Guest User

New_Scenario_pure-ftpd.conf

a guest
Jan 16th, 2019
146
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ############################################################
  2. # #
  3. # Configuration file for pure-ftpd #
  4. # #
  5. ############################################################
  6.  
  7. # If you want to run Pure-FTPd with this configuration
  8. # instead of command-line options, please run the
  9. # following command :
  10. #
  11. # /usr/sbin/pure-ftpd /etc/pure-ftpd/etc/pure-ftpd.conf
  12. #
  13. # Online documentation:
  14. # https://www.pureftpd.org/project/pure-ftpd/doc
  15.  
  16.  
  17. # Restrict users to their home directory
  18.  
  19. ChrootEveryone yes
  20.  
  21.  
  22.  
  23. # If the previous option is set to "no", members of the following group
  24. # won't be restricted. Others will be. If you don't want chroot()ing anyone,
  25. # just comment out ChrootEveryone and TrustedGID.
  26.  
  27. # TrustedGID 100
  28.  
  29.  
  30.  
  31. # Turn on compatibility hacks for broken clients
  32.  
  33. BrokenClientsCompatibility no
  34.  
  35.  
  36.  
  37. # Maximum number of simultaneous users
  38.  
  39. MaxClientsNumber 50
  40.  
  41.  
  42.  
  43. # Run as a background process
  44.  
  45. Daemonize yes
  46.  
  47.  
  48.  
  49. # Maximum number of simultaneous clients with the same IP address
  50.  
  51. MaxClientsPerIP 8
  52.  
  53.  
  54.  
  55. # If you want to log all client commands, set this to "yes".
  56. # This directive can be specified twice to also log server responses.
  57.  
  58. VerboseLog no
  59.  
  60.  
  61.  
  62. # List dot-files even when the client doesn't send "-a".
  63.  
  64. DisplayDotFiles yes
  65.  
  66.  
  67.  
  68. # Disallow authenticated users - Act only as a public FTP server.
  69.  
  70. AnonymousOnly no
  71.  
  72.  
  73.  
  74. # Disallow anonymous connections. Only accept authenticated users.
  75.  
  76. NoAnonymous no
  77.  
  78.  
  79.  
  80. # Syslog facility (auth, authpriv, daemon, ftp, security, user, local*)
  81. # The default facility is "ftp". "none" disables logging.
  82.  
  83. SyslogFacility ftp
  84.  
  85.  
  86.  
  87. # Display fortune cookies
  88.  
  89. # FortunesFile /usr/share/fortune/zippy
  90.  
  91.  
  92.  
  93. # Don't resolve host names in log files. Recommended unless you trust
  94. # reverse host names, and don't care about DNS resolution being possibly slow.
  95.  
  96. DontResolve yes
  97.  
  98.  
  99.  
  100. # Maximum idle time in minutes (default = 15 minutes)
  101.  
  102. MaxIdleTime 15
  103.  
  104.  
  105.  
  106. # LDAP configuration file (see README.LDAP)
  107.  
  108. # LDAPConfigFile /etc/pureftpd-ldap.conf
  109.  
  110.  
  111.  
  112. # MySQL configuration file (see README.MySQL)
  113.  
  114. # MySQLConfigFile /etc/pureftpd-mysql.conf
  115.  
  116.  
  117. # PostgreSQL configuration file (see README.PGSQL)
  118.  
  119. # PGSQLConfigFile /etc/pureftpd-pgsql.conf
  120.  
  121.  
  122. # PureDB user database (see README.Virtual-Users)
  123.  
  124. # PureDB /etc/pureftpd.pdb
  125.  
  126.  
  127. # Path to pure-authd socket (see README.Authentication-Modules)
  128.  
  129. # ExtAuth /var/run/ftpd.sock
  130.  
  131.  
  132.  
  133. # If you want to enable PAM authentication, uncomment the following line
  134.  
  135. # PAMAuthentication yes
  136.  
  137.  
  138.  
  139. # If you want simple Unix (/etc/passwd) authentication, uncomment this
  140.  
  141. # UnixAuthentication yes
  142.  
  143.  
  144.  
  145. # Please note that LDAPConfigFile, MySQLConfigFile, PAMAuthentication and
  146. # UnixAuthentication can be used specified once, but can be combined
  147. # together. For instance, if you use MySQLConfigFile, then UnixAuthentication,
  148. # the SQL server will be used first. If the SQL authentication fails because the
  149. # user wasn't found, a new attempt will be done using system authentication.
  150. # If the SQL authentication fails because the password didn't match, the
  151. # authentication chain stops here. Authentication methods are chained in
  152. # the order they are given.
  153.  
  154.  
  155.  
  156. # 'ls' recursion limits. The first argument is the maximum number of
  157. # files to be displayed. The second one is the max subdirectories depth.
  158.  
