| 1 | # Example config file /etc/vsftpd/vsftpd.conf
|
|---|
| 2 | #
|
|---|
| 3 | # The default compiled in settings are fairly paranoid. This sample file
|
|---|
| 4 | # loosens things up a bit, to make the ftp daemon more usable.
|
|---|
| 5 | # Please see vsftpd.conf.5 for all compiled in defaults.
|
|---|
| 6 | #
|
|---|
| 7 | # READ THIS: This example file is NOT an exhaustive list of vsftpd options.
|
|---|
| 8 | # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
|
|---|
| 9 | # capabilities.
|
|---|
| 10 | #
|
|---|
| 11 | # Allow anonymous FTP? (Beware - allowed by default if you comment this out).
|
|---|
| 12 | anonymous_enable=YES
|
|---|
| 13 | #
|
|---|
| 14 | # Uncomment this to allow local users to log in.
|
|---|
| 15 | #local_enable=YES
|
|---|
| 16 | #
|
|---|
| 17 | # Uncomment this to enable any form of FTP write command.
|
|---|
| 18 | #write_enable=YES
|
|---|
| 19 | #
|
|---|
| 20 | # Default umask for local users is 077. You may wish to change this to 022,
|
|---|
| 21 | # if your users expect that (022 is used by most other ftpd's)
|
|---|
| 22 | local_umask=077
|
|---|
| 23 | #
|
|---|
| 24 | # Uncomment this to allow the anonymous FTP user to upload files. This only
|
|---|
| 25 | # has an effect if the above global write enable is activated. Also, you will
|
|---|
| 26 | # obviously need to create a directory writable by the FTP user.
|
|---|
| 27 | #anon_upload_enable=YES
|
|---|
| 28 | #
|
|---|
| 29 | # Uncomment this if you want the anonymous FTP user to be able to create
|
|---|
| 30 | # new directories.
|
|---|
| 31 | #anon_mkdir_write_enable=YES
|
|---|
| 32 | #
|
|---|
| 33 | # Activate directory messages - messages given to remote users when they
|
|---|
| 34 | # go into a certain directory.
|
|---|
| 35 | dirmessage_enable=YES
|
|---|
| 36 | #
|
|---|
| 37 | # Activate logging of uploads/downloads.
|
|---|
| 38 | xferlog_enable=YES
|
|---|
| 39 | #
|
|---|
| 40 | # Make sure PORT transfer connections originate from port 20 (ftp-data).
|
|---|
| 41 | connect_from_port_20=YES
|
|---|
| 42 | #
|
|---|
| 43 | # If you want, you can arrange for uploaded anonymous files to be owned by
|
|---|
| 44 | # a different user. Note! Using "root" for uploaded files is not
|
|---|
| 45 | # recommended!
|
|---|
| 46 | #chown_uploads=YES
|
|---|
| 47 | #chown_username=whoever
|
|---|
| 48 | #chown_groupname=whoever
|
|---|
| 49 | #
|
|---|
| 50 | # You may override where the log file goes if you like. The default is shown
|
|---|
| 51 | # below.
|
|---|
| 52 | xferlog_file=/var/log/vsftpd.log
|
|---|
| 53 | #
|
|---|
| 54 | # If you want, you can have your log file in standard ftpd xferlog format.
|
|---|
| 55 | # Note that the default log file location is /var/log/xferlog in this case.
|
|---|
| 56 | xferlog_std_format=YES
|
|---|
| 57 | #
|
|---|
| 58 | # You may change the default value for timing out an idle session.
|
|---|
| 59 | idle_session_timeout=20
|
|---|
| 60 | #
|
|---|
| 61 | # You may change the default value for timing out a data connection.
|
|---|
| 62 | data_connection_timeout=45
|
|---|
| 63 | connect_timeout=20
|
|---|
| 64 | accept_timeout=20
|
|---|
| 65 | #
|
|---|
| 66 | # It is recommended that you define on your system a unique user which the
|
|---|
| 67 | # ftp server can use as a totally isolated and unprivileged user.
|
|---|
| 68 | nopriv_user=ftpnobody
|
|---|
| 69 | ftp_username=ftp
|
|---|
| 70 | #
|
|---|
| 71 | # Enable this and the server will recognise asynchronous ABOR requests. Not
|
|---|
| 72 | # recommended for security (the code is non-trivial). Not enabling it,
|
|---|
| 73 | # however, may confuse older FTP clients.
