Provided by: globus-gridftp-server-progs_6.38-1_amd64 
NAME
globus-gridftp-server - The Globus GridFTP server daemon
SYNOPSIS
globus-gridftp-server [-options]
DESCRIPTION
The globus-gridftp-server program is a ftp server with support for GridFTP protocol
extensions, including strong authentication, parallel data transfers, and parallel data
layouts.
The list below contains the command-line options for the server, and also the name of the
configuration file entry that implements that option. Note that any boolean flag can be
negated on the command line by preceding the specified option with -no- or -n. Example:
-no-fork or -nf.
INFORMATIONAL OPTIONS
-h , -help
Show usage information and exit. This option can also be set in the configuration file
as help.
-hh , -longhelp
Show more usage information and exit. This option can also be set in the configuration
file as longhelp.
-v , -version
Show version information for the server and exit. This option can also be set in the
configuration file as version.
-V , -versions
Show version information for all loaded globus libraries and exit. This option can
also be set in the configuration file as versions.
MODES OF OPERATION
-i , -inetd
Run under an inetd service. This option can also be set in the configuration file as
inetd.
-s , -daemon
Run as a daemon. All connections will fork off a new process and setuid if allowed.
This option can also be set in the configuration file as daemon.
-S , -detach
Run as a background daemon detached from any controlling terminals. This option can
also be set in the configuration file as detach.
-ssh
Run over a connected ssh session. This option can also be set in the configuration
file as ssh.
-exec string
For statically compiled or non-GLOBUS_LOCATION standard binary locations, specify the
full path of the server binary here. Only needed when run in daemon mode. This option
can also be set in the configuration file as exec.
-chdir
Change directory when the server starts. This will change directory to the dir
specified by the chdir_to option. This option can also be set in the configuration
file as chdir.
-chdir-to string
Directory to chdir to after starting. Will use / if not set. This option can also be
set in the configuration file as chdir_to.
-f , -fork
Server will fork for each new connection. Disabling this option is only recommended
when debugging. Note that non-forked servers running as ´root´ will only accept a
single connection, and then exit. This option can also be set in the configuration
file as fork.
-1 , -single
Exit after a single connection. This option can also be set in the configuration file
as single.
-chroot-path string
Path to become the new root after authentication. This path must contain a valid
certificate structure, /etc/passwd, and /etc/groups. The command
globus-gridftp-server-setup-chroot can help create a suitable directory structure.
This option can also be set in the configuration file as chroot_path.
AUTHENTICATION, AUTHORIZATION, AND SECURITY OPTIONS
-auth-level number
Add levels together to use more than one.
· 0 = Disables all authorization checks.
· 1 = Authorize identity.
· 2 = Authorize all file/resource accesses.
· 4 = Disable changing process uid to authenticated user (no setuid) -- DO NOT use
this when process is started as root.
If not set, uses level 2 for front ends and level 1 for data nodes. Note that
levels 2 and 4 imply level 1 as well. This option can also be set in the
configuration file as auth_level.
-ipc-allow-from string
Only allow connections from these source ip addresses. Specify a comma separated
list of ip address fragments. A match is any ip address that starts with the
specified fragment. Example: ´192.168.1.´ will match and allow a connection from
192.168.1.45. Note that if this option is used any address not specifically
allowed will be denied. This option can also be set in the configuration file as
ipc_allow_from.
-ipc-deny-from string
Deny connections from these source ip addresses. Specify a comma separated list of
ip address fragments. A match is any ip address that starts with the specified
fragment. Example: ´192.168.2.´ will match and deny a connection from
192.168.2.45. This option can also be set in the configuration file as
ipc_deny_from.
-allow-from string
Only allow connections from these source ip addresses. Specify a comma separated
list of ip address fragments. A match is any ip address that starts with the
specified fragment. Example: ´192.168.1.´ will match and allow a connection from
192.168.1.45. Note that if this option is used any address not specifically
allowed will be denied. This option can also be set in the configuration file as
allow_from.
-deny-from string
Deny connections from these source ip addresses. Specify a comma separated list of
ip address fragments. A match is any ip address that starts with the specified
fragment. Example: ´192.168.2.´ will match and deny a connection from
192.168.2.45. This option can also be set in the configuration file as deny_from.
-si , -secure-ipc
Use GSI security on ipc channel. This option can also be set in the configuration
file as secure_ipc.
-ia string, -ipc-auth-mode string
Set GSI authorization mode for the ipc connection. Options are: none, host, self
or subject:[subject]. This option can also be set in the configuration file as
ipc_auth_mode.
-aa , -allow-anonymous
Allow clear text anonymous access. If server is running as root anonymous_user
must also be set. Disables ipc security. This option can also be set in the
configuration file as allow_anonymous.
