Setting Up Transfer Users (Terminal)

Add system users on your computer, and configure the account for the fasp transfer.

Aspera transfer products use system accounts for connection authentication, and these accounts require additional configuration for Aspera transfers. You can specify user-based settings, such as bandwidth, document root (docroot), and file handling rules.

Follow these steps to set up transfer accounts in a command terminal:

  1. Set up a system user for Web UI authentication.

    On top of SSH authentication, Connect Server uses Apache's authentication to authorize Web UI access. To set up a system user for Apache authentication (aspera_user_1), use the htpasswd command to set up the user for Web UI.

    $ htpasswd /opt/aspera/etc/webpasswd aspera_user_1

    Note: Use the -c option only if this is the first time running htpasswd to create the webpasswd file. Do not use the -c option otherwise.
  2. Open aspera.conf with a text editor.

    To set up system users for FASP files transfers, locate the Aspera transfer product's configuration file, aspera.conf, and open it with a text editor:

    /opt/aspera/etc/aspera.conf

    You can find an example of aspera.conf in the following location:

    /opt/aspera/etc/samples/aspera-everything.conf

    The following steps explain how to update this file.

  3. Create default (global) transfer settings.

    When setting up a test user for the Web UI, the following default setting is created. This setting sets the token key and docroot for all users:

    Item Value
    String for generating the token secRet
    Default docroot /sandbox/$(name)
    <CONF version="2">
       <default>
          <authorization>
             <value>allow</value> <!-- Allow token authentication for HTTP -->
             <token>
                <encryption_key>secRet</encryption_key> <!-- String for token -->
             </token>
          </authorization>
          <file_system>
             <access><paths><path>
                <absolute>/sandbox/$(name)</absolute> <!-- Default docroot -->
             </path></paths></access>
          </file_system>
       </default>
       ...
    </CONF>

    Notice that the docroot setting uses a substitutional string $(name). If your system user's docroot setting has a pattern (for example, /sandbox/username, you can take advantage of this feature. The substitutional string lets you assign an independent docroot to each user by means of a single default setting, instead of setting a docroot for each user individually.

    Substitutional String Definition Example
    $(name) The system user's name. /sandbox/$(name)
  4. Restrict user permissions with aspshell.

    By default, all system users can establish a FASP connection and are only restricted by file permissions. You can restrict the user's file operations through the aspshell, which permits only the following operations:

    • Running Aspera uploads and downloads to or from this computer.
    • Establishing connections in the application, and browsing, creating, deleting, renaming, or listing contents.

    The following steps explain how to change a user account so that it uses the aspshell. Keep in mind that this is an example, and there may be other ways to do so on your system. Open the following file with a text editor:

    /etc/passwd

    Add or replace the user's shell with aspshell. For example, to apply aspshell to the user aspera_user_1, use the following settings in this file:

    ...
    aspera_user_1:x:501:501:...:/home/aspera_user_1:/bin/aspshell
    ...

    From the Isilon Administration web interface, select Access > Membership & Roles > Users. On the Manage Users page, look for the Providers field that says "Select a provider". Click the drop-down arrow and select LOCAL:System:

    To modify a given user account, click View/Edit and look for the UNIX shell field and change it to /bin/aspshell.

    You can also restrict a user's file access with docroot (document root) settings in the <file_system/> section of aspera.conf, using the following tags: <absolute/>, <read_allowed/>, <write_allowed/>, and <dir_allowed/>. For details, see aspera.conf - File System.

  5. Configure a user's transfer settings.

    Besides the default (global) transfer settings, you can also create user-specific and group-specific transfer settings. The user-specific settings have the highest priority, overriding both group and global settings.

    Add the following section to aspera.conf:

    <?xml version='1.0' encoding='UTF-8'?>
    <CONF version="2">
       <aaa>
          <realms>
             <realm>
                <users>
                   <user>
                      <name></name> <!-- user name -->
                      <authorization>...</authorization> <!-- authorization settings -->
                      <transfer>...</transfer> <!-- transfer settings -->
                      <file_system>...</file_system> <!-- file system settings -->
                   </user>
                   <user><!-- another user's profile -->
                      ... <!-- settings -->
                   </user>
                </users>
             </realm>
          </realms>
       </aaa>
       ...
    </CONF>
  6. Verify the configuration.

    When you have finished updating the user's settings in the aspera.conf, use the following command to verify it. (In this example, verify the settings for user asp_1):

    $ /opt/aspera/bin/asuserdata -b -u asp_1