API tools faq
paste
Advertisement
lexemer

vsftpd

lexemer
Jun 17th, 2018
147
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 18.94 KB | None | 0 0
raw download clone embed print report
  1. #----------------------------------------------------------------------------------------------------------------------------------------
  2. # VSFTPD.CONF | /etc/vsftpd.conf =>> /conf/vsftpd/vsftpd.conf
  3. # vsftpd.conf may be used to control various aspects of vsftpd's behaviour. By default, vsftpd looks for
  4. # this file at the location above. However, you may override this by specifying a CLI argument to vsftpd.
  5. #The CLI argument is the pathname of the conf file for vsftpd. This is useful for use of an advanced inetd
  6. # such as xinetd to launch vsftpd with different configuration files on a per vhost basis.
  7. #----------------------------------------------------------------------------------------------------------------------------------------
  8. # Listener Configuration
  9. #----------------------------------------------------------------------------------------------------------------------------------------
  10. # [ NO | *YES=VSFTPD runs in standalone mode. ]
  11. listen=YES
  12. #
  13. # [ Default: (none) = The default listen address of VSFTPD | standalone mode. Provide a numeric IP address.. ]
  14. #listen_address=
  15. #
  16. # [ Default: (21) = The default listen address port of VSFTPD | standalone mode. Provide a numeric IP address.. ]
  17. listen_port=21
  18. #
  19. # [ *NO | YES = VSFTPD will listen on an IPv6 socket instead of an IPv4 one. ]
  20. listen_ipv6=NO
  21. #
  22. # [ Default: (none) = The default listen IPv6 address of VSFTPD | standalone mode. Provide a numeric IPv6 address.. ]
  23. #listen_address6 =
  24. #
  25. # [ *NO | YES = VSFTPD will background the listener process. ]
  26. #background=NO
  27. #
  28. # [ Default: ftp=Name of the PAM service vsftpd will use. ]
  29. pam_service_name=vsftpd
  30. #
  31. # https://www.benscobie.com/fixing-500-oops-vsftpd-refusing-to-run-with-writable-root-inside-chroot/
  32. allow_writeable_chroot=YES
  33. #
  34. # PORT Configuration
  35. #----------------------------------------------------------------------------------------------------------------------------------------
  36. # [ NO | *YES=Allow the PORT method of obtaining a data connection. ]
  37. #port_enable=YES
  38. #
  39. # [ *NO | YES = Disable PORT security check that ensures that outgoing data connections can only connect to the client. ]
  40. #port_promiscuous=NO
  41. #
  42. # [ *NO | YES = Controls whether PORT style data connections use port 20 (ftp-data) on the server machine. ]
  43. connect_from_port_20=NO
  44. #
  45. # [ Default: 20=port from which PORT style connections originate (as long as the poorly named connect_from_port_20 is enabled). ]
  46. #ftp_data_port=20
  47. #
  48. # [ NO | *YES=Allow the PASV method of obtaining a data connection. ]
  49. pasv_enable=YES
  50. #
  51. # [ *NO | YES = Use a hostname (as opposed to IP address) in the pasv_address option. ]
  52. #pasv_addr_resolve=NO
  53. #
  54. # [ Default: (none - use address of the incoming socket) = Override IP address that VSFTPD will give in response to PASV. ]
  55. #pasv_address=127.0.0.1
  56. #
  57. # [ *NO | YES = Disable PASV security check that ensures the data connection originates from same IP address as control connection. ]
  58. #pasv_promiscuous=NO
  59. #
  60. # [ Default: 0=MIN port to allocate for PASV. Can be used to specify a narrow port range to assist firewalling. ]
  61. pasv_min_port=40000
  62. #
  63. # [ Default: 0=MAX port to allocate for PASV. Can be used to specify a narrow port range to assist firewalling. ]
  64. pasv_max_port=50000
  65.  
  66.  
