Globus Toolkit 3.2: Installation Guide

Overview
Before You Begin
Support Software
Installing GT 3.2
Configuring > GridFTP <
Testing
Troubleshooting

Configuring GridFTP - Basic

Prerequisites

Before you can configure a GridFTP server, you must have:

  • a host certificate
  • appropriate users in the grid-mapfile
Configure GridFTP server daemon
In order to use GridFTP, you need to configure your machine to automatically start the GridFTP server daemon.
1

As root, add the following entry to /etc/services:

gsiftp 2811/tcp
Configure Inetd/Xinetd
Modify the configuration file for Inetd or Xinetd (depending on which your host is running):
2

For Inetd, open /etc/inetd.conf and add the following entry.

gsiftp  stream  tcp     nowait  root /usr/bin/env env LD_LIBRARY_PATH=GLOBUS_LOCATION/lib GLOBUS_LOCATION/sbin/in.ftpd -l -a -G GLOBUS_LOCATION

Enter the entire string in one line (disregard the word wrapping above). Be sure to replace GLOBUS_LOCATION with the actual value of $GLOBUS_LOCATION in your environment.

New to 2.2: This entry has changed from the entry provided for the GridFTP server in the Globus Toolkit 2.0 Administrator's Guide.  The reason is that if you followed the instructions from the install section, you do not have a static in.ftpd.  This requires you to set the LD_LIBRARY_PATH so that the server can dynamically link against the libraries in $GLOBUS_LOCATION/lib.  To accomplish the setting of the environment variable in inetd, we use /usr/bin/env (the location may vary on your system) to first set LD_LIBRARY_PATH, and then to call in.ftpd itself.

The advantage of this setup is that when you apply a security update to your installation, the GridFTP server will pick it up dynamically without your having to rebuild it.

For Xinetd, add a file called grid-ftp to the /etc/xinetd.d/ directory with the following contents:

		service gsiftp
		 { 
		      instances       = 1000 
		      socket_type     = stream 
		      wait            = no 
		      user            = root 
		      env             = LD_LIBRARY_PATH=GLOBUS_LOCATION/lib 
		      server          = GLOBUS_LOCATION/sbin/in.ftpd 
		      server_args     = -l -a -G GLOBUS_LOCATION 
		      log_on_success += DURATION 
		      nice            = 10 
		      disable         = no 
		  }

Be sure to replace GLOBUS_LOCATION with the actual value of $GLOBUS_LOCATION in your environment.

New to 2.2: This entry has changed from the entry provided for the GridFTP server in the Globus Toolkit 2.0 Administrator's Guide.  The reason is that if you followed the instructions from the install section, you do not have a static in.ftpd.  This requires you to set the LD_LIBRARY_PATH so that the server can dynamically link against the libraries in $GLOBUS_LOCATION/lib.  To accomplish the setting of the environment variable in xinetd, we use the "env =" option to set LD_LIBRARY_PATH in the gatekeeper's environment.

The advantage of this setup is that when you apply a security update to your installation, the GridFTP server will pick it up dynamically without your having to rebuild it.
Notify Inetd/Xinetd to reload
3

Notify Inetd or Xinetd that its configuration file has changed. To do this, follow the instructions for the server as listed in the manual (man inetd or man xinetd). It will probably be something like /etc/init.d/xinetd reload.

Testing GridFTP

Testing GridFTP consists of:

  • Starting a GridFTP server (steps 2-3 above)
  • Creating a proxy (step 4)
  • Moving a test file (step 5)
4 Create a proxy certificate: 
% grid-proxy-init -verify -debug
5 Create a file named /tmp/file1, and run the following command: 
% globus-url-copy gsiftp://localhost/tmp/file1 \
    file:///tmp/file2

Check to make sure that /tmp/file2 now exists. You may look in /var/log/messages to see any messages the GridFTP daemon may have logged about the transfer

Personal GridFTP server

For whatever reason, you might not be able to start the GridFTP server as root. The following procedure contains the instructions for running a GridFTP server as a user. They only apply to that situation. If you already have the GridFTP server running from the above steps, you may skip the following section.

6

Create ~/.gridmap, and add an entry with your subject (from grid-cert-info -subject) and username (from whoami):

"/O=Grid/O=Globus/OU=your.domain/CN=Your Name" your-account

7

Start the GridFTP server as yourself: 

     % $GLOBUS_LOCATION/sbin/in.ftpd -S -p 5678

The -S flag leaves the daemon in the background and the -p flag specifies the port. If that port is already in use, you try another one.
8

Transferring a file from a personal GridFTP server: 

% globus-url-copy -s "`grid-cert-info -subject`" \
    gsiftp://localhost:5678/tmp/file1 \
    file:///tmp/file2

Note: The -s flag is used in this procedure because the GridFTP server is running under your user proxy. Ordinarily (like in Step 5 above) globus-url-copy expects the GridFTP server to be using a host certificate. Because this transfer is to a personal GridFTP server, this is not true. The -s flag combined with grid-cert-info lets the client know to expect your user subject instead. In general, this is not required when transferring to/from a host-based GridFTP server.

For more information, see the GridFTP System Administrator's Guide.