-
Notifications
You must be signed in to change notification settings - Fork 5
/
vsftpd.conf
133 lines (104 loc) · 4.48 KB
/
vsftpd.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
# Run in the foreground to keep the container running:
background=NO
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
# Uncomment this to allow local users to log in.
local_enable=YES
## Enable virtual users
guest_enable=YES
guest_username=virtual
nopriv_user=vsftpd
user_config_dir=/etc/vsftpd/vsftpd_user_conf
## Virtual users will use the same permissions as anonymous
virtual_use_local_privs=YES
# Uncomment this to enable any form of FTP write command.
write_enable=YES
## PAM file name
pam_service_name=vsftpd_virtual
## Home Directory for virtual users
user_sub_token=$USER
local_root=/home/ftp/$USER
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_local_user=YES
# if chroot_local_user is set to YES,
# you may provide a list of local users who are placed in a chroot() jail
# in their home directory upon login
# By default, the file containing this list is /etc/vsftpd.chroot_list
chroot_list_enable=NO
# along with chroot_local_user , then a chroot() jail location may be specified on a per-user basis.
# Each user's jail is derived from their home directory string in /etc/passwd.
# The occurrence of /./ in the home directory string denotes that the jail is at that particular location in the path.
# passwd_chroot_enable=yes
# Workaround chroot check.
# See https://www.benscobie.com/fixing-500-oops-vsftpd-refusing-to-run-with-writable-root-inside-chroot/
# and http://serverfault.com/questions/362619/why-is-the-chroot-local-user-of-vsftpd-insecure
allow_writeable_chroot=YES
## Hide ids from user
hide_ids=YES
## Set passive port address
pasv_addr_resolve=NO
## Enable logging
xferlog_enable=YES
xferlog_file=/var/log/vsftpd/vsftpd.log
xferlog_std_format=YES
## Enable active mode
port_enable=YES
connect_from_port_20=YES
ftp_data_port=20
## Disable seccomp filter sanboxing
seccomp_sandbox=NO
## Enable passive mode
pasv_enable=YES
## Fix for 425 Security: Bad IP connecting
# Set to YES if you want to disable the PASV security check
# that ensures the data connection originates from the same IP address as the control connection.
# Only enable if you know what you are doing!
# The only legitimate use for this is in some form of secure tunnelling scheme,
# or perhaps to facilitate FXP support.
pasv_promiscuous=YES
# This string option allows you to override the greeting banner displayed by vsftpd when a connection first comes in.
# Default: (none - default vsftpd banner is displayed)
ftpd_banner=Welcome to FTP Server
# If enabled, users of the FTP server can be shown messages when they first enter a new directory.
# By default, a directory is scanned for the file .message,
# but that may be overridden with the configuration setting message_file.
dirmessage_enable=YES
# The value that the umask for file creation is set to for local users.
# NOTE! If you want to specify octal values,
# remember the "0" prefix otherwise the value will be treated as a base 10 integer!
# Default: 077
# local_umask=022
# If vsftpd is in standalone mode, this is the maximum number of clients which may be connected.
# Any additional clients connecting will get an error message.
# Default: 0 (unlimited)
# max_clients=100
# After this many login failures, the session is killed.
# Default: 3
# max_login_fails=3
# If vsftpd is in standalone mode, this is the maximum number of clients
# which may be connected from the same source internet address.
# A client will get an error message if they go over this limit.
# Default: 0 (unlimited)
# max_per_ip=20
# Like the listen parameter, except vsftpd will listen on an IPv6 socket instead of an IPv4 one.
# This parameter and the listen parameter are mutually exclusive.
listen_ipv6=NO
## Timeout
# The timeout, in seconds, for a remote client to establish connection with a PASV style data connection.
# Default: 60
# accept_timeout=60
# The timeout, in seconds, for a remote client to respond to our PORT style data connection.
# Default: 60
# connect_timeout=60
# The timeout, in seconds, which is roughly the maximum time
# we permit data transfers to stall for with no progress.
# If the timeout triggers, the remote client is kicked off.
# Default: 300
# data_connection_timeout=300
# The timeout, in seconds, which is the maximum time
# a remote client may spend between FTP commands.
# If the timeout triggers, the remote client is kicked off.
# Default: 300
# idle_session_timeout=300