# Example config file /etc/vsftpd/vsftpd.conf
2 d3 ^* Y' Z2 D1 R% A2 Z0 W#' u. w0 m& _. X3 r: u5 x( ]
# The default compiled in settings are fairly paranoid. This sample file
: B! a+ c2 @: e3 y# loosens things up a bit, to make the ftp daemon more usable.$ h2 q$ C5 L5 Z6 T5 Y2 C$ A2 m
# Please see vsftpd.conf.5 for all compiled in defaults.
5 X, @" F, C5 V l; u% }2 I#
) n+ O$ u7 ^0 k5 _% ^$ z' O8 m# READ THIS: This example file is NOT an exhaustive list of vsftpd options.3 N k+ H L, i; a5 A6 _( w
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
& {4 _- y f: `) Y) o- r# capabilities.) e9 n+ f) Y# ?, h4 l% P0 T
#
{% Z! F2 I+ H7 e# Allow anonymous FTP? (Beware - allowed by default if you comment this out). ~% Z3 f& ~5 R
anonymous_enable=NO
1 J3 A6 H; e! o3 k#' T: M5 C/ L, ^. N. ~
# Uncomment this to allow local users to log in.1 g* ?! ~$ _* N3 \9 \3 M( ~
# When SELinux is enforcing check for SE bool ftp_home_dir
: {2 P' r+ o" |& w8 R, Q1 tlocal_enable=YES' k9 n2 H9 d8 C4 r& K: K
#
; F& V. p0 k& M- a8 B" i( S# Uncomment this to enable any form of FTP write command.' `# z6 c: R: Z4 Y' B6 \$ Q* I
write_enable=YES
2 V7 q) t# x# Y! |0 r1 E6 |8 S#
" x1 [ d' a, B! ^" Y; @4 Z# Default umask for local users is 077. You may wish to change this to 022,
: j& n- R" x; v! W J0 q# v# if your users expect that (022 is used by most other ftpd's)
) P/ x& N) w; ^& ^9 h% c7 p5 g' i! u# ~local_umask=022, C3 \2 y/ X! Y7 r) x
#% \! {* ~) W% ]3 R! {( {: Y
# Uncomment this to allow the anonymous FTP user to upload files. This only
2 [/ h, x& O+ q; f# has an effect if the above global write enable is activated. Also, you will, ~5 Q/ S: G2 a7 b8 k/ Z
# obviously need to create a directory writable by the FTP user.8 d9 l2 e9 }# Y9 Y1 y
# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access3 q% O- y2 v) t" Y
#anon_upload_enable=YES
+ B" }" y4 I% K! @#
* {6 ]0 ]: @# A% ` E0 E# Uncomment this if you want the anonymous FTP user to be able to create* L: b' d$ r* k, |8 S2 C
# new directories.
2 p& V9 i" Y' F& Y/ z6 b#anon_mkdir_write_enable=YES$ T# n% y+ S% G' x
#
1 {9 W% ]- r8 J# Activate directory messages - messages given to remote users when they
4 L4 ?9 h0 o% @! K# go into a certain directory." P5 E0 E: Q; M# A/ \
dirmessage_enable=YES1 ?1 P6 l+ I3 a! s- I5 ]
#
3 R6 U$ _" J/ [& |3 e. a4 }2 R# Activate logging of uploads/downloads.* M- _3 A& @- |1 I0 X7 f4 W
xferlog_enable=YES* ]; R* { H$ o: k/ Z2 ?0 `+ g& {
#( p2 ]* ^# l' V/ t/ W
# Make sure PORT transfer connections originate from port 20 (ftp-data).$ z9 p; T3 ^) ^( {: B$ U
connect_from_port_20=YES
6 f: V# D5 [) F3 F. A: Q#
' c8 e# v0 ?- |' R2 k7 P7 ?# If you want, you can arrange for uploaded anonymous files to be owned by
; B7 `9 o% P. X9 H2 I9 |# a different user. Note! Using "root" for uploaded files is not
: }) J; C6 O- I! W/ N7 T# recommended!
