Hi,
Based on your requirements, I would recommend running a read-only GridFTP
server in anonymous mode and chroot it to a specific path.
Instructions for running a read-only GridFTP server in anonymous mode is
available at:
http://www.globus.org/toolkit/data/gridftp/quickstart-anonymous.html
Instructions for chrooting GridFTP server is available at
http://www.globus.org/toolkit/docs/latest-stable/data/gridftp/admin/#chroot-gridftp
And the hang you describe below seems like a firewall problem. Can you run
globus-url-copy with -dbg and send us the output?
Raj
On Sep 29, 2011, at 12:22 PM, Nikolay Kutovskiy wrote:
> Dear community,
>
> I need to deploy gridftp server (Scientific Linux 5.7, x86_64, GT 5.0.4) with
> the following properties.
> 1) it needs to be run under regular (non-root) user;
> 2) it has to provide a read-only access and only for certain dir but for all
> users without authorization check;
> 3) gridftp server has to start after reboot automatically.
>
> If I do as below:
> $ tail -1 /etc/services
> gsiftp 2811/tcp
>
> $ cat /etc/xinetd.d/gridftp
> service gsiftp
> {
> instances = 100
> socket_type = stream
> wait = no
> user = gridftp
> env += GLOBUS_LOCATION=/opt/globus
> env += LD_LIBRARY_PATH=/opt/globus/lib
> env += GLOBUS_TCP_PORT_RANGE=20000,25000
> server = /opt/globus/sbin/globus-gridftp-server
> server_args = -c /opt/globus/etc/gridftp.conf
> log_on_success += DURATION
> disable = no
> }
>
> $ cat /opt/globus/etc/gridftp.conf
> port 2811
> log_level info,warn,error
> log_single /home/gridftp/gridftp.log
> auth_level 0
> disable_command_list STOR,ESTO,DELE,RDEL,RNTO
>
>
> hostcert.pem, hostkey.pem and certificates dir I put into .globus subdir of
> gridftp's user home dir.
>
> Then
> [root]$ /etc/init.d/xinetd start
>
> $ netstat -tunlp|grep 2811
> tcp 0 0 0.0.0.0:2811 0.0.0.0:* LISTEN
> 24268/xinetd
>
> After that from another host as regular user (tried with with valid proxy
> (tried bot not sure if it's needed since auth_level 0)
>
> $ uberftp -d <gridftp_host>
> an end-of-file was reachedan end-of-file was reached
> globus_xio: An end of file occurred
> Closing connection to service.
>
> gridftp.log shows:
> [24275] Thu Sep 29 20:55:22 2011 :: GFork functionality not enabled:
> globus_gfork_child_worker_start() failed:
> globus_gfork: GFork error: Env not set
>
> [24275] Thu Sep 29 20:55:22 2011 :: Configuration read from
> /opt/globus/etc/gridftp.conf.
> [24275] Thu Sep 29 20:55:22 2011 :: Could not start server:
> globus_xio: globus_l_xio_tcp_create_listener failed.
> globus_xio: globus_l_xio_tcp_bind failed.
> globus_xio: System error in bind: Address already in use
> globus_xio: A system call failed: Address already in use
>
> If I remove the 'port 2811' line from gridftp.conf file, restart xinetd and
> try connect again then uberftp hangs, nothing in the gridftp log.
> Telnet gives
> Trying <gridftp_server_IP>...
> Connected to <gridftp_server_hostname>.
> Escape character is '^]'.
> Server listening at <gridftp_server_hostname>:24384
>
> and hangs (ctrl+c doesn't work).
>
> gridftp.log has
> [24310] Thu Sep 29 21:12:29 2011 :: GFork functionality not enabled:
> globus_gfork_child_worker_start() failed:
> globus_gfork: GFork error: Env not set
>
> [24310] Thu Sep 29 21:12:29 2011 :: Configuration read from
> /opt/globus/etc/gridftp.conf.
> [24310] Thu Sep 29 21:12:29 2011 :: Server started in daemon mode.
> and that's it.
>
> Any help on that, please?
>
> Regards,
> Nikolay.