-anonymous-names-allowed string
Comma separated list of names to treat as anonymous users when allowing anonymous
access. If not set, the default names of ´anonymous´ and ´ftp´ will be allowed.
Use ´*´ to allow any username. This option can also be set in the configuration
file as anonymous_names_allowed.
-anonymous-user string
User to setuid to for an anonymous connection. Only applies when running as root.
This option can also be set in the configuration file as anonymous_user.
-anonymous-group string
Group to setgid to for an anonymous connection. If unset, the default group of
anonymous_user will be used. This option can also be set in the configuration file
as anonymous_group.
-allow-root
Allow clients to be mapped to the root account. This option can also be set in the
configuration file as allow_root.
-password-file string
Enable clear text access and authenticate users against this /etc/passwd formatted
file. This option can also be set in the configuration file as pw_file.
-connections-max number
Maximum concurrent connections allowed. Only applies when running in daemon mode.
Unlimited if not set. This option can also be set in the configuration file as
connections_max.
-connections-disabled
Disable all new connections. Does not affect ongoing connections. This would have
be set in the configuration file and then the server issued a SIGHUP in order to
reload that config. This option can also be set in the configuration file as
connections_disabled.
-offline-msg string
Custom message to be displayed to clients when the server is offline via the
connections_disabled or connections_max = 0 options. This option can also be set
in the configuration file as offline_msg.
-disable-command-list string
A comma separated list of client commands that will be disabled. This option can
also be set in the configuration file as disable_command_list.
-authz-callouts , -cas
Enable the GSI authorization callout framework, for callouts such as CAS. This
option can also be set in the configuration file as cas.
-rp string, -restrict-paths string
A comma separated list of full paths that clients may access. Each path may be
prefixed by R and/or W, denoting read or write access, otherwise full access is
granted. If a given path is a directory, all contents and subdirectories will be
given the same access. Order of paths does not matter -- the permissions on the
longest matching path will apply. The special character ´~´ will be replaced by
the authenticated user´s home directory. Note that if the authenticated user´s
home directory is not accessible, the home directory and starting path will be set
to ´/´. By default all paths are allowed, and access control is handled by the OS.
This option can also be set in the configuration file as restrict_paths.
-rp-follow-symlinks
Allow following symlinks that lead to restricted paths. This option can also be
set in the configuration file as rp_follow_symlinks.
-em string, -acl string
A comma separated list of ACL or event modules to load. This option can also be
set in the configuration file as acl.
LOGGING OPTIONS
-d string, -log-level string
Log level. A comma separated list of levels from: ´ERROR, WARN, INFO, TRANSFER, DUMP,
ALL´. TRANSFER includes the same statistics that are sent to the separate transfer log
when -log-transfer is used. Example: error,warn,info. You may also specify a numeric
level of 1-255. The default level is ERROR. This option can also be set in the
configuration file as log_level.
-log-module string
globus_logging module that will be loaded. If not set, the default ´stdio´ module will
be used, and the logfile options apply. Built in modules are ´stdio´ and ´syslog´. Log
module options may be set by specifying module:opt1=val1:opt2=val2. Available options
for the built in modules are ´interval´ and ´buffer´, for buffer flush interval and
buffer size, respectively. The default options are a 64k buffer size and a 5 second
flush interval. A 0 second flush interval will disable periodic flushing, and the
buffer will only flush when it is full. A value of 0 for buffer will disable buffering
and all messages will be written immediately. Example: -log-module
stdio:buffer=4096:interval=10. This option can also be set in the configuration file
as log_module.
-l string, -logfile string
Path of a single file to log all activity to. If neither this option or log_unique is
set, logs will be written to stderr unless the execution mode is detached or inetd, in
which case logging will be disabled. This option can also be set in the configuration
file as log_single.
-L string, -logdir string
Partial path to which ´gridftp.(pid).log´ will be appended to construct the log
filename. Example: -L /var/log/gridftp/ will create a separate log (
/var/log/gridftp/gridftp.xxxx.log ) for each process (which is normally each new
client session). If neither this option or log_single is set, logs will be written to
stderr unless the execution mode is detached or inetd, in which case logging will be
disabled. This option can also be set in the configuration file as log_unique.
-Z string, -log-transfer string
Log netlogger style info for each transfer into this file. You may also use the
log-level of TRANSFER to include this info in the standard log. This option can also
be set in the configuration file as log_transfer.
-log-filemode string
File access permissions of log files. Should be an octal number such as 0644. This
option can also be set in the configuration file as log_filemode.
-disable-usage-stats
Disable transmission of per-transfer usage statistics. See the Usage Statistics
section in the online documentation for more information. This option can also be set
in the configuration file as disable_usage_stats.
-usage-stats-target string
Comma separated list of contact strings (host:port) for usage statistics receivers.
