; vim: filetype=dosini : nospell :;------------------------------; Globus Con

1. ; vim: filetype=dosini : nospell :
2.  
3. ;------------------------------
4. ; Globus Configuration, Part 1
5. ;------------------------------
6.  
7. ; This is the part of /etc/globus-connect-server.conf that is common to all
8. ; authentication methods. You can fill it out even if you haven't decided on
9. ; an authentication method to use.
10.  
11. ; NOTE: If you change anything in this file, you must re-run the
12. ; globus-connect-server-setup command.
13.  
14.  
15. ; This section contains information on your Globus ID.
16. [Globus]
17.  
18. ; Set 'User' to the username part of your Globus ID.
19. ; For example, if you Globus ID is 'stanford@globusid.org',
20. ; then set this to "stanford" (without the quotes, of course).
21. User = stanford
22.  
23. ; 'Password' is the field for your Globus ID's password.
24. ; DO NOT HARD-CODE THIS! This is only required when you run the
25. ; globus-connect-server-setup program, which does not happen often.
26. ;
27. ; The default value, "%(GLOBUS_PASSWORD)s", will tell the
28. ; globus-connect-server-setup program to do one of two things:
29. ;
30. ; 1) If the GLOBUS_PASSWORD environment variable is defined, use it.
31. ; 2) Otherwise, prompt for manual password entry.
32. Password = %(GLOBUS_PASSWORD)s
33.  
34.  
35. ; This section contains endpoint configuration.
36. ;
37. ; WARNING: The fields here are also editable on the Endpoint configuration
38. ; page on globus.org. But, it is best if you set them here, because when
39. ; you run globus-connect-server-setup, it will use these values, and change
40. ; whatever you have on globus.org.
41. [Endpoint]
42.  
43. ; This is the computer-readable name for your endpoint.
44. ; This, plus your Globus ID, will form your endpoint's "legacy name".
45. ; For example, for Globus ID "stanford", and endpoint name "blah",
46. ; people will see the name as "stanford#blah".
47. Name = blah
48.  
49. ; True or False, determining if the endpoint will be public or private.
50. ; If not specified, this will default to False (non-public).
51. ; NOTE: Setting Public to True only means people will find it in search
52. ; results. It does _not_ make the endpoint world-readable.
53. Public = False
54.  
55. ; Default directory when users login to this endpoint (optional).
56. ; If not specified, this will default to /~/.
57. DefaultDirectory = /~/
58.  
59.  
60. ; This section contains GridFTP configuration. GridFTP is the program/service
61. ; which actually performs the transfers.
62. [GridFTP]
63.  
64. ; Require an encrypted data connection for all transfers. Transfers attempted
65. ; without encryption will result in error.
66. ; NOTE: Setting this is normally a good idea, security-wise, even though you
67. ; will take a performance hit.
68. ; WARNING: When set to True, you will _also_ need to set the endpoint's
69. ; "Encryption Required" setting to True. That does not happen automatically!
70. RequireEncryption = True
71.  
72. ; Restricted path configuration.
73. ; A comma separated list of full paths that clients may access. Each path may
74. ; be prefixed by R and/or W, denoting read or write access, or N to explicitly
75. ; deny access to a path. If a given path is a directory, all contents and
76. ; subdirectories will be given the same access. Order of paths does not matter
77. ; -- the permissions on the longest matching path will apply. The special
78. ; character '~' will be replaced by the authenticated user's home directory,
79. ; and * may be used for simple wildcard matching.
80. ; By default all paths are allowed, and access control is handled by the OS.
81. ; Examples:
82. ; Allow read access to /data and full access to the user's home directory:
83. ; RestrictPaths = RW~,R/data
84. ; Allow full access to the home directory, but deny hidden files there:
85. ; RestrictPaths = RW~,N~/.*
86. RestrictPaths =
87.  
88. ; Enable sharing with Globus for this server.
89. ; If not specified, this will default to False.
90. ;
91. ; If sharing is enabled, then authenticated users will be able to share their
92. ; stuff with other people, even people who can not access the endpoint on their
93. ; own.
94. ;; Sharing = True
95.  
96. ; Using the same syntax as RestrictPaths above, this defines additional
97. ; restrictions which paths that sharing clients may access.
98. ;; SharingRestrictPaths =
99.  
100. ; Allow or Deny sharing for specific users or groups.
101. ; Each option takes a comma separated list of user or group names.
102. ; Users named in SharingUsersDeny and members of groups named in
103. ; SharingGroupsDeny will be denied sharing features.
104. ; If SharingUsersAllow or SharingGroupsAllow is set, only those users
105. ; or group members may share, and all other users will be denied.
106. ; Any user for which sharing is denied will not be allowed to create shares,
107. ; and existing shares owned by that user will not be accessible.
108. ; By default these options are not set, and all users are allowed to share.
109. ;
110. ;; SharingUsersAllow =
111. ;; SharingGroupsAllow =
112. ;;
113. ;; SharingUsersDeny =
114. ;; SharingGroupsDeny =
115.  
116. ; This is the hostname to use for people to connect to your GridFTP server.
117. ; The port number is 2811. Globus connects to this to send commands.
118. ; The default pulls the server name from EC2 metadata if present, falling back
119. ; to the localhost hostname if needed. If you are behind a NAT, and not using
120. ; EC2, then you may want to configure this manually.
121. Server = %(HOSTNAME)s
122.  
123. ; The globus-connect-server-setup program compares the system hostname to what
124. ; you configured in the Server line, above. If the two do not match, then
125. ; GridFTP will be disabled. But in NAT environments (like EC2), the mismatch
126. ; is normal. Setting ServerBehindNAT to True will skip the hostname check.
127. ; NOTE: See also the 'DataInterface' setting, below.
128. ;;ServerBehindNAT = True
129.  
130. ; Hostname or IP address of the interface to use for data connections. If not
131. ; set in this file, then the default behavior is:
132. ; - When run on an EC2 instance, the data interface will be automatically
133. ; configured to use the public ipv4 address of the instance.
134. ; - When run on a non-EC2 instance, if ServerBehindNAT is True, then
135. ; the hostname of the Server string is used. If this resolves to a private
136. ; IP adddress, a warning will be issued.
137. ; - Otherwise, this will not be set, and the gridftp server will tell clients
138. ; to connect to the IP address that the control connection was established
139. ; on.
140. ;; DataInterface =
141.  
142. ; Path of a directory where GridFTP will store files used to control
143. ; sharing access to individual accounts. The variables $USER and $HOME
144. ; should be used in order to define a unique path per user.
145. ; If not specified, this will default to "$HOME/.globus/sharing".
146. ;
147. ; For instance, with SharingStateDir = "/var/globusonline/sharing/$USER",
148. ; user "bob" would be enabled for sharing only if a path exists with the
149. ; name "/var/globusonline/sharing/bob/" and is writable by bob.
150. ;
151. ;;SharingStateDir =