经验首页 前端设计 程序设计 Java相关 移动开发 数据库/运维 软件/图像 大数据/云计算 其他经验
当前位置:技术经验 » 数据库/运维 » Linux/Shell » 查看文章
opensciencegrid - GridFTP 安装
来源:cnblogs  作者:xuyaowen  时间:2019/9/20 9:22:30  对本文有异议

最近配置一个GridFTP 用于测试其传输FTP性能, 在这里简单记录,备忘;使用本教程可以简单起一个GridFTP用于测试服务;

预配置环境:

测试系统:CentOS 7 1806 

配置Yum仓库:https://opensciencegrid.org/docs/common/yum/ 

安装GridFTP:

参考文档:

https://opensciencegrid.org/docs/common/yum/

https://opensciencegrid.org/docs/data/gridftp/

https://gridcf.org/gct-docs/latest/gridftp/admin/index.html#gridftp-admin-config-security-anonymous

https://gridcf.org/gct-docs/latest/gridftp/admin/index.html#_globus_gridftp_server_quickstart (管理员手册)

https://opensciencegrid.org/docs/common/ca/ 

  1. yum install osg-gridftp

也可以直接从epel中直接安装:

  1. yum install globus-gridftp-server

启动GridFTP匿名服务器:(带有认证的没有配置成功,也不想试了)

  1. globus-gridftp-server -control-interface 0.0.0.0  -aa -p 5000  -anonymous-user 1000  # root 用户使用 1000 表示本地任意一个非root用户
  1. globus-gridftp-server -control-interface 0.0.0.0  -aa -p 5000  # 非 root 用户使用
  1. globus-gridftp-server -control-interface 0.0.0.0  -aa  -p 8080 -anonymous-user 1040 -home-dir /tmp/ -auth-level 0 -allow-root

更多选项可以使用 --help 查看;

安装  globus-url-copy 命令:

  1. yum install globus-gass-copy-progs

生成测试文件:

  1. dd if=/dev/zero of=size80m bs=8k count=10240

输出测试日志:

  1. tail -f /var/log/gridftp-auth.log

运行匿名用户测试:

  1. root@localhost ~# globus-url-copy -v file:///root/size80m ftp://127.0.0.1:5000/tmp/size80m
  2. Source: file:///root/
  3. Dest:   ftp://127.0.0.1:5000/tmp/
  4.   size80m

测试成功:

  1. [21230] Thu Sep 19 12:29:09 2019 :: New connection from: localhost:40224
  2. [21230] Thu Sep 19 12:29:09 2019 :: User anonymous successfully authorized.
  3. [21230] Thu Sep 19 12:29:09 2019 :: Starting to transfer "/tmp/size80m".
  4. [21230] Thu Sep 19 12:29:12 2019 :: Finished transferring "/tmp/size80m".
  5. [21230] Thu Sep 19 12:29:12 2019 :: Closed connection from localhost:40224
  6. [20327] Thu Sep 19 12:29:12 2019 :: Child process 21230 ended with rc = 0

安装gridftp 客户端:

  1. [root@xuyaowen ~]# yum search gridftp | grep -i client
  2. Last metadata expiration check: 2:28:09 ago on Thu 19 Sep 2019 11:44:29 AM CST.
  3. edg-gridftp-client.x86_64 : Command line clients to GridFTP libraries
  4. uberftp.x86_64 : GridFTP-enabled ftp client  (听说是最好用的工具, 但是我一运行就崩溃,最终还是使用 globus-url-copy 命令进行测试)
  5. globus-ftp-client.x86_64 : Grid Community Toolkit - GridFTP Client Library
  6. globus-ftp-client-devel.x86_64 : Grid Community Toolkit - GridFTP Client Library

测试吞吐:

  1.  # test network throughput
  2.  globus-url-copy -vb -p 4 ftp://10.134.150.5:5000/dev/zero file:///dev/null

顺序读:

#  tmp globus-url-copy -vb -p 4 ftp://10.134.150.5:5000/dev/zero file:///dev/null

顺序写:

#  tmp globus-url-copy -vb -p 4 file:///dev/zero ftp://10.134.150.5:5000/dev/null

使用UDT:

  1. globus-gridftp-server -control-interface 0.0.0.0  -aa  -p 5000 -anonymous-user 1040 -home-dir /tmp/ -auth-level 0 -allow-root -allow-udt
  2. globus-url-copy -vb -p 4 -udt ftp://10.134.150.5:5000/dev/zero file:///dev/null

保持更新,如果对您有帮助或者对配置过程有疑问,请关注cnblogs.com/xuyaowen,并留言;

其他可用参考文档:

https://fasterdata.es.net/data-transfer-tools/gridftp/

https://www.xsede.org/wwwteragrid/archive/web/user-support/gridftp.html 

globus-url-copy 使用说明:

  1. GLOBUS-URL-COPY(1)                                                           Grid Community Toolkit Manual                                                          GLOBUS-URL-COPY(1)
  3. NAME
  4.        globus-url-copy - globus-url-copy
  6. SYNOPSIS
  7.        globus-url-copy [options] SOURCE-URL DESTINATION-URL
  9. DESCRIPTION
  10.        The globus-url-copy program is a command line tool for multi-protocol data movement. It supports gsiftp:// (GridFTP), ftp://, http://, https://, sshftp:// and file:///
  11.        protocol specifiers in the URL.
  13. OPTIONS
  14.        -help, -usage
  15.            Print help.
  17.        -versions
  18.            Print the versions of all modules that this program uses
  20.        -c, -continue-on-error
  21.            Do not die after any errors. By default, program will exit after most errors.
  23.        -a, -ascii
  24.            Convert the file to/from ASCII format to/from local file format
  26.        -b, -binary
  27.            Do not apply any conversion to the files.  default
  29.        -f FILENAME
  30.            Read a list of URL pairs from filename. Each line should contain sourceURL destURL. Enclose URLs with spaces in double qoutes ("). Blank lines and lines beginning with #
  31.            will be ignored.
  33.        -cd, -create-dest
  34.            Create destination directory if needed.
  36.        -r
  37.            Copy files in subdirectories
  39.        -fast
  40.            Recommended when using GridFTP servers. Use MODE E for all data transfers, including reusing data channels between list and transfer operations.
  42.        -t SECONDS
  43.            Run the transfer for this number of seconds and then end. Useful for performance testing or forced restart loops.
  45.        -q, -quiet
  46.            Suppress all output for successful operation.
  48.        -v, -verbose
  49.            Display URLs being transferred
  51.        -vb, -verbose-perf
  52.            During the transfer, display the number of bytes transferred and the transfer rate per second. Show URLs being transferred
  54.        -dbg, -debugftp
  55.            Debug ftp connections. Prints control channel communication to stderr
  57.        -rst, -restart
  58.            Restart failed ftp operations.
  60.        -rst-retries RETRIES
  61.            The maximum number of times to retry the operation before giving up on the transfer. Use 0 for infinite. Default is 5.
  63.        -rst-interval SECONDS
  64.            The interval in seconds to wait after a failure before retrying the transfer. Use 0 for an exponential backoff. Default is 0.
  66.        -rst-timeout SECONDS
  67.            Maximum time after a failure to keep retrying. Use 0 for no timeout. Default is 0.
  69.        -stall-timeout SECONDS, -st SECONDS
  70.            How long before cancelling/restarting a transfer with no data movement. Set to 0 to disable. Default is 600 seconds.
  72.        -df FILENAME, -dumpfile FILENAME
  73.            Path to a file where untransferred URLs will be saved for later restarting. Resulting file is the same format as the -f input file. If file exists, it will be read and all
  74.            other URL input will be ignored.
  76.        -do FILENAME, -dump-only FILENAME
  77.            Perform no write operations on the destination. Instead, all files that would be transferred are enumerated and dumped to the specified file. Resulting file is the same
  78.            format as the -f input file. Note: if you intend to use this file as input for a future transfer, the -create-dest option will be required if any destination directories
  79.            do not already exist.
  81.        -rp, -relative-paths
  82.            The path portion of ftp URLs will be interpreted as relative to the user’s starting directory on the server. By default, all paths are root-relative. When this flag is
  83.            set, the path portion of the ftp URL must start with %2F if it designates a root-relative path.
  85.        -s SUBJECT, -subject SUBJECT
  86.            Use this subject to match with both the source and dest servers.
  88.        -ss SUBJECT, -source-subject SUBJECT
  89.            Use this subject to match with the source server
  91.        -ds SUBJECT, -dest-subject SUBJECT
  92.            Use this subject to match with the destination server.
  94.        -tcp-bs SIZE, -tcp-buffer-size SIZE
  95.            Specify the size (in bytes) of the buffer to be used by the underlying ftp data channels.
  97.        -bs block SIZE, -block-size block SIZE
  98.            Specify the size (in bytes) of the buffer to be used by the underlying transfer methods.
  100.        -p PARALLELISM, -parallel PARALLELISM
  101.            Specify the number of parallel data connections should be used.
  103.        -notpt, -no-third-party-transfers
  104.            Turn third-party transfers off (on by default).
  106.        -nodcau, -no-data-channel-authentication
  107.            Turn off data channel authentication for ftp transfers.
  109.        -dcsafe, -data-channel-safe
  110.            Set data channel protection mode to SAFE
  112.        -dcpriv, -data-channel-private
  113.            Set data channel protection mode to PRIVATE
  115.        -off, -partial-offset
  116.            Offset for partial ftp file transfers, defaults to 0.
  118.        -len, -partial-length
  119.            Length for partial ftp file transfers, used only for the source url, defaults the full file.
  121.        -list URL
  122.            List the files located at URL.
  124.        -stripe
  125.            Enable striped transfers on supported servers.
  127.        -striped-block-size, -sbs
  128.            Set layout mode and block size for striped transfers. If not set, server defaults will be used. If set to 0, Partitioned mode will be used. If set to > 0, Blocked mode
  129.            will be used, with this as the block size.
  131.        -ipv6
  132.            Use ipv6 when available (EXPERIMENTAL)
  134.        -udt
  135.            Use UDT, a reliable udp based transport protocol, for data transfers
  137.        -g2, -gridftp2
  138.            Use GridFTP v2 protocol enhancements when possible.
  140.        -dp, -delayed-pasv
  141.            Enable delayed passive.
  143.        -mn NAME, -module-name NAME
  144.            Set the back-end storage module to use for both the source and destination in a GridFTP transfer.
  146.        -mp PARAMETERS, -module-parameters PARAMETERS