  67. # User Configuration
  68. #----------------------------------------------------------------------------------------------------------------------------------------
  69. #
  70. # Anonymous Users -------------------------------------------------------------------------------------------------------------
  71. # [ *NO | YES = All non-anonymous logins are classed as "guest" logins. ]
  72. #guest_enable=NO
  73. #
  74. # [ NO | *YES=Both the usernames ftp and anonymous are recognised as anonymous logins. ]
  75. anonymous_enable=NO
  76. #
  77. # [ *NO | YES = Prevents VSFTPD from asking for an anonymous password - the anonymous user will log straight in. ]
  78. #no_anon_password=NO
  79. #
  80. # [ Default: ftp=Name of the user used for handling anonymous FTP. The home path of this user is the root of the anonymous FTP area. ]
  81. #ftp_username=ftp
  82. #
  83. # [ Default: ftp=Real username which guest users are mapped to. ]
  84. #guest_username=ftp
  85. #
  86. # [ *NO | YES = Anonymous users will be permitted to create new directories under certain conditions. ]
  87. #anon_mkdir_write_enable=NO
  88. #
  89. # [ *NO | YES = Anonymous users will be permitted to perform additional write operations other than upload and create directory. ]
  90. #anon_other_write_enable=NO
  91. #
  92. # [ *NO | YES = Anonymous users will be permitted to upload files under certain conditions. ]
  93. #anon_upload_enable=NO
  94. #
  95. # [ NO | *YES=Anonymous users will only be allowed to download files which are world readable. ]
  96. #anon_world_readable_only=NO
  97. #
  98. # [ *NO | YES = All anonymously uploaded files will have the ownership changed to the user specified in the setting chown_username. ]
  99. #chown_uploads=NO
  100. #
  101. # [ Default: root=Name of the user who owns of anon uploaded files. This option is only relevant if chown_uploads is set. ]
  102. #chown_username=noone
  103. #
  104. # [ NO | *YES=Allows use of the SITE CHMOD command. ]
  105. chmod_enable=YES
  106. #
  107. # [ *NO | YES = Virtual users will use the same privileges as anonymous users. ]
  108. #virtual_use_local_privs=NO
  109. #
  110. # [ *NO | YES = Provide a list of anonymous password e-mail responses which cause login to be denied. ]
  111. #deny_email_enable=NO
  112. #
  113. # [ Default: 0600=file mode to force for chown()ed anonymous uploads. ]
  114. #chown_upload_mode=0600
  115. #
  116. # [ Default: 0=MAX data transfer rate permitted, in bytes per second, for anonymous clients. ]
  117. #anon_max_rate=0
  118. #
  119. # [ Default: (none) = Path which vsftpd will try to change into after an anonymous login. Failure is silently ignored. ]
  120. #anon_root=077
  121. #
  122. # [ Default: 077=uMask for file creation is set to for anonymous users. ]
  123. #anon_umask=077
  124. #
  125. # [ Default: /etc/vsftpd.banned_emails=Name of a file containing a list of anonymous e-mail passwords which are not permitted. ]
  126. #banned_email_file=/etc/vsftpd.banned_emails
  127. #
  128. #
  129. # Local Users ------------------------------------------------------------------------------------------------------------------------
  130. # [ *NO | YES = Normal user accounts in /etc/passwd (or wherever your PAM config references) may be used to log in. ]
  131. local_enable=YES
  132. #
  133. # [ Default: ( /home/virtual/$USER ) = Automatically generate a home directory for each virtual user, based on a template. ]
  134. user_sub_token=$USER
  135. #
  136. # [ Default: (none) = Normal user accounts in /etc/passwd (or wherever your PAM config references) may be used to log in. ]
  137. local_root=/home/$USER/.ftp/
  138. #
  139. # [ Default: ( default vsftpd banner ) = Override the greeting banner displayed by vsftpd when a connection first comes in. ]
  140. #ftpd_banner=Welcome To The File Transfer Protocol, Operator.
  141. #
  142. # [ Default: ( none ) = Override the greeting banner displayed by vsftpd when a connection first comes in. ]
  143. #banner_file=Welcome To The File Transfer Protocol, Operator.
  144. #
  145. # [ *NO | YES = Users of the FTP server can be shown messages when they first enter a new directory. ]
  146. dirmessage_enable=YES
  147. #
  148. # [ Default: .message=Name of the file we look for when a new path is entered. ]
  149. #message_file=.msg
  150. #
  151. # [ NO | *YES=All directory list commands may give permission. ]
  152. dirlist_enable=YES
  153. #
  154. # [ *NO | YES = local users will be (by default) placed in a chroot() jail in their home directory after login. ]
  155. chroot_local_user=YES
  156. #
  157. # [ Default ( /etc/vsftpd.chroot_list ) = File containing a list of local users placed in a chroot() jail in their home path. ]
  158. #chroot_list_file=/_/conf/vsftpd/vsftpd.chroot.list
  159. #
  160. # [ *NO | YES = Provide a list of local users who are placed in a chroot() jail in their home directory upon login. ]
  161. chroot_list_enable=NO
  162. #
  163. # [ Default ( /usr/share/empty ) = Name of a path used as a secure chroot() jail at times vsftpd does not require filesystem access. ]
  164. secure_chroot_dir=/var/run/vsftpd/empty
  165. #
  166. # [ *NO | YES = Along with chroot_local_user , then a chroot() jail location may be specified on a per-user basis. ]
  167. #passwd_chroot_enable=NO
  168. #
  169. # [ Default: nobody=Name of the user that is used by vsftpd when it wants to be totally unprivileged. ]
  170. #nopriv_user=io
  171. #
  172. # [ *NO | YES = NUIDs are shown in the user and group fields of path listings. You can get textual names by enabling this parameter. ]
  173. #text_userdb_names=NO
  174. #
  175. # [ *NO | YES = VSFTPD will try and resolve pathnames such as ~chris/pics, i.e. a tilde followed by a username. ]
  176. #tilde_user_enable=NO
  177. #
  178. #
  179. # Local User Configuration -----------------------------------------------------------------------------------------------------------
  180. # user_config_dir | This powerful option allows the override of any config option specified in the manual page, on a per-user basis.
