1GLOBUS-GRIDFTP-SER(8) Globus Tookit GLOBUS-GRIDFTP-SER(8)
2
6 globus-gridftp-server - The Globus GridFTP server daemon
7
9 /usr/sbin/globus-gridftp-server [options]
10
12 The table below lists config file options, associated command line
13 options (if available) and descriptions. Note that any boolean option
14 can be negated on the command line by preceding the specified option
15 with '-no-' or '-n'. Example: -no-cas or -nf.
16 help <0|1> -h -help
18 Show usage information and exit.
19 Default value: FALSE
21 longhelp <0|1> -hh -longhelp
23 Show more usage information and exit.
24 Default value: FALSE
26 version <0|1> -v -version
28 Show version information for the server and exit.
29 Default value: FALSE
31 versions <0|1> -V -versions
33 Show version information for all loaded globus libraries and exit.
34 Default value: FALSE
36 versions <0|1> -V -versions
38 Show version information for all loaded globus libraries and exit.
39 Default value: FALSE
41
43 inetd <0|1> -i -inetd
44 Run under an inetd service.
45 Default value: FALSE
47 daemon <0|1> -s -daemon
49 Run as a daemon. All connections will fork off a new process and
50 setuid if allowed.
51 Default value: TRUE
53 detach <0|1> -S -detach
55 Run as a background daemon detached from any controlling terminals.
56 Default value: FALSE
58 ssh <0|1> -ssh
60 Run over a connected ssh session.
61 Default value: FALSE
63 exec <string> -exec <string>
65 For staticaly compiled or non-GLOBUS_LOCATION standard binary
66 locations, specify the full path of the server binary here. Only
67 needed when run in daemon mode.
68 Default value: not set
70 chdir <0|1> -chdir
72 Change directory when the server starts. This will change directory
73 to the dir specified by the chdir_to opt ion.
74 Default value: TRUE
76 chdir_to <string> -chdir-to <string>
78 Directory to chdir to after starting. Will use / if not set.
79 Default value: not set
81 fork <0|1> -f -fork
83 Server will fork for each new connection. Disabling this option is
84 only recommended when debugging. Note th at non-forked servers
85 running as 'root' will only accept a single connection, and then
86 exit.
87 Default value: TRUE
89 single <0|1> -1 -single
91 Exit after a single connection.
92 Default value: FALSE
94 chroot_path <string> -chroot-path <string>
96 Path to become the new root after authentication. This path must
97 contain a valid certificate structure, /etc/passwd, and
98 /etc/groups. The command globus-gridftp-server-setup-chroot can
99 help create a suitable directory structure.
100 Default value: not set
102
104 auth_level <number> -auth-level <number>
105 Add levels together to use more than one. 0 = Disables all
106 authorization checks. 1 = Authorize identity. 2 = Authorize all
107 file/resource accesses. 4 = Disable changing process uid to
108 authenticated user (no setuid) - DO NOT use this when process is
109 started as root. If not set uses level 2 for front ends and level 1
110 for data nodes. Note that levels 2 and 4 imply level 1 as well.
111 Default value: not set
113 ipc_allow_from <string> -ipc-allow-from <string>
115 Only allow connections from these source ip addresses. Specify a
116 comma separated list of ip address fragmen ts. A match is any ip
117 address that starts with the specified fragment. Example:
118 '192.168.1.' will match and allow a connect ion from 192.168.1.45.
119 Note that if this option is used any address not specifically
120 allowed will be denied.
121 Default value: not set
123 ipc_deny_from <string> -ipc-deny-from <string>
125 Deny connections from these source ip addresses. Specify a comma
126 separated list of ip address fragments. A match is any ip address
127 that starts with the specified fragment. Example: '192.168.2.' will
128 match and deny a connection from 192.168.2.45.
129 Default value: not set
131 allow_from <string> -allow-from <string>
133 Only allow connections from these source ip addresses. Specify a
134 comma separated list of ip address fragmen ts. A match is any ip
135 address that starts with the specified fragment. Example:
136 '192.168.1.' will match and allow a connection from 192.168.1.45.
137 Note that if this option is used any address not specifically
138 allowed will be denied.
139 Default value: not set
141 deny_from <string> -deny-from <string>
143 Deny connections from these source ip addresses. Specify a comma
144 separated list of ip address fragments. A match is any ip address
145 that starts with the specified fragment. Example: '192.168.2.' will
146 match and deny a connection from 192.168.2.45.
147 Default value: not set
149 secure_ipc <0|1> -si -secure-ipc
151 Use GSI security on ipc channel.
152 Default value: TRUE
154 ipc_auth_mode <string> -ia <string> -ipc-auth-mode <string>
156 Set GSI authorization mode for the ipc connection. Options are:
157 none, host, self or subject:[subject].