  159. LimitRecursion 10000 8
  160.  
  161.  
  162.  
  163. # Are anonymous users allowed to create new directories?
  164.  
  165. AnonymousCanCreateDirs no
  166.  
  167.  
  168.  
  169. # If the system load is greater than the given value, anonymous users
  170. # aren't allowed to download.
  171.  
  172. MaxLoad 4
  173.  
  174.  
  175.  
  176. # Port range for passive connections - keep it as broad as possible.
  177.  
  178. # PassivePortRange 30000 50000
  179.  
  180.  
  181.  
  182. # Force an IP address in PASV/EPSV/SPSV replies. - for NAT.
  183. # Symbolic host names are also accepted for gateways with dynamic IP
  184. # addresses.
  185.  
  186. # ForcePassiveIP 192.168.0.1
  187.  
  188.  
  189.  
  190. # Upload/download ratio for anonymous users.
  191.  
  192. # AnonymousRatio 1 10
  193.  
  194.  
  195.  
  196. # Upload/download ratio for all users.
  197. # This directive supersedes the previous one.
  198.  
  199. # UserRatio 1 10
  200.  
  201.  
  202.  
  203. # Disallow downloads of files owned by the "ftp" system user;
  204. # files that were uploaded but not validated by a local admin.
  205.  
  206. AntiWarez yes
  207.  
  208.  
  209.  
  210. # IP address/port to listen to (default=all IP addresses, port 21).
  211.  
  212. # Bind 127.0.0.1,21
  213.  
  214.  
  215.  
  216. # Maximum bandwidth for anonymous users in KB/s
  217.  
  218. # AnonymousBandwidth 8
  219.  
  220.  
  221.  
  222. # Maximum bandwidth for *all* users (including anonymous) in KB/s
  223. # Use AnonymousBandwidth *or* UserBandwidth, not both.
  224.  
  225. # UserBandwidth 8
  226.  
  227.  
  228.  
  229. # File creation mask. <umask for files>:<umask for dirs> .
  230. # 177:077 if you feel paranoid.
  231.  
  232. Umask 133:022
  233.  
  234.  
  235.  
  236. # Minimum UID for an authenticated user to log in.
  237.  
  238. MinUID 100
  239.  
  240.  
  241.  
  242. # Allow FXP transfers for authenticated users.
  243.  
  244. AllowUserFXP no
  245.  
  246.  
  247.  
  248. # Allow anonymous FXP for anonymous and non-anonymous users.
  249.  
  250. AllowAnonymousFXP no
  251.  
  252.  
  253.  
  254. # Users can't delete/write files starting with a dot ('.')
  255. # even if they own them. But if TrustedGID is enabled, that group
  256. # will exceptionally have access to dot-files.
  257.  
  258. ProhibitDotFilesWrite no
  259.  
  260.  
  261.  
  262. # Prohibit *reading* of files starting with a dot (.history, .ssh...)
  263.  
  264. ProhibitDotFilesRead no
  265.  
  266.  
  267.  
  268. # Don't overwrite files. When a file whose name already exist is uploaded,
  269. # it gets automatically renamed to file.1, file.2, file.3, ...
  270.  
  271. AutoRename no
  272.  
  273.  
  274.  
  275. # Prevent anonymous users from uploading new files (no = upload is allowed)
  276.  
  277. AnonymousCantUpload no
  278.  
  279.  
  280.  
  281. # Only connections to this specific IP address are allowed to be
  282. # non-anonymous. You can use this directive to open several public IPs for
  283. # anonymous FTP, and keep a private firewalled IP for remote administration.
  284. # You can also only allow a non-routable local IP (such as 10.x.x.x) for
  285. # authenticated users, and run a public anon-only FTP server on another IP.
  286.  
  287. # TrustedIP 10.1.1.1
  288.  
  289.  
  290.  
  291. # To add the PID to log entries, uncomment the following line.
  292.  
  293. # LogPID yes
  294.  
  295.  
  296.  
  297. # Create an additional log file with transfers logged in a Apache-like format :
  298. # fw.c9x.org - jedi [13/Apr/2017:19:36:39] "GET /ftp/linux.tar.bz2" 200 21809338
  299. # This log file can then be processed by common HTTP traffic analyzers.
  300.  
  301. # AltLog clf:/var/log/pureftpd.log
  302.  
  303.  
  304.  
  305. # Create an additional log file with transfers logged in a format optimized
  306. # for statistic reports.
  307.  
  308. # AltLog stats:/var/log/pureftpd.log
  309.  
  310.  
  311.  
  312. # Create an additional log file with transfers logged in the standard W3C
  313. # format (compatible with many HTTP log analyzers)
  314.  
  315. # AltLog w3c:/var/log/pureftpd.log
  316.  
  317.  
  318.  
  319. # Disallow the CHMOD command. Users cannot change perms of their own files.
