2.5. Advanced Linux and macOS usage¶
Once unpacked, the SFTPPlus installation should have the following hierarchical directory structure on disk.
This list also describes the permissions required for the service account.
- bin/ - read-only Contains SFTPPlus administration commands and the init-specific files.
- configuration/ - read-only Stores all data related to SFTPPlus configuration.
- configuration/server.ini - read-and-write Stores the main configuration.
- doc/ - read-only Contains documentation and release notes for SFTPPlus.
- extension/ - read-only Contains custom extensions implemented using the SFTPPlus API.
- include/ - read-only This directory is for developers interested in extending the functionality of SFTPPlus. May be missing in some releases.
- lib/ - read-only This directory is for internal use.
- log/ - read, write, create file and delete file Stores SFTPPlus log messages. SFTPPlus will write log entries into the log files, by default. When log rotation is enabled, it will also create new rotated files and delete old rotated files.
- run/ - read, write, create file and delete file Stores various SFTPPlus runtime information.
For your convenience, the SFTPPlus installation comes with files to be integrated into the startup process of your operating system, as discussed in the relevant sections of the Linux and macOS pages.
Both operating systems are using a common command for starting and stopping the SFTPPlus product, as described here.
To start the server, use the following command:
By default it will start using the configuration file located at configuration/server.ini and will store the process ID inside the run/server.pid file.
To stop the server, send the kill signal to the process ID stored inside the run/server.pid file.
To store the process ID in a different file, start the server using -p or –pid arguments:
./bin/admin-commands.sh start --pid=/path/to/PID_FILE
If you want to launch the server using a configuration file from a specific location, use the -c or –config= argument:
./bin/admin-commands.sh start --config=/path/to/CONFIGURATION_FILE
Like any other OS process, the main process of SFTPPlus runs under an operating-system account.
SFTPPlus can start under the root OS account, and then drop privileges in order to mainly operate under a regular OS account.
As in most deployments such a regular account is dedicated to running SFTPPlus, our documentation refers to this regular OS account as the service account.
We recommend to always run SFTPPlus under such an unprivileged OS account, even when the SFTPPlus process is launched as root.
In this regard, the SFTPPlus process has 2 main modes of operation, each one with its own advantages and disadvantages.
If you want the SFTPPlus process launched as root (e.g. for authenticating OS accounts), the configuration file should define an unprivileged OS account (by default, sftpplus) for the process’ operation.
To operate under the sftpplus account, make sure the configuration file reads as follows:
[server] account = sftpplus
Also make sure to configure the included unit, init, service or plist file to start SFTPPlus as root by uncommenting the relevant section. Otherwise, your init system will run SFTPPlus as a regular user.
- Binding to ports below 1024 works out of the box.
- OS accounts can be used for file transfer services.
- Even though most of the time SFTPPlus will operate under the unprivileged account, for requests to authenticate an OS account SFTPPlus will briefly switch to running as root in order to perform the OS authentication. If there is a security bug in SFTPPlus, and that bug is exploited during the brief amount of time SFTPPlus runs as root, an attacker can theoretically gain privileged access to OS resources.
You can also start SFTPPlus under the privileged root account and keep running the SFTPPlus process as root using account = Disabled in the server’s configuration file. For security reasons, we don’t recommend this mode of operation.
This is the default mode on Linux and macOS.
The included unit, init, service, plist files are configured to start SFTPPlus as an unprivileged user.
Also make sure the configuration file reads as follows:
[server] account = Disabled
SFTPPlus will then operate under the same OS account that is used to launch it.
- Operating under the principle of least privilege.
- Even if there are security bugs in SFTPPlus, a successful exploit will not have unprivileged access to OS resources.
- Using ports below 1024 requires OS-specific configuration.
- OS accounts cannot be used for file transfer services.