-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathvsftpd.conf
More file actions
108 lines (83 loc) · 3.04 KB
/
vsftpd.conf
File metadata and controls
108 lines (83 loc) · 3.04 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
# Run standalone? vsftpd can run either from an inetd or as a standalone
# daemon started from an initscript.
listen=YES
# Some notification
ftpd_banner=Mireille - britaliope's FTP
# Run standalone with IPv6?
# Like the listen parameter, except vsftpd will listen on an IPv6 socket
# instead of an IPv4 one. This parameter and the listen parameter are mutually
# exclusive.
listen_ipv6=NO
# Run in the foreground to keep the container running:
background=NO
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
# Uncomment this to allow local users to log in.
local_enable=YES
# Uncomment this to enable any form of FTP write command.
write_enable=YES
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
#local_umask=022
# Virtual users will use the same privileges as local users.
# It will grant write access to virtual users. Virtual users will use the
# same privileges as anonymous users, which tends to be more restrictive
# (especially in terms of write access).
virtual_use_local_privs=YES
# Enable virtual users
guest_enable=YES
# Hide ids from user
hide_ids=YES
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
# If enabled, vsftpd will display directory listings with the time
# in your local time zone. The default is to display GMT. The
# times returned by the MDTM FTP command are also affected by this
# option.
use_localtime=YES
# Enable logging
xferlog_enable=YES
xferlog_file=/var/log/vsftpd/vsftpd.log
# PAM file name
pam_service_name=vsftpd_virtual
## Home Directory for virtual users
user_sub_token=$USER
local_root=/var/ftp/$USER
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_local_user=YES
# Workaround chroot check.
# See https://www.benscobie.com/fixing-500-oops-vsftpd-refusing-to-run-with-writable-root-inside-chroot/
# and http://serverfault.com/questions/362619/why-is-the-chroot-local-user-of-vsftpd-insecure
#allow_writeable_chroot=YES
# This option should be the name of a directory which is empty. Also, the
# directory should not be writable by the ftp user. This directory is used
# as a secure chroot() jail at times vsftpd does not require filesystem
# access.
secure_chroot_dir=/var/run/vsftpd/empty
# Enable passive mode
pasv_enable=YES
# Set passive port range
pasv_max_port=21150
pasv_min_port=21100
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
# Enable active mode
port_enable=YES
ftp_data_port=20
max_clients=10
max_per_ip=5
# Turn this of to prevent 500 OOPS: priv_sock_get_cmd
seccomp_sandbox=NO
# Run under the dedicated user we created
nopriv_user=ftp
#ftp_username=ftp
guest_username=ftp
chown_uploads=YES
chown_username=ftp
chown_upload_mode=0644
anon_upload_enable=NO
anon_mkdir_write_enable=NO
user_config_dir=/conf/vsftpd/user_conf