Symlink Management

Jason Simms

unread,

Oct 15, 2025, 4:05:18 PMOct 15

to dis...@globus.org

Hello all,

I see that by default Globus doesn't follow symlinks:

https://docs.globus.org/faq/transfer-sharing/#symlinks_and_path_restrictions

And it makes sense why this is in place. But we have a collection into /home, and many users likewise have a lab directory within /labs, and as such they regularly create a symlink within their home directory that would be nice to access via Globus.

First, are there any "gotchas" that I should be aware of if I want to enable symlinks? I imagine that regular permissions will be enforced, so I don't suspect I have to worry about users creating malicious links, but perhaps I am missing something key.

Second, if I do want to enable them, I don't quite understand the instructions to enable "rp-follow-symlinks option to the GridFTP server." I'm new to Globus configuration, so any guidance is welcome!"

Warmest regards,

Jason

--

Jason L. Simms, Ph.D., M.P.H.

Research Computing Manager

Swarthmore College
Information Technology Services

(610) 328-8102

Lev Gorenstein

unread,

Oct 16, 2025, 5:36:59 PM (13 days ago) Oct 16

to Jason Simms, dis...@globus.org

Jason,

If both /home and /labs are allowed on the collection (i.e. both paths are listed as permitted in its storage gateway path restrictions), then symlink will be shown, and clicking on the symlink would bring you into its /labs target as expected.

But if /labs is not a permitted path for this collection, then by default it will be shown, but will not be followed (with a ‘you don’t have permission’ error upon clicking). Unless you use the rp-follow-symlinks trick (and defer access control to filesystem-only permissions as opposed to filesystem+Globus ones).

Lev

P.S. To enable rp-follow-symlinks feature: add

rp_follow_symlinks 1

to /etc/gridftp.conf (or to something like /etc/gridftp.d/z_symlinks)

Karl Kornel

unread,

Oct 16, 2025, 7:55:36 PM (13 days ago) Oct 16

to Lev Gorenstein, Jason Simms, dis...@globus.org

I just realized, I’m in a similar situation, so it might help if I share my config.

We have a /labs directory on one of our environments, whose contents are symlinks (so, /labs/a points to one place, /labs/b points to another, etc.). At this time, all of the symlinks point to sub-directories under /oak/stanford. So, our storage gateway has the following path restrictions:

None: “/“

Read: (empty)

Read-Write: “/labs” and “/oak/stanford”

Our Mapped Collection has a root path of /labs, and has no path restrictions (so, the Storage Gateway path restrictions apply).

We do not have the rp-follow-symlinks setting enabled. This configuration has worked well for us!

~ Karl

To unsubscribe from this group and stop receiving emails from it, send an email to discuss+u...@globus.org.

Reply all

Reply to author

Forward