On top of SSH authentication, Connect Server uses Apache's authentication to authorize Web UI access. To set up a system user for Apache authentication (asp1), use the htpasswd command to set up the user for Web UI.

You need to modify the Aspera transfer product's configuration file to set up system users for fasp files transfers. To do so, open the file with a text editor:

/opt/aspera/etc/aspera.conf

You can find an aspera.conf example in this path:

/opt/aspera/etc/samples/aspera-everything.conf

The following steps are instructions about updating this file.

When setting up a test user for Web UI, the following default setting is created. This setting applies token key and docroot for all users:

<CONF version="2">
   <default>
      <authorization>
         <value>allow</value> <!-- Allow token authentication for HTTP -->
         <token>
            <encryption_key>secRet</encryption_key> <!-- String for token -->
         </token>
      </authorization>
      <file_system>
         <access><paths><path>
            <absolute>/sandbox/$(name)</absolute> <!-- Default docroot -->
         </path></paths></access>
      </file_system>
   </default>
   ...
</CONF>

Notice that there is a substitutional string $(name) in the docroot setting. If your system's user docroot setting has a pattern (For example, /sandbox/(user name), you can take advantage of the substitutional string $(name) to reflect the individual user names. By using the substitutional string, you can assign independent docroot to each user by setting only the default docroot, instead of adding docroot for each user.

By default, all system users can establish a fasp connection and are only restricted by file permissions. You can restrict the user's file manipulation operations through the aspshell, which permits only the following operations:

• Run Aspera uploads and downloads to or from this computer.
• Establish connections in the application and browse, create, delete, rename or list contents.

The following instructions demonstrate how to change a user account so that it uses the aspshell. Keep in mind that this is an example, and there may be other ways to do so for your system. Open the following file with a text editor:

/etc/passwd

Add or replace the user's shell with /bin/aspshell. For example, to apply aspshell to the user asp1, use the following settings in this file:

...
asp1:x:501:501:...:/home/asp1:/bin/aspshell
...

You can also restrict a user's file access with Document Root (docroot) settings in aspera.conf's <file_system /> (Use <absolute />, <read_allowed />, <write_allowed />, and <dir_allowed /> tags). Refer to aspera.conf - File System.

Besides the default (global) transfer settings, you may also create user-specific and group-specific transfer settings. The user-specific settings have the highest priority, which overwrite both group and global settings.

Add the following section to aspera.conf:

<?xml version='1.0' encoding='UTF-8'?>
<CONF version="2">
   <aaa>
      <realms>
         <realm>
            <users>
               <user> <!-- Each user tag contains a user's profile. -->
                  <name>asp1</name> <!-- The user name. -->
                  <authorization>...</authorization> <!-- Authorization settings. -->
                  <transfer>...</transfer> <!-- Transfer settings. -->
                  <file_system>...</file_system> <!-- File System settings. -->
               </user>
               <user>
                  ... <!-- Another user's settings-->
               </user>
            </users>
         </realm>
      </realms>
   </aaa>
   ...
</CONF>

When you have finished updating the user's settings in the aspera.conf, use the following command to verify it (In this example, verify the user asp1's settings):

$ /opt/aspera/bin/asuserdata -b -u asp1