1 # Example config file /etc/vsftpd/vsftpd.conf
2 #
3 # The default compiled in settings are fairly paranoid. This sample file
4 # loosens things up a bit, to make the ftp daemon more usable.
5 # Please see vsftpd.conf.5 for all compiled in defaults.
6 #
7 # READ THIS: This example file is NOT an exhaustive list of vsftpd options.
8 # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
9 # capabilities.
10 #
11 # Allow anonymous FTP? (Beware - allowed by default if you comment this out).
12 anonymous_enable=YES
13 # 是否允许匿名登录ftp主机
14 # Uncomment this to allow local users to log in.
15 local_enable=YES
16 #是否允许/etc/passwd 的帐号以实体用户访问主机
17 # Uncomment this to enable any form of FTP write command.
18 #write_enable=NO
19 #是否允许用户上传数据
20 # Default umask for local users is 077. You may wish to change this to 022,
21 # if your users expect that (022 is used by most other ftpd's)
22 local_umask=022
23 #建立新目录的权限755 和 文件权限644
24 # Uncomment this to allow the anonymous FTP user to upload files. This only
25 # has an effect if the above global write enable is activated. Also, you will
26 # obviously need to create a directory writable by the FTP user.
27 #anon_upload_enable=YES
28 #是否让anonymous具有上传的权限
29 # Uncomment this if you want the anonymous FTP user to be able to create
30 # new directories.
31 #anon_mkdir_write_enable=YES
32 #是否让anonymous 具有新建目录的权限
33 # Activate directory messages - messages given to remote users when they
34 # go into a certain directory.
35 dirmessage_enable=YES
36 #当用户进入某个目录时,显示文件内容
37 # The target log file can be vsftpd_log_file or xferlog_file.
38 # This depends on setting xferlog_std_format parameter
39 xferlog_enable=YES
40 #上传下载操作会被记录下来
41 # Make sure PORT transfer connections originate from port 20 (ftp-data).
42 connect_from_port_20=YES
43 #主动链接ftp 的 服务端口
44 # If you want, you can arrange for uploaded anonymous files to be owned by
45 # a different user. Note! Using "root" for uploaded files is not
46 # recommended!
47 #chown_uploads=YES
48 #chown_username=whoever
49 #
50 # The name of log file when xferlog_enable=YES and xferlog_std_format=YES
51 # WARNING - changing this filename affects /etc/logrotate.d/vsftpd.log
52 #xferlog_file=/var/log/xferlog
53 #日志文件的文件名
54 # Switches between logging into vsftpd_log_file and xferlog_file files.
55 # NO writes to vsftpd_log_file, YES to xferlog_file
56 xferlog_std_format=NO
57 #是否使用wu-ftp相同的文件格式
58 # You may change the default value for timing out an idle session.
59 #idle_session_timeout=600
60 #如果用户在600秒内没有命令的操作,强制脱机
61 # You may change the default value for timing out a data connection.
62 #data_connection_timeout=120
63 #如果数据链接已建立 120 秒内数据无法顺利传输 ,链接断开
64 # It is recommended that you define on your system a unique user which the
65 # ftp server can use as a totally isolated and unprivileged user.
66 nopriv_user=nobody
67 #使用ftpuser 作为此服务的权限
68 # Enable this and the server will recognise asynchronous ABOR requests. Not
69 # recommended for security (the code is non-trivial). Not enabling it,
70 # however, may confuse older FTP clients.
71 #async_abor_enable=YES
72 #
73 # By default the server will pretend to allow ASCII mode but in fact ignore
74 # the request. Turn on the below options to have the server actually do ASCII
75 # mangling on files when in ASCII mode.
76 # Beware that on some FTP servers, ASCII support allows a denial of service
77 # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
78 # predicted this attack and has always been safe, reporting the size of the
79 # raw file.
80 # ASCII mangling is a horrible feature of the protocol.
81 #ascii_upload_enable=YES
82 #ascii_download_enable=YES
83 #优先使用ascii 格式下载上传文件
84 # You may fully customise the login banner string:
85 #ftpd_banner=Welcome to blah FTP service.
86 #显示一些说明文字
87 # You may specify a file of disallowed anonymous e-mail addresses. Apparently
88 # useful for combatting certain DoS attacks.
89 #deny_email_enable=YES
90 #将某些特殊的email 阻挡住,不让那些anonymous 登录
91 # (default follows)
92 #banned_email_file=/etc/vsftpd/banned_emails
93 #那些email 不可登录
94 # You may specify an explicit list of local users to chroot() to their home
95 # directory. If chroot_local_user is YES, then this list becomes a list of
96 # users to NOT chroot().
97 #chroot_local_user=YES
98 #是否将用户限制在自己的主目录内
99 #chroot_list_enable=YES
100 #是否启用chroot 写入列表的功能,与下一个chroot_list_file 有关
101 # (default follows)
102 #chroot_list_file=/etc/vsftpd/chroot_list
103 #与chroot-local_user 有关
104 # You may activate the "-R" option to the builtin ls. This is disabled by
105 # default to avoid remote users being able to cause excessive I/O on large
106 # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
107 # the presence of the "-R" option, so there is a strong case for enabling it.
108 #ls_recurse_enable=YES
109 #
110 # When "listen" directive is enabled, vsftpd runs in standalone mode and
111 # listens on IPv4 sockets. This directive cannot be used in conjunction
112 # with the listen_ipv6 directive.
113 listen=YES
114 #vsftpd 以standalong 运行
115 # This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
116 # sockets, you must run two copies of vsftpd with two configuration files.
117 # Make sure, that one of the listen options is commented !!
118 #listen_ipv6=YES
119 #userlist_enable=NO
120 #支持/etc/vsftpd/user_list 文件内的帐号登录控制
121 userlist_deny=NO
122 #当用户被列入某个文件时,该用户无法登录ftp服务器
123 userlist_file=/etc/vsftpd/user_list
124 #这个文件里的帐号都无法登录
125
126 pam_service_name=vsftpd
127 #pam模块的功能,在/etc/pam.d/vsftpd 下
128 tcp_wrappers=YES
129 #支持tcp—wapper的防火墙机制
130 use_localtime=YES
131 local_max_rate=1000000
132 #最大传输带宽1mb/s
133 #max_clients=10
134 #max_per_ip=1
135 banner_file=/etc/vsftpd/welcome
下来具体谈谈匿名用户,及虚拟用于的设置 ,(个人不建议用实体用户登录)。
I)如果只是匿名用户,最主要的仅仅只要设置两条语句:
QQ群⑧:
窥视卡
雷达卡
发表于 2015-5-27 11:14:29
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