经验首页 前端设计 程序设计 Java相关 移动开发 数据库/运维 软件/图像 大数据/云计算 其他经验
当前位置:技术经验 » 数据库/运维 » Linux/Shell » 查看文章
opensciencegrid - GridFTP 安装
来源:cnblogs  作者:xuyaowen  时间:2019/9/20 9:22:30  对本文有异议

最近配置一个GridFTP 用于测试其传输FTP性能, 在这里简单记录,备忘;使用本教程可以简单起一个GridFTP用于测试服务;

预配置环境:

测试系统:CentOS 7 1806 

配置Yum仓库:https://opensciencegrid.org/docs/common/yum/ 

安装GridFTP:

参考文档:

https://opensciencegrid.org/docs/common/yum/

https://opensciencegrid.org/docs/data/gridftp/

https://gridcf.org/gct-docs/latest/gridftp/admin/index.html#gridftp-admin-config-security-anonymous

https://gridcf.org/gct-docs/latest/gridftp/admin/index.html#_globus_gridftp_server_quickstart (管理员手册)

https://opensciencegrid.org/docs/common/ca/ 

yum install osg-gridftp

也可以直接从epel中直接安装:

yum install globus-gridftp-server

启动GridFTP匿名服务器:(带有认证的没有配置成功,也不想试了)

globus-gridftp-server -control-interface 0.0.0.0  -aa -p 5000  -anonymous-user 1000  # root 用户使用 1000 表示本地任意一个非root用户
globus-gridftp-server -control-interface 0.0.0.0  -aa -p 5000  # 非 root 用户使用
globus-gridftp-server -control-interface 0.0.0.0  -aa  -p 8080 -anonymous-user 1040 -home-dir /tmp/ -auth-level 0 -allow-root

更多选项可以使用 --help 查看;

安装  globus-url-copy 命令:

yum install globus-gass-copy-progs

生成测试文件:

dd if=/dev/zero of=size80m bs=8k count=10240

输出测试日志:

tail -f /var/log/gridftp-auth.log

运行匿名用户测试:

root@localhost ~# globus-url-copy -v file:///root/size80m ftp://127.0.0.1:5000/tmp/size80m
Source: file:///root/
Dest:   ftp://127.0.0.1:5000/tmp/
  size80m

测试成功:

[21230] Thu Sep 19 12:29:09 2019 :: New connection from: localhost:40224
[21230] Thu Sep 19 12:29:09 2019 :: User anonymous successfully authorized.
[21230] Thu Sep 19 12:29:09 2019 :: Starting to transfer "/tmp/size80m".
[21230] Thu Sep 19 12:29:12 2019 :: Finished transferring "/tmp/size80m".
[21230] Thu Sep 19 12:29:12 2019 :: Closed connection from localhost:40224
[20327] Thu Sep 19 12:29:12 2019 :: Child process 21230 ended with rc = 0

安装gridftp 客户端:

[root@xuyaowen ~]# yum search gridftp | grep -i client
Last metadata expiration check: 2:28:09 ago on Thu 19 Sep 2019 11:44:29 AM CST.
edg-gridftp-client.x86_64 : Command line clients to GridFTP libraries
uberftp.x86_64 : GridFTP-enabled ftp client  (听说是最好用的工具, 但是我一运行就崩溃,最终还是使用 globus-url-copy 命令进行测试)
globus-ftp-client.x86_64 : Grid Community Toolkit - GridFTP Client Library
globus-ftp-client-devel.x86_64 : Grid Community Toolkit - GridFTP Client Library

测试吞吐:

 # test network throughput
 globus-url-copy -vb -p 4 ftp://10.134.150.5:5000/dev/zero file:///dev/null

顺序读:

#  tmp globus-url-copy -vb -p 4 ftp://10.134.150.5:5000/dev/zero file:///dev/null

顺序写:

#  tmp globus-url-copy -vb -p 4 file:///dev/zero ftp://10.134.150.5:5000/dev/null

使用UDT:

globus-gridftp-server -control-interface 0.0.0.0  -aa  -p 5000 -anonymous-user 1040 -home-dir /tmp/ -auth-level 0 -allow-root -allow-udt
globus-url-copy -vb -p 4 -udt ftp://10.134.150.5:5000/dev/zero file:///dev/null

保持更新,如果对您有帮助或者对配置过程有疑问,请关注cnblogs.com/xuyaowen,并留言;

其他可用参考文档:

https://fasterdata.es.net/data-transfer-tools/gridftp/

https://www.xsede.org/wwwteragrid/archive/web/user-support/gridftp.html 

globus-url-copy 使用说明:

GLOBUS-URL-COPY(1)                                                           Grid Community Toolkit Manual                                                          GLOBUS-URL-COPY(1)

NAME
       globus-url-copy - globus-url-copy

SYNOPSIS
       globus-url-copy [options] SOURCE-URL DESTINATION-URL

DESCRIPTION
       The globus-url-copy program is a command line tool for multi-protocol data movement. It supports gsiftp:// (GridFTP), ftp://, http://, https://, sshftp:// and file:///
       protocol specifiers in the URL.

