Provided by: globus-gridftp-server-progs_9.4-2_i386 bug

NAME

       globus-gridftp-server - The Globus GridFTP server daemon

SYNOPSIS

       globus-gridftp-server OPTIONS

DESCRIPTION

       The globus-gridftp-server program is a ftp server with support for
       GridFTP protocol extensions, including strong authentication, parallel
       data transfers, and parallel data layouts.

OPTIONS

       The list below contains the command-line options for the server, and
       also the name of the configuration file entry that implements that
       option. Note that any boolean option can be negated on the command line
       by preceding the specified option with -no- or -n. example: -no-cas or
       -nf.

   Informational Options
       -h,-help
           Show usage information and exit.

           This option can also be set in the configuration file as help. The
           default value of this option is FALSE.

       -hh,-longhelp
           Show more usage information and exit.

           This option can also be set in the configuration file as longhelp.
           The default value of this option is FALSE.

       -v,-version
           Show version information for the server and exit.

           This option can also be set in the configuration file as version.
           The default value of this option is FALSE.

       -V,-versions
           Show version information for all loaded globus libraries and exit.

           This option can also be set in the configuration file as versions.
           The default value of this option is FALSE.

   Modes of Operation
       -i,-inetd
           Run under an inetd service.

           This option can also be set in the configuration file as inetd. The
           default value of this option is FALSE.

       -s,-daemon
           Run as a daemon. All connections will fork off a new process and
           setuid if allowed.

           This option can also be set in the configuration file as daemon.
           The default value of this option is TRUE.

       -S,-detach
           Run as a background daemon detached from any controlling terminals.

           This option can also be set in the configuration file as detach.
           The default value of this option is FALSE.

       -ssh
           Run over a connected ssh session.

           This option can also be set in the configuration file as ssh. The
           default value of this option is FALSE.

       -exec string
           For statically compiled or non-GLOBUS_LOCATION standard binary
           locations, specify the full path of the server binary here. Only
           needed when run in daemon mode.

           This option can also be set in the configuration file as exec.

       -chdir
           Change directory when the server starts. This will change directory
           to the dir specified by the chdir_to option.

           This option can also be set in the configuration file as chdir. The
           default value of this option is TRUE.

       -chdir-to string
           Directory to chdir to after starting. Will use / if not set. Note
           that this is the directory of the process, not the client’s home
           directory.

           This option can also be set in the configuration file as chdir_to.

       -threads number
           Enable threaded operation and set the number of threads. The
           default is 0, which is non-threaded. When threading is required, a
           thread count of 1 or 2 should be sufficient.

           This option can also be set in the configuration file as threads.

       -f,-fork
           Server will fork for each new connection. Disabling this option is
           only recommended when debugging. Note that non-forked servers
           running as root will only accept a single connection, and then
           exit.

           This option can also be set in the configuration file as fork. The
           default value of this option is TRUE.

       -1,-single
           Exit after a single connection.

           This option can also be set in the configuration file as single.
           The default value of this option is FALSE.

       -chroot-path string
           Path to become the new root after authentication. This path must
           contain a valid certificate structure, /etc/passwd, and /etc/group.
           The command globus-gridftp-server-setup-chroot can help create a
           suitable directory structure.

           This option can also be set in the configuration file as
           chroot_path.

   Authentication, Authorization, and Security Options
       -auth-level number
           Add levels together to use more than one. 0 = Disables all
           authorization checks. 1 = Authorize identity. 2 = Authorize all
           file/resource accesses. 4 = Disable changing process uid to
           authenticated user (no setuid) — DO NOT use this when process is
           started as root. If not set uses level 2 for front ends and level 1
           for data nodes. Note that levels 2 and 4 imply level 1 as well.

           This option can also be set in the configuration file as
           auth_level.

       -ipc-allow-from string
           Only allow connections from these source ip addresses. Specify a
           comma separated list of ip address fragments. A match is any ip
           address that starts with the specified fragment. Example:
           192.168.1.  will match and allow a connection from 192.168.1.45.
           Note that if this option is used any address not specifically
           allowed will be denied.

           This option can also be set in the configuration file as
           ipc_allow_from.

