浅谈ftp服务（二）

先来看看一些基础的设置:

  1 # Example config file /etc/vsftpd/vsftpd.conf
  2 #
  3 # The default compiled in settings are fairly paranoid. This sample file
  4 # loosens things up a bit, to make the ftp daemon more usable.
  5 # Please see vsftpd.conf.5 for all compiled in defaults.
  6 #
  7 # READ THIS: This example file is NOT an exhaustive list of vsftpd options.
  8 # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
  9 # capabilities.
 10 #
 11 # Allow anonymous FTP? (Beware - allowed by default if you comment this out).
 12 anonymous_enable=YES
 13 # 是否允许匿名登录ftp主机 
 14 # Uncomment this to allow local users to log in.
 15 local_enable=YES
 16 #是否允许/etc/passwd 的帐号以实体用户访问主机
 17 # Uncomment this to enable any form of FTP write command.
 18 #write_enable=NO
 19 #是否允许用户上传数据
 20 # Default umask for local users is 077. You may wish to change this to 022,
 21 # if your users expect that (022 is used by most other ftpd's)
 22 local_umask=022
 23 #建立新目录的权限755 和 文件权限644
 24 # Uncomment this to allow the anonymous FTP user to upload files. This only
 25 # has an effect if the above global write enable is activated. Also, you will
 26 # obviously need to create a directory writable by the FTP user.
 27 #anon_upload_enable=YES
 28 #是否让anonymous具有上传的权限
 29 # Uncomment this if you want the anonymous FTP user to be able to create
 30 # new directories.
 31 #anon_mkdir_write_enable=YES
 32 #是否让anonymous 具有新建目录的权限
 33 # Activate directory messages - messages given to remote users when they
 34 # go into a certain directory.
 35 dirmessage_enable=YES
 36 #当用户进入某个目录时，显示文件内容 
 37 # The target log file can be vsftpd_log_file or xferlog_file.
 38 # This depends on setting xferlog_std_format parameter
 39 xferlog_enable=YES
 40 #上传下载操作会被记录下来
 41 # Make sure PORT transfer connections originate from port 20 (ftp-data).
 42 connect_from_port_20=YES
 43 #主动链接ftp 的 服务端口
 44 # If you want, you can arrange for uploaded anonymous files to be owned by
 45 # a different user. Note! Using "root" for uploaded files is not
 46 # recommended!
 47 #chown_uploads=YES
 48 #chown_username=whoever
 49 #
 50 # The name of log file when xferlog_enable=YES and xferlog_std_format=YES
 51 # WARNING - changing this filename affects /etc/logrotate.d/vsftpd.log
 52 #xferlog_file=/var/log/xferlog
 53 #日志文件的文件名
 54 # Switches between logging into vsftpd_log_file and xferlog_file files.
 55 # NO writes to vsftpd_log_file, YES to xferlog_file
 56 xferlog_std_format=NO
 57 #是否使用wu-ftp相同的文件格式
 58 # You may change the default value for timing out an idle session.
 59 #idle_session_timeout=600
 60 #如果用户在600秒内没有命令的操作，强制脱机
 61 # You may change the default value for timing out a data connection.
 62 #data_connection_timeout=120
 63 #如果数据链接已建立 120 秒内数据无法顺利传输 ，链接断开
 64 # It is recommended that you define on your system a unique user which the
 65 # ftp server can use as a totally isolated and unprivileged user.
 66 nopriv_user=nobody
 67 #使用ftpuser 作为此服务的权限
 68 # Enable this and the server will recognise asynchronous ABOR requests. Not
 69 # recommended for security (the code is non-trivial). Not enabling it,
 70 # however, may confuse older FTP clients.
 71 #async_abor_enable=YES
 72 #
 73 # By default the server will pretend to allow ASCII mode but in fact ignore
 74 # the request. Turn on the below options to have the server actually do ASCII
 75 # mangling on files when in ASCII mode.
 76 # Beware that on some FTP servers, ASCII support allows a denial of service
 77 # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
 78 # predicted this attack and has always been safe, reporting the size of the
 79 # raw file.
 80 # ASCII mangling is a horrible feature of the protocol.
 81 #ascii_upload_enable=YES
 82 #ascii_download_enable=YES
 83 #优先使用ascii 格式下载上传文件
 84 # You may fully customise the login banner string:
 85 #ftpd_banner=Welcome to blah FTP service.
 86 #显示一些说明文字
 87 # You may specify a file of disallowed anonymous e-mail addresses. Apparently
 88 # useful for combatting certain DoS attacks.
 89 #deny_email_enable=YES
 90 #将某些特殊的email 阻挡住，不让那些anonymous 登录
 91 # (default follows)
 92 #banned_email_file=/etc/vsftpd/banned_emails
 93 #那些email 不可登录
 94 # You may specify an explicit list of local users to chroot() to their home
 95 # directory. If chroot_local_user is YES, then this list becomes a list of
 96 # users to NOT chroot().
 97 #chroot_local_user=YES
 98 #是否将用户限制在自己的主目录内
 99 #chroot_list_enable=YES
100 #是否启用chroot 写入列表的功能，与下一个chroot_list_file 有关
101 # (default follows)
102 #chroot_list_file=/etc/vsftpd/chroot_list
103 #与chroot-local_user 有关
104 # You may activate the "-R" option to the builtin ls. This is disabled by
105 # default to avoid remote users being able to cause excessive I/O on large
106 # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
107 # the presence of the "-R" option, so there is a strong case for enabling it.
108 #ls_recurse_enable=YES
109 #
110 # When "listen" directive is enabled, vsftpd runs in standalone mode and
111 # listens on IPv4 sockets. This directive cannot be used in conjunction
112 # with the listen_ipv6 directive.
113 listen=YES
114 #vsftpd 以standalong 运行
115 # This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
116 # sockets, you must run two copies of vsftpd with two configuration files.
117 # Make sure, that one of the listen options is commented !!
118 #listen_ipv6=YES
119 #userlist_enable=NO
120 #支持/etc/vsftpd/user_list 文件内的帐号登录控制
121 userlist_deny=NO
122 #当用户被列入某个文件时，该用户无法登录ftp服务器
123 userlist_file=/etc/vsftpd/user_list
124 #这个文件里的帐号都无法登录
125 
126 pam_service_name=vsftpd
127 #pam模块的功能，在/etc/pam.d/vsftpd 下
128 tcp_wrappers=YES
129 #支持tcp—wapper的防火墙机制
130 use_localtime=YES
131 local_max_rate=1000000
132 #最大传输带宽1mb/s
133 #max_clients=10
134 #max_per_ip=1
135 banner_file=/etc/vsftpd/welcome