|
|---|
| 74 | #async_abor_enable=YES
|
|---|
| 75 | #
|
|---|
| 76 | # By default the server will pretend to allow ASCII mode but in fact ignore
|
|---|
| 77 | # the request. Turn on the below options to have the server actually do ASCII
|
|---|
| 78 | # mangling on files when in ASCII mode.
|
|---|
| 79 | # Beware that on some FTP servers, ASCII support allows a denial of service
|
|---|
| 80 | # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
|
|---|
| 81 | # predicted this attack and has always been safe, reporting the size of the
|
|---|
| 82 | # raw file.
|
|---|
| 83 | # ASCII mangling is a horrible feature of the protocol.
|
|---|
| 84 | #ascii_upload_enable=YES
|
|---|
| 85 | #ascii_download_enable=YES
|
|---|
| 86 | #
|
|---|
| 87 | # You may fully customise the login banner string:
|
|---|
| 88 | ftpd_banner=Welcome to mondorescue FTP Site. All connexions are logged. Please disconnect if you don't like it. The site is the master FTP site for the mondorescue project. Happy downloading.
|
|---|
| 89 | #
|
|---|
| 90 | # You may specify a file of disallowed anonymous e-mail addresses. Apparently
|
|---|
| 91 | # useful for combatting certain DoS attacks.
|
|---|
| 92 | #deny_email_enable=YES
|
|---|
| 93 | # (default follows)
|
|---|
| 94 | #banned_email_file=/etc/vsftpd/banned_emails
|
|---|
| 95 | #
|
|---|
| 96 | # You may specify an explicit list of local users to chroot() to their home
|
|---|
| 97 | # directory. If chroot_local_user is YES, then this list becomes a list of
|
|---|
| 98 | # users to NOT chroot().
|
|---|
| 99 | # (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
|
|---|
| 100 | # the user does not have write access to the top level directory within the
|
|---|
| 101 | # chroot)
|
|---|
| 102 | #chroot_local_user=YES
|
|---|
| 103 | #chroot_list_enable=YES
|
|---|
| 104 | # (default follows)
|
|---|
| 105 | #chroot_list_file=/etc/vsftpd/chroot_list
|
|---|
| 106 | #
|
|---|
| 107 | # You may activate the "-R" option to the builtin ls. This is disabled by
|
|---|
| 108 | # default to avoid remote users being able to cause excessive I/O on large
|
|---|
| 109 | # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
|
|---|
| 110 | # the presence of the "-R" option, so there is a strong case for enabling it.
|
|---|
| 111 | ls_recurse_enable=YES
|
|---|
| 112 | #
|
|---|
| 113 | # When "listen" directive is enabled, vsftpd runs in standalone mode and
|
|---|
| 114 | # listens on IPv4 sockets. This directive cannot be used in conjunction
|
|---|
| 115 | # with the listen_ipv6 directive.
|
|---|
| 116 | listen=YES
|
|---|
| 117 | #
|
|---|
| 118 | # This directive enables listening on IPv6 sockets. By default, listening
|
|---|
| 119 | # on the IPv6 "any" address (::) will accept connections from both IPv6
|
|---|
| 120 | # and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
|
|---|
| 121 | # sockets. If you want that (perhaps because you want to listen on specific
|
|---|
| 122 | # addresses) then you must run two copies of vsftpd with two configuration
|
|---|
| 123 | # files.
|
|---|
| 124 | # Make sure, that one of the listen options is commented !!
|
|---|
| 125 | listen_ipv6=NO
|
|---|
| 126 |
|
|---|
| 127 | pam_service_name=vsftpd
|
|---|
| 128 | userlist_enable=YES
|
|---|
| 129 | tcp_wrappers=YES
|
|---|
| 130 | hide_ids=YES
|
|---|
| 131 | max_clients=1000
|
|---|
| 132 | max_per_ip=60
|
|---|
| 133 | message_file=README
|
|---|
| 134 |
|
|---|
| 135 | # From http://askubuntu.com/questions/24594/lo-disabled-privacy-extensions-and-ipv6-disabling
|
|---|
| 136 | isolate=NO
|
|---|
| 137 | isolate_network=NO
|
|---|