OPTIONS
       -help, -usage
           Print help.

       -versions
           Print the versions of all modules that this program uses

       -c, -continue-on-error
           Do not die after any errors. By default, program will exit after most errors.

       -a, -ascii
           Convert the file to/from ASCII format to/from local file format

       -b, -binary
           Do not apply any conversion to the files.  default

       -f FILENAME
           Read a list of URL pairs from filename. Each line should contain sourceURL destURL. Enclose URLs with spaces in double qoutes ("). Blank lines and lines beginning with #
           will be ignored.

       -cd, -create-dest
           Create destination directory if needed.

       -r
           Copy files in subdirectories

       -fast
           Recommended when using GridFTP servers. Use MODE E for all data transfers, including reusing data channels between list and transfer operations.

       -t SECONDS
           Run the transfer for this number of seconds and then end. Useful for performance testing or forced restart loops.

       -q, -quiet
           Suppress all output for successful operation.

       -v, -verbose
           Display URLs being transferred

       -vb, -verbose-perf
           During the transfer, display the number of bytes transferred and the transfer rate per second. Show URLs being transferred

       -dbg, -debugftp
           Debug ftp connections. Prints control channel communication to stderr

       -rst, -restart
           Restart failed ftp operations.

       -rst-retries RETRIES
           The maximum number of times to retry the operation before giving up on the transfer. Use 0 for infinite. Default is 5.

       -rst-interval SECONDS
           The interval in seconds to wait after a failure before retrying the transfer. Use 0 for an exponential backoff. Default is 0.

       -rst-timeout SECONDS
           Maximum time after a failure to keep retrying. Use 0 for no timeout. Default is 0.

       -stall-timeout SECONDS, -st SECONDS
           How long before cancelling/restarting a transfer with no data movement. Set to 0 to disable. Default is 600 seconds.

       -df FILENAME, -dumpfile FILENAME
           Path to a file where untransferred URLs will be saved for later restarting. Resulting file is the same format as the -f input file. If file exists, it will be read and all
           other URL input will be ignored.

       -do FILENAME, -dump-only FILENAME
           Perform no write operations on the destination. Instead, all files that would be transferred are enumerated and dumped to the specified file. Resulting file is the same
           format as the -f input file. Note: if you intend to use this file as input for a future transfer, the -create-dest option will be required if any destination directories
           do not already exist.

       -rp, -relative-paths
           The path portion of ftp URLs will be interpreted as relative to the user’s starting directory on the server. By default, all paths are root-relative. When this flag is
           set, the path portion of the ftp URL must start with %2F if it designates a root-relative path.

       -s SUBJECT, -subject SUBJECT
           Use this subject to match with both the source and dest servers.

       -ss SUBJECT, -source-subject SUBJECT
           Use this subject to match with the source server

       -ds SUBJECT, -dest-subject SUBJECT
           Use this subject to match with the destination server.

       -tcp-bs SIZE, -tcp-buffer-size SIZE
           Specify the size (in bytes) of the buffer to be used by the underlying ftp data channels.

       -bs block SIZE, -block-size block SIZE
           Specify the size (in bytes) of the buffer to be used by the underlying transfer methods.

       -p PARALLELISM, -parallel PARALLELISM
           Specify the number of parallel data connections should be used.

       -notpt, -no-third-party-transfers
           Turn third-party transfers off (on by default).

       -nodcau, -no-data-channel-authentication
           Turn off data channel authentication for ftp transfers.

       -dcsafe, -data-channel-safe
           Set data channel protection mode to SAFE

       -dcpriv, -data-channel-private
           Set data channel protection mode to PRIVATE

       -off, -partial-offset
           Offset for partial ftp file transfers, defaults to 0.

       -len, -partial-length
           Length for partial ftp file transfers, used only for the source url, defaults the full file.

       -list URL
           List the files located at URL.

       -stripe
           Enable striped transfers on supported servers.

       -striped-block-size, -sbs
           Set layout mode and block size for striped transfers. If not set, server defaults will be used. If set to 0, Partitioned mode will be used. If set to > 0, Blocked mode
           will be used, with this as the block size.

       -ipv6
           Use ipv6 when available (EXPERIMENTAL)

       -udt
           Use UDT, a reliable udp based transport protocol, for data transfers

       -g2, -gridftp2
           Use GridFTP v2 protocol enhancements when possible.

       -dp, -delayed-pasv
           Enable delayed passive.

       -mn NAME, -module-name NAME
           Set the back-end storage module to use for both the source and destination in a GridFTP transfer.

