can NOT have SPACE before or after the “=” !!!!
</br>#
</br># The default compiled in settings are very paranoid. This file
</br># loosens things up a bit, to make the ftp daemon more usable.
</br># Octal numbers are supported for numeric options, use 0 as the first digit
</br> # Standalone options ————————————–
</br>listen=YES
</br>#anonymous————————————————————–
</br>anonymous_enable=YES
</br>#anon_root=/home/ftp/
</br>#no_anon_password=YES
</br> anon_other_write_enable=NO
</br>#perform deletion and renaming.
</br>anon_upload_enable=YES
</br>anon_mkdir_write_enable=YES
</br>anon_world_readable_only=YES
</br>#only allow to download files which are world readable.
</br>#FTP user may own files, especially in the presence of uploads.
</br> ####anon_max_rate=10000000
</br>#
</br>#Default is 000, so uploaded file cannot be anon readable!!
</br>anon_umask=022
</br>#chown_uploads=YES
</br>#chown_username=ftp
</br>#ftp_username=ftp
</br>#max_clients=10
</br>#listen_port=21
</br>#max_per_ip=2
</br> #listen_address
</br>#tcp_wrappers=YES
</br># Performance ———————————————
</br>#one_process_model=YES
</br># Activates a faster “one process per connection” model. Note!
</br># To maintain security, only available on systems with capabilities
</br> # less pure security, but gains performance for simultaneously connected users.
</br># ls -R may cause excessive I/O resource consuming
</br># However, some broken FTP clients such as “ncftp” and “mirror” need it
</br> #ls_recurse_enable=YES
</br>#local user————————————————————-
</br>##local_root=/home/ftp
</br>local_enable=YES
</br>local_umask=022
</br># A value of 002 is nice if groups share directories
</br> #guest_enable=NO
</br>#guest_username=guest
</br>#all non-anonymous logins are classed as guest logins, mapped to guest_username
</br>#operation——————————————————————
</br>write_enable=YES
</br> #FTP commands which change the filesystem:
</br># STOR, DELE, RNFR, RNTO, MKD, RMD, APPE SITE.
</br>#messages———————————————————
</br>dirmessage_enable=YES
</br>#message_file=.messages
</br> #ftpd_banner=
</br>#banner_file=
</br>#Logging————————————————————
</br>xferlog_enable=YES
</br>xferlog_std_format=YES
</br>xferlog_file=/var/log/xferlog
</br>#written in standard xferlog format, as used by wu-ftpd.
</br> #useful if can reuse existing transfer statistics generators.
</br>log_ftp_protocol=YES
</br># all FTP requests and responses are logged, providing xferlog_std_format=YES
</br>#transfer mode————————————————————
</br> #When enabled, ASCII mode data transfers will be honoured on downloads.
</br># By default the server will pretend to allow ASCII mode but ignore it.
</br># I/O resources may be consumed by command “SIZE /big/file” in ASCII mode.
</br> # without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
</br># on the client anyway..
</br>#ascii_download_enable=NO
</br># ASCII downloads are CPU heavy
</br>#ascii_upload_enable=YES
</br># to prevent uploaded scripts from breaking or for Windows-users to upload
</br> #async_abor_enable=YES
</br># Enables older FTP clients to cancel in-progress transfers.
</br># FTP clients may hang when cancelling a transfer unless this feature is on.
</br># this feature is awkward to handle
</br># Security ————————————————
</br> connect_from_port_20=YES
</br># This controls whether PORT style data connections use port 20
</br># (ftp-data) on the server machine. For security reasons, some
</br># clients may insist that this is the case. Conversely, disabling
</br> # this option enables vsftpd to run with slightly less privilege.
</br>#ftp_data_port=20
</br>#The port from which PORT style connections originate
</br>#hide_ids=YES
</br># The port to allocate for PASV style data connections.
</br> #idle_session_timeout=300
</br>#data_connection_timeout=120
</br>#accept_timeout=60
</br>#The timeout, for connection with a PASV style data connection.
</br>#connect_timeout=60
</br># The timeout, for a remote client to respond to PORT style data connection.
</br> ###file_open_mode=0666
</br># The permissions with which uploaded files are created.
</br># umasks are applied on top of this value.
</br>#userlist_enable=YES
</br>#userlist_deny=YES
</br>#userlist_file = /etc/ftpusers
</br># If set to NO, then users will be denied login unless in userlist_file.
</br> # If YES, never allow users in userlist file, and not even prompt for password.
</br># Note that the default vsftpd pam config also checks /etc/vsftpd.ftpusers
</br># Useful for combatting certain DoS attacks.
</br>#deny_email_enable=YES
</br> #banned_email_file=/etc/vsftpd.banned_emails
</br>#check_shell=YES
</br>#only has an effect for non-PAM builds of vsftpd.
