Show Table of Contents
21.2.2.6. vsftpd Configuration Options
Although vsftpd may not offer the level of customization other widely available
FTP servers have, it offers enough options to satisfy most administrators' needs. The fact that it is not overly feature-laden limits configuration and programmatic errors.
All configuration of
vsftpd is handled by its configuration file, /etc/vsftpd/vsftpd.conf. Each directive is on its own line within the file and follows the following format:
directive=value
For each directive, replace directive with a valid directive and value with a valid value.
Important
There must not be any spaces between the directive, equal symbol, and the value in a directive.
Comment lines must be preceded by a hash symbol (
#) and are ignored by the daemon.
For a complete list of all directives available, see the man page for
vsftpd.conf. For an overview of ways to secure vsftpd, see the Red Hat Enterprise Linux 6 Security Guide.
The following is a list of some of the more important directives within
/etc/vsftpd/vsftpd.conf. All directives not explicitly found or commented out within the vsftpd's configuration file are set to their default value.
21.2.2.6.1. Daemon Options
The following is a list of directives that control the overall behavior of the
vsftpd daemon.
listen— When enabled,vsftpdruns in standalone mode, which means that the daemon is started independently, not by thexinetdsuper-server. Red Hat Enterprise Linux 6 sets this value toYES. Note that the SELinuxftpd_is_daemonBoolean option needs to be set forvsftpdto be allowed to run in standalone mode. See Section 21.2.2.4, “SELinux Policy for vsftpd” and toftpd_selinux(8)for more information onvsftpd's interaction with the default SELinux policy. This directive cannot be used in conjunction with thelisten_ipv6directive.The default value isNO. On Red Hat Enterprise Linux 6, this option is set toYESin the configuration file.listen_ipv6— When enabled,vsftpdruns in standalone mode, which means that the daemon is started independently, not by thexinetdsuper-server. With this directive, it only listens onIPv6sockets. Note that the SELinuxftpd_is_daemonBoolean option needs to be set forvsftpdto be allowed to run in standalone mode. See Section 21.2.2.4, “SELinux Policy for vsftpd” and toftpd_selinux(8)for more information onvsftpd's interaction with the default SELinux policy. This directive cannot be used in conjunction with thelistendirective.The default value isNO.session_support— When enabled,vsftpdattempts to maintain login sessions for each user through Pluggable Authentication Modules (PAM). For more information, see the Using Pluggable Authentication Modules (PAM) chapter of the Red Hat Enterprise Linux 6 Single Sign-On and Smart Cards and the PAM man pages. If session logging is not necessary, disabling this option allowsvsftpdto run with less processes and lower privileges.The default value isYES.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.