       -mp PARAMETERS, -module-parameters PARAMETERS
           Set the back-end storage module arguments to use for both the source and destination in a GridFTP transfer.

       -smn NAME, -src-module-name NAME
           Set the back-end storage module to use for the source in a GridFTP transfer.

       -smp PARAMETERS, -src-module-parameters PARAMETERS
           Set the back-end storage module arguments to use for the source in a GridFTP transfer.

       -dmn NAME, -dst-module-name NAME
           Set the back-end storage module to use for the destination in a GridFTP transfer.

       -dmp PARAMETERS, -dst-module-parameters PARAMETERS
           Set the back-end storage module arguments to use for the destination in a GridFTP transfer.

       -aa FILE, -authz-assert FILE
           Use the assertions in FILE to authorize the access with both source and destination servers.

       -saa FILE, -src-authz-assert FILE
           Use the assertions in this file to authorize the access with source server.

       -daa FILE, -dst-authz-assert FILE
           Use the assertions in this file to authorize the access with dest server.

       -cache-aa, -cache-authz-assert
           Cache the authz assertion for subsequent transfers.

       -cache-saa, -cache-src-authz-assert
           Cache the src authz assertion for subsequent transfers.

       -cache-daa, -cache-dst-authz-assert
           Cache the dst authz assertion for subsequent transfers.

       -pipeline, -pp
           Enable pipelining support for multi-file ftp transfers. Currently third-party transfers benefit from this.  EXPERIMENTAL

       -concurrency, -cc
           Number of concurrent ftp connections to use for multiple transfers.

       -nl-bottleneck, -nlb
           Use NetLogger to estimate speeds of disk and network read/write system calls, and attempt to determine the bottleneck component.

       -sp COMMANDS, -src-pipe COMMANDS
           Set the source end of a remote transfer to use piped in input with the given command line. Do not use with -fsstack.

       -DP COMMANDS, -dst-pipe COMMANDS
           Set the destination end of a remote transfer to write data to then standard input of the program run via the given command line. Do not use with -fsstack.

       -pipe COMMANDS
           Sets both -src-pipe and -dst-pipe to the same thing.

       -dcstack STACK, -data-channel-stack STACK
           Set the XIO driver stack for the network on both the source and the destination. Both must be GridFTP servers. The stack should contain all network drivers to use, in the
           order specified from bottom to top (e.g. -dcstack tcp,gsi). If the gsi driver is not included in the stack and data channel authentication is enabled, it will be inserted
           above the transport driver in the stack.

       -fsstack STACK, -file-system-stack STACK
           Set the XIO driver stack for the disk on both the source and the destination. Both must be GridFTP servers. The stack should contain all file system drivers to use, in the
           order specified from bottom to top.

       -src-dcstack STACK, -source-data-channel-stack STACK
           Set the XIO driver stack for the network on the source GridFTP server. See -dcstack above for description of the STACK string.

       -src-fsstack STACK, -source-file-system-stack STACK
           Set the XIO driver stack for the disk on the source GridFTP server. See -fsstack above for description of the STACK string.

       -dst-dcstack STACK, -dest-data-channel-stack STACK
           Set the XIO driver stack for the network on the destination GridFTP server. See -dcstack above for description of the STACK string.

       -dst-fsstack STACK, -dest-file-system-stack STACK
           Set the XIO driver stack for the disk on the destination GridFTP server. See -fsstack above for description of the STACK string.

       -cred PATH
           Set the credentials to use for both ftp connections.

       -src-cred CRED-FILE, -sc CRED-FILE
           Set the credentials to use for source ftp connections.

       -dst-cred CRED-FILE, -dc CRED-FILE
           Set the credentials to use for destination ftp connections.

       -af FILENAME, -alias-file FILENAME
           File with mapping of logical host aliases to lists of physical hosts. When used with multiple concurrent connections, each connection uses the next host in the list. Each
           line should either be an alias, noted with the @ symbol, or a hostname[:port]. Currently, only the aliases @source and @destination are valid, and they are used for every
           source or destination URL.

       -sync
           Only transfer files where the destination does not exist or differs from the source. -sync-level controls how to determine if files differ.

       -sync-level number
           Criteria for determining if files differ when performing a sync transfer. The default sync level is 2. The available levels are:

           ·   Level 0 will only transfer if the destination does not exist.

           ·   Level 1 will transfer if the size of the destination does not match the size of the source.

           ·   Level 2 will transfer if the time stamp of the destination is older than the time stamp of the source.

           ·   Level 3 will perform a checksum of the source and destination and transfer if the checksums do not match. The default algorithm used for this checksum is MD5, but
               other algorithms can be specified with the -algo parameter.

       -checksum-alg CHECKSUM-ALGORITHM
           Set the algorithm type to use for all checksum operations during the transfer.

