Setting Up Users

Note: This topic describes setting up transfer user accounts with the GUI. If you are setting up users in a terminal, see Setting Up Transfer Users (Terminal).

Your Aspera server uses your system accounts to authenticate connections. These system accounts must be added and configured as transfer accounts before attempting an Aspera transfer. When creating transfer accounts, you may also specify user-based settings, including those for bandwidth, document root (docroot) and file handling.

You must create systems accounts for transfer users before they can be configured on your Aspera server. After these system accounts have been created and initialized on your local host, follow the steps below to configure their transfer accounts.

  1. Set up the system user for Web UI authentication.
    In addition to SSH authentication, Connect Server uses Apache's authentication to authorize Web UI access. To set up a system user (asp1 in this example) for Apache authentication, run the htpasswd command below.
    Note: On the first run of htpasswd, you must use the -c option to create the file for credential storage, webpasswd. Do not use the -c option otherwise.
    $ htpasswd [-c ]/opt/aspera/etc/webpasswd asp1
    Note: If you have Apache 2.4.4, the above command may not work. You are prompted to enter a password, but you may get authentication errors when attempting to view the site. As a workaround to this bug, run htpasswd with the -b option and enter the password on the command line, as follows:
    $ htpasswd -b /opt/aspera/etc/webpasswd asp1 password
  2. Restrict user permissions with aspshell.
    By default, all system users can establish a FASP connection and are only restricted by file permissions. You can restrict the user's file operations through the aspshell, which permits only the following operations:
    • Running Aspera uploads and downloads to or from this computer.
    • Establishing connections in the application, and browsing, creating, deleting, renaming, or listing contents.

    These instructions explain one way to change a user account so that it uses the aspshell; there may be other ways to do so on your system.

    Open the following file with a text editor:


    Add or replace the user's shell with aspshell. For example, to apply aspshell to the user aspera_user_1, use the following settings in this file:


    You can also restrict a user's file access with docroot (document root) settings in the <file_system/> section of aspera.conf, using the following tags: <absolute/>, <read_allowed/>, <write_allowed/>, and <dir_allowed/>. For details, see aspera.conf - File System.

  3. Add a system user to your Aspera server.
    Run asperascp in a terminal shell as root to launch the application. Click Configuration in the UI.
    Click the Configuration.

    In Server Configuration, select the Users tab and click the Add user button.

    Add the test user.
  4. Set the user's docroot.
    You can limit a user's access to a given directory using the document root (docroot). To set it up, click Configuration > Users >username > Docroot. Select the Override box for Absolute Path and enter or select an existing path as the user's docroot -- for example, /sandbox/aspera_user_1. Make sure that at least the Read Allowed and Browse Allowed are set to true. When finished, click OK or Apply.
    Set up the docroot.

    If there is a pattern in the docroot of each user, for example, /sandbox/username, you can take advantage of a substitutional string. This allows you to assign an independent docroot to each user without setting it individually for each user.

    Substitutional String Definition Example
    $(name) system user's name /sandbox/$(name)
    $(home) system user's home directory $(home)/Documents

    To set up a docroot with a substitutional string, in the Server Configuration dialog, select the Global tab and the Docroot tab, and enter the docroot into the Absolute Path field. This value will be duplicated in all user settings.

    Use the substitutional string for the docroot.