158 Default value: host
160 allow_anonymous <0|1> -aa -allow-anonymous
162 Allow cleartext anonymous access. If server is running as root
163 anonymous_user must also be set. Disables ipc security.
164 Default value: FALSE
166 anonymous_names_allowed <string> -anonymous-names-allowed <string>
168 Comma separated list of names to treat as anonymous users when
169 allowing anonymous access. If not set, the d efault names of
170 'anonymous' and 'ftp' will be allowed. Use '*' to allow any
171 username.
172 Default value: not set
174 anonymous_user <string> -anonymous-user <string>
176 User to setuid to for an anonymous connection. Only applies when
177 running as root.
178 Default value: not set
180 anonymous_group <string> -anonymous-group <string>
182 Group to setgid to for an anonymous connection. If unset, the
183 default group of anonymous_user will be used.
184 Default value: not set
186 pw_file <string> -password-file <string>
188 Enable cleartext access and authenticate users against this
189 /etc/passwd formatted file.
190 Default value: not set
192 connections_max <number> -connections-max <number>
194 Maximum concurrent connections allowed. Only applies when running
195 in daemon mode. Unlimited if not set.
196 Default value: not set
198 connections_disabled <0|1> -connections-disabled
200 Disable all new connections. Does not affect ongoing connections.
201 This would have be set in the configurat ion file and then the
202 server issued a SIGHUP in order to reload that config.
203 Default value: FALSE
205 offline_msg <string> -offline-msg <string>
207 Custom message to be displayed to clients when the server is
208 offline via the connections_disabled or connect ions_max = 0
209 options.
210 Default value: not set
212 disable_command_list <string> -disable-command-list <string>
214 A comma separated list of client commands that will be disabled.
215 Default value: not set
217 cas <0|1> -authz-callouts -cas
219 Enable the GSI authorization callout framework, for callouts such
220 as CAS.
221 Default value: TRUE
223 acl <string> -em <string> -acl <string>
225 A comma separated list of ACL or event modules to load.
226 Default value: not set
228
230 log_level <string> -d <string> -log-level <string>
231 Log level. A comma separated list of levels from: 'ERROR, WARN,
232 INFO, TRANSFER, DUMP, ALL'. TRANSFER include s the same statistics
233 that are sent to the separate transfer log when -log-transfer is
234 used. Example: error,warn,info. You m ay also specify a numeric
235 level of 1-255. The default level is ERROR.
236 Default value: ERROR
238 log_module <string> -log-module <string>
240 globus_logging module that will be loaded. If not set, the default
241 'stdio' module will be used, and the logf ile options apply.
242 Builtin modules are 'stdio' and 'syslog'. Log module options may be
243 set by specifying module:opt1=val1:o pt2=val2. Available options
244 for the builtin modules are 'interval' and 'buffer', for buffer
245 flush interval and buffer size, respectively. The default options
246 are a 64k buffer size and a 5 second flush interval. A 0 second
247 flush interval will disabl e periodic flushing, and the buffer will
248 only flush when it is full. A value of 0 for buffer will disable
249 buffering and all messages will be written immediately. Example:
250 -log-module stdio:buffer=4096:interval=10
251 Default value: not set
253 log_single <string> -l <string> -logfile <string>
255 Path of a single file to log all activity to. If neither this
256 option or log_unique is set, logs will be wri tten to stderr unless
257 the execution mode is detached or inetd, in which case logging will
258 be disabled.
259 Default value: not set
261 log_unique <string> -L <string> -logdir <string>
263 Partial path to which 'gridftp.(pid).log' will be appended to
264 construct the log filename. Example: -L /var/l og/gridftp/ will
265 create a separate log ( /var/log/gridftp/gridftp.xxxx.log ) for
266 each process (which is normally each new cli ent session). If
267 neither this option or log_single is set, logs will be written to
268 stderr unless the execution mode is detac hed or inetd, in which
269 case logging will be disabled.
270 Default value: not set
272 log_transfer <string> -Z <string> -log-transfer <string>
274 Log netlogger style info for each transfer into this file. You may
275 also use the log-level of TRANSFER to in clude this info in the
276 standard log.
277 Default value: not set
279 log_filemode <string> -log-filemode <string>
281 File access permissions of log files. Should be an octal number
282 such as 0644.
283 Default value: not set
285 disable_usage_stats <0|1> -disable-usage-stats
287 Disable transmission of per-transfer usage statistics. See the
288 Usage Statistics section in the online docum entation for more
289 information.