       -verify-checksum
           Perform a checksum on the source and destination after each file transfer and compare the two. If they do not match, fail the transfer. The default algorithm used for this
           checksum is MD5, but other algorithms can be specified with the -checksum-alg parameter.

AUTHOR
       Copyright © 1999-2016 University of Chicago

Grid Community Toolkit 6                                                              03/31/2018                                                                    GLOBUS-URL-COPY(1)
globus-url-copy使用说明

globus-gridftp-server 使用说明:

GLOBUS-GRIDFTP-SER(8)                                                        Grid Community Toolkit Manual                                                       GLOBUS-GRIDFTP-SER(8)

NAME
       globus-gridftp-server - The Globus GridFTP server daemon

SYNOPSIS
       globus-gridftp-server OPTIONS

DESCRIPTION
       The globus-gridftp-server program is a ftp server with support for GridFTP protocol extensions, including strong authentication, parallel data transfers, and parallel data
       layouts.

OPTIONS
       The list below contains the command-line options for the server, and also the name of the configuration file entry that implements that option. Note that any boolean option
       can be negated on the command line by preceding the specified option with -no- or -n. example: -no-cas or -nf.

   Informational Options
       -h,-help
           Show usage information and exit.

           This option can also be set in the configuration file as help. The default value of this option is FALSE.

       -hh,-longhelp
           Show more usage information and exit.

           This option can also be set in the configuration file as longhelp. The default value of this option is FALSE.

       -v,-version
           Show version information for the server and exit.

           This option can also be set in the configuration file as version. The default value of this option is FALSE.

       -V,-versions
           Show version information for all loaded globus libraries and exit.

           This option can also be set in the configuration file as versions. The default value of this option is FALSE.

   Modes of Operation
       -i,-inetd
           Run under an inetd service.

           This option can also be set in the configuration file as inetd. The default value of this option is FALSE.

       -s,-daemon
           Run as a daemon. All connections will fork off a new process and setuid if allowed.

           This option can also be set in the configuration file as daemon. The default value of this option is TRUE.

       -S,-detach
           Run as a background daemon detached from any controlling terminals.

           This option can also be set in the configuration file as detach. The default value of this option is FALSE.

       -ssh
           Run over a connected ssh session.

           This option can also be set in the configuration file as ssh. The default value of this option is FALSE.

       -exec string
           For statically compiled or non-GLOBUS_LOCATION standard binary locations, specify the full path of the server binary here. Only needed when run in daemon mode.

           This option can also be set in the configuration file as exec.

       -chdir
           Change directory when the server starts. This will change directory to the dir specified by the chdir_to option.

           This option can also be set in the configuration file as chdir. The default value of this option is TRUE.

       -chdir-to string
           Directory to chdir to after starting. Will use / if not set. Note that this is the directory of the process, not the client’s home directory.

           This option can also be set in the configuration file as chdir_to.

       -threads number
           Enable threaded operation and set the number of threads. The default is 0, which is non-threaded. When threading is required, a thread count of 1 or 2 should be
           sufficient.

           This option can also be set in the configuration file as threads.

       -f,-fork
           Server will fork for each new connection. Disabling this option is only recommended when debugging. Note that non-forked servers running as root will only accept a single
           connection, and then exit.

           This option can also be set in the configuration file as fork. The default value of this option is TRUE.

       -1,-single
           Exit after a single connection.

           This option can also be set in the configuration file as single. The default value of this option is FALSE.

       -chroot-path string
           Path to become the new root after authentication. This path must contain a valid certificate structure, /etc/passwd, and /etc/group. The command
           globus-gridftp-server-setup-chroot can help create a suitable directory structure.

           This option can also be set in the configuration file as chroot_path.

   Authentication, Authorization, and Security Options
       -auth-level number
           Add levels together to use more than one. If not set uses level 2 for front ends and level 1 for data nodes. Note that levels 2 and 4 imply level 1 as well.

               0 = Disables all authorization checks.
               1 = Authorize identity.
               2 = Authorize all file/resource accesses.
               4 = Disable changing process uid to authenticated user (no
                   setuid) -- DO NOT use this when process is started as root.

           This option can also be set in the configuration file as auth_level.

       -process-user string
           User to setuid to upon login for all connections. Only applies when running as root.

           This option can also be set in the configuration file as process_user.

       -process-group string
           Group to setgid to upon login for all connections. If unset, the default group of process_user will be used.

           This option can also be set in the configuration file as process_group.

       -ipc-allow-from string
           Only allow connections from these source ip addresses. Specify a comma separated list of ip address fragments. A match is any ip address that starts with the specified
           fragment. Example: 192.168.1.  will match and allow a connection from 192.168.1.45. Note that if this option is used any address not specifically allowed will be denied.

           This option can also be set in the configuration file as ipc_allow_from.

