1. Configuration parameter Detailed finishing
#接受匿名用户
Anonymous_enable=yes
#匿名用户login时不询问口令
No_anon_password=yes
#匿名用户主目录
Anon_root= (None)
#接受本地用户
Local_enable=yes
#本地用户主目录
Local_root= (None)
#如果匿名用户需要密码, users who use the e-mail address inside Banned_email_file cannot log in
Deny_email_enable=yes
#仅在没有pam验证版本时有用, check to see if the user has a valid shell to log in
Check_shell=yes
#若启用此选项, the Userlist_deny option is started
Userlist_enable=yes
#若为YES, users in Userlist_file will not be able to log on, and for No, only userlist_file users can log on
Userlist_deny=no
#如果和chroot_local_user一起开启, the user-locked directory is from/etc/passwd per user-specified directory (this is not very clear, very familiar with the pointing)
Passwd_chroot_enable=no
#定义匿名登入的使用者名称. The default value is FTP.
Ftp_username=ftp
2. User Rights control
#可以上传 (Global control).
Write_enable=yes
#本地用户上传文件的umask
local_umask=022
#上传文件的权限配合umask使用
#file_open_mode =0666
#匿名用户可以上传
Anon_upload_enable=no
#匿名用户可以建目录
Anon_mkdir_write_enable=no
Other write rights for anonymous users (change permissions?)
Anon_other_write_enable=no
If set to Yes, anonymous login will be allowed to download the readable file. The default value is yes.
Anon_world_readable_only=yes
#如果开启, all user names that are not anonymously logged in will be switched to guest_username specified username
#guest_enable =no
All anonymous uploaded files will be changed to Chown_username
Chown_uploads=yes
User name of anonymous upload file
Chown_username=lightwiter
#如果启动这项功能, all consumers listed in Chroot_list_file cannot change the root directory
Chroot_list_enable=yes
#允许使用 "Async abor" command, generally not, easy to problem
Async_abor_enable=yes
Controls whether the ASCII mode is available for uploading. The default value is No.
Ascii_upload_enable=yes
Download #管控是否可用ASCII mode. The default value is No.
Ascii_download_enable=yes
#这个选项必须指定一个空的数据夹且任何登入者都不能有写入的权限, when VSFTPD does not require the permissions of the file system, the user is limited to this folder. The default value is/usr/share/empty
Secure_chroot_dir=/usr/share/empty
3. Timeout setting
#空闲连接超时
idle_session_timeout=600
#数据传输超时
data_connection_timeout=120
#PAVS请求超时
Accept_timeout=60
#PROT模式连接超时
Connect_timeout=60
4. Server Feature Options
#开启日记功能
Xferlog_enable=yes
#使用标准格式
Xferlog_std_format=yes
#当xferlog_std_format关闭且本选项开启时, log all FTP requests and replies when debugging is more useful.
#log_ftp_protocol =no
#允许使用pasv模式
Pasv_enable=yes
#关闭安全检查, be careful.
#pasv_promiscuous +no
#允许使用port模式
#port_enable =yes
#关闭安全检查
#prot_promiscuous
#开启tcp_wrappers支持
Tcp_wrappers=yes
The name used by the #定义PAM, preset to VSFTPD.
Pam_service_name=vsftpd
#当服务器运行于最底层时使用的用户名
Nopriv_user=nobody
#使vsftpd在pasv命令回复时跳转到指定的IP地址. (server join jump?)
Pasv_address= (None)
5. Server Performance Options
#是否能使用ls-r command to prevent wasteful use of a large number of server resources
#ls_recurse_enable =yes
#是否使用单进程模式
#one_process_model
#绑定到listen_port指定的端口, since it's all tied up, which is open every time, that's what standalone mode
Listen=yes
#当使用者登入后使用ls a directive such as-al queries the file for administrative authority, the preset will appear with the owner's UID, not the name of the file owner. If you want the owner's name to appear, turn this feature on.
Text_userdb_names=no
#显示目录清单时是用本地时间还是GMT时间, you can use the MDTM command to achieve the same effect
Use_localtime=no
#测试平台优化
#use_sendfile =yes
6. Information Class settings
#login时显示欢迎信息. This setting is not valid if Banner_file is set
Ftpd_banner= Welcome to Hunan three-Chen Fake-ta FTP website.
#允许为目录配置显示信息, display the contents of the Message_file file under each directory
Dirmessage_enable=yes
#显示会话状态信息, Shut up!
