Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #----------------------------------------------------------------------------------------------------------------------------------------
- # VSFTPD.CONF | /etc/vsftpd.conf =>> /conf/vsftpd/vsftpd.conf
- # vsftpd.conf may be used to control various aspects of vsftpd's behaviour. By default, vsftpd looks for
- # this file at the location above. However, you may override this by specifying a CLI argument to vsftpd.
- #The CLI argument is the pathname of the conf file for vsftpd. This is useful for use of an advanced inetd
- # such as xinetd to launch vsftpd with different configuration files on a per vhost basis.
- #----------------------------------------------------------------------------------------------------------------------------------------
- # Listener Configuration
- #----------------------------------------------------------------------------------------------------------------------------------------
- # [ NO | *YES=VSFTPD runs in standalone mode. ]
- listen=YES
- #
- # [ Default: (none) = The default listen address of VSFTPD | standalone mode. Provide a numeric IP address.. ]
- #listen_address=
- #
- # [ Default: (21) = The default listen address port of VSFTPD | standalone mode. Provide a numeric IP address.. ]
- listen_port=21
- #
- # [ *NO | YES = VSFTPD will listen on an IPv6 socket instead of an IPv4 one. ]
- listen_ipv6=NO
- #
- # [ Default: (none) = The default listen IPv6 address of VSFTPD | standalone mode. Provide a numeric IPv6 address.. ]
- #listen_address6 =
- #
- # [ *NO | YES = VSFTPD will background the listener process. ]
- #background=NO
- #
- # [ Default: ftp=Name of the PAM service vsftpd will use. ]
- pam_service_name=vsftpd
- #
- # https://www.benscobie.com/fixing-500-oops-vsftpd-refusing-to-run-with-writable-root-inside-chroot/
- allow_writeable_chroot=YES
- #
- # PORT Configuration
- #----------------------------------------------------------------------------------------------------------------------------------------
- # [ NO | *YES=Allow the PORT method of obtaining a data connection. ]
- #port_enable=YES
- #
- # [ *NO | YES = Disable PORT security check that ensures that outgoing data connections can only connect to the client. ]
- #port_promiscuous=NO
- #
- # [ *NO | YES = Controls whether PORT style data connections use port 20 (ftp-data) on the server machine. ]
- connect_from_port_20=NO
- #
- # [ Default: 20=port from which PORT style connections originate (as long as the poorly named connect_from_port_20 is enabled). ]
- #ftp_data_port=20
- #
- # [ NO | *YES=Allow the PASV method of obtaining a data connection. ]
- pasv_enable=YES
- #
- # [ *NO | YES = Use a hostname (as opposed to IP address) in the pasv_address option. ]
- #pasv_addr_resolve=NO
- #
- # [ Default: (none - use address of the incoming socket) = Override IP address that VSFTPD will give in response to PASV. ]
- #pasv_address=127.0.0.1
- #
- # [ *NO | YES = Disable PASV security check that ensures the data connection originates from same IP address as control connection. ]
- #pasv_promiscuous=NO
- #
- # [ Default: 0=MIN port to allocate for PASV. Can be used to specify a narrow port range to assist firewalling. ]
- pasv_min_port=40000
- #
- # [ Default: 0=MAX port to allocate for PASV. Can be used to specify a narrow port range to assist firewalling. ]
- pasv_max_port=50000
- # User Configuration
- #----------------------------------------------------------------------------------------------------------------------------------------
- #
- # Anonymous Users -------------------------------------------------------------------------------------------------------------
- # [ *NO | YES = All non-anonymous logins are classed as "guest" logins. ]
- #guest_enable=NO
- #
- # [ NO | *YES=Both the usernames ftp and anonymous are recognised as anonymous logins. ]
- anonymous_enable=NO
- #
- # [ *NO | YES = Prevents VSFTPD from asking for an anonymous password - the anonymous user will log straight in. ]
- #no_anon_password=NO
- #
- # [ Default: ftp=Name of the user used for handling anonymous FTP. The home path of this user is the root of the anonymous FTP area. ]
- #ftp_username=ftp
- #
- # [ Default: ftp=Real username which guest users are mapped to. ]
- #guest_username=ftp
- #
- # [ *NO | YES = Anonymous users will be permitted to create new directories under certain conditions. ]
- #anon_mkdir_write_enable=NO
- #
