# Allow anonymous FTP?
(beware-allowed by default if you comment this out). #anonymous_enable =yes anonymous_enable=no setting does not allow anonymous access to the # # uncomment this to enable local users to log in. Local_enable=yes settings Accessible to local users.
Note: Primarily for virtual hosting users, if the item is set to No then all virtual users will not be able to access it.
# # Uncomment this to enable any form of FTP write command.
Write_enable=yes settings can be written. # # Default Umask for Local users are 077. wish to 022, # If your users expect that (022 are used by the most other ftpd ' s) local_umask=022 set post-upload file
The permission mask. # # Uncomment the anonymous FTP user to upload files. This only # has a effect if the above global write enable is activated.
Also, you'll # obviously need to create a directory writable by the FTP user.
#anon_upload_enable =yes Anon_upload_enable=no prohibit anonymous users from uploading.
# # Uncomment this if you want the anonymous FTP user to being able to create # new directories.
#anon_mkdir_write_enable =yes Anon_mkdir_write_enable=no prohibits anonymous users from creating directories. # # Activate Directory messages-messages given to reMote users when they # go to a certain directory.
Dirmessage_enable=yes Set the Open Directory banner feature.
# # Activate logging of Uploads/downloads.
Xferlog_enable=yes set the Enable logging function.
# # Make sure port transfer connections originate from port (ftp-data).
Connect_from_port_20=yes set port 20 for data connection. # If you want, you can arrange for uploaded anonymous files to be owned by # a different user. note!
Using "root" for uploaded files are not # recommended!
#chown_uploads =yes chown_uploads=no setting prevents uploading of file changes to the host. #chown_username =whoever # # You could override where the log file goes if you like.
The default is shown # below. Xferlog_file=/var/log/vsftpd.log set the VSFTPD service log save path. Note that the file does not exist by default. You have to touch it manually, and because of this change, the VSFTPD service host user is the manually established VSFTPD.
You must be aware of the Write permission to the log for that user, or the service will fail to start.
# # If You want, you can have your log file in the standard FTPD xferlog format Xferlog_std_format=yes set the log using the standardized record format.
# # The change of the default value for timing-an idle session. #idle_session_timeout = 600 Sets the idle connection timeout, where default is used. Specify the specific value for each specific user, if not specified, or use the default value here 600, per second.
# # You could change the default value for timing out a data connection. #data_connection_timeout = 120 sets a single maximum continuous transmission time, where the default is used.
Specify the specific values for each specific user, if not specified, or use the default value here of 120, per second. # # IT is recommended so define on your system a unique user which the # FTP server can use as a totally isolated an
D unprivileged user. #nopriv_user =ftpsecure NOPRIV_USER=VSFTPD Sets the host user that supports the VSFTPD service as a manually established VSFTPD user. Note that once you make changes to the host user, you must be aware of the read and write rights of the read-write files associated with the service.
For example, the log file must give the user write permission, and so on. # # Enable This and the server would recognise asynchronous ABOR requests. Not # Recommended for security (the code is non-trivial).
Not enabling it, # However, may confuse older FTP clients.
The Async_abor_enable=yes setting supports asynchronous transfer functions. # By default the server would pretend to allow ASCII mode but in fact ignore # the request.
Turn on the below options to has the server actually do ASCII # mangling on files while in ASCII mode. # beware, some FTP servers, ASCII support allows a denial of service # attack (DoS) via the command "Size/big/file "InASCII mode.
VSFTPD # predicted this attack and have always been safe, reporting the size of the # RAW file.
# ASCII mangling is a horrible feature of the protocol.
Ascii_upload_enable=yes Ascii_download_enable=yes sets the upload and download features that support ASCII mode. # # fully customise the login banner string:ftpd_banner=this vsftp Server supports virtual users ^_^ set the VSFTPD landing mark
Language. # # Specify a file of disallowed anonymous e-mail addresses.
Apparently # useful for combatting certain DoS attacks. #deny_email_enable =yes # (default follows) #banned_email_file =/etc/vsftpd/banned_emails # # Specify an explicit Li St of Local Users to Chroot () to their home # directory.
If Chroot_local_user is YES and then this list becomes a list of # users to not Chroot ().
#chroot_list_enable =yes Chroot_list_enable=no prohibits users from logging out of their own FTP home directory. # (default follows) #chroot_list_file =/etc/vsftpd/chroot_list # # You may activate the "-r" option to the builtin LS. This is disabled by # Default to avoid remote users being able to cauSE excessive I/O on large # sites. However, some broken FTP clients such as "ncftp" and "Mirror" assume # The presence of the "-r" option, so there is a Stro
NG case for enabling it. #ls_recurse_enable =yes ls_recurse_enable=no A command that prohibits users from using "Ls-r" after they log on to FTP. This command can cause significant overhead for server performance.
If this entry is allowed, blocking multiple users using the command at the same time will pose a threat to that server. # when "Listen" directive are enabled, VSFTPD runs in standalone mode and # listens on IPV4 sockets.
This directive cannot is used in conjunction # with the LISTEN_IPV6 directive. Listen=yes set the VSFTPD service to work in standalone mode. By the way, the so-called standalone mode is that the service has its own daemon support, under the PS-A command we will be available to see the VSFTPD daemon name.
If you do not want to work in standalone mode, you can choose the Superdaemon mode, in which VSFTPD will not have its own daemon, but the Super daemon xinetd full proxy, at the same time, many of the functions of the VSFTP service will not be implemented. # # directive enables listening on IPV6 sockets.
To listen on IPV4 and IPv6 # sockets, you must run, copies of vsftpd whith, configuration files.
# Make sure, which one of the listen options is commented!! #listen_ipv6 =YESPAM_SERVICE_NAME=VSFTPD Set the authentication profile name for VSFTPD under Pam service. Therefore, the PAM validation will refer to the/etc/pam.d/underVSFTPD file configuration.
Userlist_enable=yes settings users in Userlist_file will not be allowed to use FTP. The Tcp_wrappers=yes setting supports TCP wrappers.
#KC: The following entries is added for supporting virtual FTP users. The following are important configuration items for VSFTPD virtual user support. These settings are not included in the default vsftpd.conf, and you need to manually add the configuration yourself.
The Guest_enable=yes setting enables the virtual User feature.
GUEST_USERNAME=OVERLORD Specifies the host user for the virtual user.
Virtual_use_local_privs=yes set the permissions for virtual users to match their host users. User_config_dir=/etc/vsftpd/vconf set the configuration file storage path for the virtual user's personal vsftp. That is, the specified directory, will be stored in each vsftp virtual user personality profile, one need to note that these configuration file names must be the same as the virtual user name.