akkornel · March 18, 2018 19:39
diff --git a/globus-connect-server.conf b/globus-connect-server.conf
 ; vim: filetype=dosini : nospell :

 ;------------------------------
 ; Globus Configuration, Part 1
 ;------------------------------

 ; This is the part of /etc/globus-connect-server.conf that is common to all
 ; authentication methods.  You can fill it out even if you haven't decided on
 ; an authentication method to use.

 ; NOTE: If you change anything in this file, you must re-run the
 ; globus-connect-server-setup command.


 ; This section contains information on your Globus ID.
 [Globus]

 ; Set 'User' to the username part of your Globus ID.
 ; For example, if you Globus ID is '[email protected]',
 ; then set this to "stanford" (without the quotes, of course).
 User = stanford

 ; 'Password' is the field for your Globus ID's password.
 ; DO NOT HARD-CODE THIS!  This is only required when you run the
 ; globus-connect-server-setup program, which does not happen often.
 ; 
 ; The default value, "%(GLOBUS_PASSWORD)s", will tell the 
 ; globus-connect-server-setup program to do one of two things:
 ; 
 ; 1) If the GLOBUS_PASSWORD environment variable is defined, use it.
 ; 2) Otherwise, prompt for manual password entry.
 Password = %(GLOBUS_PASSWORD)s


 ; This section contains endpoint configuration.
 ;
 ; WARNING: The fields here are also editable on the Endpoint configuration
 ; page on globus.org.  But, it is best if you set them here, because when
 ; you run globus-connect-server-setup, it will use these values, and change
 ; whatever you have on globus.org.
 [Endpoint]

 ; This is the computer-readable name for your endpoint.
 ; This, plus your Globus ID, will form your endpoint's "legacy name".
 ; For example, for Globus ID "stanford", and endpoint name "blah",
 ; people will see the name as "stanford#blah".
 Name = blah

 ; True or False, determining if the endpoint will be public or private.
 ; If not specified, this will default to False (non-public).
 ; NOTE: Setting Public to True only means people will find it in search
 ; results.  It does _not_ make the endpoint world-readable.
 Public = False

 ; Default directory when users login to this endpoint (optional).
 ; If not specified, this will default to /~/.
 DefaultDirectory = /~/


 ; This section contains GridFTP configuration.  GridFTP is the program/service
 ; which actually performs the transfers.
 [GridFTP]

 ; Require an encrypted data connection for all transfers. Transfers attempted
 ; without encryption will result in error.
 ; NOTE: Setting this is normally a good idea, security-wise, even though you
 ; will take a performance hit.
 ; WARNING: When set to True, you will _also_ need to set the endpoint's
 ; "Encryption Required" setting to True.  That does not happen automatically!
 RequireEncryption = True

 ; Restricted path configuration.
 ; A comma separated list of full paths that clients may access.  Each path may
 ; be prefixed by R and/or W, denoting read or write access, or N to explicitly
 ; deny access to a path.  If a given path is a directory, all contents and
 ; subdirectories will be given the same access.  Order of paths does not matter
 ; -- the permissions on the longest matching path will apply.  The special
 ; character '~' will be replaced by the authenticated user's home directory,
 ; and * may be used for simple wildcard matching.
 ; By default all paths are allowed, and access control is handled by the OS.
 ; Examples:
 ; Allow read access to /data and full access to the user's home directory:
 ; RestrictPaths = RW~,R/data
 ; Allow full access to the home directory, but deny hidden files there:
 ; RestrictPaths = RW~,N~/.*
 RestrictPaths =

 ; Enable sharing with Globus for this server.
 ; If not specified, this will default to False.
 ;
 ; If sharing is enabled, then authenticated users will be able to share their
 ; stuff with other people, even people who can not access the endpoint on their
 ; own.
 ;; Sharing = True

 ; Using the same syntax as RestrictPaths above, this defines additional
 ; restrictions which paths that sharing clients may access.
 ;; SharingRestrictPaths =