  147.            Set the back-end storage module arguments to use for both the source and destination in a GridFTP transfer.
  149.        -smn NAME, -src-module-name NAME
  150.            Set the back-end storage module to use for the source in a GridFTP transfer.
  152.        -smp PARAMETERS, -src-module-parameters PARAMETERS
  153.            Set the back-end storage module arguments to use for the source in a GridFTP transfer.
  155.        -dmn NAME, -dst-module-name NAME
  156.            Set the back-end storage module to use for the destination in a GridFTP transfer.
  158.        -dmp PARAMETERS, -dst-module-parameters PARAMETERS
  159.            Set the back-end storage module arguments to use for the destination in a GridFTP transfer.
  161.        -aa FILE, -authz-assert FILE
  162.            Use the assertions in FILE to authorize the access with both source and destination servers.
  164.        -saa FILE, -src-authz-assert FILE
  165.            Use the assertions in this file to authorize the access with source server.
  167.        -daa FILE, -dst-authz-assert FILE
  168.            Use the assertions in this file to authorize the access with dest server.
  170.        -cache-aa, -cache-authz-assert
  171.            Cache the authz assertion for subsequent transfers.
  173.        -cache-saa, -cache-src-authz-assert
  174.            Cache the src authz assertion for subsequent transfers.
  176.        -cache-daa, -cache-dst-authz-assert
  177.            Cache the dst authz assertion for subsequent transfers.
  179.        -pipeline, -pp
  180.            Enable pipelining support for multi-file ftp transfers. Currently third-party transfers benefit from this.  EXPERIMENTAL
  182.        -concurrency, -cc
  183.            Number of concurrent ftp connections to use for multiple transfers.
  185.        -nl-bottleneck, -nlb
  186.            Use NetLogger to estimate speeds of disk and network read/write system calls, and attempt to determine the bottleneck component.
  188.        -sp COMMANDS, -src-pipe COMMANDS
  189.            Set the source end of a remote transfer to use piped in input with the given command line. Do not use with -fsstack.
  191.        -DP COMMANDS, -dst-pipe COMMANDS
  192.            Set the destination end of a remote transfer to write data to then standard input of the program run via the given command line. Do not use with -fsstack.
  194.        -pipe COMMANDS
  195.            Sets both -src-pipe and -dst-pipe to the same thing.
  197.        -dcstack STACK, -data-channel-stack STACK
  198.            Set the XIO driver stack for the network on both the source and the destination. Both must be GridFTP servers. The stack should contain all network drivers to use, in the
  199.            order specified from bottom to top (e.g. -dcstack tcp,gsi). If the gsi driver is not included in the stack and data channel authentication is enabled, it will be inserted
  200.            above the transport driver in the stack.
  202.        -fsstack STACK, -file-system-stack STACK
  203.            Set the XIO driver stack for the disk on both the source and the destination. Both must be GridFTP servers. The stack should contain all file system drivers to use, in the
  204.            order specified from bottom to top.
  206.        -src-dcstack STACK, -source-data-channel-stack STACK
  207.            Set the XIO driver stack for the network on the source GridFTP server. See -dcstack above for description of the STACK string.
  209.        -src-fsstack STACK, -source-file-system-stack STACK
  210.            Set the XIO driver stack for the disk on the source GridFTP server. See -fsstack above for description of the STACK string.
  212.        -dst-dcstack STACK, -dest-data-channel-stack STACK
  213.            Set the XIO driver stack for the network on the destination GridFTP server. See -dcstack above for description of the STACK string.
  215.        -dst-fsstack STACK, -dest-file-system-stack STACK
  216.            Set the XIO driver stack for the disk on the destination GridFTP server. See -fsstack above for description of the STACK string.
  218.        -cred PATH
  219.            Set the credentials to use for both ftp connections.
  221.        -src-cred CRED-FILE, -sc CRED-FILE
  222.            Set the credentials to use for source ftp connections.
  224.        -dst-cred CRED-FILE, -dc CRED-FILE
  225.            Set the credentials to use for destination ftp connections.
  227.        -af FILENAME, -alias-file FILENAME
  228.            File with mapping of logical host aliases to lists of physical hosts. When used with multiple concurrent connections, each connection uses the next host in the list. Each
  229.            line should either be an alias, noted with the @ symbol, or a hostname[:port]. Currently, only the aliases @source and @destination are valid, and they are used for every
  230.            source or destination URL.
  232.        -sync
  233.            Only transfer files where the destination does not exist or differs from the source. -sync-level controls how to determine if files differ.
  235.        -sync-level number
  236.            Criteria for determining if files differ when performing a sync transfer. The default sync level is 2. The available levels are:
  238.            ·   Level 0 will only transfer if the destination does not exist.
  240.            ·   Level 1 will transfer if the size of the destination does not match the size of the source.
  242.            ·   Level 2 will transfer if the time stamp of the destination is older than the time stamp of the source.
  244.            ·   Level 3 will perform a checksum of the source and destination and transfer if the checksums do not match. The default algorithm used for this checksum is MD5, but
  245.                other algorithms can be specified with the -algo parameter.
  247.        -checksum-alg CHECKSUM-ALGORITHM
  248.            Set the algorithm type to use for all checksum operations during the transfer.
  250.        -verify-checksum
  251.            Perform a checksum on the source and destination after each file transfer and compare the two. If they do not match, fail the transfer. The default algorithm used for this
  252.            checksum is MD5, but other algorithms can be specified with the -checksum-alg parameter.
  254. AUTHOR
  255.        Copyright © 1999-2016 University of Chicago
  257. Grid Community Toolkit 6                                                              03/31/2018                                                                    GLOBUS-URL-COPY(1)
globus-url-copy使用说明

