FTP Retrieval System
Overview
This page documents the configuration and process for allowing warehouse data requesters to retrieve their data over ftp.The goals of this system are as follows:
- Allow users to retrieve their requested data over the internet.
- Limit users to retrieving only the data they have requested
- Disallow shell access for users - File retrieval only
- Require that users provide a username and password when retrieving their data.
- Require users to retrieve their data within a specified time frame.
- Avoid duplicating data on the server.
- Prevent users from changing data housed on the server.
- Maintain the directory structure of requested data.
- Automate the system configuration as much as possible.
Preliminary Configuration
- configure main data store for read-only access
- vsfptd configured for chroot to home
- ftponly shell
- /etc/ftponlyshell - shell script that echos a warning and exits
- Added to /etc/shells
Automated configuration
Setup
Per User
- Create user account on viking (if not existing)
- -m make a home directory
- -e YYYY-MM-DD specify expiration
- -s /etc/ftponlyshell set users shell to the warning shell
useradd -m -e 2012-02-25 -s /etc/ftponlyshell username
- Update existing user account
- extend expiration?
- ensure shell is /etc/ftponlyshell
usermod -e 2012-02-25 -s /etc/ftponlyshell username
Per Request
- Build matching directory structure for requested data in
/home/user/user homemkdir -p /home/username/path_to_data/ -
mount --bindExpose main data store directory toparallelusermountdirectory--bindin/main_data_store/path_to_data//home/user//home/username/path_to_data/
User permissions on /main_data_store/path_to_data/ must be set accordingly - Generate wget retrieval script with user credentials and correct path
OUT_DIR=. ; DWUN=username ; DWPW=password ; wget -r -c -nH -P $OUT_DIR ftp://$DWUN:$DWPW@viking.cira.colostate.edu/path_to_data/ ;
Tear Down
Per User (?)
- Delete user account and home directory
Per Request
- Un-mount relevant directories in /home/user/