{"id":376,"date":"2019-01-24T14:35:38","date_gmt":"2019-01-24T13:35:38","guid":{"rendered":"http:\/\/blog.r00x.at\/?page_id=376"},"modified":"2019-01-24T14:39:37","modified_gmt":"2019-01-24T13:39:37","slug":"vsftpd-conf","status":"publish","type":"page","link":"https:\/\/blog.r00x.at\/?page_id=376","title":{"rendered":"vsftpd.conf"},"content":{"rendered":"\n<pre class=\"prettyprint\"># Example config file \/etc\/vsftpd.conf\n#\n# The default compiled in settings are fairly paranoid. This sample file\n# loosens things up a bit, to make the ftp daemon more usable.\n# Please see vsftpd.conf.5 for all compiled in defaults.\n#\n# READ THIS: This example file is NOT an exhaustive list of vsftpd options.\n# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's\n# capabilities.\n#\n#\n# Run standalone?  vsftpd can run either from an inetd or as a standalone\n# daemon started from an initscript.\nlisten=NO\n#\n# This directive enables listening on IPv6 sockets. By default, listening\n# on the IPv6 \"any\" address (::) will accept connections from both IPv6\n# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6\n# sockets. If you want that (perhaps because you want to listen on specific\n# addresses) then you must run two copies of vsftpd with two configuration\n# files.\nlisten_ipv6=YES\n#\n# Allow anonymous FTP? (Disabled by default).\nanonymous_enable=NO\n#\n# Uncomment this to allow local users to log in.\nlocal_enable=YES\n#\n# Uncomment this to enable any form of FTP write command.\nwrite_enable=YES\n#\n# Default umask for local users is 077. You may wish to change this to 022,\n# if your users expect that (022 is used by most other ftpd's)\nlocal_umask=022\n#\n# Uncomment this to allow the anonymous FTP user to upload files. This only\n# has an effect if the above global write enable is activated. Also, you will\n# obviously need to create a directory writable by the FTP user.\n#anon_upload_enable=YES\n#\n# Uncomment this if you want the anonymous FTP user to be able to create\n# new directories.\n#anon_mkdir_write_enable=YES\n#\n# Activate directory messages - messages given to remote users when they\n# go into a certain directory.\ndirmessage_enable=YES\n#\n# If enabled, vsftpd will display directory listings with the time\n# in  your  local  time  zone.  The default is to display GMT. The\n# times returned by the MDTM FTP command are also affected by this\n# option.\nuse_localtime=YES\n#\n# Activate logging of uploads\/downloads.\nxferlog_enable=YES\n#\n# Make sure PORT transfer connections originate from port 20 (ftp-data).\nconnect_from_port_20=YES\n#\n# If you want, you can arrange for uploaded anonymous files to be owned by\n# a different user. Note! Using \"root\" for uploaded files is not\n# recommended!\n#chown_uploads=YES\n#chown_username=whoever\n#\n# You may override where the log file goes if you like. The default is shown\n# below.\n#xferlog_file=\/var\/log\/vsftpd.log\n#\n# If you want, you can have your log file in standard ftpd xferlog format.\n# Note that the default log file location is \/var\/log\/xferlog in this case.\n#xferlog_std_format=YES\n#\n# You may change the default value for timing out an idle session.\n#idle_session_timeout=600\n#\n# You may change the default value for timing out a data connection.\n#data_connection_timeout=120\n#\n# It is recommended that you define on your system a unique user which the\n# ftp server can use as a totally isolated and unprivileged user.\n#nopriv_user=ftpsecure\n#\n# Enable this and the server will recognise asynchronous ABOR requests. Not\n# recommended for security (the code is non-trivial). Not enabling it,\n# however, may confuse older FTP clients.\n#async_abor_enable=YES\n#\n# By default the server will pretend to allow ASCII mode but in fact ignore\n# the request. Turn on the below options to have the server actually do ASCII\n# mangling on files when in ASCII mode.\n# Beware that on some FTP servers, ASCII support allows a denial of service\n# attack (DoS) via the command \"SIZE \/big\/file\" in ASCII mode. vsftpd\n# predicted this attack and has always been safe, reporting the size of the\n# raw file.\n# ASCII mangling is a horrible feature of the protocol.\n#ascii_upload_enable=YES\n#ascii_download_enable=YES\n#\n# You may fully customise the login banner string:\n#ftpd_banner=Welcome to blah FTP service.\n#\n# You may specify a file of disallowed anonymous e-mail addresses. Apparently\n# useful for combatting certain DoS attacks.\n#deny_email_enable=YES\n# (default follows)\n#banned_email_file=\/etc\/vsftpd.banned_emails\n#\n# You may restrict local users to their home directories.  See the FAQ for\n# the possible risks in this before using chroot_local_user or\n# chroot_list_enable below.\n#chroot_local_user=YES\n#\n# You may specify an explicit list of local users to chroot() to their home\n# directory. If chroot_local_user is YES, then this list becomes a list of\n# users to NOT chroot().\n# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that\n# the user does not have write access to the top level directory within the\n# chroot)\n#chroot_local_user=YES\n#chroot_list_enable=YES\n# (default follows)\n#chroot_list_file=\/etc\/vsftpd.chroot_list\n#\n# You may activate the \"-R\" option to the builtin ls. This is disabled by\n# default to avoid remote users being able to cause excessive I\/O on large\n# sites. However, some broken FTP clients such as \"ncftp\" and \"mirror\" assume\n# the presence of the \"-R\" option, so there is a strong case for enabling it.\n#ls_recurse_enable=YES\n#\n# Customization\n#\n# Some of vsftpd's settings don't fit the filesystem layout by\n# default.\n#\n# This option should be the name of a directory which is empty.  Also, the\n# directory should not be writable by the ftp user. This directory is used\n# as a secure chroot() jail at times vsftpd does not require filesystem\n# access.\nsecure_chroot_dir=\/var\/run\/vsftpd\/empty\n#\n# This string is the name of the PAM service vsftpd will use.\npam_service_name=vsftpd\n#\n# This option specifies the location of the RSA certificate to use for SSL\n# encrypted connections.\nrsa_cert_file=\/etc\/ssl\/certs\/ssl-cert-snakeoil.pem\nrsa_private_key_file=\/etc\/ssl\/private\/ssl-cert-snakeoil.key\nssl_enable=NO\n\n#\n# Uncomment this to indicate that vsftpd use a utf8 filesystem.\n#utf8_filesystem=YES\nforce_dot_files=YES\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"<p># Example config file \/etc\/vsftpd.conf # # The default compiled in settings are fairly paranoid. This sample file # loosens things up a bit, to make the ftp daemon more usable. # Please see vsftpd.conf.5 &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":368,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-376","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/blog.r00x.at\/index.php?rest_route=\/wp\/v2\/pages\/376","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.r00x.at\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/blog.r00x.at\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/blog.r00x.at\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.r00x.at\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=376"}],"version-history":[{"count":1,"href":"https:\/\/blog.r00x.at\/index.php?rest_route=\/wp\/v2\/pages\/376\/revisions"}],"predecessor-version":[{"id":377,"href":"https:\/\/blog.r00x.at\/index.php?rest_route=\/wp\/v2\/pages\/376\/revisions\/377"}],"up":[{"embeddable":true,"href":"https:\/\/blog.r00x.at\/index.php?rest_route=\/wp\/v2\/pages\/368"}],"wp:attachment":[{"href":"https:\/\/blog.r00x.at\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=376"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}