vsftpd.conf配置详解根据/etc/vsftpd/vsftpd.conf默认配置给出设定功能# Example config file /etc/vsftpd/vsftpd.conf# The default compiled in settings are fairly paranoid. This sample file# loosens things up a bit, to make the ftp daemon more usable.# Please see vsftpd.conf.5 for all compiled in defaults.# READ THIS: This example file is NOT an exhaustive list of vsftpd options.# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's# capabilities.# Allow anonymous FTP? (Beware - allowed by default if you comment this out).anonymous_enable=YES允许匿名用户登录# Uncomment this to allow local users to log in.local_enable=YES允许系统用户名登录# Uncomment this to enable any form of FTP write command.write_enable=YES允许使用任何可以修改文件系统的FTP的指令# Default umask for local users is 077. You may wish to change this to 022,# if your users expect that (022 is used by most other ftpd's)local_umask=022本地用户新增档案的权限# Uncomment this to allow the anonymous FTP user to upload files. This only# has an effect if the above global write enable is activated. Also, you will# obviously need to create a directory writable by the FTP user.#anon_upload_enable=YES允许匿名用户上传文件# Uncomment this if you want the anonymous FTP user to be able to create# new directories.#anon_mkdir_write_enable=YES允许匿名用户创建新目录# Activate directory messages - messages given to remote users when they# go into a certain directory.dirmessage_enable=YES允许为目录配置显示信息,显示每个目录下面的message_file文件的内容# Activate logging of uploads/downloads.xferlog_enable=YES开启日记功能# Make sure PORT transfer connections originate from port 20 (ftp-data).connect_from_port_20=YES使用标准的20端口来连接ftp# If you want, you can arrange for uploaded anonymous files to be owned by# a different user. Note! Using "root" for uploaded files is not# recommended!#chown_uploads=YES所有匿名上传的文件的所属用户将会被更改成chown_username#chown_username=whoever匿名上传文件所属用户名# You may override where the log file goes if you like. The default is shown# below.#xferlog_file=/var/log/vsftpd.log日志文件位置# If you want, you can have your log file in standard ftpd xferlog formatxferlog_std_format=YES使用标准格式# You may change the default value for timing out an idle session.#idle_session_timeout=600空闲连接超时# You may change the default value for timing out a data connection.#data_connection_timeout=120数据传输超时# It is recommended that you define on your system a unique user which the# ftp server can use as a totally isolated and unPRivileged user.#nopriv_user=ftpsecure当服务器运行于最底层时使用的用户名# Enable this and the server will recognise asynchronous ABOR requests. Not# recommended for security (the code is non-trivial). Not enabling it,# however, may confuse older FTP clients.#async_abor_enable=YES允许使用/"asyncABOR/"命令,一般不用,容易出问题# By default the server will pretend to allow ASCII mode but in fact ignore# the request. Turn on the below options to have the server actually do ASCII# mangling on files when in ASCII mode.# Beware that on some FTP servers, ASCII support allows a denial of service# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd# predicted this attack and has always been safe, reporting the size of the# raw file.# ASCII mangling is a horrible feature of the protocol.#ascii_upload_enable=YES管控是否可用ASCII模式上传。默认值为NO#ascii_download_enable=YES管控是否可用ASCII模式下载。默认值为NO# You may fully customise the login banner string:#ftpd_banner=Welcome to blah FTP service.login时显示欢迎信息.如果设置了banner_file则此设置无效# You may specify a file of disallowed anonymous e-mail addresses. Apparently# useful for combatting certain DoS attacks.#deny_email_enable=YES如果匿名用户需要密码,那么使用banned_email_file里面的电子邮件地址的用户不能登录# (default follows)#banned_email_file=/etc/vsftpd/banned_emails禁止使用匿名用户登陆时作为密码的电子邮件地址# You may specify an explicit list of local users to chroot() to their home# directory. If chroot_local_user is YES, then this list becomes a list of# users to NOT chroot().#chroot_list_enable=YES如果启动这项功能,则所有列在chroot_list_file中的使用者不能更改根目录# (default follows)#chroot_list_file=/etc/vsftpd/chroot_list定义不能更改用户主目录的文件# You may activate the "-R" option to the builtin ls. This is disabled by# default to avoid remote users being able to cause excessive I/O on large# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume# the presence of the "-R" option, so there is a strong case for enabling it.#ls_recurse_enable=YES是否能使用ls-R命令以防止浪费大量的服务器资源# When "listen" directive is enabled, vsftpd runs in standalone mode and# listens on ipv4 sockets. This directive cannot be used in conjunction# with the listen_ipv6 directive.listen=YES绑定到listen_port指定的端口,既然都绑定了也就是每时都开着的,就是那个什么standalone模式# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6# sockets, you must run two copies of vsftpd whith two configuration files.# Make sure, that one of the listen options is commented !!#listen_ipv6=YESpam_service_name=vsftpd定义PAM所使用的名称,预设为vsftpduserlist_enable=YES若启用此选项,userlist_deny选项才被启动tcp_wrappers=YES开启tcp_wrappers支持过滤掉那些注释,以便我们日后修改配置,大家可以删除vsftpd.conf内容,拷贝以下:anonymous_enable=YESlocal_enable=YESwrite_enable=YESlocal_umask=022#anon_upload_enable=YES#anon_mkdir_write_enable=YESdirmessage_enable=YESxferlog_enable=YESconnect_from_port_20=YES#chown_uploads=YES#chown_username=whoever#xferlog_file=/var/log/vsftpd.logxferlog_std_format=YES#idle_session_timeout=600#data_connection_timeout=120#nopriv_user=ftpsecure#async_abor_enable=YES#ascii_upload_enable=YES#ascii_download_enable=YES#ftpd_banner=Welcome to blah FTP service.#deny_email_enable=YES#banned_email_file=/etc/vsftpd/banned_emails#chroot_list_enable=YES#chroot_list_file=/etc/vsftpd/chroot_list#ls_recurse_enable=YESlisten=YES#listen_ipv6=YESpam_service_name=vsftpduserlist_enable=YEStcp_wrappers=YES
