Updating the Docroot of a Running asperawatchfolderd Service

If, when creating a watch folder, aswatchfolderadmin errors out with error code err=28672, check that your docroot has been properly configured to provide access to the source directory specified in the JSON configuration file. You may have specified a destination that is not permitted by the docroot of the user running asperawatchfolderd, or you may have no docroot configured at all.

If you need to make changes to your docroot, follow the instructions below to update your docroot and restart the asperawatchfolderd service.

  1. Update the docroot for the user running asperawatchfolderd.

    The docroot is a security feature that allows you to restrict the area asperawatchfolderd can access. If you need to acces the entire file system, you can set the docroot path as /, but you cannot leave it empty.

    Set the docroot for the user using the asconfigurator utility:

    # asconfigurator -x "set_user_data;user_name,username;absolute,docroot"

    For example:

    # asconfigurator -x "set_user_data;user_name,root;absolute,/"
    success
    user_name: root
    
    
    The asconfigurator command adds the following configuration to the <aaa> section of aspera.conf:
    <aaa>
        <realms>
            <realm>
                <users>
                    <user>
                        <name>root</name>
                        <file_system>
                            <access>
                                <paths>
                                    <path>
                                        <absolute>/</absolute>
                                    </path>
                                </paths>
                            </access>
                        </file_system>
                    </user>
                </users>
            </realm>
        </realms>
    </aaa>

    You can find the aspera.conf configuration file at:

    /opt/aspera/etc/aspera.conf

  2. Restart the asperawatchfolderd service to pick up the changes to the docroot.

    Use the asrun utility to disable and enable the asperawatchfolderd service.

    # /opt/aspera/bin/asrun send --disable="username"
    # /opt/aspera/bin/asrun send --enable="username"