1 | # Example config file /etc/vsftpd/vsftpd.conf
|
---|
2 | #
|
---|
3 | # The default compiled in settings are fairly paranoid. This sample file
|
---|
4 | # loosens things up a bit, to make the ftp daemon more usable.
|
---|
5 | # Please see vsftpd.conf.5 for all compiled in defaults.
|
---|
6 | #
|
---|
7 | # READ THIS: This example file is NOT an exhaustive list of vsftpd options.
|
---|
8 | # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
|
---|
9 | # capabilities.
|
---|
10 | #
|
---|
11 | # Allow anonymous FTP? (Beware - allowed by default if you comment this out).
|
---|
12 | anonymous_enable=YES
|
---|
13 | #
|
---|
14 | # Uncomment this to allow local users to log in.
|
---|
15 | #local_enable=YES
|
---|
16 | #
|
---|
17 | # Uncomment this to enable any form of FTP write command.
|
---|
18 | #write_enable=YES
|
---|
19 | #
|
---|
20 | # Default umask for local users is 077. You may wish to change this to 022,
|
---|
21 | # if your users expect that (022 is used by most other ftpd's)
|
---|
22 | local_umask=077
|
---|
23 | #
|
---|
24 | # Uncomment this to allow the anonymous FTP user to upload files. This only
|
---|
25 | # has an effect if the above global write enable is activated. Also, you will
|
---|
26 | # obviously need to create a directory writable by the FTP user.
|
---|
27 | #anon_upload_enable=YES
|
---|
28 | #
|
---|
29 | # Uncomment this if you want the anonymous FTP user to be able to create
|
---|
30 | # new directories.
|
---|
31 | #anon_mkdir_write_enable=YES
|
---|
32 | #
|
---|
33 | # Activate directory messages - messages given to remote users when they
|
---|
34 | # go into a certain directory.
|
---|
35 | dirmessage_enable=YES
|
---|
36 | #
|
---|
37 | # Activate logging of uploads/downloads.
|
---|
38 | xferlog_enable=YES
|
---|
39 | #
|
---|
40 | # Make sure PORT transfer connections originate from port 20 (ftp-data).
|
---|
41 | connect_from_port_20=YES
|
---|
42 | #
|
---|
43 | # If you want, you can arrange for uploaded anonymous files to be owned by
|
---|
44 | # a different user. Note! Using "root" for uploaded files is not
|
---|
45 | # recommended!
|
---|
46 | #chown_uploads=YES
|
---|
47 | #chown_username=whoever
|
---|
48 | #chown_groupname=whoever
|
---|
49 | #
|
---|
50 | # You may override where the log file goes if you like. The default is shown
|
---|
51 | # below.
|
---|
52 | xferlog_file=/var/log/vsftpd.log
|
---|
53 | #
|
---|
54 | # If you want, you can have your log file in standard ftpd xferlog format.
|
---|
55 | # Note that the default log file location is /var/log/xferlog in this case.
|
---|
56 | xferlog_std_format=YES
|
---|
57 | #
|
---|
58 | # You may change the default value for timing out an idle session.
|
---|
59 | idle_session_timeout=20
|
---|
60 | #
|
---|
61 | # You may change the default value for timing out a data connection.
|
---|
62 | data_connection_timeout=45
|
---|
63 | connect_timeout=20
|
---|
64 | accept_timeout=20
|
---|
65 | #
|
---|
66 | # It is recommended that you define on your system a unique user which the
|
---|
67 | # ftp server can use as a totally isolated and unprivileged user.
|
---|
68 | nopriv_user=ftpnobody
|
---|
69 | ftp_username=ftp
|
---|
70 | #
|
---|
71 | # Enable this and the server will recognise asynchronous ABOR requests. Not
|
---|
72 | # recommended for security (the code is non-trivial). Not enabling it,
|
---|
73 | # however, may confuse older FTP clients.
|
---|
74 | #async_abor_enable=YES
|
---|
75 | #
|
---|
76 | # By default the server will pretend to allow ASCII mode but in fact ignore
|
---|
77 | # the request. Turn on the below options to have the server actually do ASCII
|
---|
78 | # mangling on files when in ASCII mode.
|
---|
79 | # Beware that on some FTP servers, ASCII support allows a denial of service
|
---|
80 | # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
|
---|
81 | # predicted this attack and has always been safe, reporting the size of the
|
---|
82 | # raw file.
|
---|
83 | # ASCII mangling is a horrible feature of the protocol.
|
---|
84 | #ascii_upload_enable=YES
|
---|
85 | #ascii_download_enable=YES
|
---|
86 | #
|
---|
87 | # You may fully customise the login banner string:
|
---|
88 | ftpd_banner=Welcome to mondorescue FTP Site. All connexions are logged. Please disconnect if you don't like it. The site is the master FTP site for the mondorescue project. Happy downloading.
|
---|
89 | #
|
---|
90 | # You may specify a file of disallowed anonymous e-mail addresses. Apparently
|
---|
91 | # useful for combatting certain DoS attacks.
|
---|
92 | #deny_email_enable=YES
|
---|
93 | # (default follows)
|
---|
94 | #banned_email_file=/etc/vsftpd/banned_emails
|
---|
95 | #
|
---|
96 | # You may specify an explicit list of local users to chroot() to their home
|
---|
97 | # directory. If chroot_local_user is YES, then this list becomes a list of
|
---|
98 | # users to NOT chroot().
|
---|
99 | # (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
|
---|
100 | # the user does not have write access to the top level directory within the
|
---|
101 | # chroot)
|
---|
102 | #chroot_local_user=YES
|
---|
103 | #chroot_list_enable=YES
|
---|
104 | # (default follows)
|
---|
105 | #chroot_list_file=/etc/vsftpd/chroot_list
|
---|
106 | #
|
---|
107 | # You may activate the "-R" option to the builtin ls. This is disabled by
|
---|
108 | # default to avoid remote users being able to cause excessive I/O on large
|
---|
109 | # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
|
---|
110 | # the presence of the "-R" option, so there is a strong case for enabling it.
|
---|
111 | ls_recurse_enable=YES
|
---|
112 | #
|
---|
113 | # When "listen" directive is enabled, vsftpd runs in standalone mode and
|
---|
114 | # listens on IPv4 sockets. This directive cannot be used in conjunction
|
---|
115 | # with the listen_ipv6 directive.
|
---|
116 | listen=YES
|
---|
117 | #
|
---|
118 | # This directive enables listening on IPv6 sockets. By default, listening
|
---|
119 | # on the IPv6 "any" address (::) will accept connections from both IPv6
|
---|
120 | # and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
|
---|
121 | # sockets. If you want that (perhaps because you want to listen on specific
|
---|
122 | # addresses) then you must run two copies of vsftpd with two configuration
|
---|
123 | # files.
|
---|
124 | # Make sure, that one of the listen options is commented !!
|
---|
125 | listen_ipv6=NO
|
---|
126 |
|
---|
127 | pam_service_name=vsftpd
|
---|
128 | userlist_enable=YES
|
---|
129 | tcp_wrappers=YES
|
---|
130 | hide_ids=YES
|
---|
131 | max_clients=1000
|
---|
132 | max_per_ip=60
|
---|
133 | message_file=README
|
---|
134 |
|
---|
135 | # From http://askubuntu.com/questions/24594/lo-disabled-privacy-extensions-and-ipv6-disabling
|
---|
136 | isolate=NO
|
---|
137 | isolate_network=NO
|
---|