2.3. Unix, Linux and OS X Installation¶
- Unpacking the archive
- Initializing the configuration
- Working with the SFTPPlus process account and group
- Running SFTPPlus daemon/service under an unprivileged account
- Starting and stopping the server
- Init system configuration for Unix and Linux
- Starting and stopping SFTPPlus on Unix and Linux
- Init system configuration for Apple Mac OS X
- SFTPPlus directory hierarchy and permissions
- First Steps
For Unix, Linux, and OS X systems, SFTPPlus is distributed as a gzipped TAR archive. Installing SFTPPlus on these operating systems consists of unpacking the archive, initializing the configuration and generating the SSH keys and the SSL certificate which will be used by the product.
The included default configuration requires the creation of a system account, named sftpplus, under which the SFTPPlus process is executed. Optionally, you may choose to run SFTPPlus as root, especially if you want it to authenticate operating system users.
In order to have SFTPPlus started at boot time, you may use one of the included init, unit, service or plist files. For Unix and Linux, the service initialization script has been tested on all supported operating systems, but it should work on other systems as well.
After downloading the compressed archive, you can extract the files using the following command:
gunzip -dc sftpplus-os-arch-version.tar.gz | tar -xf -
The tar archive has been created using pax, and should be extractable by the GNU tar command or its alternatives.
To install SFTPPlus, move (or copy/link) the unpacked directory to your preferred installation path, for example: /opt/sftpplus or, if you are using OS X, /Library/sftpplus.
SFTPPlus may be installed in any location on the local file system. For this documentation, we will assume that on Unix and Linux systems, SFTPPlus is unpacked in the /opt/sftpplus directory (we will discuss the INSTALL_ROOT more later).
For OS X we will assume that SFTPPlus is unpacked in the /Library/sftpplus directory. In the following examples please replace /opt/sftpplus/ with /Library/sftpplus.
When installing SFTPPlus on a machine for the first time, you need to generate the initial configuration file and a machine-specific SSH key. A self-signed SSL certificate will also be generated to help with the initial FTPS testing.
To initialize SFTPPlus, execute the following commands:
cd /opt/sftpplus ./bin/admin-commands.sh initialize
The initialization step is not required when upgrading SFTPPlus. It will not overwrite the configuration file, SSH keys, and SSL certificate, if existing. In the case that you want to generate a new configuration, manually remove the existing files.
On Unix and Linux systems, SFTPPlus’ process runs as a single, self managed daemon. It does not depend on inetd (the Internet daemon).
On OS X systems, SFTPPlus’ process is managed by launchd.
On Linux/Unix the SFTPPlus is designed to run as a foreground process executed under the root account and will drop privileges after it is launched.
The following are details for configuring the SFTPPlus account and group for Unix / Linux / OSX.
On Unix and Linux systems, SFTPPlus is able to drop privileges to a regular account. The default configuration takes advantage of this feature, thus requiring a dedicated sftpplus operating system account to be created. Creating a dedicated new group and a new user for running SFTPPlus’ process is therefore recommended.
In the following example we will use the default configuration value of sftpplus for the name of the user to run SFTPPlus.
To create an sftpplus group and user in Linux and Solaris (with the exception of Alpine Linux):
groupadd sftpplus useradd -g sftpplus -c "SFTPPlus" -s /bin/false -d /dev/null sftpplus
To create an sftpplus group and user in Alpine Linux:
addgroup sftpplus adduser -G sftpplus -g "SFTPPlus" -s /bin/false -h /dev/null -H -D sftpplus
To run SFTPPlus in Alpine Linux under an unprivileged account at all times through the included OpenRC init script, avoid creating the user with “/bin/false” as shell and “/dev/null” as home, eg.: adduser -G sftpplus -g “SFTPPlus” -h /opt/sftpplus -H -D sftpplus
The generic Linux commands should work in Alpine Linux too, as long as you have the shadow package installed.
To create an sftpplus group and user in FreeBSD:
pw group add sftpplus pw user add sftpplus -g sftpplus -c SFTPPlus -s /usr/bin/false -d /dev/null
To create an sftpplus group and user in HP-UX (where useradd doesn’t allow creating accounts with a /dev/null home):
groupadd sftpplus useradd -g sftpplus -c "SFTPPlus" -s /bin/false sftpplus
To create an sftpplus group and user in AIX:
mkgroup sftpplus mkuser sftpplus usermod -g sftpplus -d /dev/null -s /bin/false -c "SFTPPlus" sftpplus
On AIX you’ll need to add /bin/false to the list of valid login shells in /etc/security/login.cfg before changing the shell of the sftpplus user with usermod.