       -ipc-deny-from string
           Deny connections from these source ip addresses. Specify a comma separated list of ip address fragments. A match is any ip address that starts with the specified fragment.
           Example: 192.168.2.  will match and deny a connection from 192.168.2.45.

           This option can also be set in the configuration file as ipc_deny_from.

       -allow-from string
           Only allow connections from these source ip addresses. Specify a comma separated list of ip address fragments. A match is any ip address that starts with the specified
           fragment. Example: 192.168.1.  will match and allow a connection from 192.168.1.45. Note that if this option is used any address not specifically allowed will be denied.

           This option can also be set in the configuration file as allow_from.

       -deny-from string
           Deny connections from these source ip addresses. Specify a comma separated list of ip address fragments. A match is any ip address that starts with the specified fragment.
           Example: 192.168.2.  will match and deny a connection from 192.168.2.45.

           This option can also be set in the configuration file as deny_from.

       -encrypt-data
           Require encrypted data channels. This will cause an error and prevent all transfers in which the client does not request an authenticated and encrypted data channel.

           This option can also be set in the configuration file as encrypt_data. The default value of this option is FALSE.

       -si,-secure-ipc
           Use GSI security on ipc channel.

           This option can also be set in the configuration file as secure_ipc. The default value of this option is TRUE.

       -ia string,-ipc-auth-mode string
           Set GSI authorization mode for the ipc connection. Options are: none, host, self or subject:[subject].

           This option can also be set in the configuration file as ipc_auth_mode. The default value of this option is host.

       -aa,-allow-anonymous
           Allow clear text anonymous access. If server is running as root anonymous_user must also be set. Disables ipc security.

           This option can also be set in the configuration file as allow_anonymous. The default value of this option is FALSE.

       -anonymous-names-allowed string
           Comma separated list of names to treat as anonymous users when allowing anonymous access. If not set, the default names of anonymous and ftp will be allowed. Use * to
           allow any username.

           This option can also be set in the configuration file as anonymous_names_allowed.

       -anonymous-user string
           User to setuid to for an anonymous connection. Only applies when running as root.

           This option can also be set in the configuration file as anonymous_user.

       -anonymous-group string
           Group to setgid to for an anonymous connection. If unset, the default group of anonymous_user will be used.

           This option can also be set in the configuration file as anonymous_group.

       -sharing-dn string
           Allow sharing when using the supplied DN. A client connected with these credentials will be able to access any user for which sharing is enabled.

           This option can also be set in the configuration file as sharing_dn.

       -sharing-state-dir string
           Full path to a directory that will contain files used by GridFTP to control sharing access for individual local accounts. The special variables $HOME and $USER can be used
           to create a dynamic path that is unique to each local account. This pathmust be writable by the associated account. The default path is $HOME/.globus/sharing/. This must
           refer to a path on the filesystem, not a path that is only accessible via a DSI plugin.

           This option can also be set in the configuration file as sharing_state_dir.

       -sharing-control
           Allow a local user account to control its own sharing access via special GridFTP client commands. The user account must have filesystem write access to the sharing state
           dir.

           This option can also be set in the configuration file as sharing_control. The default value of this option is TRUE.

       -sharing-rp string
           Sharing specific path restrictions. This completely replaces the normal path restrictions (-rp) when an account is being shared by a sharing-dn login.Follows normal path
           restriction semantics.

           This option can also be set in the configuration file as sharing_rp.

       -sharing-users-allow string
           Comma separated list of usernames that are allowed to share unless matched in the user deny lists. If this list is set, users that are not included will be denied unless
           matched in the group allow list.

           This option can also be set in the configuration file as sharing_users_allow.

       -sharing-users-deny string
           Comma separated list of usernames that are denied sharing even if matched in the user or group allow lists.

           This option can also be set in the configuration file as sharing_users_deny.

       -sharing-groups-allow string
           Comma separated list of groups whose members are allowed to share unless matched in the user or group deny lists. If this list is set, groups that are not included will be
           denied unless matched in the user allow list.

           This option can also be set in the configuration file as sharing_groups_allow.

       -sharing-groups-deny string
           Comma separated list of groups whose members will be denied sharing unless matched in the user allow list.

           This option can also be set in the configuration file as sharing_groups_deny.

       -allow-root
           Allow clients to be mapped to the root account.

           This option can also be set in the configuration file as allow_root. The default value of this option is FALSE.

       -allow-disabled-login
           Do not check if a user’s system account is disabled before allowing login.

           This option can also be set in the configuration file as allow_disabled_login. The default value of this option is FALSE.

       -password-file string
           Enable clear text access and authenticate users against this /etc/passwd formatted file.

           This option can also be set in the configuration file as pw_file.

       -connections-max number
           Maximum concurrent connections allowed. Only applies when running in daemon mode. Unlimited if not set.