globus-gridftp-server 使用说明:

  1. GLOBUS-GRIDFTP-SER(8)                                                        Grid Community Toolkit Manual                                                       GLOBUS-GRIDFTP-SER(8)
  3. NAME
  4.        globus-gridftp-server - The Globus GridFTP server daemon
  6. SYNOPSIS
  7.        globus-gridftp-server OPTIONS
  9. DESCRIPTION
  10.        The globus-gridftp-server program is a ftp server with support for GridFTP protocol extensions, including strong authentication, parallel data transfers, and parallel data
  11.        layouts.
  13. OPTIONS
  14.        The list below contains the command-line options for the server, and also the name of the configuration file entry that implements that option. Note that any boolean option
  15.        can be negated on the command line by preceding the specified option with -no- or -n. example: -no-cas or -nf.
  17.    Informational Options
  18.        -h,-help
  19.            Show usage information and exit.
  21.            This option can also be set in the configuration file as help. The default value of this option is FALSE.
  23.        -hh,-longhelp
  24.            Show more usage information and exit.
  26.            This option can also be set in the configuration file as longhelp. The default value of this option is FALSE.
  28.        -v,-version
  29.            Show version information for the server and exit.
  31.            This option can also be set in the configuration file as version. The default value of this option is FALSE.
  33.        -V,-versions
  34.            Show version information for all loaded globus libraries and exit.
  36.            This option can also be set in the configuration file as versions. The default value of this option is FALSE.
  38.    Modes of Operation
  39.        -i,-inetd
  40.            Run under an inetd service.
  42.            This option can also be set in the configuration file as inetd. The default value of this option is FALSE.
  44.        -s,-daemon
  45.            Run as a daemon. All connections will fork off a new process and setuid if allowed.
  47.            This option can also be set in the configuration file as daemon. The default value of this option is TRUE.
  49.        -S,-detach
  50.            Run as a background daemon detached from any controlling terminals.
  52.            This option can also be set in the configuration file as detach. The default value of this option is FALSE.
  54.        -ssh
  55.            Run over a connected ssh session.
  57.            This option can also be set in the configuration file as ssh. The default value of this option is FALSE.
  59.        -exec string
  60.            For statically compiled or non-GLOBUS_LOCATION standard binary locations, specify the full path of the server binary here. Only needed when run in daemon mode.
  62.            This option can also be set in the configuration file as exec.
  64.        -chdir
  65.            Change directory when the server starts. This will change directory to the dir specified by the chdir_to option.
  67.            This option can also be set in the configuration file as chdir. The default value of this option is TRUE.
  69.        -chdir-to string
  70.            Directory to chdir to after starting. Will use / if not set. Note that this is the directory of the process, not the clients home directory.
  72.            This option can also be set in the configuration file as chdir_to.
  74.        -threads number
  75.            Enable threaded operation and set the number of threads. The default is 0, which is non-threaded. When threading is required, a thread count of 1 or 2 should be
  76.            sufficient.
  78.            This option can also be set in the configuration file as threads.
  80.        -f,-fork
  81.            Server will fork for each new connection. Disabling this option is only recommended when debugging. Note that non-forked servers running as root will only accept a single
  82.            connection, and then exit.
  84.            This option can also be set in the configuration file as fork. The default value of this option is TRUE.
  86.        -1,-single
  87.            Exit after a single connection.
  89.            This option can also be set in the configuration file as single. The default value of this option is FALSE.
  91.        -chroot-path string
  92.            Path to become the new root after authentication. This path must contain a valid certificate structure, /etc/passwd, and /etc/group. The command
  93.            globus-gridftp-server-setup-chroot can help create a suitable directory structure.
  95.            This option can also be set in the configuration file as chroot_path.
  97.    Authentication, Authorization, and Security Options
  98.        -auth-level number
  99.            Add levels together to use more than one. If not set uses level 2 for front ends and level 1 for data nodes. Note that levels 2 and 4 imply level 1 as well.
  101.                0 = Disables all authorization checks.
  102.                1 = Authorize identity.
  103.                2 = Authorize all file/resource accesses.
  104.                4 = Disable changing process uid to authenticated user (no
  105.                    setuid) -- DO NOT use this when process is started as root.
  107.            This option can also be set in the configuration file as auth_level.
  109.        -process-user string
  110.            User to setuid to upon login for all connections. Only applies when running as root.
  112.            This option can also be set in the configuration file as process_user.
  114.        -process-group string
  115.            Group to setgid to upon login for all connections. If unset, the default group of process_user will be used.
  117.            This option can also be set in the configuration file as process_group.
  119.        -ipc-allow-from string
  120.            Only allow connections from these source ip addresses. Specify a comma separated list of ip address fragments. A match is any ip address that starts with the specified
  121.            fragment. Example: 192.168.1.  will match and allow a connection from 192.168.1.45. Note that if this option is used any address not specifically allowed will be denied.
  123.            This option can also be set in the configuration file as ipc_allow_from.
  125.        -ipc-deny-from string
  126.            Deny connections from these source ip addresses. Specify a comma separated list of ip address fragments. A match is any ip address that starts with the specified fragment.
  127.            Example: 192.168.2.  will match and deny a connection from 192.168.2.45.
  129.            This option can also be set in the configuration file as ipc_deny_from.
  131.        -allow-from string
  132.            Only allow connections from these source ip addresses. Specify a comma separated list of ip address fragments. A match is any ip address that starts with the specified
  133.            fragment. Example: 192.168.1.  will match and allow a connection from 192.168.1.45. Note that if this option is used any address not specifically allowed will be denied.
  135.            This option can also be set in the configuration file as allow_from.
  137.        -deny-from string
  138.            Deny connections from these source ip addresses. Specify a comma separated list of ip address fragments. A match is any ip address that starts with the specified fragment.
  139.            Example: 192.168.2.  will match and deny a connection from 192.168.2.45.
  141.            This option can also be set in the configuration file as deny_from.
  143.        -encrypt-data
  144.            Require encrypted data channels. This will cause an error and prevent all transfers in which the client does not request an authenticated and encrypted data channel.
  146.            This option can also be set in the configuration file as encrypt_data. The default value of this option is FALSE.
  148.        -si,-secure-ipc
  149.            Use GSI security on ipc channel.
  151.            This option can also be set in the configuration file as secure_ipc. The default value of this option is TRUE.
  153.        -ia string,-ipc-auth-mode string
  154.            Set GSI authorization mode for the ipc connection. Options are: none, host, self or subject:[subject].
  156.            This option can also be set in the configuration file as ipc_auth_mode. The default value of this option is host.
  158.        -aa,-allow-anonymous
  159.            Allow clear text anonymous access. If server is running as root anonymous_user must also be set. Disables ipc security.