  320.  
  321. # NoChmod yes
  322.  
  323.  
  324.  
  325. # Allow users to resume/upload files, but *NOT* to delete them.
  326.  
  327. # KeepAllFiles yes
  328.  
  329.  
  330.  
  331. # Automatically create home directories if they are missing
  332.  
  333. # CreateHomeDir yes
  334.  
  335.  
  336.  
  337. # Enable virtual quotas. The first value is the max number of files.
  338. # The second value is the maximum size, in megabytes.
  339. # So 1000:10 limits every user to 1000 files and 10 MB.
  340.  
  341. # Quota 1000:10
  342.  
  343.  
  344.  
  345. # If your pure-ftpd has been compiled with standalone support, you can change
  346. # the location of the pid file. The default is /var/run/pure-ftpd.pid
  347.  
  348. # PIDFile /var/run/pure-ftpd.pid
  349.  
  350.  
  351.  
  352. # If your pure-ftpd has been compiled with pure-uploadscript support,
  353. # this will make pure-ftpd write info about new uploads to
  354. # /var/run/pure-ftpd.upload.pipe so pure-uploadscript can read it and
  355. # spawn a script to handle the upload.
  356. # Don't enable this option if you don't actually use pure-uploadscript.
  357.  
  358. # CallUploadScript yes
  359.  
  360.  
  361.  
  362. # This option is useful on servers where anonymous upload is
  363. # allowed. When the partition is more that percententage full,
  364. # new uploads are disallowed.
  365.  
  366. MaxDiskUsage 99
  367.  
  368.  
  369.  
  370. # Set to 'yes' to prevent users from renaming files.
  371.  
  372. # NoRename yes
  373.  
  374.  
  375.  
  376. # Be 'customer proof': forbids common customer mistakes such as
  377. # 'chmod 0 public_html', that are valid, but can cause customers to
  378. # unintentionally shoot themselves in the foot.
  379.  
  380. CustomerProof yes
  381.  
  382.  
  383.  
  384. # Per-user concurrency limits. Will only work if the FTP server has
  385. # been compiled with --with-peruserlimits.
  386. # Format is: <max sessions per user>:<max anonymous sessions>
  387. # For example, 3:20 means that an authenticated user can have up to 3 active
  388. # sessions, and that up to 20 anonymous sessions are allowed.
  389.  
  390. # PerUserLimits 3:20
  391.  
  392.  
  393.  
  394. # When a file is uploaded and there was already a previous version of the file
  395. # with the same name, the old file will neither get removed nor truncated.
  396. # The file will be stored under a temporary name and once the upload is
  397. # complete, it will be atomically renamed. For example, when a large PHP
  398. # script is being uploaded, the web server will keep serving the old version and
  399. # later switch to the new one as soon as the full file will have been
  400. # transferred. This option is incompatible with virtual quotas.
  401.  
  402. # NoTruncate yes
  403.  
  404.  
  405.  
  406. # This option accepts three values:
  407. # 0: disable SSL/TLS encryption layer (default).
  408. # 1: accept both cleartext and encrypted sessions.
  409. # 2: refuse connections that don't use the TLS security mechanism,
  410. # including anonymous sessions.
  411. # Do _not_ uncomment this blindly. Double check that:
  412. # 1) The server has been compiled with TLS support (--with-tls),
  413. # 2) A valid certificate is in place,
  414. # 3) Only compatible clients will log in.
  415.  
  416. # TLS 1
  417.  
  418.  
  419. # Cipher suite for TLS sessions.
  420. # The default suite is secure and setting this property is usually
  421. # only required to *lower* the security to cope with legacy clients.
  422. # Prefix with -C: in order to require valid client certificates.
  423. # If -C: is used, make sure that clients' public keys are present on
  424. # the server.
  425.  
  426. # TLSCipherSuite HIGH
  427.  
  428.  
  429.  
  430. # Certificate file, for TLS
  431.  
  432. # CertFile /etc/ssl/private/pure-ftpd.pem
  433.  
  434.  
  435.  
  436. # Listen only to IPv4 addresses in standalone mode (ie. disable IPv6)
  437. # By default, both IPv4 and IPv6 are enabled.
  438.  
  439. # IPV4Only yes
  440.  
  441.  
  442.  
  443. # Listen only to IPv6 addresses in standalone mode (i.e. disable IPv4)
  444. # By default, both IPv4 and IPv6 are enabled.
  445.  
  446. # IPV6Only yes
  447.  
  448.  
  449.  
  450. # UTF-8 support for file names (RFC 2640)
  451. # Set the charset of the server filesystem and optionally the default charset
  452. # for remote clients that don't use UTF-8.
  453. # Works only if pure-ftpd has been compiled with --with-rfc2640
  454.  
  455. # FileSystemCharset big5
  456. # ClientCharset big5
RAW Paste Data