 ; Allow or Deny sharing for specific users or groups.
 ; Each option takes a comma separated list of user or group names.
 ; Users named in SharingUsersDeny and members of groups named in
 ; SharingGroupsDeny will be denied sharing features.
 ; If SharingUsersAllow or SharingGroupsAllow is set, only those users
 ; or group members may share, and all other users will be denied.
 ; Any user for which sharing is denied will not be allowed to create shares,
 ; and existing shares owned by that user will not be accessible.
 ; By default these options are not set, and all users are allowed to share.
 ;
 ;; SharingUsersAllow =
 ;; SharingGroupsAllow =
 ;;
 ;; SharingUsersDeny =
 ;; SharingGroupsDeny =

 ; This is the hostname to use for people to connect to your GridFTP server.
 ; The port number is 2811.  Globus connects to this to send commands.
 ; The default pulls the server name from EC2 metadata if present, falling back
 ; to the localhost hostname if needed.  If you are behind a NAT, and not using
 ; EC2, then you may want to configure this manually.
 Server = %(HOSTNAME)s

 ; The globus-connect-server-setup program compares the system hostname to what
 ; you configured in the Server line, above.  If the two do not match, then
 ; GridFTP will be disabled.  But in NAT environments (like EC2), the mismatch
 ; is normal.  Setting ServerBehindNAT to True will skip the hostname check.
 ; NOTE: See also the 'DataInterface' setting, below.
 ;;ServerBehindNAT = True

 ; Hostname or IP address of the interface to use for data connections. If not
 ; set in this file, then the default behavior is:
 ; - When run on an EC2 instance, the data interface will be automatically
 ;   configured to use the public ipv4 address of the instance.
 ; - When run on a non-EC2 instance, if ServerBehindNAT is True, then
 ;   the hostname of the Server string is used. If this resolves to a private
 ;   IP adddress, a warning will be issued.
 ; - Otherwise, this will not be set, and the gridftp server will tell clients
 ;   to connect to the IP address that the control connection was established
 ;   on.
 ;; DataInterface =

 ; Path of a directory where GridFTP will store files used to control
 ; sharing access to individual accounts.  The variables $USER and $HOME
 ; should be used in order to define a unique path per user.
 ; If not specified, this will default to "$HOME/.globus/sharing".
 ;
 ; For instance, with SharingStateDir = "/var/globusonline/sharing/$USER",
 ; user "bob" would be enabled for sharing only if a path exists with the
 ; name "/var/globusonline/sharing/bob/" and is writable by bob.
 ;
 ;;SharingStateDir =
	; vim: filetype=dosini : nospell :

	;------------------------------
	; Globus Configuration, Part 1
	;------------------------------

	; This is the part of /etc/globus-connect-server.conf that is common to all
	; authentication methods. You can fill it out even if you haven't decided on
	; an authentication method to use.

	; NOTE: If you change anything in this file, you must re-run the
	; globus-connect-server-setup command.


	; This section contains information on your Globus ID.
	[Globus]

	; Set 'User' to the username part of your Globus ID.
	; For example, if you Globus ID is '[email protected]',
	; then set this to "stanford" (without the quotes, of course).
	User = stanford

	; 'Password' is the field for your Globus ID's password.
	; DO NOT HARD-CODE THIS! This is only required when you run the
	; globus-connect-server-setup program, which does not happen often.
	;
	; The default value, "%(GLOBUS_PASSWORD)s", will tell the
	; globus-connect-server-setup program to do one of two things:
	;
	; 1) If the GLOBUS_PASSWORD environment variable is defined, use it.
	; 2) Otherwise, prompt for manual password entry.
	Password = %(GLOBUS_PASSWORD)s


	; This section contains endpoint configuration.
	;
	; WARNING: The fields here are also editable on the Endpoint configuration
	; page on globus.org. But, it is best if you set them here, because when
	; you run globus-connect-server-setup, it will use these values, and change
	; whatever you have on globus.org.
	[Endpoint]

	; This is the computer-readable name for your endpoint.
	; This, plus your Globus ID, will form your endpoint's "legacy name".
	; For example, for Globus ID "stanford", and endpoint name "blah",
	; people will see the name as "stanford#blah".
	Name = blah

	; True or False, determining if the endpoint will be public or private.
	; If not specified, this will default to False (non-public).
	; NOTE: Setting Public to True only means people will find it in search
	; results. It does _not_ make the endpoint world-readable.
	Public = False

