Add users for the FASP connection authentication, and set up user transfer settings.
Your Aspera server uses your system accounts to authenticate connections. These system accounts must be added and configured before attempting an Aspera transfer. When creating transfer accounts, you may also specify user-based settings, including those for bandwidth, document root (docroot) and file handling.You must create systems accounts for transfer users before they can be configured on your Aspera server. After these system accounts have been created and initialized on your local host, follow the steps below to configure their transfer accounts.
By default, all system users can establish a FASP connection and are only restricted by file permissions. You can restrict the user's file manipulation operations through the aspshell, which permits only the following operations:
The following instructions demonstrate how to change a user account so that it uses the aspshell. Keep in mind that this is an example, and there may be other ways to do so for your system.
(1) Open the following file with a text editor:/etc/passwd
(2) Locate the entry for aspera_user_1. For example:
... aspera_user_1:x:501:501:...:/home/aspera_user_1:/bin/bash ...
Replace the user's shell, in this case /bin/bash, with /bin/aspshell (or add the shell setting if it does not already exist:):
... aspera_user_1:x:501:501:...:/home/aspera_user_1:/bin/aspshell ...
You can also restrict a user's file access with Document Root (docroot) settings. The instructions are explained in the following steps.
Run asperascp in a terminal shell as root to launch the application. In the UI, click Configuration.
In Server Configuration, select the Users tab and click the button.
You can limit a user's access to a given directory using the document root (docroot). To set it up, click Configuration>UsersusernameDocroot. Check the Override box for Absolute Path and enter or select an existing path as the user's docroot -- for example, /sandbox/aspera_user_1. Make sure that at least the Read Allowed and Browse Allowed are set to true. When finished, click OK or Apply.
If there is a pattern in the docroot of each user, for example, /sandbox/username, you can take advantage of a substitutional string. This allows you to assign an independent docroot to each user without setting it individually for each user.
|$(name)||system user's name||/sandbox/$(name)|
|$(home)||system user's home directory||$(home)/Documents|
Set up a docroot with a substitutional string as follows: in the Server Configuration dialog, select the Global tab and the Docroot tab, and enter the docroot into the Absolute Path field. This value will be duplicated in all user settings.