set function According to /etc/vsftpd/vsftpd.conf default configuration# Example config file/etc/vsftpd/vsftpd.conf# The default compiled in Settings is fairly paranoid. This sample file# loosens things up a bit, to make the FTP daemon more usable.# VSFTPD.CONF.5 See the compiled in defaults.# READ This:this Example file is a exhaustive list of vsftpd options.# Please read the VSFTPD.CONF.5 manual page to get a full idea of vsftpd ' s# capabilities.# Allow anonymous FTP? (beware-allowed by default if you comment this out).Anonymous_enable=yesallow anonymous users to log on# Uncomment this to allow local users to log in.Local_enable=yesAllow system User name login# Uncomment this to enable any form of FTP write command.Write_enable=yesallows the use of any instruction that can modify the file system's FTP # Default Umask for Local Users is 077. wish to 022,# If your users expect that (022 was used by the most other ftpd ' s)local_umask=022permissions for local users to add files# Uncomment the anonymous FTP user to upload files. this only# has a effect if the above global write enable is activated. Also, you'll# Obviously need to create a directory writable by the FTP user.#anon_upload_enable =yesallow anonymous users to upload files# Uncomment this if you want the anonymous FTP user to being able to create# new directories.#anon_mkdir_write_enable =yesallow anonymous users to create a new directory# Activate Directory messages-messages given to remote users when they# go into a certain directory.Dirmessage_enable=yesallows you to configure display information for the directory to display the contents of the message_file file under each directory# Activate logging of uploads/downloads.Xferlog_enable=yesTurn on journaling# Make sure port transfer connections originate from port (ftp-data).Connect_from_port_20=yesUse the standard20 port to connect to FTP# If You want, you can arrange for uploaded anonymous files to being owned by# a different user. note! Using "root" for uploaded files are not# recommended!#chown_uploads =yesThe users of all files that are anonymously uploaded will beChange intoChown_username#chown_username =whoever Anonymous upload file belongs to user name# You could override where the log file goes if you like. The default is shown# below.#xferlog_file =/var/log/vsftpd.logLog file location# If You want, you can have the your log file in the standard FTPD xferlog formatXferlog_std_format=yesUse standard format# You could change the default value of timing out an idle session.#idle_session_timeout =600Idle connection Timeout# The default value for timing out a data connection.#data_connection_timeout =120Data transfer Timeout# It is recommended so define on your system a unique user which the# FTP Server can use as a totally isolated and unprivileged user.#nopriv_user =ftpsecureThe user name to use when the server is running at the bottom# Enable This and the server would recognise asynchronous ABOR requests. not# Recommended for security (the code is non-trivial). Not enabling it,# However, may confuse older FTP clients.#async_abor_enable =yesallow use of the \ "Async abor\" command, generally not,Prone to problems# By default the server would pretend to allow ASCII mode but in fact ignore# the request. Turn on the below options to has the server actually do ASCII# mangling on files while in ASCII mode.# Beware, some FTP servers, ASCII support allows a denial of service# Attack (DoS) via the command "Size/big/file" in ASCII mode. VSFTPD# predicted this attack and have always been safe, reporting the size of the# RAW file.# ASCII mangling is a horrible feature of the protocol.#ascii_upload_enable =yes Control is availableASCIIMode upload. Default valueto beNO#ascii_download_enable =yesControl is availableASCIIMode download. Defaultvalue isNO# fully customise the login banner string:#ftpd_banner =welcome to blah FTP service.The welcome message is displayed when you login. This setting is not valid if Banner_file is set # You may specify a file of disallowed anonymous e-mail addresses. Apparently# Useful for combatting certain DoS attacks.#deny_email_enable =yes If the anonymous user requires a password, then thewithBanned_email_fileinThe user of the face's e-mail address cannot log on# (default follows)#banned_email_file =/etc/vsftpd/banned_emailsProhibit anonymous users from using an email address that is used as a password when logging in# Specify an explicit list of the Local users to Chroot () to their home# directory. If Chroot_local_user is YES and then this list becomes a list of# users to Not Chroot ().#chroot_list_enable =yesIf this feature is started, alllisted inChroot_list_filein the use ofThe root directory cannot be changed by# (default follows)#chroot_list_file =/etc/vsftpd/chroot_listDefine files that cannot change the user's home directory# You may activate the "-r" option to the builtin LS. this was disabled by# Default to avoid remote users being able to cause excessive I/O on large# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume# The presence of the "-r" option, so there was a strong case for enabling it.#ls_recurse_enable =yesIsWhether you can useLs-rcommand in caseWasting a lot of server resources# when "Listen" directive are enabled, VSFTPD runs in standalone mode and# listens on IPV4 sockets. This directive cannot is used in conjunction# with the Listen_ipv6 directive.Listen=yesbound to the port specified by Listen_port, since it is bound to be open every time, that is whatStandalone Mode# This directive enables listening on IPV6 sockets. To listen on IPv4 and IPv6# sockets, you must run the copies of vsftpd whith the configuration files.# Make sure, which one of the listen options is commented !#listen_ipv6 =yes pam_service_name=vsftpddefine the name used by Pam, preset to VSFTPDUserlist_enable=yesIf this option is enabled, the Userlist_deny option is startedTcp_wrappers=yes turn on tcp_wrappers support
filter out those comments so that we can modify the configuration later, you may delete the vsftpd.conf
content, copy the following:
Anonymous_enable=yesLocal_enable=yesWrite_enable=yeslocal_umask=022#anon_upload_enable =yes#anon_mkdir_write_enable =yesDirmessage_enable=yesXferlog_enable=yesConnect_from_port_20=yes#chown_uploads =yes#chown_username =whoever#xferlog_file =/var/log/vsftpd.logXferlog_std_format=yes#idle_session_timeout =600#data_connection_timeout =120#nopriv_user =ftpsecure#async_abor_enable =yes#ascii_upload_enable =yes#ascii_download_enable =yes#ftpd_banner =welcome to blah FTP service.#deny_email_enable =yes#banned_email_file =/etc/vsftpd/banned_emails#chroot_list_enable =yes#chroot_list_file =/etc/vsftpd/chroot_list#ls_recurse_enable =yesListen=yes#listen_ipv6 =yespam_service_name=vsftpdUserlist_enable=yesTcp_wrappers=yes
VSFTPD.CONF Configuration Detailed