The vsftp conf is located at /etc/vsftpd.conf. This file is going to determine how your vsftpd FTP server operates. vsftpd.conf file contains loads of configuration options but here i will show you some general option which are commonly use with vsftpd.
anonymous_enable=NOTurns on or off anonymous FTP access.local_enable=YESActivates or deactivated the ability of local system users to be able to FTP to your server.write_enable=YESActivates or deactivates FTP write ability.local_umask=022Default umask for local users is 077. You may wish to change this to 022, if your users expect that (022 is used by most other ftpd's)xferlog_enable=YESActivates or deactivates logging of uploads & downloads.connect_from_port_20=YES
Make sure PORT transfer connections originate from port 20 (ftp-data).
xferlog_std_format=YES
If you want, you can have your log file in standard ftpd xferlog format ftpd_banner=Welcome to my FTP service
Set customizes ftp banner or greetings for your FTP users. chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_listActivates or deactivated the user's ability to change directory. With "chroot_list_enable" set to "YES", vsftpd then looks for a "chroot_list_file" whose location is specified on the next line. Any user that is listed in the "/etc/vsftpd.chroot_list" file is then automatically "chrooted" to their home directory. This prohibits the user from going anywhere outside of his/her FTP home directory. Very useful in shared FTP environments or just a a general layer of security and privacy.userlist_enable=NO/YES
userlist_deny=NO/YESThe "userlist_enable" option instructs vsftpd to either consult or not consult either of 2 files: vsftpd.ftpusers and vsftpd.user_list. If this option is set to "YES", the 2 files serve as lists of users that are allowed to FTP to the server. However, when coupled with the "userlist_deny=YES"" option, the 2 files serve as list of users who are NOT allowed to FTP to the server. This option is very useful in completely denying FTP access to critical system users such as "root" or "apache" or "www". A very nice layer of security for your FTP server.Step 7: The vsftpd.ftpusers, vsftpd.user_list configuration filesThese 2 files tie directly into the "userlist_enable" and "userlist_deny" options in the /etc/vsftpd.conf config file. When the "userlist_enable" option is set to "YES", these 2 files serve as lists of users that are allowed the FTP the the server. However, when coupled with the "userlist_deny=YES"" option, the 2 files serve as list of users who are NOT allowed to FTP to the server. When the "userlist_deny" option is used, the nature of the denial of FTP service that a prohibited user received differs depending on which of the 2 files they are listed in.If a user is listed in the "vsftpd.user_list" file and the "userlist_deny" option is activated, users will not even get prompted for a password when they attemp to ftp to the server. They get rejected from the start.If a user is listed in the "vsftpd.ftpusers" file and the "userlist_deny" option is activated, users will get prompted for a password but will neer be able to log in. Personally, I like to use the "vsftpd.user_list" configuration to establish a list of users (root, apache, www, nobody etc.) who will never even get prompted for a password should an ftp connection be initiated on their behalf.Step 8: The vsftpd.chroot_list configuration fileThe "vsfrtpd.chroot_list" file, when used with an activated "chroot_list_enable" option, establishes a list of FTP users who will be "chrooted" to the home FTP directory. These users will not be able to change directories past their own home directory. This is a nice feature in shared FTP environments where privacy is needed.Anytime you make config file changes, make sure you restart vsftpd!That's it. There are a host of other config options that you can add if you so desire, but by and large at this point you should have a secure and functional FTP server.