290 Default value: FALSE
292 usage_stats_target <string> -usage-stats-target <string>
294 Comma separated list of contact strings (host:port) for usage
295 statistics receivers. The usage stats sent to a particular receiver
296 may be customized by configuring it with a taglist
297 (host:port!taglist) The taglist is a list of chara cters that each
298 correspond to a usage stats tag. When this option is unset, stats
299 are reported to usage-stats.globus.org:481 0. If you set your own
300 receiver, and wish to continue reporting to the Globus receiver,
301 you will need to add it manually. T he list of available tags
302 follow. Tags marked * are reported by default. *(e) START - start
303 time of transfer *(E) END - end time of transfer *(v) VER - version
304 string of gridftp server *(b) BUFFER - tcp buffer size used for
305 transfer *(B) BLOCK - disk blocksize used for transfer *(N) NBYTES
306 - number of bytes transferred *(s) STREAMS - number of parallel
307 streams used *(S) STRIPES - number of stripes used *(t) TYPE -
308 transfer command: RETR, STOR, LIST, etc *(c) CODE - ftp result code
309 (226 = success, 5xx = fail) *(D) DSI - DSI module in use *(A) EM -
310 event modules in use *(T) SCHEME - ftp, gsiftp, sshftp, etc.
311 (client supplied) *(a) APP - guc, rft, generic library app, etc.
312 (client supplied) *(V) APPVER - version string of above. (client
313 supplied) (f) FILE - name of file/data transferred (i) CLIENTIP -
314 ip address of host running client (control channel) (I) DATAIP - ip
315 address of source/dest host of data (data channel) (u) USER - local
316 user name the transfer was performed as (d) USERDN - DN that was
317 mapped to user id (C) CONFID - ID defined by -usage-stats-id config
318 option (U) SESSID - unique id that can be used to match transfers
319 in a session and transfers across source/dest of a third party
320 transfer. (client supplied)
321 Default value: not set
323 usage_stats_id <string> -usage-stats-id <string>
325 Identifying tag to include in usage statistics data.
326 Default value: not set
328
330 remote_nodes <string> -r <string> -remote-nodes <string>
331 Comma separated list of remote node contact strings.
332 Default value: not set
334 data_node <0|1> -dn -data-node
336 This server is a backend data node.
337 Default value: FALSE
339 stripe_blocksize <number> -sbs <number> -stripe-blocksize <number>
341 Size in bytes of sequential data that each stripe will transfer.
342 Default value: 1048576
344 stripe_count <number> -stripe-count <number>
346 Number of number stripes to use per transfer when this server
347 controls that number. If remote nodes are sta tically configured
348 (via -r or remote_nodes), this will be set to that number of nodes,
349 otherwise the default is 1.
350 Default value: not set
352 stripe_layout <number> -sl <number> -stripe-layout <number>
354 Stripe layout. 1 = Partitioned, 2 = Blocked.
355 Default value: 2
357 stripe_blocksize_locked <0|1> -stripe-blocksize-locked
359 Do not allow client to override stripe blocksize with the OPTS RETR
360 command
361 Default value: FALSE
363 stripe_blocksize_locked <0|1> -stripe-blocksize-locked
365 Do not allow client to override stripe layout with the OPTS RETR
366 command
367 Default value: FALSE
369 stripe_blocksize_locked <0|1> -stripe-blocksize-locked
371 Do not allow client to override stripe layout with the OPTS RETR
372 command
373 Default value: FALSE
375
377 blocksize <number> -bs <number> -blocksize <number>
378 Size in bytes of data blocks to read from disk before posting to
379 the network.
380 Default value: 262144
382 sync_writes <0|1> -sync-writes
384 Flush disk writes before sending a restart marker. This attempts to
385 ensure that the range specified in the restart marker has actually
386 been committed to disk. This option will probably impact
387 performance, and may result in different behavior on different
388 storage systems. See the manpage for sync() for more information.
389 Default value: FALSE
391 use_home_dirs <0|1> -use-home-dirs
393 Set the startup directory to the authenticated users home dir.
394 Default value: TRUE
396 perms <string> -perms <string>
398 Set the default permissions for created files. Should be an octal
399 number such as 0644. The default is 0644. Note: If umask is set it
400 will affect this setting - i.e. if the umask is 0002 and this
401 setting is 0666, the resulting file s will be created with
402 permissions of 0664.
403 Default value: not set
405 file_timeout <number> -file-timeout <number>
407 Timeout in seconds for all disk accesses. A value of 0 disables the
408 timeout.
