|
# however, may confuse older FTP clients.
#async_abor_enable=YES 允许使用\"async ABOR\"命令,一般不用,容易出问题
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
ascii_upload_enable=YES 管控是否可用ASCII 模式上传。默认值为NO
ascii_download_enable=YES 管控是否可用ASCII 模式下载。默认值为NO
#
# You may fully customise the login banner string:
ftpd_banner=Welcome to blah FTP service. #login时显示欢迎信息.如果设置了banner_file则此设置无效
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES 如果匿名用户需要密码,那么使用banned_email_file里面的电子邮件地址的用户不能登录
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails 禁止使用匿名用户登陆时作为密码的电子邮件地址
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_local_user=YES #所有用户不能离开用户主目录
#chroot_list_enable=YES #如果启动这项功能,则所有列在chroot_list_file中的使用者不能更改根目录
# (default follows)
#chroot_list_file=/etc/vsftpd/chroot_list 定义不能更改用户主目录的文件
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES 是否能使用ls -R命令以防止浪费大量的服务器资源
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=YES #绑定到listen_port指定的端口,既然都绑定了也就是每时都开着的,就是standalone模式(独立的sftpd服务器)
#
# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
# sockets, you must run two copies of vsftpd with two configuration files.
# Make sure, that one of the listen options is commented !!
#listen_ipv6=YES
pam_service_name=vsftpd #定义PAM 所使用的名称,预设为vsftpd
userlist_enable=YES #若启用此选项,userlist_deny选项才被启动,列表中用户不能登录ftp
tcp_wrappers=YES #开启tcp_wrappers支持
rsa_cert_file=/etc/vsftpd/certs/vsftpd.cert
rsa_private_key_file=/etc/vsftpd/certs/vsftpd.key
#指定证书和钥匙的目录
ssl_tlsv1=YES
ssl_sslv3=YES
ssl_sslv2=YES
ssl_enable=YES
#启动ssl,并支持ssl的版本
force_local_logins_ssl=NO #不强制ssl登录
force_local_data_ssl=NO
(责任编辑:liangzh) |