The usage stats sent to a particular receiver may be customized by configuring it with
a taglist (host:port!taglist) The taglist is a list of characters that each correspond
to a usage stats tag. When this option is unset, stats are reported to
usage-stats.globus.org:4810. If you set your own receiver, and wish to continue
reporting to the Globus receiver, you will need to add it manually. The list of
available tags follow. Tags marked * are reported by default.
· *(e) START - start time of transfer
· *(E) END - end time of transfer
· *(v) VER - version string of gridftp server
· *(b) BUFFER - tcp buffer size used for transfer
· *(B) BLOCK - disk blocksize used for transfer
· *(N) NBYTES - number of bytes transferred
· *(s) STREAMS - number of parallel streams used
· *(S) STRIPES - number of stripes used
· *(t) TYPE - transfer command: RETR, STOR, LIST, etc
· *(c) CODE - ftp result code (226 = success, 5xx = fail)
· *(D) DSI - DSI module in use
· *(A) EM - event modules in use
· *(T) SCHEME - ftp, gsiftp, sshftp, etc. (client supplied)
· *(a) APP - guc, rft, generic library app, etc. (client supplied)
· *(V) APPVER - version string of above. (client supplied)
· (f) FILE - name of file/data transferred
· (i) CLIENTIP - ip address of host running client (control channel)
· (I) DATAIP - ip address of source/dest host of data (data channel)
· (u) USER - local user name the transfer was performed as
· (d) USERDN - DN that was mapped to user id
· (C) CONFID - ID defined by -usage-stats-id config option
· (U) SESSID - unique id that can be used to match transfers in a session and
transfers across source/dest of a third party transfer. (client supplied) .
This option can also be set in the configuration file as usage_stats_target.
-usage-stats-id string
Identifying tag to include in usage statistics data. This option can also be set
in the configuration file as usage_stats_id.
SINGLE AND STRIPED REMOTE DATA NODE OPTIONS
-r string, -remote-nodes string
Comma separated list of remote node contact strings. This option can also be set in
the configuration file as remote_nodes.
-dn , -data-node
This server is a backend data node. This option can also be set in the configuration
file as data_node.
-sbs number, -stripe-blocksize number
Size in bytes of sequential data that each stripe will transfer. This option can also
be set in the configuration file as stripe_blocksize.
-stripe-count number
Number of number stripes to use per transfer when this server controls that number. If
remote nodes are statically configured (via -r or remote_nodes), this will be set to
that number of nodes, otherwise the default is 1. This option can also be set in the
configuration file as stripe_count.
-sl number, -stripe-layout number
Stripe layout.
· 1 = Partitioned
· 2 = Blocked
This option can also be set in the configuration file as stripe_layout.
-stripe-blocksize-locked
Do not allow client to override stripe blocksize with the OPTS RETR command. This
option can also be set in the configuration file as stripe_blocksize_locked.
-stripe-layout-locked
Do not allow client to override stripe layout with the OPTS RETR command. This
option can also be set in the configuration file as stripe_layout_locked.
DISK OPTIONS
-bs number, -blocksize number
Size in bytes of data blocks to read from disk before posting to the network. This
option can also be set in the configuration file as blocksize.
-sync-writes
Flush disk writes before sending a restart marker. This attempts to ensure that the
range specified in the restart marker has actually been committed to disk. This option
will probably impact performance, and may result in different behavior on different
storage systems. See the manpage for sync() for more information. This option can also
be set in the configuration file as sync_writes.
-use-home-dirs
Set the startup directory to the authenticated users home dir. This option can also be
set in the configuration file as use_home_dirs.
-perms string
Set the default permissions for created files. Should be an octal number such as 0644.
The default is 0644. Note: If umask is set it will affect this setting -- i.e. if the
umask is 0002 and this setting is 0666, the resulting files will be created with
permissions of 0664. . This option can also be set in the configuration file as perms.
-file-timeout number
Timeout in seconds for all disk accesses. A value of 0 disables the timeout. This
option can also be set in the configuration file as file_timeout.
NETWORK OPTIONS
-p number, -port number
Port on which a frontend will listen for client control channel connections, or on
which a data node will listen for connections from a frontend. If not set a random
port will be chosen and printed via the logging mechanism. This option can also be set
in the configuration file as port.
-control-interface string
Hostname or IP address of the interface to listen for control connections on. If not
set will listen on all interfaces. This option can also be set in the configuration
file as control_interface.
-data-interface string
Hostname or IP address of the interface to use for data connections. If not set will
use the current control interface. This option can also be set in the configuration
file as data_interface.
-ipc-interface string
Hostname or IP address of the interface to use for ipc connections. If not set will
listen on all interfaces. This option can also be set in the configuration file as
ipc_interface.
-hostname string
Effectively sets the above control_interface, data_interface and ipc_interface
options. This option can also be set in the configuration file as hostname.