- # [ *NO | YES = Anonymous users will be permitted to perform additional write operations other than upload and create directory. ]
- #anon_other_write_enable=NO
- #
- # [ *NO | YES = Anonymous users will be permitted to upload files under certain conditions. ]
- #anon_upload_enable=NO
- #
- # [ NO | *YES=Anonymous users will only be allowed to download files which are world readable. ]
- #anon_world_readable_only=NO
- #
- # [ *NO | YES = All anonymously uploaded files will have the ownership changed to the user specified in the setting chown_username. ]
- #chown_uploads=NO
- #
- # [ Default: root=Name of the user who owns of anon uploaded files. This option is only relevant if chown_uploads is set. ]
- #chown_username=noone
- #
- # [ NO | *YES=Allows use of the SITE CHMOD command. ]
- chmod_enable=YES
- #
- # [ *NO | YES = Virtual users will use the same privileges as anonymous users. ]
- #virtual_use_local_privs=NO
- #
- # [ *NO | YES = Provide a list of anonymous password e-mail responses which cause login to be denied. ]
- #deny_email_enable=NO
- #
- # [ Default: 0600=file mode to force for chown()ed anonymous uploads. ]
- #chown_upload_mode=0600
- #
- # [ Default: 0=MAX data transfer rate permitted, in bytes per second, for anonymous clients. ]
- #anon_max_rate=0
- #
- # [ Default: (none) = Path which vsftpd will try to change into after an anonymous login. Failure is silently ignored. ]
- #anon_root=077
- #
- # [ Default: 077=uMask for file creation is set to for anonymous users. ]
- #anon_umask=077
- #
- # [ Default: /etc/vsftpd.banned_emails=Name of a file containing a list of anonymous e-mail passwords which are not permitted. ]
- #banned_email_file=/etc/vsftpd.banned_emails
- #
- #
- # Local Users ------------------------------------------------------------------------------------------------------------------------
- # [ *NO | YES = Normal user accounts in /etc/passwd (or wherever your PAM config references) may be used to log in. ]
- local_enable=YES
- #
- # [ Default: ( /home/virtual/$USER ) = Automatically generate a home directory for each virtual user, based on a template. ]
- user_sub_token=$USER
- #
- # [ Default: (none) = Normal user accounts in /etc/passwd (or wherever your PAM config references) may be used to log in. ]
- local_root=/home/$USER/.ftp/
- #
- # [ Default: ( default vsftpd banner ) = Override the greeting banner displayed by vsftpd when a connection first comes in. ]
- #ftpd_banner=Welcome To The File Transfer Protocol, Operator.
- #
- # [ Default: ( none ) = Override the greeting banner displayed by vsftpd when a connection first comes in. ]
- #banner_file=Welcome To The File Transfer Protocol, Operator.
- #
- # [ *NO | YES = Users of the FTP server can be shown messages when they first enter a new directory. ]
- dirmessage_enable=YES
- #
- # [ Default: .message=Name of the file we look for when a new path is entered. ]
- #message_file=.msg
- #
- # [ NO | *YES=All directory list commands may give permission. ]
- dirlist_enable=YES
- #
- # [ *NO | YES = local users will be (by default) placed in a chroot() jail in their home directory after login. ]
- chroot_local_user=YES
- #
- # [ Default ( /etc/vsftpd.chroot_list ) = File containing a list of local users placed in a chroot() jail in their home path. ]
- #chroot_list_file=/_/conf/vsftpd/vsftpd.chroot.list
- #
- # [ *NO | YES = Provide a list of local users who are placed in a chroot() jail in their home directory upon login. ]
- chroot_list_enable=NO
- #
- # [ Default ( /usr/share/empty ) = Name of a path used as a secure chroot() jail at times vsftpd does not require filesystem access. ]
- secure_chroot_dir=/var/run/vsftpd/empty
- #
- # [ *NO | YES = Along with chroot_local_user , then a chroot() jail location may be specified on a per-user basis. ]
- #passwd_chroot_enable=NO
- #
- # [ Default: nobody=Name of the user that is used by vsftpd when it wants to be totally unprivileged. ]
- #nopriv_user=io
- #
- # [ *NO | YES = NUIDs are shown in the user and group fields of path listings. You can get textual names by enabling this parameter. ]
- #text_userdb_names=NO
- #
- # [ *NO | YES = VSFTPD will try and resolve pathnames such as ~chris/pics, i.e. a tilde followed by a username. ]
- #tilde_user_enable=NO
- #
- #
- # Local User Configuration -----------------------------------------------------------------------------------------------------------
- # user_config_dir | This powerful option allows the override of any config option specified in the manual page, on a per-user basis.
