'\" t
.\"     Title: globus-gridftp-server
.\"    Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 08/22/2019
.\"    Manual: Grid Community Toolkit Manual
.\"    Source: Grid Community Toolkit 6
.\"  Language: English
.\"
.TH "GLOBUS\-GRIDFTP\-SER" "8" "08/22/2019" "Grid Community Toolkit 6" "Grid Community Toolkit Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
globus-gridftp-server \- The Globus GridFTP server daemon
.SH "SYNOPSIS"
.sp
globus\-gridftp\-server OPTIONS
.SH "DESCRIPTION"
.sp
The \fBglobus\-gridftp\-server\fR program is a ftp server with support for GridFTP protocol extensions, including strong authentication, parallel data transfers, and parallel data layouts\&.
.SH "OPTIONS"
.sp
The list below contains the command\-line options for the server, and also the name of the configuration file entry that implements that option\&. Note that any boolean option can be negated on the command line by preceding the specified option with \fI\-no\-\fR or \fI\-n\fR\&. example: \-no\-cas or \-nf\&.
.SS "Informational Options"
.PP
\fB\-h,\-help\fR
.RS 4
Show usage information and exit\&.
.sp
This option can also be set in the configuration file as
help\&. The default value of this option is
FALSE\&.
.RE
.PP
\fB\-hh,\-longhelp\fR
.RS 4
Show more usage information and exit\&.
.sp
This option can also be set in the configuration file as
longhelp\&. The default value of this option is
FALSE\&.
.RE
.PP
\fB\-v,\-version\fR
.RS 4
Show version information for the server and exit\&.
.sp
This option can also be set in the configuration file as
version\&. The default value of this option is
FALSE\&.
.RE
.PP
\fB\-V,\-versions\fR
.RS 4
Show version information for all loaded globus libraries and exit\&.
.sp
This option can also be set in the configuration file as
versions\&. The default value of this option is
FALSE\&.
.RE
.SS "Modes of Operation"
.PP
\fB\-i,\-inetd\fR
.RS 4
Run under an inetd service\&.
.sp
This option can also be set in the configuration file as
inetd\&. The default value of this option is
FALSE\&.
.RE
.PP
\fB\-s,\-daemon\fR
.RS 4
Run as a daemon\&. All connections will fork off a new process and setuid if allowed\&.
.sp
This option can also be set in the configuration file as
daemon\&. The default value of this option is
TRUE\&.
.RE
.PP
\fB\-S,\-detach\fR
.RS 4
Run as a background daemon detached from any controlling terminals\&.
.sp
This option can also be set in the configuration file as
detach\&. The default value of this option is
FALSE\&.
.RE
.PP
\fB\-ssh\fR
.RS 4
Run over a connected ssh session\&.
.sp
This option can also be set in the configuration file as
ssh\&. The default value of this option is
FALSE\&.
.RE
.PP
\fB\-exec string\fR
.RS 4
For statically compiled or non\-GLOBUS_LOCATION standard binary locations, specify the full path of the server binary here\&. Only needed when run in daemon mode\&.
.sp
This option can also be set in the configuration file as
exec\&.
.RE
.PP
\fB\-chdir\fR
.RS 4
Change directory when the server starts\&. This will change directory to the dir specified by the chdir_to option\&.
.sp
This option can also be set in the configuration file as
chdir\&. The default value of this option is
TRUE\&.
.RE
.PP
\fB\-chdir\-to string\fR
.RS 4
Directory to chdir to after starting\&. Will use / if not set\&. Note that this is the directory of the process, not the client\(cqs home directory\&.
.sp
This option can also be set in the configuration file as
chdir_to\&.
.RE
.PP
\fB\-threads number\fR
.RS 4
Enable threaded operation and set the number of threads\&. The default is 0, which is non\-threaded\&. When threading is required, a thread count of 1 or 2 should be sufficient\&.
.sp
This option can also be set in the configuration file as
threads\&.
.RE
.PP
\fB\-f,\-fork\fR
.RS 4
Server will fork for each new connection\&. Disabling this option is only recommended when debugging\&. Note that non\-forked servers running as
\fIroot\fR
will only accept a single connection, and then exit\&.