-ipc-port number
Port on which the frontend will listen for data node connections. This option can also
be set in the configuration file as ipc_port.
-control-preauth-timeout number
Time in seconds to allow a client to remain connected to the control channel without
activity before authenticating. This option can also be set in the configuration file
as control_preauth_timeout.
-control-idle-timeout number
Time in seconds to allow a client to remain connected to the control channel without
activity. This option can also be set in the configuration file as
control_idle_timeout.
-ipc-idle-timeout number
Idle time in seconds before an unused ipc connection will close. This option can also
be set in the configuration file as ipc_idle_timeout.
-ipc-connect-timeout number
Time in seconds before canceling an attempted ipc connection. This option can also be
set in the configuration file as ipc_connect_timeout.
-port-range string
Port range to use for incoming connections. The format is "startport,endport". This,
along with -data-interface, can be used to enable operation behind a firewall and/or
when NAT is involved. This is the same as setting the environment variable
GLOBUS_TCP_PORT_RANGE. This option can also be set in the configuration file as
port_range.
USER MESSAGES
-banner string
Message to display to the client before authentication. This option can also be set in
the configuration file as banner.
-banner-file string
File to read banner message from. This option can also be set in the configuration
file as banner_file.
-banner-terse
When this is set, the minimum allowed banner message will be displayed to
unauthenticated clients. This option can also be set in the configuration file as
banner_terse.
-banner-append
When this is set, the message set in the ´banner´ or ´banner_file´ option will be
appended to the default banner message rather than replacing it. This option can also
be set in the configuration file as banner_append.
-login-msg string
Message to display to the client after authentication. This option can also be set in
the configuration file as login_msg.
-login-msg-file string
File to read login message from. This option can also be set in the configuration file
as login_msg_file.
MODULE OPTIONS
-dsi string
Data Storage Interface module to load. file and remote modules are defined by the
server. If not set, the file module is loaded, unless the ´remote´ option is
specified, in which case the remote module is loaded. An additional configuration
string can be passed to the DSI using the format [module name]:[configuration string]
to this option. The format of the configuration string is defined by the DSI being
loaded. This option can also be set in the configuration file as load_dsi_module.
-allowed-modules string
Comma separated list of ERET/ESTO modules to allow, and optionally specify an alias
for. Example: module1,alias2:module2,module3 (module2 will be loaded when a client
asks for alias2). This option can also be set in the configuration file as
allowed_modules.
-dc-whitelist string
A comma separated list of drivers allowed on the network stack. This option can also
be set in the configuration file as dc_whitelist.
-fs-whitelist string
A comma separated list of drivers allowed on the disk stack. This option can also be
set in the configuration file as fs_whitelist.
-popen-whitelist string
A comma separated list of programs that the popen driver is allowed to execute, when
used on the network or disk stack. An alias may also be specified, so that a client
does not need to specify the full path. Format is [alias:]prog,[alias:]prog. example:
/bin/gzip,tar:/bin/tar. This option can also be set in the configuration file as
popen_whitelist.
-dc-default string
A comma separated list of XIO drivers and options representing the default network
stack. Format is of each driver entry is driver1[:opt1=val1;opt2=val2;...]. The bottom
of the stack, the transport driver, is always first. This option can also be set in
the configuration file as dc_default.
-fs-default string
A comma separated list of XIO drivers and options representing the default disk stack.
Format is of each driver entry is driver1[:opt1=val1;opt2=val2;...]. The bottom of the
stack, the transport driver, is always first. This option can also be set in the
configuration file as fs_default.
OTHER
-c string
Path to main configuration file that should be loaded. Otherwise will attempt to load
$GLOBUS_LOCATION/etc/gridftp.conf and /etc/grid-security/gridftp.conf.
-C string
Path to directory holding configuration files that should be loaded. Files will be
loaded in alphabetical order, and in the event of duplcate parameters the last loaded
file will take precedence. Note that the main configurationfile, if one exists, will
always be loaded last. This option can also be set in the configuration file as
config_dir.
-config-base-path string
Base path to use when config and log path options are not full paths. By default this
is the current directory when the process is started. This option can also be set in
the configuration file as config_base_path.
-debug
Sets options that make server easier to debug. Forces no-fork, no-chdir, and allows
core dumps on bad signals instead of exiting cleanly. Not recommended for production
servers. Note that non-forked servers running as ´root´ will only accept a single
connection, and then exit. This option can also be set in the configuration file as
debug.
-pidfile string
Write PID of the GridFTP server to this path. May contain variable references to
${localstatedir}. This option can also be set in the configuration file as pidfile.
EXIT STATUS
0
Successful program execution.
AUTHOR
The Globus Alliance, http://www.globus.org/
Author.
COPYRIGHT
Copyright © 1999-2012 University of Chicago