2.5. Advanced Linux installation¶
- Init system configuration for Linux distributions not using systemd
- SFTPPlus directory hierarchy and permissions
- Customizing the process of starting SFTPPlus
- Running SFTPPlus daemon/service under an unprivileged account
For SysV-based distributions or SysV-compatible ones such as Amazon Linux AMI 2018.03, RHEL 5 and 6, SLES 11, Ubuntu Server 14.04, and Debian Linux 7, a sample init script is provided.
Make sure the script is executable, then amend the INSTALL_ROOT variable found inside the script to the installation path of your SFTPPlus instance.
Copy the modified script to the standard location used by the initialization system of your distribution:
cd /opt/sftpplus vi bin/sftpplus-mft.sysv.sh chmod +x bin/sftpplus-mft.sysv.sh cp bin/sftpplus-mft.sysv.sh /etc/init.d/sftpplus-mft
Then you can call the script directly as:
On Alpine Linux, you may use the included OpenRC service file, customizing the INSTALL_ROOT variable if needed for your installation:
cd /opt/sftpplus vi bin/sftpplus-mft.openrc.sh chmod +x bin/sftpplus-mft.openrc.sh cp bin/sftpplus-mft.openrc.sh /etc/init.d/sftpplus-mft
Then you may use:
rc-service sftpplus-mft COMMAND
The following COMMANDs are available:
- force-reload (alias for restart, only for the SysV init script)
- force-stop (only for the SysV init script)
- zap (only for the OpenRC service file)
- describe (only for the OpenRC service file)
To create an sftpplus group and user use:
addgroup sftpplus adduser -G sftpplus -s /bin/sh -h /opt/sftpplus -H -D sftpplus
You need to adjust the ownership of the files, otherwise some of the functionality (logging and saving configuration changes) will not work:
cd /opt/sftpplus && chown -R sftpplus:sftpplus configuration/ log/ run/
Staring SFTPPlus on boot requires running a specific tool which will make the required changed for the operating system. The following examples (run under the root account) show how to do that on supported distributions.
On Amazon Linux AMI 2018.03, RHEL 5 and 6, SLES 11:
chkconfig --add sftpplus-mft
On Alpine Linux:
rc-update add sftpplus-mft
Once unpacked, the SFTPPlus installation should have the following hierarchical directory structure on disk.
This list also describes the permissions required for the service account.
- bin/ - read-only Contains SFTPPlus administration commands and the init-specific files.
- configuration/ - read-only Stores all data related to SFTPPlus configuration.
- configuration/server.ini - read-and-write Stores the main configuration.
- doc/ - read-only Contains documentation and release notes for SFTPPlus.
- extension/ - read-only Contains custom extensions implemented using the SFTPPlus API.
- include/ - read-only This directory is for developers interested in extending the functionality of SFTPPlus. May be missing in some releases.
- lib/ - read-only This directory is for internal use.
- log/ - read, write, create file and delete file Stores SFTPPlus log messages. SFTPPlus will write log entries into the log files, by default. When log rotation is enabled, it will also create new rotated files and delete old rotated files.
- run/ - read, write, create file and delete file Stores various SFTPPlus runtime information.
For your convenience, the SFTPPlus installation comes with files to be integrated into the startup process of your operating system, as discussed in the relevant sections of the Linux and macOS pages.
Both operating systems are using a common command for starting and stopping the SFTPPlus product, as described here.
To start the server, use the following command:
cd /opt/sftpplus ./bin/admin-commands.sh start
By default it will start using the configuration file located at configuration/server.ini and will store the process ID inside the run/server.pid file.
To stop the server, send the kill signal to the process ID stored inside the run/server.pid file.
To store the process ID in a different file, start the server using -p or –pid arguments:
cd /opt/sftpplus ./bin/admin-commands.sh start --pid=/path/to/PID_FILE
If you want to launch the server using a configuration file from a specific location, use the -c or –config= argument:
cd /opt/sftpplus ./bin/admin-commands.sh start --config=/path/to/CONFIGURATION_FILE
Like any other OS process, the main process of SFTPPlus runs under an operating-system account.
SFTPPlus can start under the root OS account, and then drop privileges in order to mainly operate under a regular OS account.
As in most deployments such a regular account is dedicated to running SFTPPlus, our documentation refers to this regular OS account as the service account.
We recommend to always run SFTPPlus under such an unprivileged OS account, even when the SFTPPlus process is launched as root.
In this regard, the SFTPPlus process has 2 main modes of operation, each one with its own advantages and disadvantages.
This is the default mode on Linux and macOS.
The included unit, init, service, plist files are configured to start SFTPPlus as an unprivileged user.
Also make sure the configuration file reads as follows:
[server] account = Disabled
SFTPPlus will then operate under the same OS account that is used to launch it.
- Operating under the principle of least privilege.
- Even if there are security bugs in SFTPPlus, a successful exploit will not have unprivileged access to OS resources.
- On systemd-based Linux distributions and macOS, the unprivileged user can be assigned non-valid shell and home values such as /bin/false and /var/empty, respectively.
- Using ports below 1024 requires OS-specific configuration.
- OS accounts cannot be used for file transfer services.
- On Alpine Linux and Linux distributions using the SysV init file such as Amazon Linux AMI 2018.03, the unprivileged user needs a valid shell and home.
This is only needed if you require to authenticate OS accounts in SFTPPlus.
To configure SFTPPlus to start as root, but to run under the dedicated application account, you have to edit the default-included unit, init, or service file to use root instead of sftpplus for launching SFTPPlus.
Then make sure the following option is present in the configuration/server.ini configuration file:
[server] account = sftpplus
- Binding to ports below 1024 works out of the box.
- OS accounts can be used for file transfer services.
- On Alpine Linux and Linux distributions using the SysV init file, for example Amazon Linux AMI 2018.03, the unprivileged user can be assigned non-valid shell and home values such as /bin/false and /var/empty, respectively.
- Even though most of the time SFTPPlus will operate under the unprivileged account, for requests to authenticate an OS account SFTPPlus will briefly switch to running as root in order to perform the OS authentication. If there is a security bug in SFTPPlus, and that bug is exploited during the brief amount of time SFTPPlus runs as root, an attacker can theoretically gain privileged access to OS resources.
You can also start SFTPPlus under the privileged root account and keep running the SFTPPlus process as root using account = Disabled in the server’s configuration file. For security reasons, we don’t recommend this mode of operation.