- # Usage is simple, and is best illustrated with an example.
- #
- # If you set user_config_dir to be /etc/vsftpd_user_conf and then log on as the user "chris",
- #
- # then vsftpd will apply the settings in the file /etc/vsftpd_user_conf/chris for the duration of the session.
- #
- # The format of this file is as detailed in this manual page! PLEASE NOTE that not all settings are effective on a per-user basis.
- # For example, many settings only prior to the user's session being started. Examples of settings which will not affect any behviour
- # on a per-user basis include listen_address, banner_file, max_per_ip, max_clients, xferlog_file, etc.
- #
- # [ NO | *YES=VSFTPD will check /etc/shells for a valid user shell for local logins. ]
- #check_shell=YES
- #
- # [ *NO | YES = VSFTPD will load a list of usernames, from the filename given by userlist_file. ]
- userlist_enable=YES
- #
- # [ NO | *YES=Users will be allowed login unless they are explicitly listed in the file specified by userlist_file. ]
- userlist_deny=NO
- #
- # [ Default: /etc/vsftpd.user_list=Name of the file loaded when the userlist_enable option is active. ]
- userlist_file=/_/conf/vstfpd/vsftpd.user.list
- #
- # [ *NO | YES = All user and group information in directory listings will be displayed as "ftp". ]
- #hide_ids=NO
- #
- # [ Default: 0 (unlimited) = Max number of clients which may be connected. Any additional clients connecting will get an error message. ]
- #max_clients=0
- #
- # [ Default: 3 (unlimited) = After this many login failures, the session is killed. ]
- #max_login_fails=5
- #
- # [ Default: 0 (unlimited) = Max number of clients which may be connected from the same source internet address. ]
- #max_per_ip=3
- #
- # [ Default: 60=Timeout, in seconds, for a remote client to establish connection with a PASV style data connection. ]
- #accept_timeout=60
- #
- # [ Default: 60=Timeout, in seconds, for a remote client to respond to our PORT style data connection. ]
- #connect_timeout=60
- #
- # [ Default: 300=Timeout, in seconds, which is roughly the max time we permit data transfers to stall and kick for with no progress. ]
- #data_connection_timeout=120
- #
- # [ Default: 0=Timeout, in seconds, to pause after a successful login. ]
- #delay_successful_login=0
- #
- # [ Default: 1=Timeout, in seconds, to pause prior to reporting a failed login. ]
- #delay_failed_login=1
- #
- # [ Default: 300=Timeout, in seconds, as the maximum time a remote client may spend between FTP commands. ]
- #idle_session_timeout=6000
- #
- # [ *NO | YES = Don't enable unless you know what you are doing, and site supports huge numbers of simultaneously connected users. ]
- #one_process_model=NO
- #
- #
- # SSL Configuration ------------------------------------------------------------------------------------------------------------------
- # script to init pem:
- # sudo mkdir -p /etc/ssl/private
- # sudo openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem
- #
- # [ *NO | YES = OpenSSL connection diagnostics are dumped to the vsftpd log file. ]
- #debug_ssl=NO
- #
- # [ *NO | YES = VSFTPD will support secure connections via SSL. ]
- #ssl_enable=YES
- #
- # [ *NO | YES = SSL handshake is the first thing expect on all connections. ]
- #implicit_ssl=NO
- #
- # [ Default: ( DES-CBC3-SHA ) = Which SSL ciphers vsftpd will allow for encrypted SSL connections. ]
- #ssl_ciphers=HIGH
- #
- # [ Default: ( DES-CBC3-SHA ) = All SSL data connections are required to exhibit SSL session reuse. ]
- #require_ssl_reuse=NO
- #
- # [ *NO | YES = SSL will permit SSL v2 protocol connections. ]
- #ssl_sslv2=NO