.sp
This option can also be set in the configuration file as
fork\&. The default value of this option is
TRUE\&.
.RE
.PP
\fB\-1,\-single\fR
.RS 4
Exit after a single connection\&.
.sp
This option can also be set in the configuration file as
single\&. The default value of this option is
FALSE\&.
.RE
.PP
\fB\-chroot\-path string\fR
.RS 4
Path to become the new root after authentication\&. This path must contain a valid certificate structure, /etc/passwd, and /etc/group\&. The command globus\-gridftp\-server\-setup\-chroot can help create a suitable directory structure\&.
.sp
This option can also be set in the configuration file as
chroot_path\&.
.RE
.SS "Authentication, Authorization, and Security Options"
.PP
\fB\-auth\-level number\fR
.RS 4
Add levels together to use more than one\&. If not set uses level 2 for front ends and level 1 for data nodes\&. Note that levels 2 and 4 imply level 1 as well\&.
.sp
.if n \{\
.RS 4
.\}
.nf
0 = Disables all authorization checks\&.
1 = Authorize identity\&.
2 = Authorize all file/resource accesses\&.
4 = Disable changing process uid to authenticated user (no
    setuid) \-\- DO NOT use this when process is started as root\&.
.fi
.if n \{\
.RE
.\}
.sp
This option can also be set in the configuration file as
auth_level\&.
.RE
.PP
\fB\-process\-user string\fR
.RS 4
User to setuid to upon login for all connections\&. Only applies when running as root\&.
.sp
This option can also be set in the configuration file as
process_user\&.
.RE
.PP
\fB\-process\-group string\fR
.RS 4
Group to setgid to upon login for all connections\&. If unset, the default group of process_user will be used\&.
.sp
This option can also be set in the configuration file as
process_group\&.
.RE
.PP
\fB\-ipc\-allow\-from string\fR
.RS 4
Only allow connections from these source ip addresses\&. Specify a comma separated list of ip address fragments\&. A match is any ip address that starts with the specified fragment\&. Example:
\fI192\&.168\&.1\&.\fR
will match and allow a connection from 192\&.168\&.1\&.45\&. Note that if this option is used any address not specifically allowed will be denied\&.
.sp
This option can also be set in the configuration file as
ipc_allow_from\&.
.RE
.PP
\fB\-ipc\-deny\-from string\fR
.RS 4
Deny connections from these source ip addresses\&. Specify a comma separated list of ip address fragments\&. A match is any ip address that starts with the specified fragment\&. Example:
\fI192\&.168\&.2\&.\fR
will match and deny a connection from 192\&.168\&.2\&.45\&.
.sp
This option can also be set in the configuration file as
ipc_deny_from\&.
.RE
.PP
\fB\-allow\-from string\fR
.RS 4
Only allow connections from these source ip addresses\&. Specify a comma separated list of ip address fragments\&. A match is any ip address that starts with the specified fragment\&. Example:
\fI192\&.168\&.1\&.\fR
will match and allow a connection from 192\&.168\&.1\&.45\&. Note that if this option is used any address not specifically allowed will be denied\&.
.sp
This option can also be set in the configuration file as
allow_from\&.
.RE
.PP
\fB\-deny\-from string\fR
.RS 4
Deny connections from these source ip addresses\&. Specify a comma separated list of ip address fragments\&. A match is any ip address that starts with the specified fragment\&. Example:
\fI192\&.168\&.2\&.\fR
will match and deny a connection from 192\&.168\&.2\&.45\&.
.sp
This option can also be set in the configuration file as
deny_from\&.
.RE
.PP
\fB\-encrypt\-data\fR
.RS 4
Require encrypted data channels\&. This will cause an error and prevent all transfers in which the client does not request an authenticated and encrypted data channel\&.
.sp
This option can also be set in the configuration file as
encrypt_data\&. The default value of this option is
FALSE\&.
.RE
.PP
\fB\-si,\-secure\-ipc\fR
.RS 4
Use GSI security on ipc channel\&.
.sp
This option can also be set in the configuration file as
secure_ipc\&. The default value of this option is
TRUE\&.
.RE
.PP
\fB\-ia string,\-ipc\-auth\-mode string\fR
.RS 4
Set GSI authorization mode for the ipc connection\&. Options are: none, host, self or subject:[subject]\&.
.sp
This option can also be set in the configuration file as
ipc_auth_mode\&. The default value of this option is
host\&.
.RE
.PP
\fB\-aa,\-allow\-anonymous\fR
.RS 4
Allow clear text anonymous access\&. If server is running as root anonymous_user must also be set\&. Disables ipc security\&.
.sp
This option can also be set in the configuration file as
allow_anonymous\&. The default value of this option is
FALSE\&.
.RE
.PP
\fB\-anonymous\-names\-allowed string\fR
.RS 4
Comma separated list of names to treat as anonymous users when allowing anonymous access\&. If not set, the default names of
\fIanonymous\fR
and
\fIftp\fR
will be allowed\&. Use
\fI*\fR
to allow any username\&.
.sp
This option can also be set in the configuration file as
anonymous_names_allowed\&.
.RE
.PP
\fB\-anonymous\-user string\fR
.RS 4
User to setuid to for an anonymous connection\&. Only applies when running as root\&.
.sp
This option can also be set in the configuration file as
anonymous_user\&.
.RE
.PP
\fB\-anonymous\-group string\fR
.RS 4
Group to setgid to for an anonymous connection\&. If unset, the default group of anonymous_user will be used\&.
.sp
This option can also be set in the configuration file as
anonymous_group\&.
.RE
.PP
\fB\-sharing\-dn string\fR
.RS 4
Allow sharing when using the supplied DN\&. A client connected with these credentials will be able to access any user for which sharing is enabled\&.
.sp
This option can also be set in the configuration file as
sharing_dn\&.
.RE
.PP
\fB\-sharing\-state\-dir string\fR
.RS 4
Full path to a directory that will contain files used by GridFTP to control sharing access for individual local accounts\&. The special variables
\fI$HOME\fR
and
\fI$USER\fR
can be used to create a dynamic path that is unique to each local account\&. This pathmust be writable by the associated account\&. The default path is
\fI$HOME/\&.globus/sharing/\fR\&. This must refer to a path on the filesystem, not a path that is only accessible via a DSI plugin\&.
.sp
This option can also be set in the configuration file as
sharing_state_dir\&.
.RE
.PP
\fB\-sharing\-control\fR
.RS 4
Allow a local user account to control its own sharing access via special GridFTP client commands\&. The user account must have filesystem write access to the sharing state dir\&.
.sp
This option can also be set in the configuration file as
sharing_control\&. The default value of this option is
TRUE\&.
.RE
.PP
\fB\-sharing\-rp string\fR
.RS 4
Sharing specific path restrictions\&. This completely replaces the normal path restrictions (\-rp) when an account is being shared by a sharing\-dn login\&.Follows normal path restriction semantics\&.
.sp
This option can also be set in the configuration file as
sharing_rp\&.
.RE
.PP
\fB\-sharing\-users\-allow string\fR
.RS 4
Comma separated list of usernames that are allowed to share unless matched in the user deny lists\&. If this list is set, users that are not included will be denied unless matched in the group allow list\&.
.sp
This option can also be set in the configuration file as
sharing_users_allow\&.
.RE
.PP
\fB\-sharing\-users\-deny string\fR
.RS 4
Comma separated list of usernames that are denied sharing even if matched in the user or group allow lists\&.
.sp
This option can also be set in the configuration file as
sharing_users_deny\&.
.RE
.PP
\fB\-sharing\-groups\-allow string\fR
.RS 4
Comma separated list of groups whose members are allowed to share unless matched in the user or group deny lists\&. If this list is set, groups that are not included will be denied unless matched in the user allow list\&.
.sp
This option can also be set in the configuration file as
sharing_groups_allow\&.
.RE
.PP
\fB\-sharing\-groups\-deny string\fR
.RS 4
Comma separated list of groups whose members will be denied sharing unless matched in the user allow list\&.
.sp
This option can also be set in the configuration file as
sharing_groups_deny\&.
.RE
.PP
\fB\-allow\-root\fR
.RS 4
Allow clients to be mapped to the root account\&.
.sp
This option can also be set in the configuration file as
allow_root\&. The default value of this option is
FALSE\&.
.RE
.PP
\fB\-allow\-disabled\-login\fR
.RS 4
Do not check if a user\(cqs system account is disabled before allowing login\&.
.sp
This option can also be set in the configuration file as
allow_disabled_login\&. The default value of this option is
FALSE\&.
.RE
.PP
\fB\-password\-file string\fR
.RS 4
Enable clear text access and authenticate users against this /etc/passwd formatted file\&.
.sp
This option can also be set in the configuration file as
pw_file\&.
.RE
.PP
\fB\-connections\-max number\fR
.RS 4
Maximum concurrent connections allowed\&. Only applies when running in daemon mode\&. Unlimited if not set\&.
.sp
This option can also be set in the configuration file as
connections_max\&.
.RE
.PP
\fB\-connections\-disabled\fR
.RS 4
Disable all new connections\&. For daemon mode, issue a SIGHUP to the server process after changing the config file in order to not affect ongoing connections\&.
.sp
This option can also be set in the configuration file as
connections_disabled\&. The default value of this option is
FALSE\&.
.RE
.PP
\fB\-offline\-msg string\fR
.RS 4
Custom message to be displayed to clients when the server is offline via the connections_disabled or connections_max = 0 options\&.
.sp
This option can also be set in the configuration file as
offline_msg\&.
.RE
.PP
\fB\-disable\-command\-list string\fR
.RS 4
A comma separated list of client commands that will be disabled\&.
.sp
This option can also be set in the configuration file as
disable_command_list\&.
.RE
.PP
\fB\-authz\-callouts,\-cas\fR
.RS 4
Enable the GSI authorization callout framework, for callouts such as CAS\&.
.sp
This option can also be set in the configuration file as
cas\&. The default value of this option is
TRUE\&.
.RE
.PP
\fB\-use\-home\-dirs\fR
.RS 4
Set the starting directory to the authenticated users home dir\&. Disabling this is the same as setting
\fI\-home\-dir /\fR\&.
.sp
This option can also be set in the configuration file as
use_home_dirs\&. The default value of this option is
TRUE\&.
.RE
.PP
\fB\-home\-dir string\fR
.RS 4
Set a path to override the system defined home/starting directory for authenticated users\&. The special variable strings
\fI$USER\fR
and
\fI$HOME\fR
may be used\&. The authenticated username will be substituted for $USER, and the user\(cqs real home dir will be substituted for $HOME\&. Be sure to escape the $ character if using these on the command line\&.
.sp
This option can also be set in the configuration file as
home_dir\&.
.RE
.PP
\fB\-rp string,\-restrict\-paths string\fR
.RS 4
A comma separated list of full paths that clients may access\&. Each path may be prefixed by R and/or W, denoting read or write access, otherwise full access is granted\&. If a given path is a directory, all contents and subdirectories will be given the same access\&. Order of paths does not matter \(em the permissions on the longest matching path will apply\&. The special character
\fI~\fR
will be replaced by the authenticated user\(cqs home directory, or the
\fI\-home\-dir\fR
option, if used\&. Note that if the home directory is not accessible,
\fI\e~\fR
will be set to
\fI/\fR\&. By default all paths are allowed, and access control is handled by the OS\&. In a striped or split process configuration, this should be set on both the frontend and data nodes\&.
.sp
This option can also be set in the configuration file as
restrict_paths\&.
.RE
.PP
\fB\-rp\-follow\-symlinks\fR
.RS 4
Do not verify that a symlink points to an allowed path before following\&. By default, symlinks are followed only when they point to an allowed path\&. By enabling this option, symlinks will be followed even if they point to a path that is otherwise restricted\&.
.sp
This option can also be set in the configuration file as
rp_follow_symlinks\&. The default value of this option is
FALSE\&.
.RE
.PP
\fB\-em string,\-acl string\fR
.RS 4
A comma separated list of ACL or event modules to load\&.
.sp
This option can also be set in the configuration file as
acl\&.
.RE
.SS "Logging Options"
.PP
\fB\-d string,\-log\-level string\fR
.RS 4
Log level\&. A comma separated list of levels from:
\fIERROR, WARN, INFO, TRANSFER, DUMP, ALL\fR\&. TRANSFER includes the same statistics that are sent to the separate transfer log when \-log\-transfer is used\&. Example: error,warn,info\&. You may also specify a numeric level of 1\-255\&. The default level is ERROR\&.
.sp
This option can also be set in the configuration file as
log_level\&. The default value of this option is
ERROR\&.
.RE
.PP
\fB\-log\-module string\fR
.RS 4
globus_logging module that will be loaded\&. If not set, the default
\fIstdio\fR
module will be used, and the logfile options apply\&. Built in modules are
\fIstdio\fR
and
\fIsyslog\fR\&. Log module options may be set by specifying module:opt1=val1:opt2=val2\&. Available options for the built in modules are
\fIinterval\fR
and
\fIbuffer\fR, for buffer flush interval and buffer size, respectively\&. The default options are a 64k buffer size and a 5 second flush interval\&. A 0 second flush interval will disable periodic flushing, and the buffer will only flush when it is full\&. A value of 0 for buffer will disable buffering and all messages will be written immediately\&. Example: \-log\-module stdio:buffer=4096:interval=10
.sp
This option can also be set in the configuration file as
log_module\&.
.RE
.PP
\fB\-l string,\-logfile string\fR
.RS 4
Path of a single file to log all activity to\&. If neither this option or log_unique is set, logs will be written to stderr unless the execution mode is detached or inetd, in which case logging will be disabled\&.
.sp
This option can also be set in the configuration file as
log_single\&.
.RE
.PP
\fB\-L string,\-logdir string\fR
.RS 4
Partial path to which
\fIgridftp\&.(pid)\&.log\fR
will be appended to construct the log filename\&. Example: \-L /var/log/gridftp/ will create a separate log ( /var/log/gridftp/gridftp\&.xxxx\&.log ) for each process (which is normally each new client session)\&. If neither this option or log_single is set, logs will be written to stderr unless the execution mode is detached or inetd, in which case logging will be disabled\&.
.sp
This option can also be set in the configuration file as
log_unique\&.
.RE
.PP
\fB\-Z string,\-log\-transfer string\fR
.RS 4
Log netlogger style info for each transfer into this file\&. You may also use the log\-level of TRANSFER to include this info in the standard log\&.
.sp
This option can also be set in the configuration file as
log_transfer\&.
.RE
.PP
\fB\-log\-filemode string\fR
.RS 4
File access permissions of log files\&. Should be an octal number such as 0644\&.
.sp
This option can also be set in the configuration file as
log_filemode\&.
.RE
.PP
\fB\-disable\-usage\-stats\fR
.RS 4
Usage statistics collection is no longer supported\&. This option is ignored\&.
.sp
This option can also be set in the configuration file as
disable_usage_stats\&. The default value of this option is
TRUE\&.
.RE
.PP
\fB\-usage\-stats\-target string\fR
.RS 4
Usage statistics collection is no longer supported\&. This option is ignored\&.
.sp
This option can also be set in the configuration file as
usage_stats_target\&.
.RE
.PP
\fB\-usage\-stats\-id string\fR
.RS 4
Usage statistics collection is no longer supported\&. This option is ignored\&.
.sp
This option can also be set in the configuration file as
usage_stats_id\&.
.RE
.SS "Single and Striped Remote Data Node Options"
.PP
\fB\-r string,\-remote\-nodes string\fR
.RS 4
Comma separated list of remote node contact strings\&.
.sp
This option can also be set in the configuration file as
remote_nodes\&.
.RE
.PP
\fB\-hybrid\fR
.RS 4
When a server is configured for striped operation with the
\fIremote_nodes\fR
option, both a frontend and backend process are started even if the client does not request multiple stripes\&. This option will start backend processes only when striped operation is requested by the client, while servicing non\-striped requests with a single frontend process\&.
.sp
This option can also be set in the configuration file as
hybrid\&. The default value of this option is
FALSE\&.
.RE
.PP
\fB\-dn,\-data\-node\fR
.RS 4
This server is a backend data node\&.
.sp
This option can also be set in the configuration file as
data_node\&. The default value of this option is
FALSE\&.
.RE
.PP
\fB\-sbs number,\-stripe\-blocksize number\fR
.RS 4
Size in bytes of sequential data that each stripe will transfer\&.
.sp
This option can also be set in the configuration file as
stripe_blocksize\&. The default value of this option is
1048576\&.
.RE
.PP
\fB\-stripe\-count number\fR
.RS 4
Number of number stripes to use per transfer when this server controls that number\&. If remote nodes are statically configured (via \-r or remote_nodes), this will be set to that number of nodes, otherwise the default is 1\&.
.sp
This option can also be set in the configuration file as
stripe_count\&.
.RE
.PP
\fB\-sl number,\-stripe\-layout number\fR
.RS 4
Stripe layout\&.
.sp
.if n \{\
.RS 4
.\}
.nf
1 = Partitioned
2 = Blocked
.fi
.if n \{\
.RE
.\}
.sp
This option can also be set in the configuration file as
stripe_layout\&. The default value of this option is
2\&.
.RE
.PP
\fB\-stripe\-blocksize\-locked\fR
.RS 4
Do not allow client to override stripe blocksize with the OPTS RETR command
.sp
This option can also be set in the configuration file as
stripe_blocksize_locked\&. The default value of this option is
FALSE\&.
.RE
.PP
\fB\-stripe\-layout\-locked\fR
.RS 4
Do not allow client to override stripe layout with the OPTS RETR command
.sp
This option can also be set in the configuration file as
stripe_layout_locked\&. The default value of this option is
FALSE\&.
.RE
.SS "Disk Options"
.PP
\fB\-bs number,\-blocksize number\fR
.RS 4
Size in bytes of data blocks to read from disk before posting to the network\&.
.sp
This option can also be set in the configuration file as
blocksize\&. The default value of this option is
262144\&.
.RE
.PP
\fB\-sync\-writes\fR
.RS 4
Flush disk writes before sending a restart marker\&. This attempts to ensure that the range specified in the restart marker has actually been committed to disk\&. This option will probably impact performance, and may result in different behavior on different storage systems\&. See the manpage for sync() for more information\&.
.sp
This option can also be set in the configuration file as
sync_writes\&. The default value of this option is
FALSE\&.
.RE
.PP
\fB\-perms string\fR
.RS 4
Set the default permissions for created files\&. Should be an octal number such as 0644\&. The default is 0644\&. Note: If umask is set it will affect this setting \(em i\&.e\&. if the umask is 0002 and this setting is 0666, the resulting files will be created with permissions of 0664\&.
.sp
This option can also be set in the configuration file as
perms\&.
.RE
.PP
\fB\-file\-timeout number\fR
.RS 4
Timeout in seconds for all disk accesses\&. A value of 0 disables the timeout\&.
.sp
This option can also be set in the configuration file as
file_timeout\&.
.RE
.SS "Network Options"
.PP
\fB\-p number,\-port number\fR
.RS 4
Port on which a frontend will listen for client control channel connections, or on which a data node will listen for connections from a frontend\&. If not set a random port will be chosen and printed via the logging mechanism\&.
.sp
This option can also be set in the configuration file as
port\&.
.RE
.PP
\fB\-control\-interface string\fR
.RS 4
Hostname or IP address of the interface to listen for control connections on\&. If not set will listen on all interfaces\&.
.sp
This option can also be set in the configuration file as
control_interface\&.
.RE
.PP
\fB\-data\-interface string\fR
.RS 4
Hostname or IP address of the interface to use for data connections\&. If not set will use the current control interface\&.
.sp
This option can also be set in the configuration file as
data_interface\&.
.RE
.PP
\fB\-ipc\-interface string\fR
.RS 4
Hostname or IP address of the interface to use for ipc connections\&. If not set will listen on all interfaces\&.
.sp
This option can also be set in the configuration file as
ipc_interface\&.
.RE
.PP
\fB\-hostname string\fR
.RS 4
Effectively sets the above control_interface, data_interface and ipc_interface options\&.
.sp
This option can also be set in the configuration file as
hostname\&.
.RE
.PP
\fB\-ipc\-port number\fR
.RS 4
Port on which the frontend will listen for data node connections\&.
.sp
This option can also be set in the configuration file as
ipc_port\&.
.RE
.PP
\fB\-control\-preauth\-timeout number\fR
.RS 4
Time in seconds to allow a client to remain connected to the control channel without activity before authenticating\&.
.sp
This option can also be set in the configuration file as
control_preauth_timeout\&. The default value of this option is
120\&.
.RE
.PP
\fB\-control\-idle\-timeout number\fR
.RS 4
Time in seconds to allow a client to remain connected to the control channel without activity\&.
.sp
This option can also be set in the configuration file as
control_idle_timeout\&. The default value of this option is
600\&.
.RE
.PP
\fB\-ipc\-idle\-timeout number\fR
.RS 4
Idle time in seconds before an unused ipc connection will close\&.
.sp
This option can also be set in the configuration file as
ipc_idle_timeout\&. The default value of this option is
900\&.
.RE
.PP
\fB\-ipc\-connect\-timeout number\fR
.RS 4
Time in seconds before canceling an attempted ipc connection\&.
.sp
This option can also be set in the configuration file as
ipc_connect_timeout\&. The default value of this option is
60\&.
.RE
.PP
\fB\-allow\-udt\fR
.RS 4
Enable protocol support for UDT with NAT traversal if the udt driver is available\&. Requires threads\&.
.sp
This option can also be set in the configuration file as
allow_udt\&. The default value of this option is
FALSE\&.
.RE
.PP
\fB\-port\-range string\fR
.RS 4
Port range to use for incoming connections\&. The format is "startport,endport"\&. This, along with \-data\-interface, can be used to enable operation behind a firewall and/or when NAT is involved\&. This is the same as setting the environment variable GLOBUS_TCP_PORT_RANGE\&.
.sp
This option can also be set in the configuration file as
port_range\&.
.RE
.PP
\fB\-epsv\-ip\fR
.RS 4
Adds an IPv6 address to EPSV response\&. Breaks RFC 2428, but allows redirection to work with IPv6\&.
.sp
This option can also be set in the configuration file as
epsv_ip\&. The default value of this option is
FALSE\&.
.RE
.PP
\fB\-epsv\-match\fR
.RS 4
Makes EPSV behaviour more compliant with RFC 2428 by choosing the default data connection protocol based on the control connection protocol\&.
.sp
This option can also be set in the configuration file as
epsv_match\&. The default value of this option is
FALSE\&.
.RE
.SS "User Messages"
.PP
\fB\-banner string\fR
.RS 4
Message to display to the client before authentication\&.
.sp
This option can also be set in the configuration file as
banner\&.
.RE
.PP
\fB\-banner\-file string\fR
.RS 4
File to read banner message from\&.
.sp
This option can also be set in the configuration file as
banner_file\&.
.RE
.PP
\fB\-banner\-terse\fR
.RS 4
When this is set, the minimum allowed banner message will be displayed to unauthenticated clients\&.
.sp
This option can also be set in the configuration file as
banner_terse\&. The default value of this option is
FALSE\&.
.RE
.PP
\fB\-banner\-append\fR
.RS 4
When this is set, the message set in the
\fIbanner\fR
or
\fIbanner_file\fR
option will be appended to the default banner message rather than replacing it\&.
.sp
This option can also be set in the configuration file as
banner_append\&. The default value of this option is
FALSE\&.
.RE
.PP
\fB\-version\-tag string\fR
.RS 4
Add an identifying string to the existing toolkit version\&. This is displayed in the default banner message, the SITE VERSION command, and usage stats\&.
.sp
This option can also be set in the configuration file as
version_tag\&.
.RE
.PP
\fB\-login\-msg string\fR
.RS 4
Message to display to the client after authentication\&.
.sp
This option can also be set in the configuration file as
login_msg\&.
.RE
.PP
\fB\-login\-msg\-file string\fR
.RS 4
File to read login message from\&.
.sp
This option can also be set in the configuration file as
login_msg_file\&.
.RE
.SS "Module Options"
.PP
\fB\-dsi string\fR
.RS 4
Data Storage Interface module to load\&. File and remote modules are defined by the server\&. If not set, the file module is loaded, unless the
\fIremote\fR
option is specified, in which case the remote module is loaded\&. An additional configuration string can be passed to the DSI using the format [module name]:[configuration string] to this option\&. The format of the configuration string is defined by the DSI being loaded\&.
.sp
This option can also be set in the configuration file as
load_dsi_module\&.
.RE
.PP
\fB\-allowed\-modules string\fR
.RS 4
Comma separated list of ERET/ESTO modules to allow, and optionally specify an alias for\&. Example: module1,alias2:module2,module3 (module2 will be loaded when a client asks for alias2)\&.
.sp
This option can also be set in the configuration file as
allowed_modules\&.
.RE
.PP
\fB\-dc\-whitelist string\fR
.RS 4
A comma separated list of drivers allowed on the network stack\&.
.sp
This option can also be set in the configuration file as
dc_whitelist\&.
.RE
.PP
\fB\-fs\-whitelist string\fR
.RS 4
A comma separated list of drivers allowed on the disk stack\&.
.sp
This option can also be set in the configuration file as
fs_whitelist\&.
.RE
.PP
\fB\-popen\-whitelist string\fR
.RS 4
A comma separated list of programs that the popen driver is allowed to execute, when used on the network or disk stack\&. An alias may also be specified, so that a client does not need to specify the full path\&. Format is [alias:]prog,[alias:]prog\&. example: /bin/gzip,tar:/bin/tar
.sp
This option can also be set in the configuration file as
popen_whitelist\&.
.RE
.PP
\fB\-xnetmgr string\fR
.RS 4
An option string to pass to the XIO Network Manager Driver, which will then be loaded for all data channel connections\&. This must be in the form "manager=module;option1=value;option2=value;"\&. See the Network Manager documentation for more info\&.
.sp
This option can also be set in the configuration file as
xnetmgr\&.
.RE
.PP
\fB\-dc\-default string\fR
.RS 4
A comma separated list of XIO drivers and options representing the default network stack\&. Format is of each driver entry is driver1[:opt1=val1;opt2=val2;\&...]\&. The bottom of the stack, the transport driver, is always first\&.
.sp
This option can also be set in the configuration file as
dc_default\&.
.RE
.PP
\fB\-fs\-default string\fR
.RS 4
A comma separated list of XIO drivers and options representing the default disk stack\&. Format is of each driver entry is driver1[:opt1=val1;opt2=val2;\&...]\&. The bottom of the stack, the transport driver, is always first\&.
.sp
This option can also be set in the configuration file as
fs_default\&.
.RE
.SS "Other"
.PP
\fB\-c string\fR
.RS 4
Path to main configuration file that should be loaded\&. Otherwise will attempt to load $GLOBUS_LOCATION/etc/gridftp\&.conf and /etc/grid\-security/gridftp\&.conf\&.
.RE
.PP
\fB\-C string\fR
.RS 4
Path to directory holding configuration files that should be loaded\&. Files will be loaded in alphabetical order, and in the event of duplicate parameters the last loaded file will take precedence\&. Backup files and files created by package updates (e\&.g\&. file\&.rpmsave) will be ignored\&. Note that the main configuration file, if one exists, will always be loaded last\&.
.sp
This option can also be set in the configuration file as
config_dir\&.
.RE
.PP
\fB\-config\-base\-path string\fR
.RS 4
Base path to use when config and log path options are not full paths\&. By default this is the current directory when the process is started\&.
.sp
This option can also be set in the configuration file as
config_base_path\&.
.RE
.PP
\fB\-debug\fR
.RS 4
Sets options that make server easier to debug\&. Forces no\-fork, no\-chdir, and allows core dumps on bad signals instead of exiting cleanly\&. Not recommended for production servers\&. Note that non\-forked servers running as
\fIroot\fR
will only accept a single connection, and then exit\&.
.sp
This option can also be set in the configuration file as
debug\&. The default value of this option is
FALSE\&.
.RE
.PP
\fB\-pidfile string\fR
.RS 4
.sp
This option can also be set in the configuration file as
pidfile\&.
.RE
.SH "EXIT STATUS"
.PP
0
.RS 4
Successful program execution\&.
.RE