  181. # Usage is simple, and is best illustrated with an example.
  182. #
  183. # If you set user_config_dir to be /etc/vsftpd_user_conf and then log on as the user "chris",
  184. #
  185. # then vsftpd will apply the settings in the file /etc/vsftpd_user_conf/chris for the duration of the session.
  186. #
  187. # The format of this file is as detailed in this manual page! PLEASE NOTE that not all settings are effective on a per-user basis.
  188. # For example, many settings only prior to the user's session being started. Examples of settings which will not affect any behviour
  189. # on a per-user basis include listen_address, banner_file, max_per_ip, max_clients, xferlog_file, etc.
  190. #
  191. # [ NO | *YES=VSFTPD will check /etc/shells for a valid user shell for local logins. ]
  192. #check_shell=YES
  193. #
  194. # [ *NO | YES = VSFTPD will load a list of usernames, from the filename given by userlist_file. ]
  195. userlist_enable=YES
  196. #
  197. # [ NO | *YES=Users will be allowed login unless they are explicitly listed in the file specified by userlist_file. ]
  198. userlist_deny=NO
  199. #
  200. # [ Default: /etc/vsftpd.user_list=Name of the file loaded when the userlist_enable option is active. ]
  201. userlist_file=/_/conf/vstfpd/vsftpd.user.list
  202. #
  203. # [ *NO | YES = All user and group information in directory listings will be displayed as "ftp". ]
  204. #hide_ids=NO
  205. #
  206. # [ Default: 0 (unlimited) = Max number of clients which may be connected. Any additional clients connecting will get an error message. ]
  207. #max_clients=0
  208. #
  209. # [ Default: 3 (unlimited) = After this many login failures, the session is killed. ]
  210. #max_login_fails=5
  211. #
  212. # [ Default: 0 (unlimited) = Max number of clients which may be connected from the same source internet address. ]
  213. #max_per_ip=3
  214. #
  215. # [ Default: 60=Timeout, in seconds, for a remote client to establish connection with a PASV style data connection. ]
  216. #accept_timeout=60
  217. #
  218. # [ Default: 60=Timeout, in seconds, for a remote client to respond to our PORT style data connection. ]
  219. #connect_timeout=60
  220. #
  221. # [ Default: 300=Timeout, in seconds, which is roughly the max time we permit data transfers to stall and kick for with no progress. ]
  222. #data_connection_timeout=120
  223. #
  224. # [ Default: 0=Timeout, in seconds, to pause after a successful login. ]
  225. #delay_successful_login=0
  226. #
  227. # [ Default: 1=Timeout, in seconds, to pause prior to reporting a failed login. ]
  228. #delay_failed_login=1
  229. #
  230. # [ Default: 300=Timeout, in seconds, as the maximum time a remote client may spend between FTP commands. ]
  231. #idle_session_timeout=6000
  232. #
  233. # [ *NO | YES = Don't enable unless you know what you are doing, and site supports huge numbers of simultaneously connected users. ]
  234. #one_process_model=NO
  235. #
  236. #
  237. # SSL Configuration ------------------------------------------------------------------------------------------------------------------
  238. # script to init pem:
  239. # sudo mkdir -p /etc/ssl/private
  240. # sudo openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem
  241. #
  242. # [ *NO | YES = OpenSSL connection diagnostics are dumped to the vsftpd log file. ]
  243. #debug_ssl=NO
  244. #
  245. # [ *NO | YES = VSFTPD will support secure connections via SSL. ]
  246. #ssl_enable=YES
  247. #
  248. # [ *NO | YES = SSL handshake is the first thing expect on all connections. ]
  249. #implicit_ssl=NO
  250. #
  251. # [ Default: ( DES-CBC3-SHA ) = Which SSL ciphers vsftpd will allow for encrypted SSL connections. ]
  252. #ssl_ciphers=HIGH
  253. #
  254. # [ Default: ( DES-CBC3-SHA ) = All SSL data connections are required to exhibit SSL session reuse. ]
  255. #require_ssl_reuse=NO
  256. #
  257. # [ *NO | YES = SSL will permit SSL v2 protocol connections. ]
  258. #ssl_sslv2=NO
  259. #
