Transmittals upload¶
The transmittals upload feature allows a contractor to upload a bunch of documents into a Phase instance directly from a ftp upload.
Server configuration¶
Here are the instructions to install and configure the ftp server to activate this feature.
Note that Phase doesn’t care how the files are transmitted to the server (ftp, ssh, nfs, etc.) so this section is for information only.
Ftp server installation and configuration¶
We will use the proftpd server to handle ftp communication, and configure the server to only accept ftps (ftp over ssl) connexions.
First, install the proftpd ftp server:
aptitude install proftpd
Choose the “standalone” start method.
Create the ssl certificates for the TLS connection.
openssl req -x509 -newkey rsa:2048 \
-keyout /etc/ssl/private/proftpd.key -out /etc/ssl/certs/proftpd.crt \
-nodes -days 365
chmod 0600 /etc/ssl/private/proftpd.key
chmod 0640 /etc/ssl/private/proftpd.key
Configure the server, using those examples files as starting points.
/etc/proftpd/proftpd.conf:
# Includes DSO modules
Include /etc/proftpd/modules.conf
# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6 off
RootLogin off
# If set on you can experience a longer connection delay in many cases.
IdentLookups off
ServerName "Phase"
ServerType standalone
DeferWelcome off
MultilineRFC2228 on
DefaultServer on
ShowSymlinks on
TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200
DisplayLogin welcome.msg
DisplayChdir .message true
ListOptions "-l"
DenyFilter \*.*/
# Use this to jail all users in their homes
DefaultRoot ~
# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.
RequireValidShell off
# Port 21 is the standard FTP port.
Port 21
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30
# Set the user and group that the server normally runs at.
User proftpd
Group nogroup
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 002 002
# Normally, we want files to be overwriteable.
AllowOverwrite off
# This is required to use both PAM-based authentication and local passwords
# AuthOrder mod_auth_pam.c* mod_auth_unix.c
TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log
# In order to keep log file dates consistent after chroot, use timezone info
# from /etc/localtime. If this is not set, and proftpd is configured to
# chroot (e.g. DefaultRoot or <Anonymous>), it will use the non-daylight
# savings timezone regardless of whether DST is in effect.
SetEnv TZ :/etc/localtime
DelayEngine on
# This is used for FTPS connections
Include /etc/proftpd/tls.conf
# List of authorized users
Include /etc/proftpd/users.conf
# Prevent files and directories rename / deletion
<Limit DELE>
DenyAll
</Limit>
<Limit RNFR>
DenyAll
</Limit>
<Limit RNTO>
DenyAll
</Limit>
/etc/proftpd/tls.conf:
TLSEngine on
TLSRequired on
TLSProtocol SSLv23
TLSVerifyClient off
TLSRSACertificateFile /etc/ssl/certs/proftpd.crt
TLSRSACertificateKeyFile /etc/ssl/private/proftpd.key
TLSLog /var/log/proftpd/tls.log
/etc/proftpd/users.conf:
<Limit LOGIN>
AllowUser test_ctr
DenyALL
</Limit>
User creation¶
Let’s create a unix user “test_ctr” for the contractor, and configure the directory permissions.
adduser test_ctr --disabled-password --ingroup=phase --shell=/bin/false
chmod g+rwX /home/test_ctr
echo "umask 002" >> /home/test_ctr/.profile
Note that for safety reasons, the list authorized users are explicitely declared in the /etc/proftpd/users.conf file.