       -ipc-deny-from string
           Deny connections from these source ip addresses. Specify a comma
           separated list of ip address fragments. A match is any ip address
           that starts with the specified fragment. Example: 192.168.2.  will
           match and deny a connection from 192.168.2.45.

           This option can also be set in the configuration file as
           ipc_deny_from.

       -allow-from string
           Only allow connections from these source ip addresses. Specify a
           comma separated list of ip address fragments. A match is any ip
           address that starts with the specified fragment. Example:
           192.168.1.  will match and allow a connection from 192.168.1.45.
           Note that if this option is used any address not specifically
           allowed will be denied.

           This option can also be set in the configuration file as
           allow_from.

       -deny-from string
           Deny connections from these source ip addresses. Specify a comma
           separated list of ip address fragments. A match is any ip address
           that starts with the specified fragment. Example: 192.168.2.  will
           match and deny a connection from 192.168.2.45.

           This option can also be set in the configuration file as deny_from.

       -si,-secure-ipc
           Use GSI security on ipc channel.

           This option can also be set in the configuration file as
           secure_ipc. The default value of this option is TRUE.

       -ia string,-ipc-auth-mode string
           Set GSI authorization mode for the ipc connection. Options are:
           none, host, self or subject:[subject].

           This option can also be set in the configuration file as
           ipc_auth_mode. The default value of this option is host.

       -aa,-allow-anonymous
           Allow clear text anonymous access. If server is running as root
           anonymous_user must also be set. Disables ipc security.

           This option can also be set in the configuration file as
           allow_anonymous. The default value of this option is FALSE.

       -anonymous-names-allowed string
           Comma separated list of names to treat as anonymous users when
           allowing anonymous access. If not set, the default names of
           anonymous and ftp will be allowed. Use * to allow any username.

           This option can also be set in the configuration file as
           anonymous_names_allowed.

       -anonymous-user string
           User to setuid to for an anonymous connection. Only applies when
           running as root.

           This option can also be set in the configuration file as
           anonymous_user.

       -anonymous-group string
           Group to setgid to for an anonymous connection. If unset, the
           default group of anonymous_user will be used.

           This option can also be set in the configuration file as
           anonymous_group.

       -sharing-dn string
           Allow sharing when using the supplied DN. A client connected with
           these credentials will be able to access any user for which sharing
           is enabled.

           This option can also be set in the configuration file as
           sharing_dn.

       -sharing-state-dir string
           Full path to a directory that will contain files used by GridFTP to
           control sharing access for individual local accounts. The special
           variables $HOME and $USER can be used to create a dynamic path that
           is unique to each local account. This pathmust be writable by the
           associated account. The default path is $HOME/.globus/sharing/.
           This must refer to a path on the filesystem, not a path that is
           only accessible via a DSI plugin.

           This option can also be set in the configuration file as
           sharing_state_dir.

       -sharing-control
           Allow a local user account to control its own sharing access via
           special GridFTP client commands. The user account must have
           filesystem write access to the sharing state dir.

           This option can also be set in the configuration file as
           sharing_control. The default value of this option is TRUE.

       -sharing-rp string
           Sharing specific path restrictions. This completely replaces the
           normal path restrictions (-rp) when an account is being shared by a
           sharing-dn login.Follows normal path restriction semantics.

           This option can also be set in the configuration file as
           sharing_rp.

       -sharing-users-allow string
           Comma separated list of usernames that are allowed to share unless
           matched in the user deny lists. If this list is set, users that are
           not included will be denied unless matched in the group allow list.

           This option can also be set in the configuration file as
           sharing_users_allow.

       -sharing-users-deny string
           Comma separated list of usernames that are denied sharing even if
           matched in the user or group allow lists.

           This option can also be set in the configuration file as
           sharing_users_deny.

       -sharing-groups-allow string
           Comma separated list of groups whose members are allowed to share
           unless matched in the user or group deny lists. If this list is
           set, groups that are not included will be denied unless matched in
           the user allow list.

           This option can also be set in the configuration file as
           sharing_groups_allow.

       -sharing-groups-deny string
           Comma separated list of groups whose members will be denied sharing
           unless matched in the user allow list.

           This option can also be set in the configuration file as
           sharing_groups_deny.

       -allow-root
           Allow clients to be mapped to the root account.

           This option can also be set in the configuration file as
           allow_root. The default value of this option is FALSE.

