GridFTP server configuration overview – Updated March 2021
The configuration interface for GridFTP is the admin tool, globus-gridftp-server(8), which can be used with a configuration
file and/or run-time options.
Note
Command line options and configuration file options may both be used, but the command line overrides the
config file.
The configuration file for the GridFTP server is read from the following locations, in the given order. Only the first file which can be located will actually be loaded:
If the value contains spaces, they should be enclosed in double-quotes (“). Flags or boolean options should only have
a value of 0 or 1. Blank lines and lines beginning with # are ignored.
For example:
port 5000
allow_anonymous 1
anonymous_user bob
banner “Welcome!”
For complete command documentation including all options, see globus-gridftp-server(8).
This page includes information about general configuration of the GridFTP server. Security options are discussed below as well as some other suggested configuration options. If you want to use proxies to connect to the server remember you need a method of passing authentication over using the proxy. Without user authentication being available the server would have to accept anonymous connections with no credentials, clearly a security risk.
Security should be the primary concern for any configuration though, particularly for a public facing FTP server. Any breaches are liable to involve costly bandwidth bills and possible legal issues if the service is used for suspicious purposes. These would be traceable to this specific server, especially if the attack used proxies in order to hide their true location, If you’ve never seen how much bandwidth an FTP server installed on a hacked server can use, then you’d be truly amazed.
Recent Comments