FTP Retrieval System
Overview
This page documents the configuration and process for allowing warehouse data requesters to retrieve their data over ftp.The goals of this system are as follows:
- Allow users to retrieve their requested data over the internet.
- Limit users to retrieving only the data they have requested
- Disallow shell access for users - File retrieval only
- Require that users provide a username and password when retrieving their data.
- Require users to retrieve their data within a specified time frame.
- Avoid duplicating data on the server.
- Prevent users from changing data housed on the server.
- Maintain the directory structure of requested data.
- Automate the system configuration as much as possible.
Preliminary Configuration
- configure main data store for read-only access
- vsfptd configured for chroot to home
- ftponly shell
- /etc/ftponlyshell - shell script that echos a warning and exits
- Added to /etc/shells
Automated configuration
Setup
Per User
Create user account on viking (if not existing)
useradd -m -e 2012-02-25 -s /etc/ftponlyshell username
- -m make a home directory
- -e YYYY-MM-DD specify expiration
- -s /etc/ftponlyshell set users shell to the warning shell
Update existing user account
usermod -e 2012-02-25 -s /etc/ftponlyshell username
- extend expiration?
- ensure shell is /etc/ftponlyshell
Per Request
#Build matching directory structure for requested data in user home mkdir -p /home/username/path_to_data/ #Expose main data store directory to user mount --bind /main_data_store/path_to_data/ /home/username/path_to_data/User permissions on /main_data_store/path_to_data/ must be set accordingly
- Generate wget retrieval script with user credentials and correct path
OUT_DIR=. DWUN=username DWPW=password wget -r -c -nH -P $OUT_DIR ftp://$DWUN:$DWPW@viking.cira.colostate.edu/path_to_data/;}}}@@
Tear Down
Per User (?)
- Delete user account and home directory
Per Request
- Un-mount relevant directories in /home/user/