: K' I$ z" j4 i0 s0 A% X5 ^# \' u#chown_uploads=YES# P5 O5 V7 O( r8 t' X
#chown_username=whoever. U- c$ d7 N7 F7 z4 V) @" @% U4 ]3 o
#3 g# w, J! c9 J; S$ U
# You may override where the log file goes if you like. The default is shown
( n: ?% K% h3 l1 [7 c% R# below.2 |- ]7 w/ A- ~$ p5 c _; j
xferlog_file=/var/log/xferlog
" d/ \% v. T, J#$ {" f3 y- F+ G# l3 X
# If you want, you can have your log file in standard ftpd xferlog format.
4 K- b2 ~- Y& Q* m& J3 @2 o2 Y# Note that the default log file location is /var/log/xferlog in this case.; D4 e+ d: K' {+ u: G( @( H$ Z
xferlog_std_format=YES4 [ T, Q* }) R6 m7 I
#( Q% \1 D1 ], L- d. v
# You may change the default value for timing out an idle session.
1 {7 _4 U! P( T- M; j: h#idle_session_timeout=6002 W, H, G& J# A" d8 y+ l" o2 J
#( C3 b! @6 e |
# You may change the default value for timing out a data connection.# e* A" Z& i6 B5 ~" b7 f/ O
#data_connection_timeout=120/ L8 c ?* C5 _% C# N! [0 R7 l
#
8 t+ G1 \( J, V. x% v# It is recommended that you define on your system a unique user which the1 M6 C/ f$ z8 x# E
# ftp server can use as a totally isolated and unprivileged user.% y5 u! I# h9 W5 ], [6 C
#nopriv_user=ftpsecure8 Z& E+ z+ O( a2 T" s7 Z3 ?1 Y7 Y# T
#* c" G3 O4 G3 f* ]
# Enable this and the server will recognise asynchronous ABOR requests. Not
+ ]* n( X, o: j! E& B1 i# recommended for security (the code is non-trivial). Not enabling it,
- y- x# g {$ j8 h# j# however, may confuse older FTP clients., o* k4 T6 [- p" e2 k: c
#async_abor_enable=YES4 \+ r- Q. U. l
# | N( a0 U9 `) ]# ~$ s) J3 a
# By default the server will pretend to allow ASCII mode but in fact ignore, I: R t+ h5 Y
# the request. Turn on the below options to have the server actually do ASCII E4 N# z6 W" Q
# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains1 P/ X* c+ `. w( k) r4 r
# the behaviour when these options are disabled.
. [$ t3 D4 P9 f* B' U( v% x) c# Beware that on some FTP servers, ASCII support allows a denial of service/ d& ~* C+ ^- m% y$ L e
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
g( V7 F1 _. F- Q0 |; ^# predicted this attack and has always been safe, reporting the size of the
* U; b: f: b( t( [# raw file.$ v$ z6 o* J. Y E+ U$ C+ c e4 l
# ASCII mangling is a horrible feature of the protocol.
7 c+ q: _( O7 l# @6 P0 P# H- f6 Nascii_upload_enable=YES* w9 I7 ~! E s7 D2 D4 J
ascii_download_enable=YES
$ w. |3 j c$ S#0 y/ x! Q3 e$ a& X- K
# You may fully customise the login banner string:
9 C, a4 j8 ?/ n: P#ftpd_banner=Welcome to blah FTP service.. d- I& Y+ ^6 L# x# P1 p5 _5 R
#" E# p, C5 o M: F. q0 @
# You may specify a file of disallowed anonymous e-mail addresses. Apparently8 h) z' h0 j3 f' e5 q& o2 E+ a2 L
# useful for combatting certain DoS attacks.! \4 K5 J6 Y; Q" j8 b, p2 j
#deny_email_enable=YES4 Z/ J |* o I3 q
# (default follows)1 D1 I6 T% _3 [& J1 L5 V6 u
#banned_email_file=/etc/vsftpd/banned_emails% Z6 ?, m% J8 [' e+ o+ M
#' a5 O* M6 @8 H) ^
# You may specify an explicit list of local users to chroot() to their home" U, W* z- H% @6 [2 t
# directory. If chroot_local_user is YES, then this list becomes a list of, E3 E% a8 _* [& J6 ?9 o: y
# users to NOT chroot().$ ]/ c1 F9 A0 M4 @
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that p8 F5 C; t ^# |$ }! ?, u
# the user does not have write access to the top level directory within the
3 P; ]. e! f9 j$ v& |# chroot)
7 y5 ]' f* s! P6 g- |chroot_local_user=YES
0 O% L7 v- J R; i8 `$ d8 O2 U/ g5 K#chroot_list_enable=YES
; S, O: s; V3 G# (default follows). O; a+ U1 ?) _* \2 J( Y7 V
#chroot_list_file=/etc/vsftpd/chroot_list
; e# t0 ]4 Q4 k" a+ D4 u, s#% q* Z, G; f9 D9 `
# You may activate the "-R" option to the builtin ls. This is disabled by
3 `( r8 m& a; ~& u' _# default to avoid remote users being able to cause excessive I/O on large
4 _" H6 {2 W% s3 R! g; B4 @2 I# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume" U; g" {. Z) G' p2 l