           This option can also be set in the configuration file as connections_max.

       -connections-disabled
           Disable all new connections. For daemon mode, issue a SIGHUP to the server process after changing the config file in order to not affect ongoing connections.

           This option can also be set in the configuration file as connections_disabled. The default value of this option is FALSE.

       -offline-msg string
           Custom message to be displayed to clients when the server is offline via the connections_disabled or connections_max = 0 options.

           This option can also be set in the configuration file as offline_msg.

       -disable-command-list string
           A comma separated list of client commands that will be disabled.

           This option can also be set in the configuration file as disable_command_list.

       -authz-callouts,-cas
           Enable the GSI authorization callout framework, for callouts such as CAS.

           This option can also be set in the configuration file as cas. The default value of this option is TRUE.

       -use-home-dirs
           Set the starting directory to the authenticated users home dir. Disabling this is the same as setting -home-dir /.

           This option can also be set in the configuration file as use_home_dirs. The default value of this option is TRUE.

       -home-dir string
           Set a path to override the system defined home/starting directory for authenticated users. The special variable strings $USER and $HOME may be used. The authenticated
           username will be substituted for $USER, and the user’s real home dir will be substituted for $HOME. Be sure to escape the $ character if using these on the command line.

           This option can also be set in the configuration file as home_dir.

       -rp string,-restrict-paths string
           A comma separated list of full paths that clients may access. Each path may be prefixed by R and/or W, denoting read or write access, otherwise full access is granted. If
           a given path is a directory, all contents and subdirectories will be given the same access. Order of paths does not matter — the permissions on the longest matching path
           will apply. The special character ~ will be replaced by the authenticated user’s home directory, or the -home-dir option, if used. Note that if the home directory is not
           accessible, \~ will be set to /. By default all paths are allowed, and access control is handled by the OS. In a striped or split process configuration, this should be set
           on both the frontend and data nodes.

           This option can also be set in the configuration file as restrict_paths.

       -rp-follow-symlinks
           Do not verify that a symlink points to an allowed path before following. By default, symlinks are followed only when they point to an allowed path. By enabling this
           option, symlinks will be followed even if they point to a path that is otherwise restricted.

           This option can also be set in the configuration file as rp_follow_symlinks. The default value of this option is FALSE.

       -em string,-acl string
           A comma separated list of ACL or event modules to load.

           This option can also be set in the configuration file as acl.

   Logging Options
       -d string,-log-level string
           Log level. A comma separated list of levels from: ERROR, WARN, INFO, TRANSFER, DUMP, ALL. TRANSFER includes the same statistics that are sent to the separate transfer log
           when -log-transfer is used. Example: error,warn,info. You may also specify a numeric level of 1-255. The default level is ERROR.

           This option can also be set in the configuration file as log_level. The default value of this option is ERROR.

       -log-module string
           globus_logging module that will be loaded. If not set, the default stdio module will be used, and the logfile options apply. Built in modules are stdio and syslog. Log
           module options may be set by specifying module:opt1=val1:opt2=val2. Available options for the built in modules are interval and buffer, for buffer flush interval and
           buffer size, respectively. The default options are a 64k buffer size and a 5 second flush interval. A 0 second flush interval will disable periodic flushing, and the
           buffer will only flush when it is full. A value of 0 for buffer will disable buffering and all messages will be written immediately. Example: -log-module
           stdio:buffer=4096:interval=10

           This option can also be set in the configuration file as log_module.

       -l string,-logfile string
           Path of a single file to log all activity to. If neither this option or log_unique is set, logs will be written to stderr unless the execution mode is detached or inetd,
           in which case logging will be disabled.

           This option can also be set in the configuration file as log_single.

       -L string,-logdir string
           Partial path to which gridftp.(pid).log will be appended to construct the log filename. Example: -L /var/log/gridftp/ will create a separate log (
           /var/log/gridftp/gridftp.xxxx.log ) for each process (which is normally each new client session). If neither this option or log_single is set, logs will be written to
           stderr unless the execution mode is detached or inetd, in which case logging will be disabled.

           This option can also be set in the configuration file as log_unique.

       -Z string,-log-transfer string
           Log netlogger style info for each transfer into this file. You may also use the log-level of TRANSFER to include this info in the standard log.

           This option can also be set in the configuration file as log_transfer.

       -log-filemode string
           File access permissions of log files. Should be an octal number such as 0644.

           This option can also be set in the configuration file as log_filemode.

       -disable-usage-stats
           Usage statistics collection is no longer supported. This option is ignored.

           This option can also be set in the configuration file as disable_usage_stats. The default value of this option is TRUE.

       -usage-stats-target string
           Usage statistics collection is no longer supported. This option is ignored.

           This option can also be set in the configuration file as usage_stats_target.