- #
- # [ *NO | YES = SSL will permit SSL v3 protocol connections. ]
- #ssl_sslv3=NO
- #
- # [ NO | *YES=SSL will permit SSL TLS v1 protocol connections. ]
- #ssl_tlsv1=YES
- #
- # [ *NO | *YES=VSFTPD will support secure connections via SSL. ]
- #ssl_request_cert=NO
- #
- # [ *NO | YES = Anonymous users will be allowed to use secured SSL connections. ] *Only applies if ssl_enable is active
- #allow_anon_ssl=NO
- #
- # [ *NO | YES = SSL client connections are required to present a client certificate. ]
- #require_cert=NO
- #
- # [ *NO | YES = SSL client certificates received must validate OK. Self-signed certs do not constitute OK validation. ]
- #validate_cert=NO
- #
- # [ Default: ( none ) = name of a file to load Certificate Authority certs from, for the purpose of validating client certs. ]
- #ca_certs_file=
- #
- # [ Default: ( none ) = Path of the DSA certificate to use for SSL encrypted connections. ]
- #dsa_cert_file=
- #
- # [ Default: ( none ) = Path of the DSA private key to use for SSL encrypted connections. ]
- #dsa_private_key_file=
- #
- # We need to specify the location of our certificate and key files. We actually combined both pieces of information into a single file
- # so we will point both options to the same file:
- #
- # [ Default: ( /usr/share/ssl/certs/vsftpd.pem ) = Path of the RSA certificate to use for SSL encrypted connections. ]
- #rsa_cert_file=/usr/share/ssl/certs/vsftpd.pem
- #
- # [ Default: ( none ) = Path of the RSA private key to use for SSL encrypted connections. ]
- #rsa_private_key_file=/etc/ssl/private/vsftpd.pem
- #
- # [ *NO | YES = All anonymous logins forced to use a secure SSL connection in order to send and receive data on data connections. ]
- #force_anon_data_ssl=NO
- #
- # [ *NO | YES = All anonymous logins forced to use SSL in order to send and receive data on data connections. ]
- #force_anon_logins_ssl=NO
- #
- # [ NO | *YES=All non-anonymous logins are forced to use SSL in order to send and receive data on data connections. ]
- #force_local_data_ssl=YES
- #
- # [ NO | *YES=All non-anonymous logins are forced to use SSL in order to send the password. ]
- #force_local_logins_ssl=YES
- #
- # [ *NO | YES = SSL data uploads are required to terminate via SSL, not an EOF on the socket. ]
- #strict_ssl_read_eof=NO
- #
- # [ *NO | YES = SSL data downloads are required to terminate via SSL, not an EOF on the socket. ]
- #strict_ssl_write_shutdown=NO
- #
- #
- # IO --------------------------------------------------------------------------------------------------------------------------------
- # [ *NO | YES = ASCII mode data transfers will be honoured on uploads. ]
- #ascii_upload_enable=NO
- #
- # [ *NO | YES = ASCII mode data transfers will be honoured on downloads. ]
- #ascii_download_enable=NO
- #
- # [ *NO | YES = Any failed upload files are deleted. ]
- #delete_failed_uploads=NO
- #
- # [ NO | *YES=All uploads proceed with a write lock on the upload file. ]
- #lock_upload_files=NO
- #
- # [ Default: 0666=Permissions with which uploaded files are created. ]
- #file_open_mode=0666
- #
- # [ *NO | YES = Files & directories starting with . will be shown in path listings even if the "a" flag was not used by the client. ]
- #force_dot_files=NO
- #
- # [ *NO | YES = This setting will allow the use of "ls -R". ]
- #ls_recurse_enable=NO
- #
- # [ *NO | YES = This setting will allow MDTM to set file modification times (subject to the usual access checks). ]
- #mdtm_write=YES
- #
- # [ *NO | YES = FTP commands that can change the filesystem ( STOR, DELE, RNFR, RNTO, MKD, RMD, APPE and SITE ) are allowed. ]
