X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/3e69ae9ebf0e363576b7da51f40f51a1d192712c..e6d942db67fd560cb11df049bd355bbd664784f6:/cookbooks/ftp/templates/default/vsftpd.conf.erb diff --git a/cookbooks/ftp/templates/default/vsftpd.conf.erb b/cookbooks/ftp/templates/default/vsftpd.conf.erb new file mode 100644 index 000000000..b51879401 --- /dev/null +++ b/cookbooks/ftp/templates/default/vsftpd.conf.erb @@ -0,0 +1,95 @@ +# Run standalone? vsftpd can run either from an inetd or as a standalone +# daemon started from an initscript. +listen=NO + +# This directive enables listening on IPv6 sockets. By default, listening +# on the IPv6 "any" address (::) will accept connections from both IPv6 +# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6 +# sockets. If you want that (perhaps because you want to listen on specific +# addresses) then you must run two copies of vsftpd with two configuration +# files. +listen_ipv6=YES + +# Allow anonymous FTP? (Disabled by default). +anonymous_enable=NO + +# Uncomment this to allow local users to log in. +local_enable=YES + +# Uncomment this to enable any form of FTP write command. +write_enable=YES + +# +# Default umask for local users is 077. You may wish to change this to 022, +# if your users expect that (022 is used by most other ftpd's) +local_umask=022 + +anon_upload_enable=NO +anon_mkdir_write_enable=NO +anon_other_write_enable=NO + +# Activate directory messages - messages given to remote users when they +# go into a certain directory. +dirmessage_enable=YES + +# If enabled, vsftpd will display directory listings with the time +# in your local time zone. The default is to display GMT. The +# times returned by the MDTM FTP command are also affected by this +# option. +use_localtime=YES + +# Activate logging of uploads/downloads. +xferlog_enable=YES + +# Make sure PORT transfer connections originate from port 20 (ftp-data). +connect_from_port_20=YES + +# It is recommended that you define on your system a unique user which the +# ftp server can use as a totally isolated and unprivileged user. +#nopriv_user=ftpsecure + + +# Enable this and the server will recognise asynchronous ABOR requests. Not +# recommended for security (the code is non-trivial). Not enabling it, +# however, may confuse older FTP clients. +#async_abor_enable=YES + +# You may fully customise the login banner string: +#ftpd_banner=Welcome to blah FTP service. + +# You may restrict local users to their home directories. See the FAQ for +# the possible risks in this before using chroot_local_user or +# chroot_list_enable below. +chroot_local_user=YES + +# You may specify an explicit list of local users to chroot() to their home +# directory. If chroot_local_user is YES, then this list becomes a list of +# users to NOT chroot(). +# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that +# the user does not have write access to the top level directory within the +# chroot) +#chroot_local_user=YES +#chroot_list_enable=YES +# (default follows) +#chroot_list_file=/etc/vsftpd.chroot_list +# +# You may activate the "-R" option to the builtin ls. This is disabled by +# default to avoid remote users being able to cause excessive I/O on large +# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume +# the presence of the "-R" option, so there is a strong case for enabling it. +#ls_recurse_enable=YES + +# This string is the name of the PAM service vsftpd will use. +pam_service_name=vsftpd + +# This option specifies the location of the RSA certificate to use for SSL +# encrypted connections. +rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem +rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key +ssl_enable=NO + +guest_enable=YES +guest_username=ftp + +pasv_min_port=30000 +pasv_max_port=30999