Setting Up Users

Add users for the FASP connection authentication, and set up user transfer settings.

Note: This topic describes setting up transfer user accounts with the GUI. If you are setting up users in a terminal, see Setting Up Transfer Users (Terminal).

Your Aspera server uses your system accounts to authenticate connections. These system accounts must be added and configured before attempting an Aspera transfer. When creating transfer accounts, you may also specify user-based settings, including those for bandwidth, document root (docroot) and file handling.

You must create systems accounts for transfer users before they can be configured on your Aspera server. After these system accounts have been created and initialized on your local host, follow the steps below to configure their transfer accounts.

  1. Restrict user permissions with aspshell.

    By default, all system users can establish a FASP connection and are only restricted by file permissions. You can restrict the user's file manipulation operations through the aspshell, which permits only the following operations:

    • Run Aspera uploads and downloads to or from this computer.
    • Establish connections in the application and browse, create, delete, rename or list contents.

    The following instructions demonstrate how to change a user account so that it uses the aspshell. Keep in mind that this is an example, and there may be other ways to do so for your system.

    (1) Open the following file with a text editor:

    /etc/passwd

    (2) Locate the entry for aspera_user_1. For example:

    ...
    aspera_user_1:x:501:501:...:/home/aspera_user_1:/bin/bash
    ...

    Replace the user's shell, in this case /bin/bash, with /bin/aspshell (or add the shell setting if it does not already exist:):

    ...
    aspera_user_1:x:501:501:...:/home/aspera_user_1:/bin/aspshell
    ...

    You can also restrict a user's file access with Document Root (docroot) settings. The instructions are explained in the following steps.

  2. Add a system user to your Aspera server.

    Run asperascp in a terminal shell as root to launch the application. In the UI, click Configuration.

    Click the Configuration.

    In Server Configuration, select the Users tab and click the Add user button.

    Add the test user.
  3. Set up user's docroot.

    You can limit a user's access to a given directory using the document root (docroot). To set it up, click Configuration>UsersusernameDocroot. Check the Override box for Absolute Path and enter or select an existing path as the user's docroot -- for example, /sandbox/aspera_user_1. Make sure that at least the Read Allowed and Browse Allowed are set to true. When finished, click OK or Apply.

    Set up the docroot.

    If there is a pattern in the docroot of each user, for example, /sandbox/username, you can take advantage of a substitutional string. This allows you to assign an independent docroot to each user without setting it individually for each user.

    Substitutional String Definition Example
    $(name) system user's name /sandbox/$(name)
    $(home) system user's home directory $(home)/Documents

    Set up a docroot with a substitutional string as follows: in the Server Configuration dialog, select the Global tab and the Docroot tab, and enter the docroot into the Absolute Path field. This value will be duplicated in all user settings.

    Use the substitutional string for the docroot.