- write_enable=YES
- #
- # [ Default: ( 0:unlimited ) = Max data transfer rate permitted, in bytes per second, for local authenticated users. ]
- #local_max_rate=0
- #
- # [ Default: 077=uMask for file creation is set to for local users. ]
- #local_umask=022
- #
- # [ Default: 0 (let vsftpd pick a sensible setting) = Don't change this bandwidth limiter. ]
- #trans_chunk_size=0
- #
- # [ NO | *YES=An internal setting used for testing the relative benefit of using the sendfile() system call on your platform. ]
- #use_sendfile=YES
- #
- # [ NO | *YES=An internal setting used for testing the relative benefit of using the sendfile() system call on your platform. ]
- #use_sendfile=YES
- #
- # [ *NO | YES = VSFTPD will display directory listings with the time in your local time zone. ]
- use_localtime=NO
- #
- # [ Default: (none) = CSV of allowed FTP commands. ]
- #cmds_allowed =
- #
- # [ Default: (none) = CSV of denied FTP commands. ]
- #cmds_denied =
- #
- # [ Default: (none) = Pattern for filenames (and directory names etc.) which should not be accessible in any way. ]
- #deny_file =
- #
- # [ Default: (none) = Pattern for filenames (and directory names etc.) which should be hidden from listing. ]
- #hide_file =
- #
- #
- # Logging ----------------------------------------------------------------------------------------------------------------------------
- # [ *NO | YES = Name of the file to which we write the vsftpd style log file. ]
- vsftpd_log_file=/var/log/ftp.log
- #
- # [ *NO | YES = Name of the file to which we write the wu-ftpd style transfer log. ]
- xferlog_file=/var/log/ftp.xfer.log
- #
- # [ *NO | YES = Two log files are generated in parallel, going by default to /var/log/xferlog and /var/log/vsftpd.log. ]
- dual_log_enable=YES
- #
- # [ *NO | YES = Prevents VSFTPD from taking a file lock when writing to log files. ]
- #no_log_lock=NO
- #
- # [ *NO | YES = Log file will be maintained detailling uploads and downloads. ]
- xferlog_enable=YES
- #
- # [ *NO | YES = Transfer log file will be written in standard xferlog format, as used by wu-ftpd. ]
- xferlog_std_format=YES
- #
- # [ *NO | YES = All FTP requests and responses are logged, providing the option xferlog_std_format is not enabled. ]
- log_ftp_protocol=YES
- #
- # [ *NO | YES = Any log output which would have gone to /var/log/vsftpd.log goes to the system log instead. ]
- #syslog_enable=NO
- #
- #
- # Miscellaneous ----------------------------------------------------------------------------------------------------------------------
- # [ *NO | YES = "async ABOR" will be enabled. ]
- async_abor_enable=NO
- #
- # [ *NO | YES = VSFTPD runs as the user which launched vsftpd. ]
- #run_as_launching_user=NO
- #
- # [ *NO | YES = Only specified list of e-mail passwords for anonymous logins to be accepted. ]
- #secure_email_list_enable=NO
- #
- # [ Default: /etc/vsftpd.email_passwords=Alternate file for usage by the secure_email_list_enable setting. ]
- #email_password_file =
- #
- # [ Default: (none) = CSV of denied FTP commands. ]
- #hide_file =
- #
- # [ *NO | YES = VSFTPD attempts to maintain sessions for logins. ]
- #session_support=NO
- #
- # [ *NO | YES = VSFTPD attempts to try and show session status information in the system process listing. ]
- #setproctitle_enable=NO
- #
- # [ *NO | YES = VSFTPD attempts to try and show session status information in the system process listing. ]
- #setproctitle_enable=NO
- #
- # [ *NO | YES = Incoming connections will be fed through tcp_wrappers access control. ]
- #tcp_wrappers=YES
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement