GLOBUS-GRIDFTP-SER

-h, -help, -help <0|1>

Show usage information and exit.

Default value: FALSE

longhelp <0|1> -hh -longhelp

Show more usage information and exit.

Default value: FALSE

version <0|1> -v -version

Show version information for the server and exit.

Default value: FALSE

versions <0|1> -V -versions

Show version information for all loaded globus libraries and exit.

Default value: FALSE

versions <0|1> -V -versions

Show version information for all loaded globus libraries and exit.

Default value: FALSE

MODES OF OPERATION

-inetd <0|1> -i -inetd

Run under an inetd service.

Default value: FALSE

daemon <0|1> -s -daemon

Run as a daemon. All connections will fork off a new process and setuid if allowed.

Default value: TRUE

detach <0|1> -S -detach

Run as a background daemon detached from any controlling terminals.

Default value: FALSE

ssh <0|1> -ssh

Run over a connected ssh session.

Default value: FALSE

exec <string> -exec <string>

For staticly compiled or non-GLOBUS_LOCATION standard binary locations, specify the full path of the server binary here. Only needed when run in daemon mode.

Default value: not set

chdir <0|1> -chdir

Change directory when the server starts. This will change directory to the dir specified by the chdir_to opt ion.

Default value: TRUE

chdir_to <string> -chdir-to <string>

Directory to chdir to after starting. Will use / if not set.

Default value: not set

fork <0|1> -f -fork

Server will fork for each new connection. Disabling this option is only recommended when debugging. Note th at non-forked servers running as 'root' will only accept a single connection, and then exit.

Default value: TRUE

single <0|1> -1 -single

Exit after a single connection.

Default value: FALSE

chroot_path <string> -chroot-path <string>

Path to become the new root after authentication. This path must contain a valid certificate structure, /etc/passwd, and /etc/groups. The command globus-gridftp-server-setup-chroot can help create a suitable directory structure.

Default value: not set

AUTHENTICATION, AUTHORIZATION, AND SECURITY OPTIONS

auth_level <number> -auth-level <number>

Add levels together to use more than one. 0 = Disables all authorization checks. 1 = Authorize identity. 2 = Authorize all file/resource accesses. 4 = Disable changing process uid to authenticated user (no setuid) - DO NOT use this when process is started as root. If not set uses level 2 for front ends and level 1 for data nodes. Note that levels 2 and 4 imply level 1 as well.

Default value: not set

ipc_allow_from <string> -ipc-allow-from <string>

Only allow connections from these source ip addresses. Specify a comma seperated list of ip address fragmen ts. A match is any ip address that starts with the specified fragment. Example: '192.168.1.' will match and allow a connect ion from 192.168.1.45. Note that if this option is used any address not specifically allowed will be denied.

Default value: not set

ipc_deny_from <string> -ipc-deny-from <string>

Deny connections from these source ip addresses. Specify a comma seperated list of ip address fragments. A match is any ip address that starts with the specified fragment. Example: '192.168.2.' will match and deny a connection from 192.168.2.45.

Default value: not set

allow_from <string> -allow-from <string>

Only allow connections from these source ip addresses. Specify a comma seperated list of ip address fragmen ts. A match is any ip address that starts with the specified fragment. Example: '192.168.1.' will match and allow a connection from 192.168.1.45. Note that if this option is used any address not specifically allowed will be denied.

Default value: not set

deny_from <string> -deny-from <string>

Deny connections from these source ip addresses. Specify a comma seperated list of ip address fragments. A match is any ip address that starts with the specified fragment. Example: '192.168.2.' will match and deny a connection from 192.168.2.45.

Default value: not set

secure_ipc <0|1> -si -secure-ipc

Use GSI security on ipc channel.

Default value: TRUE

ipc_auth_mode <string> -ia <string> -ipc-auth-mode <string>

Set GSI authorization mode for the ipc connection. Options are: none, host, self or subject:[subject].

Default value: host

allow_anonymous <0|1> -aa -allow-anonymous

Allow cleartext anonymous access. If server is running as root anonymous_user must also be set. Disables ipc security.

Default value: FALSE

anonymous_names_allowed <string> -anonymous-names-allowed <string>

Comma seperated list of names to treat as anonymous users when allowing anonymous access. If not set, the d efault names of 'anonymous' and 'ftp' will be allowed. Use '*' to allow any username.

Default value: not set

anonymous_user <string> -anonymous-user <string>

User to setuid to for an anonymous connection. Only applies when running as root.

Default value: not set

anonymous_group <string> -anonymous-group <string>

Group to setgid to for an anonymous connection. If unset, the default group of anonymous_user will be used.

Default value: not set

pw_file <string> -password-file <string>

Enable cleartext access and authenticate users against this /etc/passwd formatted file.

Default value: not set

connections_max <number> -connections-max <number>

Maximum concurrent connections allowed. Only applies when running in daemon mode. Unlimited if not set.

Default value: not set

connections_disabled <0|1> -connections-disabled

Disable all new connections. Does not affect ongoing connections. This would have be set in the configurat ion file and then the server issued a SIGHUP in order to reload that config.

Default value: FALSE

offline_msg <string> -offline-msg <string>

Custom message to be displayed to clients when the server is offline via the connections_disabled or connect ions_max = 0 options.

Default value: not set

disable_command_list <string> -disable-command-list <string>

A comma seperated list of client commands that will be disabled.

Default value: not set

cas <0|1> -authz-callouts -cas

Enable the GSI authorization callout framework, for callouts such as CAS.

Default value: TRUE

acl <string> -em <string> -acl <string>

A comma seperated list of ACL or event modules to load.

Default value: not set

LOGGING OPTIONS

log_level <string> -d <string> -log-level <string>

Log level. A comma seperated list of levels from: 'ERROR, WARN, INFO, TRANSFER, DUMP, ALL'. TRANSFER include s the same statistics that are sent to the seperate transfer log when -log-transfer is used. Example: error,warn,info. You m ay also specify a numeric level of 1-255. The default level is ERROR.

Default value: ERROR

log_module <string> -log-module <string>

globus_logging module that will be loaded. If not set, the default 'stdio' module will be used, and the logf ile options apply. Builtin modules are 'stdio' and 'syslog'. Log module options may be set by specifying module:opt1=val1:o pt2=val2. Available options for the builtin modules are 'interval' and 'buffer', for buffer flush interval and buffer size, respectively. The default options are a 64k buffer size and a 5 second flush interval. A 0 second flush interval will disabl e periodic flushing, and the buffer will only flush when it is full. A value of 0 for buffer will disable buffering and all messages will be written immediately. Example: -log-module stdio:buffer=4096:interval=10

Default value: not set

log_single <string> -l <string> -logfile <string>

Path of a single file to log all activity to. If neither this option or log_unique is set, logs will be wri tten to stderr unless the execution mode is detached or inetd, in which case logging will be disabled.

Default value: not set

log_unique <string> -L <string> -logdir <string>

Partial path to which 'gridftp.(pid).log' will be appended to construct the log filename. Example: -L /var/l og/gridftp/ will create a seperate log ( /var/log/gridftp/gridftp.xxxx.log ) for each process (which is normally each new cli ent session). If neither this option or log_single is set, logs will be written to stderr unless the execution mode is detac hed or inetd, in which case logging will be disabled.

Default value: not set

log_transfer <string> -Z <string> -log-transfer <string>

Log netlogger style info for each transfer into this file. You may also use the log-level of TRANSFER to in clude this info in the standard log.

Default value: not set

log_filemode <string> -log-filemode <string>

File access permissions of log files. Should be an octal number such as 0644.

Default value: not set

disable_usage_stats <0|1> -disable-usage-stats

Disable transmission of per-transfer usage statistics. See the Usage Statistics section in the online docum entation for more information.

Default value: FALSE

usage_stats_target <string> -usage-stats-target <string>

Comma seperated list of contact strings (host:port) for usage statistics receivers. The usage stats sent to a particular receiver may be customized by configuring it with a taglist (host:port!taglist) The taglist is a list of chara cters that each correspond to a usage stats tag. When this option is unset, stats are reported to usage-stats.globus.org:481 0. If you set your own receiver, and wish to continue reporting to the Globus receiver, you will need to add it manually. T he list of available tags follow. Tags marked * are reported by default. *(e) START - start time of transfer *(E) END - end time of transfer *(v) VER - version string of gridftp server *(b) BUFFER - tcp buffer size used for transfer *(B) BLOCK - disk blocksize used for transfer *(N) NBYTES - number of bytes transferred *(s) STREAMS - number of parallel streams used *(S) STRIPES - number of stripes used *(t) TYPE - transfer command: RETR, STOR, LIST, etc *(c) CODE - ftp result code (226 = success, 5xx = fail) *(D) DSI - DSI module in use *(A) EM - event modules in use *(T) SCHEME - ftp, gsiftp, sshftp, etc. (client supplied) *(a) APP - guc, rft, generic library app, etc. (client supplied) *(V) APPVER - version string of above. (client supplied) (f) FILE - name of file/data transferred (i) CLIENTIP - ip address of host running client (control channel) (I) DATAIP - ip address of source/dest host of data (data channel) (u) USER - local user name the transfer was performed as (d) USERDN - DN that was mapped to user id (C) CONFID - ID defined by -usage-stats-id config option (U) SESSID - unique id that can be used to match transfers in a session and transfers across source/dest of a third party transfer. (client supplied)

Default value: not set

usage_stats_id <string> -usage-stats-id <string>

Identifying tag to include in usage statistics data.

Default value: not set

SINGLE AND STRIPED REMOTE DATA NODE OPTIONS

remote_nodes <string> -r <string> -remote-nodes <string>

Comma seperated list of remote node contact strings.

Default value: not set

data_node <0|1> -dn -data-node

This server is a backend data node.

Default value: FALSE

stripe_blocksize <number> -sbs <number> -stripe-blocksize <number>

Size in bytes of sequential data that each stripe will transfer.

Default value: 1048576

stripe_count <number> -stripe-count <number>

Number of number stripes to use per transfer when this server controls that number. If remote nodes are sta tically configured (via -r or remote_nodes), this will be set to that number of nodes, otherwise the default is 1.

Default value: not set

stripe_layout <number> -sl <number> -stripe-layout <number>

Stripe layout. 1 = Partitioned, 2 = Blocked.

Default value: 2

stripe_blocksize_locked <0|1> -stripe-blocksize-locked

Do not allow client to override stripe blocksize with the OPTS RETR command

Default value: FALSE

stripe_blocksize_locked <0|1> -stripe-blocksize-locked

Do not allow client to override stripe layout with the OPTS RETR command

Default value: FALSE

stripe_blocksize_locked <0|1> -stripe-blocksize-locked

Do not allow client to override stripe layout with the OPTS RETR command

Default value: FALSE

DISK OPTIONS

blocksize <number> -bs <number> -blocksize <number>

Size in bytes of data blocks to read from disk before posting to the network.

Default value: 262144

sync_writes <0|1> -sync-writes

Flush disk writes before sending a restart marker. This attempts to ensure that the range specified in the restart marker has actually been committed to disk. This option will probably impact performance, and may result in different behavior on different storage systems. See the manpage for sync() for more information.

Default value: FALSE

use_home_dirs <0|1> -use-home-dirs

Set the startup directory to the authenticated users home dir.

Default value: TRUE

perms <string> -perms <string>

Set the default permissions for created files. Should be an octal number such as 0644. The default is 0644. Note: If umask is set it will affect this setting - i.e. if the umask is 0002 and this setting is 0666, the resulting file s will be created with permissions of 0664.

Default value: not set

file_timeout <number> -file-timeout <number>

Timeout in seconds for all disk accesses. A value of 0 disables the timeout.

Default value: not set

NETWORK OPTIONS

port <number> -p <number> -port <number>

Port on which a frontend will listend for client control channel connections, or on which a data node will l isten for connections from a frontend. If not set a random port will be chosen and printed via the logging mechanism.

Default value: not set

control_interface <string> -control-interface <string>

Hostname or IP address of the interface to listen for control connections on. If not set will listen on all interfaces.

Default value: not set

data_interface <string> -data-interface <string>

Hostname or IP address of the interface to use for data connections. If not set will use the current control interface.

Default value: not set

ipc_interface <string> -ipc-interface <string>

Hostname or IP address of the interface to use for ipc connections. If not set will listen on all interfaces .

Default value: not set

hostname <string> -hostname <string>

Effectively sets the above control_interface, data_interface and ipc_interface options.

Default value: not set

ipc_port <number> -ipc-port <number>

Port on which the frontend will listen for data node connections.

Default value: not set

control_preauth_timeout <number> -control-preauth-timeout <number>

Time in seconds to allow a client to remain connected to the control channel without activity before authent icating.

Default value: 120

control_idle_timeout <number> -control-idle-timeout <number>

Time in seconds to allow a client to remain connected to the control channel without activity.

Default value: 600

ipc_idle_timeout <number> -ipc-idle-timeout <number>

Idle time in seconds before an unused ipc connection will close.

Default value: 600

ipc_connect_timeout <number> -ipc-connect-timeout <number>

Time in seconds before cancelling an attempted ipc connection.

Default value: 60

USER MESSAGES

banner <string> -banner <string>

Message to display to the client before authentication.

Default value: not set

banner_file <string> -banner-file <string>

File to read banner message from.

Default value: not set

banner_terse <0|1> -banner-terse

When this is set, the minimum allowed banner message will be displayed to unauthenticated clients.

Default value: FALSE

banner_append <0|1> -banner-append

When this is set, the message set in the 'banner' or 'banner_file' option will be appended to the default ba nner message rather than replacing it.

Default value: FALSE

login_msg <string> -login-msg <string>

Message to display to the client after authentication.

Default value: not set

login_msg_file <string> -login-msg-file <string>

File to read login message from.

Default value: not set

MODULE OPTIONS

load_dsi_module <string> -dsi <string>

Data Storage Interface module to load. file and remote modules are defined by the server. If not set, the fi le module is loaded, unless the 'remote' option is specified, in which case the remote module is loaded. An additional confi guration string can be passed to the DSI using the format [module name]:[configuration string] to this option. The format of the configuration string is defined by the DSI being loaded.

Default value: not set

allowed_modules <string> -allowed-modules <string>

Comma seperated list of ERET/ESTO modules to allow, and optionally specify an alias for. Example: module1,al ias2:module2,module3 (module2 will be loaded when a client asks for alias2).

Default value: not set

dc_whitelist <string> -dc-whitelist <string>

A comma seperated list of drivers allowed on the network stack.

Default value: not set

fs_whitelist <string> -fs-whitelist <string>

A comma seperated list of drivers allowed on the disk stack.

Default value: not set

popen_whitelist <string> -popen-whitelist <string>

A comma seperated list of programs that the popen driver is allowed to execute, when used on the network or disk stack. An alias may also be specified, so that a client does not need to specify the full path. Format is [alias:]prog, [alias:]prog. example: /bin/gzip,tar:/bin/tar

Default value: not set

OTHER

configfile <string> -c <string>

Path to configuration file that should be loaded. Otherwise will attempt to load $GLOBUS_LOCATION/etc/gridftp.conf and /etc/grid-security/gridftp.conf.

Default value: not set

debug <0|1> -debug

Sets options that make server easier to debug. Forces no-fork, no-chdir, and allows core dumps on bad signals instead of exiting cleanly. Not recommended for production servers. Note that non-forked servers running as 'root' will only accept a single connection, and then exit.

Default value: FALSE

EXIT STATUS

0

Successful program execution.

AUTHOR

Author.

COPYRIGHT

Index

NAME

SYNOPSIS

DESCRIPTION

MODES OF OPERATION

AUTHENTICATION, AUTHORIZATION, AND SECURITY OPTIONS

LOGGING OPTIONS

SINGLE AND STRIPED REMOTE DATA NODE OPTIONS

DISK OPTIONS

NETWORK OPTIONS

USER MESSAGES

MODULE OPTIONS

OTHER

EXIT STATUS

AUTHOR

COPYRIGHT