h* V" W1 U' buserlist_file=/etc/vsftpd/userlist0 J. S& P) N( p" @0 N) h
userlist_deny=NO
+ |6 [$ b0 K; v1 [2 F. sssl_enable=YES
0 M! W! b% S3 M/ x- i' R. lssl_tlsv1_2=YES
$ e2 Z5 g" C0 hssl_sslv2=YES$ a" M# o* r; h- x
ssl_sslv3=YES3 s8 p' s4 D6 \* g" M
rsa_cert_file=/etc/ssl/private/vsftpd.pem
' J6 W& y8 `) _0 S6 Wrsa_private_key_file=/etc/ssl/private/vsftpd.pem
}" a# a4 x4 dallow_anon_ssl=NO
- @6 x+ a" z: c! g; D) f9 h1 u- pforce_local_data_ssl=YES
9 [$ P- X5 m& ^* P4 hforce_local_logins_ssl=YES
" U3 C: M8 x8 y7 b5 nrequire_ssl_reuse=NO! p# `8 F" x0 O; D' z+ c1 L1 D
ssl_ciphers=HIGH6 A! T& P$ ?8 G D- ~* T
implicit_ssl=YES
/ j& H1 q) D% p, d# i1 U* `ftp_data_port=50000" a' X0 |- k3 _0 r$ g* p
pasv_enable=YES9 n& O; f; L' O1 b
pasv_min_port=40000/ q* y0 x7 Q9 L- q3 _
pasv_max_port=500000 A* Y" ~5 f( h! |
port_enable=YES9 Y# a8 K% b+ ]1 K5 M
debug_ssl=YES$ U# K$ h! D1 I# C2 W; S1 T
pasv_promiscuous=YES 解决vsftpd连接错误425 Security: Bad IP connecting S; D6 o9 s- ]7 I) r
7 Z9 F1 m0 K5 h( v2 A
4 i; v0 [& _0 H" q8 t& u# L
不知道他们IT修改了哪里 换个IP居然联不上 尼玛 把报错一个一个排查完
. r! i- [) R+ t, w8 `( L* ~ |
|手机版|赛格电脑 华强北 电脑城 南山赛格 龙岗电子世界 龙华电脑城 沙井电脑城 松岗电脑城 pc4g.com
( 粤ICP备16039863号 )
发表于 2023-1-5 18:35:50