  260. # [ *NO | YES = SSL will permit SSL v3 protocol connections. ]
  261. #ssl_sslv3=NO
  262. #
  263. # [ NO | *YES=SSL will permit SSL TLS v1 protocol connections. ]
  264. #ssl_tlsv1=YES
  265. #
  266. # [ *NO | *YES=VSFTPD will support secure connections via SSL. ]
  267. #ssl_request_cert=NO
  268. #
  269. # [ *NO | YES = Anonymous users will be allowed to use secured SSL connections. ] *Only applies if ssl_enable is active
  270. #allow_anon_ssl=NO
  271. #
  272. # [ *NO | YES = SSL client connections are required to present a client certificate. ]
  273. #require_cert=NO
  274. #
  275. # [ *NO | YES = SSL client certificates received must validate OK. Self-signed certs do not constitute OK validation. ]
  276. #validate_cert=NO
  277. #
  278. # [ Default: ( none ) = name of a file to load Certificate Authority certs from, for the purpose of validating client certs. ]
  279. #ca_certs_file=
  280. #
  281. # [ Default: ( none ) = Path of the DSA certificate to use for SSL encrypted connections. ]
  282. #dsa_cert_file=
  283. #
  284. # [ Default: ( none ) = Path of the DSA private key to use for SSL encrypted connections. ]
  285. #dsa_private_key_file=
  286. #
  287. # We need to specify the location of our certificate and key files. We actually combined both pieces of information into a single file
  288. # so we will point both options to the same file:
  289. #
  290. # [ Default: ( /usr/share/ssl/certs/vsftpd.pem ) = Path of the RSA certificate to use for SSL encrypted connections. ]
  291. #rsa_cert_file=/usr/share/ssl/certs/vsftpd.pem
  292. #
  293. # [ Default: ( none ) = Path of the RSA private key to use for SSL encrypted connections. ]
  294. #rsa_private_key_file=/etc/ssl/private/vsftpd.pem
  295. #
  296. # [ *NO | YES = All anonymous logins forced to use a secure SSL connection in order to send and receive data on data connections. ]
  297. #force_anon_data_ssl=NO
  298. #
  299. # [ *NO | YES = All anonymous logins forced to use SSL in order to send and receive data on data connections. ]
  300. #force_anon_logins_ssl=NO
  301. #
  302. # [ NO | *YES=All non-anonymous logins are forced to use SSL in order to send and receive data on data connections. ]
  303. #force_local_data_ssl=YES
  304. #
  305. # [ NO | *YES=All non-anonymous logins are forced to use SSL in order to send the password. ]
  306. #force_local_logins_ssl=YES
  307. #
  308. # [ *NO | YES = SSL data uploads are required to terminate via SSL, not an EOF on the socket. ]
  309. #strict_ssl_read_eof=NO
  310. #
  311. # [ *NO | YES = SSL data downloads are required to terminate via SSL, not an EOF on the socket. ]
  312. #strict_ssl_write_shutdown=NO
  313. #
  314. #
  315. # IO --------------------------------------------------------------------------------------------------------------------------------
  316. # [ *NO | YES = ASCII mode data transfers will be honoured on uploads. ]
  317. #ascii_upload_enable=NO
  318. #
  319. # [ *NO | YES = ASCII mode data transfers will be honoured on downloads. ]
  320. #ascii_download_enable=NO
  321. #
  322. # [ *NO | YES = Any failed upload files are deleted. ]
  323. #delete_failed_uploads=NO
  324. #
  325. # [ NO | *YES=All uploads proceed with a write lock on the upload file. ]
  326. #lock_upload_files=NO
  327. #
  328. # [ Default: 0666=Permissions with which uploaded files are created. ]
  329. #file_open_mode=0666
  330. #
  331. # [ *NO | YES = Files & directories starting with . will be shown in path listings even if the "a" flag was not used by the client. ]
  332. #force_dot_files=NO
  333. #
  334. # [ *NO | YES = This setting will allow the use of "ls -R". ]
  335. #ls_recurse_enable=NO
  336. #
  337. # [ *NO | YES = This setting will allow MDTM to set file modification times (subject to the usual access checks). ]
  338. #mdtm_write=YES
  339. #
  340. # [ *NO | YES = FTP commands that can change the filesystem ( STOR, DELE, RNFR, RNTO, MKD, RMD, APPE and SITE ) are allowed. ]
  341. write_enable=YES
