FastHandle - IT Operations Examples

FastHandle is fast operation tools for infrastructure configurations and tests.

User Tools

Site Tools


middleware:vsftpd:conf001.html



Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
middleware:vsftpd:conf001.html [2018/02/05 23:52]
kurihara
middleware:vsftpd:conf001.html [2018/02/08 01:17] (current)
kurihara
Line 1: Line 1:
 [[middleware:vsftpd:index.html]] [[middleware:vsftpd:index.html]]
-====== VSFTPD Default Configuration /etc/vsftpd/vsftpd.conf ======+====== CentOS7 VSFTPD Default Configuration vsftpd.conf ======
  
 \\ \\
Line 6: Line 6:
 \\ \\
  
-===== CentOS7 ===== +===== Introduction ===== 
-==== /etc/vsftpd/vsftpd.conf ====+  *CentOS7
  
-<sxh apache toolbar:false gutter:false>+===== /etc/vsftpd/vsftpd.conf ===== 
 + 
 +<sxh python toolbar:false gutter:false> 
 +# Example config file /etc/vsftpd/vsftpd.conf 
 +
 +# The default compiled in settings are fairly paranoid. This sample file 
 +# loosens things up a bit, to make the ftp daemon more usable. 
 +# Please see vsftpd.conf.5 for all compiled in defaults. 
 +
 +# READ THIS: This example file is NOT an exhaustive list of vsftpd options. 
 +# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd'
 +# capabilities. 
 +
 +# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
 anonymous_enable=YES anonymous_enable=YES
 +#
 # Uncomment this to allow local users to log in. # Uncomment this to allow local users to log in.
 +# When SELinux is enforcing check for SE bool ftp_home_dir
 local_enable=YES local_enable=YES
 +
 +# Uncomment this to enable any form of FTP write command.
 write_enable=YES write_enable=YES
-# 022 -> 755+# 
 +# Default umask for local users is 077. You may wish to change this to 022
 +# if your users expect that (022 is used by most other ftpd's)
 local_umask=022 local_umask=022
- +# 
-#messages given to remote users when they go into a certain directory.+Uncomment this to allow the anonymous FTP user to upload files. This only 
 +# has an effect if the above global write enable is activated. Also, you will 
 +# obviously need to create a directory writable by the FTP user. 
 +# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access 
 +#anon_upload_enable=YES 
 +
 +# Uncomment this if you want the anonymous FTP user to be able to create 
 +# new directories. 
 +#anon_mkdir_write_enable=YES 
 +
 +# Activate directory messages - messages given to remote users when they 
 +go into a certain directory.
 dirmessage_enable=YES dirmessage_enable=YES
 +#
 # Activate logging of uploads/downloads. # Activate logging of uploads/downloads.
 xferlog_enable=YES xferlog_enable=YES
 +#
 +# Make sure PORT transfer connections originate from port 20 (ftp-data).
 connect_from_port_20=YES connect_from_port_20=YES
 +
 +# If you want, you can arrange for uploaded anonymous files to be owned by 
 +# a different user. Note! Using "root" for uploaded files is not 
 +# recommended! 
 +#chown_uploads=YES 
 +#chown_username=whoever 
 +
 +# You may override where the log file goes if you like. The default is shown 
 +# below. 
 +#xferlog_file=/var/log/xferlog 
 +#
 # If you want, you can have your log file in standard ftpd xferlog format. # If you want, you can have your log file in standard ftpd xferlog format.
 # Note that the default log file location is /var/log/xferlog in this case. # Note that the default log file location is /var/log/xferlog in this case.
 xferlog_std_format=YES xferlog_std_format=YES
 +#
 +# You may change the default value for timing out an idle session.
 +#idle_session_timeout=600
 +#
 +# You may change the default value for timing out a data connection.
 +#data_connection_timeout=120
 +#
 +# It is recommended that you define on your system a unique user which the
 +# ftp server can use as a totally isolated and unprivileged user.
 +#nopriv_user=ftpsecure
 +#
 +# Enable this and the server will recognise asynchronous ABOR requests. Not
 +# recommended for security (the code is non-trivial). Not enabling it,
 +# however, may confuse older FTP clients.
 +#async_abor_enable=YES
 +#
 +# By default the server will pretend to allow ASCII mode but in fact ignore
 +# the request. Turn on the below options to have the server actually do ASCII
 +# mangling on files when in ASCII mode.
 +# Beware that on some FTP servers, ASCII support allows a denial of service
 +# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
 +# predicted this attack and has always been safe, reporting the size of the
 +# raw file.
 +# ASCII mangling is a horrible feature of the protocol.
 +#ascii_upload_enable=YES
 +#ascii_download_enable=YES
 +#
 +# You may fully customise the login banner string:
 +#ftpd_banner=Welcome to blah FTP service.
 +#
 +# You may specify a file of disallowed anonymous e-mail addresses. Apparently
 +# useful for combatting certain DoS attacks.
 +#deny_email_enable=YES
 +# (default follows)
 +#banned_email_file=/etc/vsftpd/banned_emails
 +#
 +# You may specify an explicit list of local users to chroot() to their home
 +# directory. If chroot_local_user is YES, then this list becomes a list of
 +# users to NOT chroot().
 +# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
 +# the user does not have write access to the top level directory within the
 +# chroot)
 +#chroot_local_user=YES
 +#chroot_list_enable=YES
 +# (default follows)
 +#chroot_list_file=/etc/vsftpd/chroot_list
 +#
 +# You may activate the "-R" option to the builtin ls. This is disabled by
 +# default to avoid remote users being able to cause excessive I/O on large
 +# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
 +# the prese
 +</sxh>
  
-listen=NO 
-listen_ipv6=YES 
  
-pam_service_name=vsftpd +\\ 
-userlist_enable=YES +===== /etc/vsftpd/ftpusers ===== 
-tcp_wrappers=YES+Users that are not allowed to login via ftp 
 +<sxh apache toolbar:false gutter:false> 
 +# Users that are not allowed to login via ftp 
 +root 
 +bin 
 +daemon 
 +adm 
 +lp 
 +sync 
 +shutdown 
 +halt 
 +mail 
 +news 
 +uucp 
 +operator 
 +games 
 +nobody
 </sxh> </sxh>
  
 +\\ 
 +===== /etc/vsftpd/user_list ===== 
 +<sxh apache toolbar:false gutter:false> 
 +# vsftpd userlist 
 +# If userlist_deny=NO, only allow users in this file 
 +# If userlist_deny=YES (default), never allow users in this file, and 
 +# do not even prompt for a password. 
 +# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers 
 +# for users that are denied. 
 +root 
 +bin 
 +daemon 
 +adm 
 +lp 
 +sync 
 +shutdown 
 +halt 
 +mail 
 +news 
 +uucp 
 +operator 
 +games 
 +nobody 
 +</sxh>
  
  


middleware/vsftpd/conf001.html.1517842358.txt.gz · Last modified: 2018/02/05 23:52 by kurihara