       -allow-disabled-login
           Do not check if a user’s system account is disabled before allowing
           login.

           This option can also be set in the configuration file as
           allow_disabled_login. The default value of this option is FALSE.

       -password-file string
           Enable clear text access and authenticate users against this
           /etc/passwd formatted file.

           This option can also be set in the configuration file as pw_file.

       -connections-max number
           Maximum concurrent connections allowed. Only applies when running
           in daemon mode. Unlimited if not set.

           This option can also be set in the configuration file as
           connections_max.

       -connections-disabled
           Disable all new connections. For daemon mode, issue a SIGHUP to the
           server process after changing the config file in order to not
           affect ongoing connections.

           This option can also be set in the configuration file as
           connections_disabled. The default value of this option is FALSE.

       -offline-msg string
           Custom message to be displayed to clients when the server is
           offline via the connections_disabled or connections_max = 0
           options.

           This option can also be set in the configuration file as
           offline_msg.

       -disable-command-list string
           A comma separated list of client commands that will be disabled.

           This option can also be set in the configuration file as
           disable_command_list.

       -authz-callouts,-cas
           Enable the GSI authorization callout framework, for callouts such
           as CAS.

           This option can also be set in the configuration file as cas. The
           default value of this option is TRUE.

       -use-home-dirs
           Set the starting directory to the authenticated users home dir.
           Disabling this is the same as setting -home-dir /.

           This option can also be set in the configuration file as
           use_home_dirs. The default value of this option is TRUE.

       -home-dir string
           Set a path to override the system defined home/starting directory
           for authenticated users. The special variable strings $USER and
           $HOME may be used. The authenticated username will be substituted
           for $USER, and the user’s real home dir will be substituted for
           $HOME. Be sure to escape the $ character if using these on the
           command line.

           This option can also be set in the configuration file as home_dir.

       -rp string,-restrict-paths string
           A comma separated list of full paths that clients may access. Each
           path may be prefixed by R and/or W, denoting read or write access,
           otherwise full access is granted. If a given path is a directory,
           all contents and subdirectories will be given the same access.
           Order of paths does not matter — the permissions on the longest
           matching path will apply. The special character ~ will be replaced
           by the authenticated user’s home directory, or the -home-dir
           option, if used. Note that if the home directory is not accessible,
           \~ will be set to /. By default all paths are allowed, and access
           control is handled by the OS. In a striped or split process
           configuration, this should be set on both the frontend and data
           nodes.

           This option can also be set in the configuration file as
           restrict_paths.

       -rp-follow-symlinks
           Do not verify that a symlink points to an allowed path before
           following. By default, symlinks are followed only when they point
           to an allowed path. By enabling this option, symlinks will be
           followed even if they point to a path that is otherwise restricted.

           This option can also be set in the configuration file as
           rp_follow_symlinks. The default value of this option is FALSE.

       -em string,-acl string
           A comma separated list of ACL or event modules to load.

           This option can also be set in the configuration file as acl.

   Logging Options
       -d string,-log-level string
           Log level. A comma separated list of levels from: ERROR, WARN,
           INFO, TRANSFER, DUMP, ALL. TRANSFER includes the same statistics
           that are sent to the separate transfer log when -log-transfer is
           used. Example: error,warn,info. You may also specify a numeric
           level of 1-255. The default level is ERROR.

           This option can also be set in the configuration file as log_level.
           The default value of this option is ERROR.

       -log-module string
           globus_logging module that will be loaded. If not set, the default
           stdio module will be used, and the logfile options apply. Built in
           modules are stdio and syslog. Log module options may be set by
           specifying module:opt1=val1:opt2=val2. Available options for the
           built in modules are interval and buffer, for buffer flush interval
           and buffer size, respectively. The default options are a 64k buffer
           size and a 5 second flush interval. A 0 second flush interval will
           disable periodic flushing, and the buffer will only flush when it
           is full. A value of 0 for buffer will disable buffering and all
           messages will be written immediately. Example: -log-module
           stdio:buffer=4096:interval=10

           This option can also be set in the configuration file as
           log_module.

       -l string,-logfile string
           Path of a single file to log all activity to. If neither this
           option or log_unique is set, logs will be written to stderr unless
           the execution mode is detached or inetd, in which case logging will
           be disabled.

