# Example config file /etc/vsftpd.conf## The default compiled in settings ar

1. # Example config file /etc/vsftpd.conf
2. #
3. # The default compiled in settings are fairly paranoid. This sample file
4. # loosens things up a bit, to make the ftp daemon more usable.
5. # Please see vsftpd.conf.5 for all compiled in defaults.
6. #
7. # READ THIS: This example file is NOT an exhaustive list of vsftpd options.
8. # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
9. # capabilities.
10. #
11. #
12. # Run standalone? vsftpd can run either from an inetd or as a standalone
13. # daemon started from an initscript.
14. listen=YES
15. #
16. # Run standalone with IPv6?
17. # Like the listen parameter, except vsftpd will listen on an IPv6 socket
18. # instead of an IPv4 one. This parameter and the listen parameter are mutually
19. # exclusive.
20. #listen_ipv6=YES
21. #
22. # Allow anonymous FTP? (Beware - allowed by default if you comment this out).
23. anonymous_enable=YES
24. #
25. # Uncomment this to allow local users to log in.
26. local_enable=YES
27. #
28. # Uncomment this to enable any form of FTP write command.
29. write_enable=YES
30. #
31. # Default umask for local users is 077. You may wish to change this to 022,
32. # if your users expect that (022 is used by most other ftpd's)
33. local_umask=022
34. #
35. # Uncomment this to allow the anonymous FTP user to upload files. This only
36. # has an effect if the above global write enable is activated. Also, you will
37. # obviously need to create a directory writable by the FTP user.
38. anon_upload_enable=NO
39. #
40. # Uncomment this if you want the anonymous FTP user to be able to create
41. # new directories.
42. anon_mkdir_write_enable=NO
43. #
44. # Activate directory messages - messages given to remote users when they
45. # go into a certain directory.
46. dirmessage_enable=YES
47. #
48. # If enabled, vsftpd will display directory listings with the time
49. # in your local time zone. The default is to display GMT. The
50. # times returned by the MDTM FTP command are also affected by this
51. # option.
52. use_localtime=YES
53. #
54. # Activate logging of uploads/downloads.
55. xferlog_enable=YES
56. #
57. # Make sure PORT transfer connections originate from port 20 (ftp-data).
58. connect_from_port_20=YES
59. #
60. # If you want, you can arrange for uploaded anonymous files to be owned by
61. # a different user. Note! Using "root" for uploaded files is not
62. # recommended!
63. #chown_uploads=YES
64. #chown_username=whoever
65. #
66. # You may override where the log file goes if you like. The default is shown
67. # below.
68. #xferlog_file=/var/log/vsftpd.log
69. #
70. # If you want, you can have your log file in standard ftpd xferlog format.
71. # Note that the default log file location is /var/log/xferlog in this case.
72. #xferlog_std_format=YES
73. #
74. # You may change the default value for timing out an idle session.
75. #idle_session_timeout=600
76. #
77. # You may change the default value for timing out a data connection.
78. #data_connection_timeout=120
79. #
80. # It is recommended that you define on your system a unique user which the
81. # ftp server can use as a totally isolated and unprivileged user.
82. #nopriv_user=ftpsecure
83. #
84. # Enable this and the server will recognise asynchronous ABOR requests. Not
85. # recommended for security (the code is non-trivial). Not enabling it,
86. # however, may confuse older FTP clients.
87. #async_abor_enable=YES
88. #
89. # By default the server will pretend to allow ASCII mode but in fact ignore
90. # the request. Turn on the below options to have the server actually do ASCII
91. # mangling on files when in ASCII mode.
92. # Beware that on some FTP servers, ASCII support allows a denial of service
93. # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
94. # predicted this attack and has always been safe, reporting the size of the
95. # raw file.
96. # ASCII mangling is a horrible feature of the protocol.
97. #ascii_upload_enable=YES
98. #ascii_download_enable=YES
99. #
100. # You may fully customise the login banner string:
101. #ftpd_banner=Welcome to blah FTP service.
102. #
103. # You may specify a file of disallowed anonymous e-mail addresses. Apparently
104. # useful for combatting certain DoS attacks.
105. deny_email_enable=YES
106. # (default follows)
107. banned_email_file=/etc/vsftpd.banned_emails
108. #
109. # You may restrict local users to their home directories. See the FAQ for
110. # the possible risks in this before using chroot_local_user or
111. # chroot_list_enable below.
112. #chroot_local_user=YES
113. #
114. # You may specify an explicit list of local users to chroot() to their home
115. # directory. If chroot_local_user is YES, then this list becomes a list of
116. # users to NOT chroot().
117. # (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
118. # the user does not have write access to the top level directory within the
119. # chroot)
120. #chroot_local_user=YES
121. chroot_list_enable=YES
122. # (default follows)
123. chroot_list_file=/etc/vsftpd.chroot_list
124. #
125. # You may activate the "-R" option to the builtin ls. This is disabled by
126. # default to avoid remote users being able to cause excessive I/O on large
127. # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
128. # the presence of the "-R" option, so there is a strong case for enabling it.
129. #ls_recurse_enable=YES
130. #
131. # Customization
132. #
133. # Some of vsftpd's settings don't fit the filesystem layout by
134. # default.
135. #
136. # This option should be the name of a directory which is empty. Also, the
137. # directory should not be writable by the ftp user. This directory is used
138. # as a secure chroot() jail at times vsftpd does not require filesystem
139. # access.
140. secure_chroot_dir=/var/run/vsftpd/empty
141. #
142. # This string is the name of the PAM service vsftpd will use.
143. pam_service_name=vsftpd
144. #
145. # This option specifies the location of the RSA certificate to use for SSL
146. # encrypted connections.
147. rsa_cert_file=/etc/ssl/private/vsftpd.pem