       -usage-stats-id string
           Usage statistics collection is no longer supported. This option is ignored.

           This option can also be set in the configuration file as usage_stats_id.

   Single and Striped Remote Data Node Options
       -r string,-remote-nodes string
           Comma separated list of remote node contact strings.

           This option can also be set in the configuration file as remote_nodes.

       -hybrid
           When a server is configured for striped operation with the remote_nodes option, both a frontend and backend process are started even if the client does not request
           multiple stripes. This option will start backend processes only when striped operation is requested by the client, while servicing non-striped requests with a single
           frontend process.

           This option can also be set in the configuration file as hybrid. The default value of this option is FALSE.

       -dn,-data-node
           This server is a backend data node.

           This option can also be set in the configuration file as data_node. The default value of this option is FALSE.

       -sbs number,-stripe-blocksize number
           Size in bytes of sequential data that each stripe will transfer.

           This option can also be set in the configuration file as stripe_blocksize. The default value of this option is 1048576.

       -stripe-count number
           Number of number stripes to use per transfer when this server controls that number. If remote nodes are statically configured (via -r or remote_nodes), this will be set to
           that number of nodes, otherwise the default is 1.

           This option can also be set in the configuration file as stripe_count.

       -sl number,-stripe-layout number
           Stripe layout.

               1 = Partitioned
               2 = Blocked

           This option can also be set in the configuration file as stripe_layout. The default value of this option is 2.

       -stripe-blocksize-locked
           Do not allow client to override stripe blocksize with the OPTS RETR command

           This option can also be set in the configuration file as stripe_blocksize_locked. The default value of this option is FALSE.

       -stripe-layout-locked
           Do not allow client to override stripe layout with the OPTS RETR command

           This option can also be set in the configuration file as stripe_layout_locked. The default value of this option is FALSE.

   Disk Options
       -bs number,-blocksize number
           Size in bytes of data blocks to read from disk before posting to the network.

           This option can also be set in the configuration file as blocksize. The default value of this option is 262144.

       -sync-writes
           Flush disk writes before sending a restart marker. This attempts to ensure that the range specified in the restart marker has actually been committed to disk. This option
           will probably impact performance, and may result in different behavior on different storage systems. See the manpage for sync() for more information.

           This option can also be set in the configuration file as sync_writes. The default value of this option is FALSE.

       -perms string
           Set the default permissions for created files. Should be an octal number such as 0644. The default is 0644. Note: If umask is set it will affect this setting — i.e. if the
           umask is 0002 and this setting is 0666, the resulting files will be created with permissions of 0664.

           This option can also be set in the configuration file as perms.

       -file-timeout number
           Timeout in seconds for all disk accesses. A value of 0 disables the timeout.

           This option can also be set in the configuration file as file_timeout.

   Network Options
       -p number,-port number
           Port on which a frontend will listen for client control channel connections, or on which a data node will listen for connections from a frontend. If not set a random port
           will be chosen and printed via the logging mechanism.

           This option can also be set in the configuration file as port.

       -control-interface string
           Hostname or IP address of the interface to listen for control connections on. If not set will listen on all interfaces.

           This option can also be set in the configuration file as control_interface.

       -data-interface string
           Hostname or IP address of the interface to use for data connections. If not set will use the current control interface.

           This option can also be set in the configuration file as data_interface.

       -ipc-interface string
           Hostname or IP address of the interface to use for ipc connections. If not set will listen on all interfaces.

           This option can also be set in the configuration file as ipc_interface.

       -hostname string
           Effectively sets the above control_interface, data_interface and ipc_interface options.

           This option can also be set in the configuration file as hostname.

       -ipc-port number
           Port on which the frontend will listen for data node connections.

           This option can also be set in the configuration file as ipc_port.

       -control-preauth-timeout number
           Time in seconds to allow a client to remain connected to the control channel without activity before authenticating.

           This option can also be set in the configuration file as control_preauth_timeout. The default value of this option is 120.

       -control-idle-timeout number
           Time in seconds to allow a client to remain connected to the control channel without activity.

           This option can also be set in the configuration file as control_idle_timeout. The default value of this option is 600.

       -ipc-idle-timeout number
           Idle time in seconds before an unused ipc connection will close.

           This option can also be set in the configuration file as ipc_idle_timeout. The default value of this option is 900.

       -ipc-connect-timeout number
           Time in seconds before canceling an attempted ipc connection.

           This option can also be set in the configuration file as ipc_connect_timeout. The default value of this option is 60.

       -allow-udt
           Enable protocol support for UDT with NAT traversal if the udt driver is available. Requires threads.

           This option can also be set in the configuration file as allow_udt. The default value of this option is FALSE.

       -port-range string
           Port range to use for incoming connections. The format is "startport,endport". This, along with -data-interface, can be used to enable operation behind a firewall and/or
           when NAT is involved. This is the same as setting the environment variable GLOBUS_TCP_PORT_RANGE.