  161.            This option can also be set in the configuration file as allow_anonymous. The default value of this option is FALSE.
  163.        -anonymous-names-allowed string
  164.            Comma separated list of names to treat as anonymous users when allowing anonymous access. If not set, the default names of anonymous and ftp will be allowed. Use * to
  165.            allow any username.
  167.            This option can also be set in the configuration file as anonymous_names_allowed.
  169.        -anonymous-user string
  170.            User to setuid to for an anonymous connection. Only applies when running as root.
  172.            This option can also be set in the configuration file as anonymous_user.
  174.        -anonymous-group string
  175.            Group to setgid to for an anonymous connection. If unset, the default group of anonymous_user will be used.
  177.            This option can also be set in the configuration file as anonymous_group.
  179.        -sharing-dn string
  180.            Allow sharing when using the supplied DN. A client connected with these credentials will be able to access any user for which sharing is enabled.
  182.            This option can also be set in the configuration file as sharing_dn.
  184.        -sharing-state-dir string
  185.            Full path to a directory that will contain files used by GridFTP to control sharing access for individual local accounts. The special variables $HOME and $USER can be used
  186.            to create a dynamic path that is unique to each local account. This pathmust be writable by the associated account. The default path is $HOME/.globus/sharing/. This must
  187.            refer to a path on the filesystem, not a path that is only accessible via a DSI plugin.
  189.            This option can also be set in the configuration file as sharing_state_dir.
  191.        -sharing-control
  192.            Allow a local user account to control its own sharing access via special GridFTP client commands. The user account must have filesystem write access to the sharing state
  193.            dir.
  195.            This option can also be set in the configuration file as sharing_control. The default value of this option is TRUE.
  197.        -sharing-rp string
  198.            Sharing specific path restrictions. This completely replaces the normal path restrictions (-rp) when an account is being shared by a sharing-dn login.Follows normal path
  199.            restriction semantics.
  201.            This option can also be set in the configuration file as sharing_rp.
  203.        -sharing-users-allow string
  204.            Comma separated list of usernames that are allowed to share unless matched in the user deny lists. If this list is set, users that are not included will be denied unless
  205.            matched in the group allow list.
  207.            This option can also be set in the configuration file as sharing_users_allow.
  209.        -sharing-users-deny string
  210.            Comma separated list of usernames that are denied sharing even if matched in the user or group allow lists.
  212.            This option can also be set in the configuration file as sharing_users_deny.
  214.        -sharing-groups-allow string
  215.            Comma separated list of groups whose members are allowed to share unless matched in the user or group deny lists. If this list is set, groups that are not included will be
  216.            denied unless matched in the user allow list.
  218.            This option can also be set in the configuration file as sharing_groups_allow.
  220.        -sharing-groups-deny string
  221.            Comma separated list of groups whose members will be denied sharing unless matched in the user allow list.
  223.            This option can also be set in the configuration file as sharing_groups_deny.
  225.        -allow-root
  226.            Allow clients to be mapped to the root account.
  228.            This option can also be set in the configuration file as allow_root. The default value of this option is FALSE.
  230.        -allow-disabled-login
  231.            Do not check if a users system account is disabled before allowing login.
  233.            This option can also be set in the configuration file as allow_disabled_login. The default value of this option is FALSE.
  235.        -password-file string
  236.            Enable clear text access and authenticate users against this /etc/passwd formatted file.
  238.            This option can also be set in the configuration file as pw_file.
  240.        -connections-max number
  241.            Maximum concurrent connections allowed. Only applies when running in daemon mode. Unlimited if not set.
  243.            This option can also be set in the configuration file as connections_max.
  245.        -connections-disabled
  246.            Disable all new connections. For daemon mode, issue a SIGHUP to the server process after changing the config file in order to not affect ongoing connections.
  248.            This option can also be set in the configuration file as connections_disabled. The default value of this option is FALSE.
  250.        -offline-msg string
  251.            Custom message to be displayed to clients when the server is offline via the connections_disabled or connections_max = 0 options.
  253.            This option can also be set in the configuration file as offline_msg.
  255.        -disable-command-list string
  256.            A comma separated list of client commands that will be disabled.
  258.            This option can also be set in the configuration file as disable_command_list.
  260.        -authz-callouts,-cas
  261.            Enable the GSI authorization callout framework, for callouts such as CAS.
  263.            This option can also be set in the configuration file as cas. The default value of this option is TRUE.
  265.        -use-home-dirs
  266.            Set the starting directory to the authenticated users home dir. Disabling this is the same as setting -home-dir /.
  268.            This option can also be set in the configuration file as use_home_dirs. The default value of this option is TRUE.
  270.        -home-dir string
  271.            Set a path to override the system defined home/starting directory for authenticated users. The special variable strings $USER and $HOME may be used. The authenticated
  272.            username will be substituted for $USER, and the users real home dir will be substituted for $HOME. Be sure to escape the $ character if using these on the command line.
  274.            This option can also be set in the configuration file as home_dir.
  276.        -rp string,-restrict-paths string
  277.            A comma separated list of full paths that clients may access. Each path may be prefixed by R and/or W, denoting read or write access, otherwise full access is granted. If
  278.            a given path is a directory, all contents and subdirectories will be given the same access. Order of paths does not matter  the permissions on the longest matching path
  279.            will apply. The special character ~ will be replaced by the authenticated users home directory, or the -home-dir option, if used. Note that if the home directory is not
  280.            accessible, \~ will be set to /. By default all paths are allowed, and access control is handled by the OS. In a striped or split process configuration, this should be set
  281.            on both the frontend and data nodes.
  283.            This option can also be set in the configuration file as restrict_paths.
  285.        -rp-follow-symlinks
  286.            Do not verify that a symlink points to an allowed path before following. By default, symlinks are followed only when they point to an allowed path. By enabling this
  287.            option, symlinks will be followed even if they point to a path that is otherwise restricted.
  289.            This option can also be set in the configuration file as rp_follow_symlinks. The default value of this option is FALSE.
  291.        -em string,-acl string
  292.            A comma separated list of ACL or event modules to load.
  294.            This option can also be set in the configuration file as acl.
  296.    Logging Options
  297.        -d string,-log-level string
  298.            Log level. A comma separated list of levels from: ERROR, WARN, INFO, TRANSFER, DUMP, ALL. TRANSFER includes the same statistics that are sent to the separate transfer log
  299.            when -log-transfer is used. Example: error,warn,info. You may also specify a numeric level of 1-255. The default level is ERROR.
  301.            This option can also be set in the configuration file as log_level. The default value of this option is ERROR.
  303.        -log-module string
  304.            globus_logging module that will be loaded. If not set, the default stdio module will be used, and the logfile options apply. Built in modules are stdio and syslog. Log
  305.            module options may be set by specifying module:opt1=val1:opt2=val2. Available options for the built in modules are interval and buffer, for buffer flush interval and
  306.            buffer size, respectively. The default options are a 64k buffer size and a 5 second flush interval. A 0 second flush interval will disable periodic flushing, and the
  307.            buffer will only flush when it is full. A value of 0 for buffer will disable buffering and all messages will be written immediately. Example: -log-module
  308.            stdio:buffer=4096:interval=10
  310.            This option can also be set in the configuration file as log_module.
  312.        -l string,-logfile string
  313.            Path of a single file to log all activity to. If neither this option or log_unique is set, logs will be written to stderr unless the execution mode is detached or inetd,
  314.            in which case logging will be disabled.
  316.            This option can also be set in the configuration file as log_single.
  318.        -L string,-logdir string
  319.            Partial path to which gridftp.(pid).log will be appended to construct the log filename. Example: -L /var/log/gridftp/ will create a separate log (
  320.            /var/log/gridftp/gridftp.xxxx.log ) for each process (which is normally each new client session). If neither this option or log_single is set, logs will be written to
  321.            stderr unless the execution mode is detached or inetd, in which case logging will be disabled.
  323.            This option can also be set in the configuration file as log_unique.
  325.        -Z string,-log-transfer string
  326.            Log netlogger style info for each transfer into this file. You may also use the log-level of TRANSFER to include this info in the standard log.
  328.            This option can also be set in the configuration file as log_transfer.
  330.        -log-filemode string
  331.            File access permissions of log files. Should be an octal number such as 0644.
  333.            This option can also be set in the configuration file as log_filemode.
  335.        -disable-usage-stats
  336.            Usage statistics collection is no longer supported. This option is ignored.
  338.            This option can also be set in the configuration file as disable_usage_stats. The default value of this option is TRUE.
  340.        -usage-stats-target string
  341.            Usage statistics collection is no longer supported. This option is ignored.
  343.            This option can also be set in the configuration file as usage_stats_target.
  345.        -usage-stats-id string
  346.            Usage statistics collection is no longer supported. This option is ignored.
  348.            This option can also be set in the configuration file as usage_stats_id.
  350.    Single and Striped Remote Data Node Options
  351.        -r string,-remote-nodes string
  352.            Comma separated list of remote node contact strings.
  354.            This option can also be set in the configuration file as remote_nodes.
  356.        -hybrid
  357.            When a server is configured for striped operation with the remote_nodes option, both a frontend and backend process are started even if the client does not request
  358.            multiple stripes. This option will start backend processes only when striped operation is requested by the client, while servicing non-striped requests with a single
  359.            frontend process.
  361.            This option can also be set in the configuration file as hybrid. The default value of this option is FALSE.
  363.        -dn,-data-node
  364.            This server is a backend data node.
  366.            This option can also be set in the configuration file as data_node. The default value of this option is FALSE.
  368.        -sbs number,-stripe-blocksize number
  369.            Size in bytes of sequential data that each stripe will transfer.
  371.            This option can also be set in the configuration file as stripe_blocksize. The default value of this option is 1048576.
  373.        -stripe-count number
  374.            Number of number stripes to use per transfer when this server controls that number. If remote nodes are statically configured (via -r or remote_nodes), this will be set to
  375.            that number of nodes, otherwise the default is 1.
  377.            This option can also be set in the configuration file as stripe_count.
  379.        -sl number,-stripe-layout number
  380.            Stripe layout.
  382.                1 = Partitioned
  383.                2 = Blocked
  385.            This option can also be set in the configuration file as stripe_layout. The default value of this option is 2.
  387.        -stripe-blocksize-locked
  388.            Do not allow client to override stripe blocksize with the OPTS RETR command
  390.            This option can also be set in the configuration file as stripe_blocksize_locked. The default value of this option is FALSE.
  392.        -stripe-layout-locked
  393.            Do not allow client to override stripe layout with the OPTS RETR command
  395.            This option can also be set in the configuration file as stripe_layout_locked. The default value of this option is FALSE.
  397.    Disk Options
  398.        -bs number,-blocksize number
  399.            Size in bytes of data blocks to read from disk before posting to the network.
  401.            This option can also be set in the configuration file as blocksize. The default value of this option is 262144.
  403.        -sync-writes
  404.            Flush disk writes before sending a restart marker. This attempts to ensure that the range specified in the restart marker has actually been committed to disk. This option
  405.            will probably impact performance, and may result in different behavior on different storage systems. See the manpage for sync() for more information.
  407.            This option can also be set in the configuration file as sync_writes. The default value of this option is FALSE.
  409.        -perms string
  410.            Set the default permissions for created files. Should be an octal number such as 0644. The default is 0644. Note: If umask is set it will affect this setting  i.e. if the
  411.            umask is 0002 and this setting is 0666, the resulting files will be created with permissions of 0664.
  413.            This option can also be set in the configuration file as perms.
  415.        -file-timeout number
  416.            Timeout in seconds for all disk accesses. A value of 0 disables the timeout.
  418.            This option can also be set in the configuration file as file_timeout.
  420.    Network Options
  421.        -p number,-port number
  422.            Port on which a frontend will listen for client control channel connections, or on which a data node will listen for connections from a frontend. If not set a random port
  423.            will be chosen and printed via the logging mechanism.
  425.            This option can also be set in the configuration file as port.
  427.        -control-interface string
  428.            Hostname or IP address of the interface to listen for control connections on. If not set will listen on all interfaces.
  430.            This option can also be set in the configuration file as control_interface.
  432.        -data-interface string
  433.            Hostname or IP address of the interface to use for data connections. If not set will use the current control interface.
  435.            This option can also be set in the configuration file as data_interface.
  437.        -ipc-interface string
  438.            Hostname or IP address of the interface to use for ipc connections. If not set will listen on all interfaces.
  440.            This option can also be set in the configuration file as ipc_interface.
  442.        -hostname string
  443.            Effectively sets the above control_interface, data_interface and ipc_interface options.
  445.            This option can also be set in the configuration file as hostname.
  447.        -ipc-port number
  448.            Port on which the frontend will listen for data node connections.
  450.            This option can also be set in the configuration file as ipc_port.
  452.        -control-preauth-timeout number
  453.            Time in seconds to allow a client to remain connected to the control channel without activity before authenticating.
  455.            This option can also be set in the configuration file as control_preauth_timeout. The default value of this option is 120.
  457.        -control-idle-timeout number
  458.            Time in seconds to allow a client to remain connected to the control channel without activity.
  460.            This option can also be set in the configuration file as control_idle_timeout. The default value of this option is 600.
  462.        -ipc-idle-timeout number
  463.            Idle time in seconds before an unused ipc connection will close.
  465.            This option can also be set in the configuration file as ipc_idle_timeout. The default value of this option is 900.
  467.        -ipc-connect-timeout number
  468.            Time in seconds before canceling an attempted ipc connection.
  470.            This option can also be set in the configuration file as ipc_connect_timeout. The default value of this option is 60.
  472.        -allow-udt
  473.            Enable protocol support for UDT with NAT traversal if the udt driver is available. Requires threads.
  475.            This option can also be set in the configuration file as allow_udt. The default value of this option is FALSE.
  477.        -port-range string
  478.            Port range to use for incoming connections. The format is "startport,endport". This, along with -data-interface, can be used to enable operation behind a firewall and/or
  479.            when NAT is involved. This is the same as setting the environment variable GLOBUS_TCP_PORT_RANGE.
  481.            This option can also be set in the configuration file as port_range.
  483.        -epsv-ip
  484.            Adds an IPv6 address to EPSV response. Breaks RFC 2428, but allows redirection to work with IPv6.
  486.            This option can also be set in the configuration file as epsv_ip. The default value of this option is FALSE.
  488.    User Messages
  489.        -banner string
  490.            Message to display to the client before authentication.
  492.            This option can also be set in the configuration file as banner.
  494.        -banner-file string
  495.            File to read banner message from.
  497.            This option can also be set in the configuration file as banner_file.
  499.        -banner-terse
  500.            When this is set, the minimum allowed banner message will be displayed to unauthenticated clients.
  502.            This option can also be set in the configuration file as banner_terse. The default value of this option is FALSE.
  504.        -banner-append
  505.            When this is set, the message set in the banner or banner_file option will be appended to the default banner message rather than replacing it.
  507.            This option can also be set in the configuration file as banner_append. The default value of this option is FALSE.
  509.        -version-tag string
  510.            Add an identifying string to the existing toolkit version. This is displayed in the default banner message, the SITE VERSION command, and usage stats.
  512.            This option can also be set in the configuration file as version_tag.
  514.        -login-msg string
  515.            Message to display to the client after authentication.
  517.            This option can also be set in the configuration file as login_msg.
  519.        -login-msg-file string
  520.            File to read login message from.
  522.            This option can also be set in the configuration file as login_msg_file.
  524.    Module Options
  525.        -dsi string
  526.            Data Storage Interface module to load. File and remote modules are defined by the server. If not set, the file module is loaded, unless the remote option is specified, in
  527.            which case the remote module is loaded. An additional configuration string can be passed to the DSI using the format [module name]:[configuration string] to this option.
  528.            The format of the configuration string is defined by the DSI being loaded.
  530.            This option can also be set in the configuration file as load_dsi_module.
  532.        -allowed-modules string
  533.            Comma separated list of ERET/ESTO modules to allow, and optionally specify an alias for. Example: module1,alias2:module2,module3 (module2 will be loaded when a client asks
  534.            for alias2).
  536.            This option can also be set in the configuration file as allowed_modules.
  538.        -dc-whitelist string
  539.            A comma separated list of drivers allowed on the network stack.
  541.            This option can also be set in the configuration file as dc_whitelist.
  543.        -fs-whitelist string
  544.            A comma separated list of drivers allowed on the disk stack.
  546.            This option can also be set in the configuration file as fs_whitelist.
  548.        -popen-whitelist string
  549.            A comma separated list of programs that the popen driver is allowed to execute, when used on the network or disk stack. An alias may also be specified, so that a client
  550.            does not need to specify the full path. Format is [alias:]prog,[alias:]prog. example: /bin/gzip,tar:/bin/tar
  552.            This option can also be set in the configuration file as popen_whitelist.
  554.        -xnetmgr string
  555.            An option string to pass to the XIO Network Manager Driver, which will then be loaded for all data channel connections. This must be in the form
  556.            "manager=module;option1=value;option2=value;". See the Network Manager documentation for more info.
  558.            This option can also be set in the configuration file as xnetmgr.
  560.        -dc-default string
  561.            A comma separated list of XIO drivers and options representing the default network stack. Format is of each driver entry is driver1[:opt1=val1;opt2=val2;...]. The bottom
  562.            of the stack, the transport driver, is always first.
  564.            This option can also be set in the configuration file as dc_default.
  566.        -fs-default string
  567.            A comma separated list of XIO drivers and options representing the default disk stack. Format is of each driver entry is driver1[:opt1=val1;opt2=val2;...]. The bottom of
  568.            the stack, the transport driver, is always first.
  570.            This option can also be set in the configuration file as fs_default.
  572.    Other
  573.        -c string
  574.            Path to main configuration file that should be loaded. Otherwise will attempt to load $GLOBUS_LOCATION/etc/gridftp.conf and /etc/grid-security/gridftp.conf.
  576.        -C string
  577.            Path to directory holding configuration files that should be loaded. Files will be loaded in alphabetical order, and in the event of duplicate parameters the last loaded
  578.            file will take precedence. Backup files and files created by package updates (e.g. file.rpmsave) will be ignored. Note that the main configuration file, if one exists,
  579.            will always be loaded last.
  581.            This option can also be set in the configuration file as config_dir.
  583.        -config-base-path string
  584.            Base path to use when config and log path options are not full paths. By default this is the current directory when the process is started.
  586.            This option can also be set in the configuration file as config_base_path.
  588.        -debug
  589.            Sets options that make server easier to debug. Forces no-fork, no-chdir, and allows core dumps on bad signals instead of exiting cleanly. Not recommended for production
  590.            servers. Note that non-forked servers running as root will only accept a single connection, and then exit.
  592.            This option can also be set in the configuration file as debug. The default value of this option is FALSE.
  594.        -pidfile string
  596.            This option can also be set in the configuration file as pidfile.
  598. EXIT STATUS
  599.        0
  600.            Successful program execution.
  602. Grid Community Toolkit 6                                                              12/06/2018                                                                 GLOBUS-GRIDFTP-SER(8)
globus-gridftp-server 使用说明

原文链接:http://www.cnblogs.com/xuyaowen/p/gridftp-standalone.html

 友情链接:直通硅谷  点职佳  北美留学生论坛

Linux/Shell热门文章

  • vdbench 数据校验测试方法
  • CentOS7一键脚本安装WireGuard
  • VMware Ubuntu 20.04 LTS 使用Qemu虚拟机u-boot启动或者配合busybox模拟ARM开发板
  • Activation of org.freedesktop.systemd1 timed out
  • vmWare 虚机文件不能启动的事故处理
  • windows远程连接centos及闪退异常解决记录
  • CentOS7防火墙放行或限制指定IP和端口(firewall)
  • jvm:jmap无法dump文件的解决办法
  • C# 控制 GPIO
  • linux中文件权限的字母含义

    • Linux/Shell推荐文章

  • 旧物利用 - 将机顶盒改造为一台Linux开发机!
  • condition字符串匹配问题
  • proxmox ve 部署双节点HA集群及glusterfs分布式文件系统
  • 入门到精通rsync和inotify
  • 解决 CentOS 7 官方 yum 仓库无法使用的最佳实践
  • Linux 提权-NFS 共享
  • 将虚拟机跑在ceph之中
  • saltStack自动化工具
  • SeaweedFS + TiKV 部署保姆级教程
  • GlusterFs分布式文件系统

    • 本站QQ群:前端 618073944 | Java 606181507 | Python 626812652 | C/C++ 612253063 | 微信 634508462 | 苹果 692586424 | C#/.net 182808419 | PHP 305140648 | 运维 608723728

    W3xue 的所有内容仅供测试,对任何法律问题及风险不承担任何责任。通过使用本站内容随之而来的风险与本站无关。
    关于我们  |  意见建议  |  捐助我们  |  报错有奖  |  广告合作、友情链接(目前9元/月)请联系QQ:27243702 沸活量
    皖ICP备17017327号-2 皖公网安备34020702000426号