	; Default directory when users login to this endpoint (optional).
	; If not specified, this will default to /~/.
	DefaultDirectory = /~/


	; This section contains GridFTP configuration. GridFTP is the program/service
	; which actually performs the transfers.
	[GridFTP]

	; Require an encrypted data connection for all transfers. Transfers attempted
	; without encryption will result in error.
	; NOTE: Setting this is normally a good idea, security-wise, even though you
	; will take a performance hit.
	; WARNING: When set to True, you will _also_ need to set the endpoint's
	; "Encryption Required" setting to True. That does not happen automatically!
	RequireEncryption = True

	; Restricted path configuration.
	; A comma separated list of full paths that clients may access. Each path may
	; be prefixed by R and/or W, denoting read or write access, or N to explicitly
	; deny access to a path. If a given path is a directory, all contents and
	; subdirectories will be given the same access. Order of paths does not matter
	; -- the permissions on the longest matching path will apply. The special
	; character '~' will be replaced by the authenticated user's home directory,
	; and * may be used for simple wildcard matching.
	; By default all paths are allowed, and access control is handled by the OS.
	; Examples:
	; Allow read access to /data and full access to the user's home directory:
	; RestrictPaths = RW~,R/data
	; Allow full access to the home directory, but deny hidden files there:
	; RestrictPaths = RW~,N~/.*
	RestrictPaths =

	; Enable sharing with Globus for this server.
	; If not specified, this will default to False.
	;
	; If sharing is enabled, then authenticated users will be able to share their
	; stuff with other people, even people who can not access the endpoint on their
	; own.
	;; Sharing = True

	; Using the same syntax as RestrictPaths above, this defines additional
	; restrictions which paths that sharing clients may access.
	;; SharingRestrictPaths =

	; Allow or Deny sharing for specific users or groups.
	; Each option takes a comma separated list of user or group names.
	; Users named in SharingUsersDeny and members of groups named in
	; SharingGroupsDeny will be denied sharing features.
	; If SharingUsersAllow or SharingGroupsAllow is set, only those users
	; or group members may share, and all other users will be denied.
	; Any user for which sharing is denied will not be allowed to create shares,
	; and existing shares owned by that user will not be accessible.
	; By default these options are not set, and all users are allowed to share.
	;
	;; SharingUsersAllow =
	;; SharingGroupsAllow =
	;;
	;; SharingUsersDeny =
	;; SharingGroupsDeny =

	; This is the hostname to use for people to connect to your GridFTP server.
	; The port number is 2811. Globus connects to this to send commands.
	; The default pulls the server name from EC2 metadata if present, falling back
	; to the localhost hostname if needed. If you are behind a NAT, and not using
	; EC2, then you may want to configure this manually.
	Server = %(HOSTNAME)s

	; The globus-connect-server-setup program compares the system hostname to what
	; you configured in the Server line, above. If the two do not match, then
	; GridFTP will be disabled. But in NAT environments (like EC2), the mismatch
	; is normal. Setting ServerBehindNAT to True will skip the hostname check.
	; NOTE: See also the 'DataInterface' setting, below.
	;;ServerBehindNAT = True

	; Hostname or IP address of the interface to use for data connections. If not
	; set in this file, then the default behavior is:
	; - When run on an EC2 instance, the data interface will be automatically
	; configured to use the public ipv4 address of the instance.
	; - When run on a non-EC2 instance, if ServerBehindNAT is True, then
	; the hostname of the Server string is used. If this resolves to a private
	; IP adddress, a warning will be issued.
	; - Otherwise, this will not be set, and the gridftp server will tell clients
	; to connect to the IP address that the control connection was established
	; on.
	;; DataInterface =

	; Path of a directory where GridFTP will store files used to control
	; sharing access to individual accounts. The variables $USER and $HOME
	; should be used in order to define a unique path per user.
	; If not specified, this will default to "$HOME/.globus/sharing".
	;
	; For instance, with SharingStateDir = "/var/globusonline/sharing/$USER",
	; user "bob" would be enabled for sharing only if a path exists with the
	; name "/var/globusonline/sharing/bob/" and is writable by bob.
	;
	;;SharingStateDir =