#setproctitle_enable =yes
7. Document definition
#定义不能更改用户主目录的文件
Chroot_list_file=/etc/vsftpd/vsftpd.chroot_list
#定义限制/allow user to log in to a file
Userlist_file=/etc/vsftpd/vsftpd.user_list
#定义登录信息文件的位置
Banner_file=/etc/vsftpd/banner
#禁止使用的匿名用户登陆时作为密码的电子邮件地址
Banned_email_file=/etc/vsftpd.banned_emails
#日志文件位置
Xferlog_file=/var/log/vsftpd.log
#目录信息文件
Message_file=.message
8. Catalog Definition
#定义用户配置文件的目录
User_config_dir=/etc/vsftpd/userconf
#定义本地用户登陆的根目录, note that defining the root can be a relative path or an absolute path. The relative path is for the user's home directory.
Local_root=webdisk #此项设置每个用户登陆后其根目录为/home/username/webdisk
#匿名用户登陆后的根目录
Anon_root=/var/ftp
9. User connection options
#可接受的最大client数目
max_clients=100
#每个ip的最大client数目
Max_per_ip=5
#使用标准的20端口来连接ftp
Connect_from_port_20=yes
#绑定到某个IP, no other IP access
listen_address=192.168.0.2
#绑定到某个端口
#listen_port =2121
#数据传输端口
#ftp_data_port =2020
The upper bound of the #pasv连接模式时可以使用port range, 0 indicates arbitrary. The default value is 0.
Pasv_max_port=0
The lower bound of the #pasv连接模式时可以使用port range, 0 means arbitrary. The default value is 0.
Pasv_min_port=0
10. Data transfer Options
#匿名用户的传输比率 (b/s)
anon_max_rate=51200
#本地用户的传输比率 (b/s)
local_max_rate=5120000
11. Configuring for other users
If you want to have individual control over each user, simply create a username file in the User_config_dir, which will set the appropriate personal options for data transfer and user rights, and user-defined files are also suitable for use with PAM-supported virtual users
Attached: The meaning of FTP digital code
110 Reboot the tag response.
120 How long the service ready.
125 Data Link port open, ready to transmit.
150 file status is normal, open data connection port.
200 command execution succeeded.
202 command execution failed.
211 System status or system request response.
212 The status of the directory.
213 The status of the file.
214 messages for help.
215 called system type.
220 new online service ready.
221 the control port of the service is closed and can be logged off.
225 data link is turned on, but no transmission action.
226 The data connection port is turned off and the requested file operation is successful.
227 Enter passive mode.
230 User Login.
250 The requested file operation is complete.
257 Displays the current path name.
331 the user name is correct and requires a password.
332 Login required account information.
350 The requested operation requires a command to be entered.
421 Unable to provide service, close control link.
425 cannot open Data link.
426 shut down online to terminate the transmission.
450 The requested operation was not performed.
451 Command terminated: There is a local error.
452 not executing command: insufficient disk space.
500 format error, command not recognized.
501 parameter syntax error.
502 command execution failed.
503 Command Order error.
The 504 command did not have the correct parameters.
530 not logged in.
532 storage files require account login.
550 the requested operation was not performed.
551 The requested command terminated, the type is unknown.
552 the requested file terminated and the storage bit overflowed.
553 The requested command was not executed with the correct name. proftpd configuration
<Global> #global也可不要, after setting up more than one virtual site clear
Identlookups off #连接快些还有后面的 Usereversedns
Requirevalidshell off #匿名的一般需要加上这个
Maxloginattempts 1 #匿名的话1就可以了, Maximum password authentication times
Denyfilter *.*/|. Ftpaccess #DenyFilter做一些过滤, Regular expression
#DenyFilter ~! ' **/?,$@ # according to their own needs to write it, above the good rotten: P
#AllowForeignAddress on #要允许 FXP written on
Dirfakeuser on FTP #不显示给用户真实的用户, group
Pathdenyfilter "(^.ftpaccess$)" #同DenyFilter filtration
User nobody #proftpd which users, groups to run
<limit LOGIN DELE RMD xrmd SITE rnfr rnto write>
</Limit> #出于某些考虑, start to ban, the back need to open again. Read also can be added ...
#也可以这里设置允许连接的网段 Login, or behind, suggest a firewall
AllowOverwrite off #禁止重写覆盖, back open to allow continued transmission
</Directory> #AllowRetrieveRestart默认是on can also be written in
ServerType Standalone #运行方式还可以用 inetd xinetd
Serverident on the "Welcome to FTP" #身份验证前显示给用户的, also available files, here slightly
Passiveports 20000 30000 #被动模式端口段
Systemlog/var/proftpd/syslog #log Note that you add logrotate configuration
#log一些自定义格式, adjust as needed or use the default
Logformat myxfer "%h%u%t" "%r" "%s%b"
Logformat default "%h%a%u%t" "%r" "%s%b $$ '%F '"
Logformat Auth "%h%a%t" "%r" "%s"
Logformat write "%h%a%t" "%r" "%s%b"
#匿名的根目录记得设置相应目录权限, FTP users should have at least R x permissions
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