           This option can also be set in the configuration file as port_range.

       -epsv-ip
           Adds an IPv6 address to EPSV response. Breaks RFC 2428, but allows redirection to work with IPv6.

           This option can also be set in the configuration file as epsv_ip. The default value of this option is FALSE.

   User Messages
       -banner string
           Message to display to the client before authentication.

           This option can also be set in the configuration file as banner.

       -banner-file string
           File to read banner message from.

           This option can also be set in the configuration file as banner_file.

       -banner-terse
           When this is set, the minimum allowed banner message will be displayed to unauthenticated clients.

           This option can also be set in the configuration file as banner_terse. The default value of this option is FALSE.

       -banner-append
           When this is set, the message set in the banner or banner_file option will be appended to the default banner message rather than replacing it.

           This option can also be set in the configuration file as banner_append. The default value of this option is FALSE.

       -version-tag string
           Add an identifying string to the existing toolkit version. This is displayed in the default banner message, the SITE VERSION command, and usage stats.

           This option can also be set in the configuration file as version_tag.

       -login-msg string
           Message to display to the client after authentication.

           This option can also be set in the configuration file as login_msg.

       -login-msg-file string
           File to read login message from.

           This option can also be set in the configuration file as login_msg_file.

   Module Options
       -dsi string
           Data Storage Interface module to load. File and remote modules are defined by the server. If not set, the file module is loaded, unless the remote option is specified, in
           which case the remote module is loaded. An additional configuration string can be passed to the DSI using the format [module name]:[configuration string] to this option.
           The format of the configuration string is defined by the DSI being loaded.

           This option can also be set in the configuration file as load_dsi_module.

       -allowed-modules string
           Comma separated list of ERET/ESTO modules to allow, and optionally specify an alias for. Example: module1,alias2:module2,module3 (module2 will be loaded when a client asks
           for alias2).

           This option can also be set in the configuration file as allowed_modules.

       -dc-whitelist string
           A comma separated list of drivers allowed on the network stack.

           This option can also be set in the configuration file as dc_whitelist.

       -fs-whitelist string
           A comma separated list of drivers allowed on the disk stack.

           This option can also be set in the configuration file as fs_whitelist.

       -popen-whitelist string
           A comma separated list of programs that the popen driver is allowed to execute, when used on the network or disk stack. An alias may also be specified, so that a client
           does not need to specify the full path. Format is [alias:]prog,[alias:]prog. example: /bin/gzip,tar:/bin/tar

           This option can also be set in the configuration file as popen_whitelist.

       -xnetmgr string
           An option string to pass to the XIO Network Manager Driver, which will then be loaded for all data channel connections. This must be in the form
           "manager=module;option1=value;option2=value;". See the Network Manager documentation for more info.

           This option can also be set in the configuration file as xnetmgr.

       -dc-default string
           A comma separated list of XIO drivers and options representing the default network stack. Format is of each driver entry is driver1[:opt1=val1;opt2=val2;...]. The bottom
           of the stack, the transport driver, is always first.

           This option can also be set in the configuration file as dc_default.

       -fs-default string
           A comma separated list of XIO drivers and options representing the default disk stack. Format is of each driver entry is driver1[:opt1=val1;opt2=val2;...]. The bottom of
           the stack, the transport driver, is always first.

           This option can also be set in the configuration file as fs_default.

   Other
       -c string
           Path to main configuration file that should be loaded. Otherwise will attempt to load $GLOBUS_LOCATION/etc/gridftp.conf and /etc/grid-security/gridftp.conf.

       -C string
           Path to directory holding configuration files that should be loaded. Files will be loaded in alphabetical order, and in the event of duplicate parameters the last loaded
           file will take precedence. Backup files and files created by package updates (e.g. file.rpmsave) will be ignored. Note that the main configuration file, if one exists,
           will always be loaded last.

           This option can also be set in the configuration file as config_dir.

       -config-base-path string
           Base path to use when config and log path options are not full paths. By default this is the current directory when the process is started.

           This option can also be set in the configuration file as config_base_path.

       -debug
           Sets options that make server easier to debug. Forces no-fork, no-chdir, and allows core dumps on bad signals instead of exiting cleanly. Not recommended for production
           servers. Note that non-forked servers running as root will only accept a single connection, and then exit.

           This option can also be set in the configuration file as debug. The default value of this option is FALSE.

       -pidfile string

           This option can also be set in the configuration file as pidfile.

EXIT STATUS
       0
           Successful program execution.

Grid Community Toolkit 6                                                              12/06/2018                                                                 GLOBUS-GRIDFTP-SER(8)
globus-gridftp-server 使用说明

原文链接:http://www.cnblogs.com/xuyaowen/p/gridftp-standalone.html