SFTPPlus Documentation

Start Page 2. Installation and Upgrade Instructions 2.5. Advanced Linux and macOS usage

2.5. Advanced Linux and macOS usage

2.5.1. SFTPPlus directory hierarchy and permissions

Once unpacked, the SFTPPlus installation should have the following hierarchical directory structure on disk.

This list also describes the permissions required for the service account.

  • bin/ - read-only Contains SFTPPlus administration commands and the init-specific files.
  • configuration/ - read-only Stores all data related to SFTPPlus configuration.
  • configuration/server.ini - read-and-write Stores the main configuration.
  • doc/ - read-only Contains documentation and release notes for SFTPPlus.
  • extension/ - read-only Contains custom extensions implemented using the SFTPPlus API.
  • include/ - read-only This directory is for developers interested in extending the functionality of SFTPPlus. May be missing in some releases.
  • lib/ - read-only This directory is for internal use.
  • log/ - read, write, create file and delete file Stores SFTPPlus log messages. SFTPPlus will write log entries into the log files, by default. When log rotation is enabled, it will also create new rotated files and delete old rotated files.
  • run/ - read, write, create file and delete file Stores various SFTPPlus runtime information.

2.5.2. Customizing the process of starting SFTPPlus

For your convenience, the SFTPPlus installation comes with files to be integrated into the startup process of your operating system, as discussed in the relevant sections of the Linux and macOS pages.

Both operating systems are using a common command for starting and stopping the SFTPPlus product, as described here.

To start the server, use the following command:

./bin/admin-commands.sh start

By default it will start using the configuration file located at configuration/server.ini and will store the process ID inside the run/server.pid file.

To stop the server, send the kill signal to the process ID stored inside the run/server.pid file.

To store the process ID in a different file, start the server using -p or –pid arguments:

./bin/admin-commands.sh start --pid=/path/to/PID_FILE

If you want to launch the server using a configuration file from a specific location, use the -c or –config= argument:

./bin/admin-commands.sh start --config=/path/to/CONFIGURATION_FILE

2.5.3. Running SFTPPlus daemon/service under an unprivileged account

Like any other OS process, the main process of SFTPPlus runs under an operating-system account.

SFTPPlus can start under the root OS account, and then drop privileges in order to mainly operate under a regular OS account.

As in most deployments such a regular account is dedicated to running SFTPPlus, our documentation refers to this regular OS account as the service account.

We recommend to always run SFTPPlus under such an unprivileged OS account, even when the SFTPPlus process is launched as root.

In this regard, the SFTPPlus process has 2 main modes of operation, each one with its own advantages and disadvantages.

2.5.3.1. Start as root and mostly operate as unprivileged account

If you want the SFTPPlus process launched as root (e.g. for authenticating OS accounts), the configuration file should define an unprivileged OS account (by default, sftpplus) for the process’ operation.

To operate under the sftpplus account, make sure the configuration file reads as follows:

[server]
account = sftpplus

Also make sure to configure the included unit, init, service or plist file to start SFTPPlus as root by uncommenting the relevant section. Otherwise, your init system will run SFTPPlus as a regular user.

Advantages:

  • Binding to ports below 1024 works out of the box.
  • OS accounts can be used for file transfer services.

Disadvantages:

  • Even though most of the time SFTPPlus will operate under the unprivileged account, for requests to authenticate an OS account SFTPPlus will briefly switch to running as root in order to perform the OS authentication. If there is a security bug in SFTPPlus, and that bug is exploited during the brief amount of time SFTPPlus runs as root, an attacker can theoretically gain privileged access to OS resources.

Note

You can also start SFTPPlus under the privileged root account and keep running the SFTPPlus process as root using account = Disabled in the server’s configuration file. For security reasons, we don’t recommend this mode of operation.

2.5.3.2. Start as unprivileged account and always operate under it

This is the default mode on Linux and macOS.

The included unit, init, service, plist files are configured to start SFTPPlus as an unprivileged user.

Also make sure the configuration file reads as follows:

[server]
account = Disabled

SFTPPlus will then operate under the same OS account that is used to launch it.

Advantages:

  • Operating under the principle of least privilege.
  • Even if there are security bugs in SFTPPlus, a successful exploit will not have unprivileged access to OS resources.

Disadvantages:

  • Using ports below 1024 requires OS-specific configuration.
  • OS accounts cannot be used for file transfer services.