Add system users on your computer, and configure the account for the fasp transfer.
Aspera transfer products use system accounts for connection authentication, and these accounts require additional configuration for Aspera transfers. You can specify user-based settings, such as bandwidth, document root (docroot), and file handling rules.
Follow these steps to set up transfer accounts in a command terminal:
On top of SSH authentication, Connect Server uses Apache's authentication to authorize Web UI access. To set up a system user for Apache authentication (aspera_user_1), use the htpasswd command to set up the user for Web UI.
$ htpasswd /opt/aspera/etc/webpasswd aspera_user_1
To set up system users for FASP files transfers, locate the Aspera transfer product's configuration file, aspera.conf, and open it with a text editor:
You can find an example of aspera.conf in the following location:
The following steps explain how to update this file.
When setting up a test user for the Web UI, the following default setting is created. This setting sets the token key and docroot for all users:
|String for generating the token||secRet|
<CONF version="2"> <default> <authorization> <value>allow</value> <!-- Allow token authentication for HTTP --> <token> <encryption_key>secRet</encryption_key> <!-- String for token --> </token> </authorization> <file_system> <access><paths><path> <absolute>/sandbox/$(name)</absolute> <!-- Default docroot --> </path></paths></access> </file_system> </default> ... </CONF>
Notice that the docroot setting uses a substitutional string $(name). If your system user's docroot setting has a pattern (for example, /sandbox/username, you can take advantage of this feature. The substitutional string lets you assign an independent docroot to each user by means of a single default setting, instead of setting a docroot for each user individually.
|$(name)||The system user's name.||/sandbox/$(name)|
By default, all system users can establish a FASP connection and are only restricted by file permissions. You can restrict the user's file operations through the aspshell, which permits only the following operations:
The following steps explain how to change a user account so that it uses the aspshell. Keep in mind that this is an example, and there may be other ways to do so on your system. Open the following file with a text editor:
Add or replace the user's shell with aspshell. For example, to apply aspshell to the user aspera_user_1, use the following settings in this file:
... aspera_user_1:x:501:501:...:/home/aspera_user_1:/bin/aspshell ...
From the Isilon Administration web interface, select Access > Membership & Roles > Users. On the Manage Users page, look for the Providers field that says "Select a provider". Click the drop-down arrow and select LOCAL:System:
To modify a given user account, click View/Edit and look for the UNIX shell field and change it to /bin/aspshell.
You can also restrict a user's file access with docroot (document root) settings in the <file_system/> section of aspera.conf, using the following tags: <absolute/>, <read_allowed/>, <write_allowed/>, and <dir_allowed/>. For details, see aspera.conf - File System.
Besides the default (global) transfer settings, you can also create user-specific and group-specific transfer settings. The user-specific settings have the highest priority, overriding both group and global settings.
Add the following section to aspera.conf:
<?xml version='1.0' encoding='UTF-8'?> <CONF version="2"> <aaa> <realms> <realm> <users> <user> <name></name> <!-- user name --> <authorization>...</authorization> <!-- authorization settings --> <transfer>...</transfer> <!-- transfer settings --> <file_system>...</file_system> <!-- file system settings --> </user> <user><!-- another user's profile --> ... <!-- settings --> </user> </users> </realm> </realms> </aaa> ... </CONF>
When you have finished updating the user's settings in the aspera.conf, use the following command to verify it. (In this example, verify the settings for user asp_1):
$ /opt/aspera/bin/asuserdata -b -u asp_1