           This option can also be set in the configuration file as
           log_single.

       -L string,-logdir string
           Partial path to which gridftp.(pid).log will be appended to
           construct the log filename. Example: -L /var/log/gridftp/ will
           create a separate log ( /var/log/gridftp/gridftp.xxxx.log ) for
           each process (which is normally each new client session). If
           neither this option or log_single is set, logs will be written to
           stderr unless the execution mode is detached or inetd, in which
           case logging will be disabled.

           This option can also be set in the configuration file as
           log_unique.

       -Z string,-log-transfer string
           Log netlogger style info for each transfer into this file. You may
           also use the log-level of TRANSFER to include this info in the
           standard log.

           This option can also be set in the configuration file as
           log_transfer.

       -log-filemode string
           File access permissions of log files. Should be an octal number
           such as 0644.

           This option can also be set in the configuration file as
           log_filemode.

       -disable-usage-stats
           Disable transmission of per-transfer usage statistics. See the
           Usage Statistics section in the online documentation for more
           information.

           This option can also be set in the configuration file as
           disable_usage_stats. The default value of this option is FALSE.

       -usage-stats-target string
           Comma separated list of contact strings (host:port) for usage
           statistics receivers. The usage stats sent to a particular receiver
           may be customized by configuring it with a taglist
           (host:port!taglist) The taglist is a list of characters that each
           correspond to a usage stats tag. When this option is unset, stats
           are reported to usage-stats.globus.org:4810. If you set your own
           receiver, and wish to continue reporting to the Globus receiver,
           you will need to add it manually. The list of available tags
           follow. Tags marked * are reported by default.

               *(e) START - start time of transfer
               *(E) END - end time of transfer
               *(v) VER - version string of GridFTP server
               *(b) BUFFER - tcp buffer size used for transfer
               *(B) BLOCK - disk blocksize used for transfer
               *(N) NBYTES - number of bytes transferred
               *(s) STREAMS - number of parallel streams used
               *(S) STRIPES - number of stripes used
               *(t) TYPE - transfer command: RETR, STOR, LIST, etc
               *(c) CODE - ftp result code (226 = success, 5xx = fail)
               *(D) DSI - DSI module in use
               *(A) EM - event modules in use
               *(T) SCHEME - ftp, gsiftp, sshftp, etc. (client supplied)
               *(a) APP - guc, rft, generic library app, etc. (client supplied)
               *(V) APPVER - version string of above. (client supplied)
               (f) FILE - name of file/data transferred
               (i) CLIENTIP - ip address of host running client (control channel)
               (I) DATAIP - ip address of source/dest host of data (data channel)
               (u) USER - local user name the transfer was performed as
               (d) USERDN - DN that was mapped to user id
               (C) CONFID - ID defined by -usage-stats-id config option
               (U) SESSID - unique id that can be used to match transfers in a session and
                   transfers across source/dest of a third party transfer. (client supplied)

           This option can also be set in the configuration file as
           usage_stats_target.

       -usage-stats-id string
           Identifying tag to include in usage statistics data. If this is set
           and usage-stats-target is unset, CONFID will be added to the
           default usage stats data.

           This option can also be set in the configuration file as
           usage_stats_id.

   Single and Striped Remote Data Node Options
       -r string,-remote-nodes string
           Comma separated list of remote node contact strings.

           This option can also be set in the configuration file as
           remote_nodes.

       -hybrid
           When a server is configured for striped operation with the
           remote_nodes option, both a frontend and backend process are
           started even if the client does not request multiple stripes. This
           option will start backend processes only when striped operation is
           requested by the client, while servicing non-striped requests with
           a single frontend process.

           This option can also be set in the configuration file as hybrid.
           The default value of this option is FALSE.

       -dn,-data-node
           This server is a backend data node.

           This option can also be set in the configuration file as data_node.
           The default value of this option is FALSE.

       -sbs number,-stripe-blocksize number
           Size in bytes of sequential data that each stripe will transfer.

           This option can also be set in the configuration file as
           stripe_blocksize. The default value of this option is 1048576.

       -stripe-count number
           Number of number stripes to use per transfer when this server
           controls that number. If remote nodes are statically configured
           (via -r or remote_nodes), this will be set to that number of nodes,
           otherwise the default is 1.

