Not logged in - Login
< back

FTP Retrieval System

Overview

This page documents the configuration and process for allowing warehouse data requesters to retrieve their data over ftp.

The goals of this system are as follows:

  • Allow users to retrieve their requested data over the internet.
  • Limit users to retrieving only the data they have requested
  • Disallow shell access for users - File retrieval only
  • Require that users provide a username and password when retrieving their data.
  • Require users to retrieve their data within a specified time frame.
  • Avoid duplicating data on the server.
  • Prevent users from changing data housed on the server.
  • Maintain the directory structure of requested data.
  • Automate the system configuration as much as possible.

Preliminary Configuration

  • configure main data store for read-only access
  • vsfptd configured for chroot to home
  • ftponly shell
    • /etc/ftponlyshell - shell script that echos a warning and exits
      • Added to /etc/shells

Automated configuration

Setup

Per User

Create user account on viking (if not existing)

useradd -m -e 2012-02-25 -s /etc/ftponlyshell username

  • -m make a home directory
  • -e YYYY-MM-DD specify expiration
  • -s /etc/ftponlyshell set users shell to the warning shell

Update existing user account

usermod -e 2012-02-25 -s /etc/ftponlyshell username

  • extend expiration?
  • ensure shell is /etc/ftponlyshell

Per Request

#Build matching directory structure for requested data in user home
mkdir -p /home/username/path_to_data/

#Expose main data store directory to user
mount --bind /main_data_store/path_to_data/ /home/username/path_to_data/
User permissions on /main_data_store/path_to_data/ must be set accordingly
  • Generate wget retrieval script with user credentials and correct path
  • [[[code lang=shell|OUT_DIR=.

OUT_DIR=.
DWUN=username
DWPW=password
wget -r -c -nH -P $OUT_DIR ftp://$DWUN:$DWPW@viking.cira.colostate.edu/path_to_data/ ;}}}@@

Tear Down

Per User (?)

  • Delete user account and home directory

Per Request

  • Un-mount relevant directories in /home/user/