FTP Retrieval System
Overview
This page documents the configuration and process for allowing warehouse data requesters to retrieve their data over ftp.The goals of this system are as follows:
- Allow users to retrieve their requested data over the internet.
- Limit users to retrieving only the data they have requested
- Disallow shell access for users - File retrieval only
- Require that users provide a username and password when retrieving their data.
- Require users to retrieve their data within a specified time frame.
- Avoid duplicating data on the server.
- Prevent users from changing data housed on the server.
- Maintain the directory structure of requested data.
- Automate the system configuration as much as possible.
Preliminary Configuration
- configure main data store for read-only access
- vsfptd configured for chroot to home
- ftponly shell
- /etc/ftponlyshell - shell script that echos a warning and exits
- Added to /etc/shells
Automated configuration
Setup
Per User
- Create user account on viking (if not existing)
- make a home directory
- specify expiration
- set users shell to /etc/ftponlyshell
- Update existing user account
- extend expiration?
- ensure shell is /etc/ftponlyshell
Per Request
- Build matching directory structure for requested data in /home/user/
- mount --bind main data store directory to parallel directory in /home/user/
- Generate wget retrieval script with user credentials and correct path
Tear Down
Per User (?)
- Delete user account and home directory
Per Request
-
UnmountUn-mount relevant directories in /home/user/