Not logged in - Login
< back

FTP Retrieval System

Overview

This page documents the configuration and process for allowing warehouse data requesters to retrieve their data over ftp.

The goals of this system are as follows:

  • Allow users to retrieve their requested data over the internet.
  • Limit users to retrieving only the data they have requested
  • Disallow shell access for users - File retrieval only
  • Require that users provide a username and password when retrieving their data.
  • Require users to retrieve their data within a specified time frame.
  • Avoid duplicating data on the server.
  • Prevent users from changing data housed on the server.
  • Maintain the directory structure of requested data.
  • Automate the system configuration as much as possible.

Preliminary Configuration

  • configure main data store for read-only access
  • vsfptd configured for chroot to home
  • ftponly shell
    • /etc/ftponlyshell - shell script that echos a warning and exits
      • Added to /etc/shells

Automated configuration

Setup

Per User

  • Update existing user account
    • extend expiration?
    • ensure shell is /etc/ftponlyshell
      usermod -e 2012-02-25 -s /etc/ftponlyshell username

Per Request

  •  Build#Build matching directory structure for requested data in user home
     
    mkdir -p /home/username/path_to_data/

  • Expose #Expose main data store directory to user
    mount --bind /main_data_store/path_to_data/ /home/username/path_to_data/


    User permissions on /main_data_store/path_to_data/ must be set accordingly
  • Tear Down

    Per User (?)

    • Delete user account and home directory

    Per Request

    • Un-mount relevant directories in /home/user/