anonymous_enable=YESlocal_enable=NOwrite_enable=NOanon_root=/srv/ftpanon_max

1. anonymous_enable=YES
2. local_enable=NO
3. write_enable=NO
4. anon_root=/srv/ftp
5. anon_max_rate=2048000
6. xferlog_enable=YES
7. listen=YES
8.  
9. # Example config file /etc/vsftpd.conf
10. #
11. # The default compiled in settings are fairly paranoid. This sample file
12. # loosens things up a bit, to make the ftp daemon more usable.
13. # Please see vsftpd.conf.5 for all compiled in defaults.
14. #
15. # READ THIS: This example file is NOT an exhaustive list of vsftpd options.
16. # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
17. # capabilities.
18. #
19. #
20. # Run standalone? vsftpd can run either from an inetd or as a standalone
21. # daemon started from an initscript.
22. listen=YES
23.  
24. anon_root=/src/ftp
25.  
26. anon_max_rate=2048000
27. #
28. # Run standalone with IPv6?
29. # Like the listen parameter, except vsftpd will listen on an IPv6 socket
30. # instead of an IPv4 one. This parameter and the listen parameter are mutually
31. # exclusive.
32. #listen_ipv6=YES
33. #
34. # Allow anonymous FTP? (Disabled by default)
35. anonymous_enable=YES
36. #
37. # Uncomment this to allow local users to log in.
38. local_enable=NO
39. #
40. # Uncomment this to enable any form of FTP write command.
41. write_enable=NO
42. #
43. # Default umask for local users is 077. You may wish to change this to 022,
44. # if your users expect that (022 is used by most other ftpd's)
45. #local_umask=022
46. #
47. # Uncomment this to allow the anonymous FTP user to upload files. This only
48. # has an effect if the above global write enable is activated. Also, you will
49. # obviously need to create a directory writable by the FTP user.
50. #anon_upload_enable=YES
51. #
52. # Uncomment this if you want the anonymous FTP user to be able to create
53. # new directories.
54. #anon_mkdir_write_enable=YES
55. #
56. # Activate directory messages - messages given to remote users when they
57. # go into a certain directory.
58. dirmessage_enable=YES
59. #
60. # If enabled, vsftpd will display directory listings with the time
61. # in your local time zone. The default is to display GMT. The
62. # times returned by the MDTM FTP command are also affected by this
63. # option.
64. use_localtime=YES
65. #
66. # Activate logging of uploads/downloads.
67. ferlog_enable=YES
68. #
69. # Make sure PORT transfer connections originate from port 20 (ftp-data).
70. connect_from_port_20=YES
71. #
72. # If you want, you can arrange for uploaded anonymous files to be owned by
73. # a different user. Note! Using "root" for uploaded files is not
74. # recommended!
75. #chown_uploads=YES
76. #chown_username=whoever
77. #
78. # You may override where the log file goes if you like. The default is shown
79. # below.
80. #xferlog_file=/var/log/vsftpd.log
81. #
82. # If you want, you can have your log file in standard ftpd xferlog format.
83. # Note that the default log file location is /var/log/xferlog in this case.
84. #xferlog_std_format=YES
85. #
86. # You may change the default value for timing out an idle session.
87. #idle_session_timeout=600
88. #
89. # You may change the default value for timing out a data connection.
90. #data_connection_timeout=120
91. #
92. # It is recommended that you define on your system a unique user which the
93. # ftp server can use as a totally isolated and unprivileged user.
94. #nopriv_user=ftpsecure
95. #
96. # Enable this and the server will recognise asynchronous ABOR requests. Not
97. # recommended for security (the code is non-trivial). Not enabling it,
98. # however, may confuse older FTP clients.
99. #async_abor_enable=YES
100. #
101. # By default the server will pretend to allow ASCII mode but in fact ignore
102. # the request. Turn on the below options to have the server actually do ASCII
103. # mangling on files when in ASCII mode.
104. # Beware that on some FTP servers, ASCII support allows a denial of service
105. # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
106. # predicted this attack and has always been safe, reporting the size of the
107. # raw file.
108. # ASCII mangling is a horrible feature of the protocol.
109. #ascii_upload_enable=YES
110. #ascii_download_enable=YES
111. #
112. # You may fully customise the login banner string:
113. #ftpd_banner=Welcome to blah FTP service.
114. #
115. # You may specify a file of disallowed anonymous e-mail addresses. Apparently
116. # useful for combatting certain DoS attacks.
117. #deny_email_enable=YES
118. # (default follows)
119. #banned_email_file=/etc/vsftpd.banned_emails
120. #
121. # You may restrict local users to their home directories. See the FAQ for
122. # the possible risks in this before using chroot_local_user or
123. # chroot_list_enable below.
124. #chroot_local_user=YES
125. #
126. # You may specify an explicit list of local users to chroot() to their home
127. # directory. If chroot_local_user is YES, then this list becomes a list of
128. # users to NOT chroot().
129. # (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
130. # the user does not have write access to the top level directory within the
131. # chroot)
132. #chroot_local_user=YES
133. #chroot_list_enable=YES
134. # (default follows)
135. #chroot_list_file=/etc/vsftpd.chroot_list
136. #
137. # You may activate the "-R" option to the builtin ls. This is disabled by
138. # default to avoid remote users being able to cause excessive I/O on large
139. # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
140. # the presence of the "-R" option, so there is a strong case for enabling it.
141. #ls_recurse_enable=YES
142. #
143. # Customization
144. #
145. # Some of vsftpd's settings don't fit the filesystem layout by
146. # default.
147. #
148. # This option should be the name of a directory which is empty. Also, the
149. # directory should not be writable by the ftp user. This directory is used
150. # as a secure chroot() jail at times vsftpd does not require filesystem
151. # access.
152. secure_chroot_dir=/var/run/vsftpd/empty
153. #
154. # This string is the name of the PAM service vsftpd will use.
155. pam_service_name=vsftpd
156. #
157. # This option specifies the location of the RSA certificate to use for SSL
158. # encrypted connections.
159. rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
160. # This option specifies the location of the RSA key to use for SSL
161. # encrypted connections.
162. rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
163.  
164. sudo mkdir /srv/ftp
165. sudo usermod -d /srv/ftp ftp
166.  
167. sudo /etc/init.d/vsftpd restart
168.  
169. no_anon_password=YES
170.  
171. no_anon_password
172. When enabled, this prevents vsftpd from asking for an anonymous password - the anonymous user will
173. log straight in.
174.  
175. Default: NO