# Example config file /etc/vsftpd.conf## The default compiled in settings

1.  
2. # Example config file /etc/vsftpd.conf
3. #
4. # The default compiled in settings are fairly paranoid. This sample file
5. # loosens things up a bit, to make the ftp daemon more usable.
6. # Please see vsftpd.conf.5 for all compiled in defaults.
7. #
8. # READ THIS: This example file is NOT an exhaustive list of vsftpd options.
9. # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
10. # capabilities.
11. #
12. #
13. # Run standalone?  vsftpd can run either from an inetd or as a standalone
14. # daemon started from an initscript.
15. listen=YES
16. #
17. # Run standalone with IPv6?
18. # Like the listen parameter, except vsftpd will listen on an IPv6 socket
19. # instead of an IPv4 one. This parameter and the listen parameter are mutually
20. # exclusive.
21. #listen_ipv6=YES
22. #
23. # Allow anonymous FTP? (Disabled by default)
24. #anonymous_enable=YES
25. #
26. # Uncomment this to allow local users to log in.
27. local_enable=YES
28. #
29. # Uncomment this to enable any form of FTP write command.
30. write_enable=YES
31. #
32. # Default umask for local users is 077. You may wish to change this to 022,
33. # if your users expect that (022 is used by most other ftpd's)
34. local_umask=0777
35. #
36. # Uncomment this to allow the anonymous FTP user to upload files. This only
37. # has an effect if the above global write enable is activated. Also, you will
38. # obviously need to create a directory writable by the FTP user.
39. #anon_upload_enable=YES
40. #
41. # Uncomment this if you want the anonymous FTP user to be able to create
42. # new directories.
43. #anon_mkdir_write_enable=YES
44. #
45. # Activate directory messages - messages given to remote users when they
46. # go into a certain directory.
47. dirmessage_enable=YES
48. #
49. # If enabled, vsftpd will display directory listings with the time
50. # in  your  local  time  zone.  The default is to display GMT. The
51. # times returned by the MDTM FTP command are also affected by this
52. # option.
53. use_localtime=YES
54. #
55. # Activate logging of uploads/downloads.
56. xferlog_enable=YES
57. #
58. # Make sure PORT transfer connections originate from port 20 (ftp-data).
59. connect_from_port_20=YES
60. #
61. # If you want, you can arrange for uploaded anonymous files to be owned by
62. # a different user. Note! Using "root" for uploaded files is not
63. # recommended!
64. #chown_uploads=YES
65. #chown_username=whoever
66. #
67. # You may override where the log file goes if you like. The default is shown
68. # below.
69. #xferlog_file=/var/log/vsftpd.log
70. #
71. # If you want, you can have your log file in standard ftpd xferlog format.
72. # Note that the default log file location is /var/log/xferlog in this case.
73. #xferlog_std_format=YES
74. #
75. # You may change the default value for timing out an idle session.
76. #idle_session_timeout=600
77. #
78. # You may change the default value for timing out a data connection.
79. #data_connection_timeout=120
80. #
81. # It is recommended that you define on your system a unique user which the
82. # ftp server can use as a totally isolated and unprivileged user.
83. #nopriv_user=ftpsecure
84. #
85. # Enable this and the server will recognise asynchronous ABOR requests. Not
86. # recommended for security (the code is non-trivial). Not enabling it,
87. # however, may confuse older FTP clients.
88. #async_abor_enable=YES
89. #
90. # By default the server will pretend to allow ASCII mode but in fact ignore
91. # the request. Turn on the below options to have the server actually do ASCII
92. # mangling on files when in ASCII mode.
93. # Beware that on some FTP servers, ASCII support allows a denial of service
94. # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
95. # predicted this attack and has always been safe, reporting the size of the
96. # raw file.
97. # ASCII mangling is a horrible feature of the protocol.
98. #ascii_upload_enable=YES
99. #ascii_download_enable=YES
100. #
101. # You may fully customise the login banner string:
102. #ftpd_banner=Welcome to blah FTP service.
103. #
104. # You may specify a file of disallowed anonymous e-mail addresses. Apparently
105. # useful for combatting certain DoS attacks.
106. #deny_email_enable=YES
107. # (default follows)
108. #banned_email_file=/etc/vsftpd.banned_emails
109. #
110. # You may restrict local users to their home directories.  See the FAQ for
111. # the possible risks in this before using chroot_local_user or
112. # chroot_list_enable below.
113. #chroot_local_user=YES
114. #
115. # You may specify an explicit list of local users to chroot() to their home
116. # directory. If chroot_local_user is YES, then this list becomes a list of
117. # users to NOT chroot().
118. #chroot_local_user=YES
119. #chroot_list_enable=YES
120. # (default follows)
121. #chroot_list_file=/etc/vsftpd.chroot_list
122. #
123. # You may activate the "-R" option to the builtin ls. This is disabled by
124. # default to avoid remote users being able to cause excessive I/O on large
125. # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
126. # the presence of the "-R" option, so there is a strong case for enabling it.
127. #ls_recurse_enable=YES
128. #
129. # Debian customization
130. #
131. # Some of vsftpd's settings don't fit the Debian filesystem layout by
132. # default.  These settings are more Debian-friendly.
133. #
134. # This option should be the name of a directory which is empty.  Also, the
135. # directory should not be writable by the ftp user. This directory is used
136. # You may restrict local users to their home directories.  See the FAQ for
137. # the possible risks in this before using chroot_local_user or
138. # chroot_list_enable below.
139. #chroot_local_user=YES
140. #
141. # You may specify an explicit list of local users to chroot() to their home
142. # directory. If chroot_local_user is YES, then this list becomes a list of
143. # users to NOT chroot().
144. #chroot_local_user=YES
145. #chroot_list_enable=YES
146. # (default follows)
147. #chroot_list_file=/etc/vsftpd.chroot_list
148. #
149. # You may activate the "-R" option to the builtin ls. This is disabled by
150. # default to avoid remote users being able to cause excessive I/O on large
151. # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
152. # the presence of the "-R" option, so there is a strong case for enabling it.
153. #ls_recurse_enable=YES
154. #
155. # Debian customization
156. #
157. # Some of vsftpd's settings don't fit the Debian filesystem layout by
158. # default.  These settings are more Debian-friendly.
159. #
160. # This option should be the name of a directory which is empty.  Also, the
161. # directory should not be writable by the ftp user. This directory is used
162. # as a secure chroot() jail at times vsftpd does not require filesystem
163. # access.
164. secure_chroot_dir=/var/run/vsftpd/empty
165. #
166. # This string is the name of the PAM service vsftpd will use.
167. pam_service_name=vsftpd
168. #
169. # This option specifies the location of the RSA certificate to use for SSL
170. # encrypted connections.
171. rsa_cert_file=/etc/ssl/private/vsftpd.pem