# the presence of the "-R" option, so there is a strong case for enabling it.
: h* H5 ]& R- }5 x#ls_recurse_enable=YES9 ~2 w, B; u; a" c' O7 p$ d7 b
#5 i9 N* M* {9 u$ N+ f
# When "listen" directive is enabled, vsftpd runs in standalone mode and1 ]' V3 p5 W& }
# listens on IPv4 sockets. This directive cannot be used in conjunction- j, ~( T% X$ |& m# ]% }
# with the listen_ipv6 directive.+ i; z8 X1 K" W X* s6 _
listen=YES
, d, h- b. T1 ~: @listen_port=990
! |$ o) B" G" r5 n; S$ Mpasv_address=公网IP
# w8 P$ L$ a! |- w" M8 g1 u7 v8 e#
+ g4 y; C" v1 g2 a# {: p# This directive enables listening on IPv6 sockets. By default, listening7 O0 x6 A2 t& |9 H9 @1 l- R3 E
# on the IPv6 "any" address (: will accept connections from both IPv6/ g4 p0 O( a$ |6 T) k/ S j
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv65 e# k5 W9 P, R( D
# sockets. If you want that (perhaps because you want to listen on specific
: t. m& D: |3 l. w/ c3 s6 I8 r; X# I% Q# addresses) then you must run two copies of vsftpd with two configuration
% t- g4 R2 s; P0 C% B% X8 n5 d$ I# files.7 h6 U; d$ b/ E/ @: D3 P$ w
# Make sure, that one of the listen options is commented !!
3 \7 h- L1 C$ n( `' @1 Ylisten_ipv6=NO5 `6 `+ s( N& ]7 A' H
pam_service_name=vsftpd
E) }9 t7 Y0 x$ ]userlist_enable=NO
7 F; p" x! ?) X. l+ Ftcp_wrappers=YES$ a0 J( n7 e0 j4 e
allow_writeable_chroot=YES
0 |' n2 d0 N- }3 v z6 N$ m$ I5 V+ Z1 vuserlist_file=/etc/vsftpd/userlist: K B9 Q7 |, o* N/ a+ g# \
userlist_deny=NO
% r$ t& D( P& |1 Wssl_enable=YES
/ u8 D% t( _# rssl_tlsv1_2=YES
" r& Z1 X* o3 E1 B1 tssl_sslv2=YES0 p1 m% \! G3 n Y6 t7 ^
ssl_sslv3=YES
8 P7 ?" K3 P6 Brsa_cert_file=/etc/ssl/private/vsftpd.pem
' j- Q) J9 s- [2 ?/ N/ Z; ^rsa_private_key_file=/etc/ssl/private/vsftpd.pem
/ p" f) S2 |% P- d+ w6 w# q' lallow_anon_ssl=NO, G' {) b5 u+ [ ^/ O, z
force_local_data_ssl=YES# P w) o9 k0 d6 R
force_local_logins_ssl=YES
) w l( r$ x$ Orequire_ssl_reuse=NO/ O+ @. d5 t2 O1 p% ]. K
ssl_ciphers=HIGH5 F8 s7 |! ^2 G% L; x/ a+ D0 ]6 B5 F
implicit_ssl=YES, s$ e* c% i/ N9 B+ `
ftp_data_port=500006 j9 E* U" x% l/ {/ Z7 ~6 G
pasv_enable=YES- W- y, O) ^% [2 P3 p
pasv_min_port=40000! ~9 g1 \: E3 i
pasv_max_port=50000
+ ] M( \ \; y+ s& ~, Oport_enable=YES
* A- X! A7 B' ^' b6 {$ Y: P- E. Qdebug_ssl=YES
' x4 W7 x% c A. W+ t( kpasv_promiscuous=YES 解决vsftpd连接错误425 Security: Bad IP connecting
, S4 k0 v( I* a) T9 l2 F" F
) N( \* a1 S3 w' |" {
# R" s8 j Y l( n0 C, U不知道他们IT修改了哪里 换个IP居然联不上 尼玛 把报错一个一个排查完
0 h u/ Y* M R; K |
|手机版|赛格电脑 华强北 电脑城 南山赛格 龙岗电子世界 龙华电脑城 沙井电脑城 松岗电脑城 pc4g.com
( 粤ICP备16039863号 )
发表于 2023-1-5 18:35:50