409 Default value: not set
411
413 port <number> -p <number> -port <number>
414 Port on which a frontend will listend for client control channel
415 connections, or on which a data node will l isten for connections
416 from a frontend. If not set a random port will be chosen and
417 printed via the logging mechanism.
418 Default value: not set
420 control_interface <string> -control-interface <string>
422 Hostname or IP address of the interface to listen for control
423 connections on. If not set will listen on all interfaces.
424 Default value: not set
426 data_interface <string> -data-interface <string>
428 Hostname or IP address of the interface to use for data
429 connections. If not set will use the current control interface.
430 Default value: not set
432 ipc_interface <string> -ipc-interface <string>
434 Hostname or IP address of the interface to use for ipc connections.
435 If not set will listen on all interfaces .
436 Default value: not set
438 hostname <string> -hostname <string>
440 Effectively sets the above control_interface, data_interface and
441 ipc_interface options.
442 Default value: not set
444 ipc_port <number> -ipc-port <number>
446 Port on which the frontend will listen for data node connections.
447 Default value: not set
449 control_preauth_timeout <number> -control-preauth-timeout <number>
451 Time in seconds to allow a client to remain connected to the
452 control channel without activity before authent icating.
453 Default value: 120
455 control_idle_timeout <number> -control-idle-timeout <number>
457 Time in seconds to allow a client to remain connected to the
458 control channel without activity.
459 Default value: 600
461 ipc_idle_timeout <number> -ipc-idle-timeout <number>
463 Idle time in seconds before an unused ipc connection will close.
464 Default value: 600
466 ipc_connect_timeout <number> -ipc-connect-timeout <number>
468 Time in seconds before cancelling an attempted ipc connection.
469 Default value: 60
471
473 banner <string> -banner <string>
474 Message to display to the client before authentication.
475 Default value: not set
477 banner_file <string> -banner-file <string>
479 File to read banner message from.
480 Default value: not set
482 banner_terse <0|1> -banner-terse
484 When this is set, the minimum allowed banner message will be
485 displayed to unauthenticated clients.
486 Default value: FALSE
488 banner_append <0|1> -banner-append
490 When this is set, the message set in the 'banner' or 'banner_file'
491 option will be appended to the default ba nner message rather than
492 replacing it.
493 Default value: FALSE
495 login_msg <string> -login-msg <string>
497 Message to display to the client after authentication.
498 Default value: not set
500 login_msg_file <string> -login-msg-file <string>
502 File to read login message from.
503 Default value: not set
505
507 load_dsi_module <string> -dsi <string>
508 Data Storage Interface module to load. file and remote modules are
509 defined by the server. If not set, the fi le module is loaded,
510 unless the 'remote' option is specified, in which case the remote
511 module is loaded. An additional confi guration string can be passed
512 to the DSI using the format [module name]:[configuration string] to
513 this option. The format of the configuration string is defined by
514 the DSI being loaded.
515 Default value: not set
517 allowed_modules <string> -allowed-modules <string>
519 Comma separated list of ERET/ESTO modules to allow, and optionally
520 specify an alias for. Example: module1,al ias2:module2,module3
521 (module2 will be loaded when a client asks for alias2).
522 Default value: not set
524 dc_whitelist <string> -dc-whitelist <string>
526 A comma separated list of drivers allowed on the network stack.
527 Default value: not set
529 fs_whitelist <string> -fs-whitelist <string>
531 A comma separated list of drivers allowed on the disk stack.
532 Default value: not set
534 popen_whitelist <string> -popen-whitelist <string>
536 A comma separated list of programs that the popen driver is allowed
537 to execute, when used on the network or disk stack. An alias may
538 also be specified, so that a client does not need to specify the
539 full path. Format is [alias:]prog, [alias:]prog. example:
540 /bin/gzip,tar:/bin/tar
541 Default value: not set
543
545 configfile <string> -c <string>
546 Path to configuration file that should be loaded. Otherwise will
547 attempt to load $GLOBUS_LOCATION/etc/gridftp.conf and
548 /etc/grid-security/gridftp.conf.
549 Default value: not set
551 debug <0|1> -debug
553 Sets options that make server easier to debug. Forces no-fork,
554 no-chdir, and allows core dumps on bad signals instead of exiting
555 cleanly. Not recommended for production servers. Note that
556 non-forked servers running as 'root' will only accept a single
557 connection, and then exit.
558 Default value: FALSE
560
562 0
563 Successful program execution.
564
566 The Globus Alliance, http://www.globus.org/
567 Author.
568
570 Copyright © 1999-2010 University of Chicago
571The Globus Alliance 08/11/2011 GLOBUS-GRIDFTP-SER(8)