Not logged in - Login
< back

FTP Retrieval System


This page documents the configuration and process for allowing warehouse data requesters to retrieve their data over ftp.

The goals of this system are as follows:

  • Allow users to retrieve their requested data over the internet.
  • Limit users to retrieving only the data they have requested
  • Disallow shell access for users - File retrieval only
  • Require that users provide a username and password when retrieving their data.
  • Require users to retrieve their data within a specified time frame.
  • Avoid duplicating data on the server.
  • Prevent users from changing data housed on the server.
  • Maintain the directory structure of requested data.
  • Automate the system configuration as much as possible.

Preliminary Configuration

  • configure main data store for read-only access
  • vsfptd configured for chroot to home
  • ftponly shell
    • /etc/ftponlyshell - shell script that echos a warning and exits
      • Added to /etc/shells

Automated configuration


Per User

Create user account on viking (if not existing)

useradd -m -e 2012-02-25 -s /etc/ftponlyshell username

  • -m make a home directory
  • -e YYYY-MM-DD specify expiration
  • -s /etc/ftponlyshell set users shell to the warning shell

Update existing user account

usermod -e 2012-02-25 -s /etc/ftponlyshell username

  • extend expiration?
  • ensure shell is /etc/ftponlyshell

Per Request

#Build matching directory structure for requested data in user home
mkdir -p /home/username/path_to_data/

#Expose main data store directory to user
mount --bind /main_data_store/path_to_data/ /home/username/path_to_data/
User permissions on /main_data_store/path_to_data/ must be set accordingly
  • Generate wget retrieval script with user credentials and correct path

wget -r -c -nH -P $OUT_DIR ftp://$DWUN:$

Tear Down

Per User (?)

  • Delete user account and home directory

Per Request

  • Un-mount relevant directories in /home/user/