mangling on files when in ASCII mode.
Beware that on some FTP servers, ASCII support allows a denial of service
attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
predicted this attack and has always been safe, reporting the size of the
raw file.
ASCII mangling is a horrible feature of the protocol.
ascii_upload_enable=YES
ascii_download_enable=YES
设定支持ASCII模式的上传和下载功能。
You may fully customise the login banner string:
ftpd_banner=This Vsftp server supports virtual users ^_^
设定CentOS Vsftpd配置的登陆标语。
You may specify a file of disallowed anonymous e-mail addresses. Apparently
useful for combatting certain DoS attacks.
deny_email_enable=YES
(default follows)
banned_email_file=/etc/vsftpd/banned_emails
You may specify an explicit list of local users to chroot() to their home
directory. If chroot_local_user is YES, then this list becomes a list of
users to NOT chroot().
chroot_list_enable=YES
chroot_list_enable=NO
禁止用户登出自己的FTP主目录。
(default follows)
chroot_list_file=/etc/vsftpd/chroot_list
You may activate the "-R" option to the builtin ls. This is disabled by
default to avoid remote users being able to cause excessive I/O on large
sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
the presence of the "-R" option, so there is a strong case for enabling it.
ls_recurse_enable=YES
ls_recurse_enable=NO
禁止用户登陆FTP后使用"ls -R"的命令。该命令会对服务器性能造成巨大开销。如果该项被允许,那么挡多用户同时使用该命令时将会对该服
务器造成威胁。
When "listen" directive is enabled, vsftpd runs in standalone mode and
listens on IPv4 sockets. This directive cannot be used in conjunction
with the listen_ipv6 directive.
listen=YES
设定该CentOS Vsftpd服务工作在StandAlone模式下。顺便展开说明一下,所谓StandAlone模式就是该服务拥有自己的守护进程支持,在ps -A命令下我们将可用看到vsftpd的守护进程名。如果不想工作在StandAlone模式下,则可以选择SuperDaemon模式,在该模式下 vsftpd将没有自己的守护进程,而是由超级守护进程Xinetd全权代理,与此同时,Vsftp服务的许多功能将得不到实现。
This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
sockets, you must run two copies of vsftpd whith two configuration files.
Make sure, that one of the listen options is commented !!
listen_ipv6=YES
pam_service_name=vsftpd
设定PAM服务下CentOS Vsftpd配置验证文件名。因此,PAM验证将参考/etc/pam.d/下的vsftpd文件配置。
userlist_enable=YES
设定userlist_file中的用户将不得使用FTP。