</br>#check /etc/shells for a valid user shell for local logins.
</br># The option is the name of a file containing a list of local
</br> # users which will be placed in a chroot() jail in their home
</br># directory. This option is only relevant if the option
</br># chroot_list_enable is enabled, and the option chroot_local_user
</br> # is disabled.
</br># You may specify an explicit list of local users to chroot() to their home
</br># directory. If chroot_local_user is YES, then this list becomes a list of
</br># users to NOT chroot().
</br>#chroot_list_enable=YES
</br> #chroot_list_file = /etc/vsftpd.chroot_list
</br># If activated, you may provide a list of local users who are
</br># placed in a chroot() jail in their home directory upon login.
</br># The meaning is slightly different if chroot_local_user is set to
</br> # YES. In this case, the list becomes a list of users which are
</br># NOT to be placed in a chroot() jail. By default, the file con-
</br># taining this list is /etc/vsftpd.chroot_list, but you may over-
</br> # ride this with the chroot_list_file setting.
</br>#chroot_local_user = YES
</br># If set to YES, local users will be placed in a chroot() jail in
</br># their home directory after login. Warning: This option has
</br> # security implications, especially if the users have upload per-
</br># mission, or shell access. Only enable if you know what you are
</br># doing. Note that these security implications are not vsftpd
</br> # specific. They apply to all FTP daemons which offer to put local
</br># users in chroot() jails.
</br>#
</br># passwd_chroot_enable
</br># If enabled, along with chroot_local_user , then a chroot() jail
</br> # location may be specified on a per-user basis. Each user’s jail
</br># is derived from their home directory string in /etc/passwd. The
</br># occurence of /./ in the home directory string denotes that the
</br> # jail is at that particular location in the path.
</br>pasv_enable=YES
</br># enable non-passive transfers, Some FTP clients demand this.
</br>#port_enable=YES
</br># pasv_promiscuous=NO
</br># Set to YES if you want to disable the PASV security check that
</br> # ensures the data connection originates from the same IP address
</br># as the control connection. Only enable if you know what you are
</br># doing! The only legitimate use for this is in some form of
</br> # secure tunnelling scheme.
</br># port_promiscuous=NO
</br># Set to YES if you want to disable the PORT security check that
</br># ensures that outgoing data connections can only connect to the
</br># client. Only enable if you know what you are doing!
</br> # Set to NO if you want to enhance privacy
</br>#setproctitle_enable=YES
</br># If enabled, vsftpd will try and show session status information
</br># in the system process listing. In other words, the reported name
</br> # of the process will change to reflect what a vsftpd session is
</br># doing (idle, downloading etc). You probably want to leave this
</br># off for security purposes.
</br>#
</br># tcp_wrappers=NO
</br> # If enabled, and vsftpd was compiled with tcp_wrappers support,
</br># incoming connections will be fed through tcp_wrappers access
</br># control. Furthermore, there is a mechanism for per-IP based con-
</br> # figuration. If tcp_wrappers sets the VSFTPD_LOAD_CONF environ-
</br># ment variable, then the vsftpd session will try and load the
</br># vsftpd configuration file specified in this variable.
</br>#
</br> #
</br># text_userdb_names=YES
</br># By default, numeric IDs are shown in the user and group fields
</br># of directory listings. You can get textual names by enabling
</br># this parameter. It is off by default for performance reasons.
</br> #
</br>#
</br>#use_localtime=NO
</br>#If enabled, vsftpd will display directory listings with the the
</br>#time in your local time zone. The default is to display GMT. The
</br>#times returned by the MDTM FTP command are also affected by this
</br> #use_sendfile
</br>#An internal setting used for testing the relative benefit of
</br>#using the sendfile() system call on your platform.
</br>#Default: YES
</br># totally isolated and unprivileged user used for vsftpd
</br>#nopriv_user=ftpsecure
</br> # pasv_address
</br>#Use this option to override the IP address that vsftpd will
</br>#advertise in response to the PASV command. Provide a numeric IP address.
</br>#Default: (none - the address is taken from the incoming connected socket)
</br> secure_chroot_dir=/var/run/vsftpd
</br>pam_service_name=vsftpd
</br>#This option should be the name of a directory which is empty.
</br>#Also, the directory should not be writable by the ftp user. This
</br>#directory is used as a secure chroot() jail at times vsftpd does
</br> #not require filesystem access.
</br>#
</br># user_config_dir
</br># Allows the override of any config option, on a per-user basis.
</br># If you set user_config_dir to be /etc/vsftpd_user_conf and then log on as
</br># the user “chris”, then vsftpd will apply the settings in the
</br> # file /etc/vsftpd_user_conf/chris for the duration of the session.
</br>rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
</br>rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
</br>