           This option can also be set in the configuration file as
           stripe_count.

       -sl number,-stripe-layout number
           Stripe layout. 1 = Partitioned 2 = Blocked.

           This option can also be set in the configuration file as
           stripe_layout. The default value of this option is 2.

       -stripe-blocksize-locked
           Do not allow client to override stripe blocksize with the OPTS RETR
           command

           This option can also be set in the configuration file as
           stripe_blocksize_locked. The default value of this option is FALSE.

       -stripe-layout-locked
           Do not allow client to override stripe layout with the OPTS RETR
           command

           This option can also be set in the configuration file as
           stripe_layout_locked. The default value of this option is FALSE.

   Disk Options
       -bs number,-blocksize number
           Size in bytes of data blocks to read from disk before posting to
           the network.

           This option can also be set in the configuration file as blocksize.
           The default value of this option is 262144.

       -sync-writes
           Flush disk writes before sending a restart marker. This attempts to
           ensure that the range specified in the restart marker has actually
           been committed to disk. This option will probably impact
           performance, and may result in different behavior on different
           storage systems. See the manpage for sync() for more information.

           This option can also be set in the configuration file as
           sync_writes. The default value of this option is FALSE.

       -perms string
           Set the default permissions for created files. Should be an octal
           number such as 0644. The default is 0644. Note: If umask is set it
           will affect this setting — i.e. if the umask is 0002 and this
           setting is 0666, the resulting files will be created with
           permissions of 0664.

           This option can also be set in the configuration file as perms.

       -file-timeout number
           Timeout in seconds for all disk accesses. A value of 0 disables the
           timeout.

           This option can also be set in the configuration file as
           file_timeout.

   Network Options
       -p number,-port number
           Port on which a frontend will listen for client control channel
           connections, or on which a data node will listen for connections
           from a frontend. If not set a random port will be chosen and
           printed via the logging mechanism.

           This option can also be set in the configuration file as port.

       -control-interface string
           Hostname or IP address of the interface to listen for control
           connections on. If not set will listen on all interfaces.

           This option can also be set in the configuration file as
           control_interface.

       -data-interface string
           Hostname or IP address of the interface to use for data
           connections. If not set will use the current control interface.

           This option can also be set in the configuration file as
           data_interface.

       -ipc-interface string
           Hostname or IP address of the interface to use for ipc connections.
           If not set will listen on all interfaces.

           This option can also be set in the configuration file as
           ipc_interface.

       -hostname string
           Effectively sets the above control_interface, data_interface and
           ipc_interface options.

           This option can also be set in the configuration file as hostname.

       -ipc-port number
           Port on which the frontend will listen for data node connections.

           This option can also be set in the configuration file as ipc_port.

       -control-preauth-timeout number
           Time in seconds to allow a client to remain connected to the
           control channel without activity before authenticating.

           This option can also be set in the configuration file as
           control_preauth_timeout. The default value of this option is 120.

       -control-idle-timeout number
           Time in seconds to allow a client to remain connected to the
           control channel without activity.

           This option can also be set in the configuration file as
           control_idle_timeout. The default value of this option is 600.

       -ipc-idle-timeout number
           Idle time in seconds before an unused ipc connection will close.

           This option can also be set in the configuration file as
           ipc_idle_timeout. The default value of this option is 900.

       -ipc-connect-timeout number
           Time in seconds before canceling an attempted ipc connection.

           This option can also be set in the configuration file as
           ipc_connect_timeout. The default value of this option is 60.

       -allow-udt
           Enable protocol support for UDT with NAT traversal if the udt
           driver is available. Requires threads.

           This option can also be set in the configuration file as allow_udt.
           The default value of this option is FALSE.

       -port-range string
           Port range to use for incoming connections. The format is
           "startport,endport". This, along with -data-interface, can be used
           to enable operation behind a firewall and/or when NAT is involved.
           This is the same as setting the environment variable
           GLOBUS_TCP_PORT_RANGE.

           This option can also be set in the configuration file as
           port_range.

   User Messages
       -banner string
           Message to display to the client before authentication.

           This option can also be set in the configuration file as banner.

       -banner-file string
           File to read banner message from.

           This option can also be set in the configuration file as
           banner_file.