  342. #
  343. # [ Default: ( 0:unlimited ) = Max data transfer rate permitted, in bytes per second, for local authenticated users. ]
  344. #local_max_rate=0
  345. #
  346. # [ Default: 077=uMask for file creation is set to for local users. ]
  347. #local_umask=022
  348. #
  349. # [ Default: 0 (let vsftpd pick a sensible setting) = Don't change this bandwidth limiter. ]
  350. #trans_chunk_size=0
  351. #
  352. # [ NO | *YES=An internal setting used for testing the relative benefit of using the sendfile() system call on your platform. ]
  353. #use_sendfile=YES
  354. #
  355. # [ NO | *YES=An internal setting used for testing the relative benefit of using the sendfile() system call on your platform. ]
  356. #use_sendfile=YES
  357. #
  358. # [ *NO | YES = VSFTPD will display directory listings with the time in your local time zone. ]
  359. use_localtime=NO
  360. #
  361. # [ Default: (none) = CSV of allowed FTP commands. ]
  362. #cmds_allowed =
  363. #
  364. # [ Default: (none) = CSV of denied FTP commands. ]
  365. #cmds_denied =
  366. #
  367. # [ Default: (none) = Pattern for filenames (and directory names etc.) which should not be accessible in any way. ]
  368. #deny_file =
  369. #
  370. # [ Default: (none) = Pattern for filenames (and directory names etc.) which should be hidden from listing. ]
  371. #hide_file =
  372. #
  373. #
  374. # Logging ----------------------------------------------------------------------------------------------------------------------------
  375. # [ *NO | YES = Name of the file to which we write the vsftpd style log file. ]
  376. vsftpd_log_file=/var/log/ftp.log
  377. #
  378. # [ *NO | YES = Name of the file to which we write the wu-ftpd style transfer log. ]
  379. xferlog_file=/var/log/ftp.xfer.log
  380. #
  381. # [ *NO | YES = Two log files are generated in parallel, going by default to /var/log/xferlog and /var/log/vsftpd.log. ]
  382. dual_log_enable=YES
  383. #
  384. # [ *NO | YES = Prevents VSFTPD from taking a file lock when writing to log files. ]
  385. #no_log_lock=NO
  386. #
  387. # [ *NO | YES = Log file will be maintained detailling uploads and downloads. ]
  388. xferlog_enable=YES
  389. #
  390. # [ *NO | YES = Transfer log file will be written in standard xferlog format, as used by wu-ftpd. ]
  391. xferlog_std_format=YES
  392. #
  393. # [ *NO | YES = All FTP requests and responses are logged, providing the option xferlog_std_format is not enabled. ]
  394. log_ftp_protocol=YES
  395. #
  396. # [ *NO | YES = Any log output which would have gone to /var/log/vsftpd.log goes to the system log instead. ]
  397. #syslog_enable=NO
  398. #
  399. #
  400. # Miscellaneous ----------------------------------------------------------------------------------------------------------------------
  401. # [ *NO | YES = "async ABOR" will be enabled. ]
  402. async_abor_enable=NO
  403. #
  404. # [ *NO | YES = VSFTPD runs as the user which launched vsftpd. ]
  405. #run_as_launching_user=NO
  406. #
  407. # [ *NO | YES = Only specified list of e-mail passwords for anonymous logins to be accepted. ]
  408. #secure_email_list_enable=NO
  409. #
  410. # [ Default: /etc/vsftpd.email_passwords=Alternate file for usage by the secure_email_list_enable setting. ]
  411. #email_password_file =
  412. #
  413. # [ Default: (none) = CSV of denied FTP commands. ]
  414. #hide_file =
  415. #
  416. # [ *NO | YES = VSFTPD attempts to maintain sessions for logins. ]
  417. #session_support=NO
  418. #
  419. # [ *NO | YES = VSFTPD attempts to try and show session status information in the system process listing. ]
  420. #setproctitle_enable=NO
  421. #
  422. # [ *NO | YES = VSFTPD attempts to try and show session status information in the system process listing. ]
  423. #setproctitle_enable=NO
  424. #
  425. # [ *NO | YES = Incoming connections will be fed through tcp_wrappers access control. ]
  426. #tcp_wrappers=YES
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!