       -banner-terse
           When this is set, the minimum allowed banner message will be
           displayed to unauthenticated clients.

           This option can also be set in the configuration file as
           banner_terse. The default value of this option is FALSE.

       -banner-append
           When this is set, the message set in the banner or banner_file
           option will be appended to the default banner message rather than
           replacing it.

           This option can also be set in the configuration file as
           banner_append. The default value of this option is FALSE.

       -version-tag string
           Add an identifying string to the existing toolkit version. This is
           displayed in the default banner message, the SITE VERSION command,
           and usage stats.

           This option can also be set in the configuration file as
           version_tag.

       -login-msg string
           Message to display to the client after authentication.

           This option can also be set in the configuration file as login_msg.

       -login-msg-file string
           File to read login message from.

           This option can also be set in the configuration file as
           login_msg_file.

   Module Options
       -dsi string
           Data Storage Interface module to load. File and remote modules are
           defined by the server. If not set, the file module is loaded,
           unless the remote option is specified, in which case the remote
           module is loaded. An additional configuration string can be passed
           to the DSI using the format [module name]:[configuration string] to
           this option. The format of the configuration string is defined by
           the DSI being loaded.

           This option can also be set in the configuration file as
           load_dsi_module.

       -allowed-modules string
           Comma separated list of ERET/ESTO modules to allow, and optionally
           specify an alias for. Example: module1,alias2:module2,module3
           (module2 will be loaded when a client asks for alias2).

           This option can also be set in the configuration file as
           allowed_modules.

       -dc-whitelist string
           A comma separated list of drivers allowed on the network stack.

           This option can also be set in the configuration file as
           dc_whitelist.

       -fs-whitelist string
           A comma separated list of drivers allowed on the disk stack.

           This option can also be set in the configuration file as
           fs_whitelist.

       -popen-whitelist string
           A comma separated list of programs that the popen driver is allowed
           to execute, when used on the network or disk stack. An alias may
           also be specified, so that a client does not need to specify the
           full path. Format is [alias:]prog,[alias:]prog. example:
           /bin/gzip,tar:/bin/tar

           This option can also be set in the configuration file as
           popen_whitelist.

       -xnetmgr string
           An option string to pass to the XIO Network Manager Driver, which
           will then be loaded for all data channel connections. This must be
           in the form "manager=module;option1=value;option2=value;". See the
           Network Manager documentation for more info.

           This option can also be set in the configuration file as xnetmgr.

       -dc-default string
           A comma separated list of XIO drivers and options representing the
           default network stack. Format is of each driver entry is
           driver1[:opt1=val1;opt2=val2;...]. The bottom of the stack, the
           transport driver, is always first.

           This option can also be set in the configuration file as
           dc_default.

       -fs-default string
           A comma separated list of XIO drivers and options representing the
           default disk stack. Format is of each driver entry is
           driver1[:opt1=val1;opt2=val2;...]. The bottom of the stack, the
           transport driver, is always first.

           This option can also be set in the configuration file as
           fs_default.

   Other
       -c string
           Path to main configuration file that should be loaded. Otherwise
           will attempt to load $GLOBUS_LOCATION/etc/gridftp.conf and
           /etc/grid-security/gridftp.conf.

       -C string
           Path to directory holding configuration files that should be
           loaded. Files will be loaded in alphabetical order, and in the
           event of duplicate parameters the last loaded file will take
           precedence. Files with a .  in the name (file.bak, file.rpmsave,
           etc.) will be ignored. Note that the main configuration file, if
           one exists, will always be loaded last.

           This option can also be set in the configuration file as
           config_dir.

       -config-base-path string
           Base path to use when config and log path options are not full
           paths. By default this is the current directory when the process is
           started.

           This option can also be set in the configuration file as
           config_base_path.

       -debug
           Sets options that make server easier to debug. Forces no-fork,
           no-chdir, and allows core dumps on bad signals instead of exiting
           cleanly. Not recommended for production servers. Note that
           non-forked servers running as root will only accept a single
           connection, and then exit.

           This option can also be set in the configuration file as debug. The
           default value of this option is FALSE.

       -pidfile string

           This option can also be set in the configuration file as pidfile.

EXIT STATUS

       0
           Successful program execution.