To create an sftpplus group and a corresponding user on OS X, replace the value of 240 from the following example with a unique ID for your system:
# Create the group dedicated to the service account. dscl . create /Groups/sftpplus # Assign an unique ID to the group. dscl . create /Groups/sftpplus PrimaryGroupID 240 # Disable group password. dscl . create /Groups/sftpplus Password '*' # Create a user for the service account. dscl . create /Users/sftpplus # Assign a unique ID to the new user. dscl . create /Users/sftpplus UniqueID 240 # Assign this account to the dedicated group. dscl . create /Users/sftpplus PrimaryGroupID 240 # Disable shell access. dscl . create /Users/sftpplus UserShell /usr/bin/false # Make sure it has a default empty home folder. dscl . create /Users/sftpplus NFSHomeDirectory /var/empty # Disable password to block any authentication request. dscl . create /Users/sftpplus Password '*' # Initialize blank password and authentication rules. dscl . delete /Users/sftpplus PasswordPolicyOption dscl . delete /Users/sftpplus AuthenticationAuthority
On OS X, you can use dscacheutil -q user or dscacheutil -q group to identify the used IDs and pick a unique ID for the system.
The above commands are included into an easy to use script which is available as osx_useradd.sh
To configure SFTPPlus to run under the newly created account, make sure the following option is present in the server.ini configuration file:
[server] account = sftpplus
Don’t forget to adjust the ownership of the files, otherwise some of the functionality (logging and saving configuration changes) may not work. At the very least, SFTPPlus needs read access to all the files under /opt/sftpplus, but in a typical installation it would also require write permission to the log/ subdirectory (for logging) and the configuration/ subdirectory (for saving changes to the running configuration). If running at all times under an unprivileged account, write permissions to the run/ sub-directory holding the PID file are needed as well.
A quick and easy way to achieve the above would be: cd /opt/sftpplus && chown -R sftpplus configuration/ log/ run/
Like any other Linux/Unix process, the main process of SFTPPlus runs under an operating-system account.
SFTPPlus can start under the root OS account, and then drop privileges in order to mainly operate under a regular OS account.
As in most deployments such a regular account is dedicated to running SFTPPlus, our documentation refers to this regular OS account as the service account.
We recommend to always run SFTPPlus under such an unprivileged OS account, even when the SFTPPlus process is launched as root.
In this regard, the SFTPPlus process has 2 main modes of operation, each one with its own advantages and disadvantages.
This is the default mode, in which the init script or unit file is configured to start SFTPPlus as root, while the configuration file defines an unprivileged OS account (by default, sftpplus) for the process’ operation.
If you want the SFTPPlus process launched as root, but operating under the sftpplus account, make sure the configuration file reads as follows:
[server] account = sftpplus
- Binding to ports below 1024 works out of the box.
- The OS accounts can be used for file transfer services.
- Even though most of the time SFTPPlus will operate under the unprivileged account, for requests to authenticate an OS account SFTPPlus will briefly switch to running as root in order to perform the OS authentication. If there is a security bug in SFTPPlus, and that bug is exploited during the brief amount of time SFTPPlus runs as root, an attacker can theoretically gain privileged access to OS resources.
If you want the SFTPPlus process launched and always operating as an unprivileged user, you have to edit the init script or unit file to start SFTPPlus under that user, and then make sure the configuration file reads as follows:
[server] account = Disabled
SFTPPlus will then operate under the same OS account that is used to launch it.
- Operating under the principle of least privilege.
- Even if there are security bugs in SFTPPlus, a successfull exploit will not have unprivileged access to OS resources.
- Binding to ports below 1024 requires extra configuration steps. If at all possible, as on some Unix systems you can only bind those ports as root. You can still configure the file transfer services to listen on any ports above 1024.
- The OS accounts cannot be used for file transfer services.
You can also start SFTPPlus under the privileged root account in the init script or unit file, and keep running the SFTPPlus process as root using account = Disabled in the server’s configuration file. For security reasons, we don’t recommend this mode of operation.
For your convenience, the SFTPPlus installation comes with a script which can be integrated into the boot or startup process of your operating system, as discussed in the next section.
All the scripts for every operating system, are using the base command for starting and stopping the SFTPPlus product, as described in this chapter.
To start the server, use the following command:
By default it will start using the configuration file located at configuration/server.ini and will store the process ID inside the run/server.pid file.
To stop the server, send the kill signal to the process ID stored inside the run/server.pid file.
To store the process ID in a different file, start the server using -p or –pid arguments:
./bin/admin-commands.sh start --pid=/path/to/PID_FILE
If you want to launch the server using a configuration file from a specific location, use the -c or –config= argument:
./bin/admin-commands.sh start --config=/path/to/CONFIGURATION_FILE
For Unix and Linux systems, the following script is provided as a starting point for creating custom initialization scripts for various service managers (SysVinit, Upstart, OpenRC, systemd with SysV compatibility, SMF, etc.):
You should copy the sample script to the standard location used by the initialization system of your operating system:
Linux and Solaris:
Make sure the script is executable, and amend the INSTALL_ROOT variable found inside the script to the installation path of your SFTPPlus instance. In the case that SFTPPlus is installed at /opt/sftpplus, the script’s relevant section should look as follows:
Replace INSTALL_ROOT with your installation path. INSTALL_ROOT="/opt/sftpplus"
You can run SFTPPlus under a non-root account through a SysV-compatible init by changing DAEMON_USER in the init script.
On systemd-based distributions (especially on those without the SysV compatibility bits, such as Arch Linux) you can use the following unit file:
You should copy it to /etc/systemd/system/, customizing the WorkingDirectory, ExecStart and PIDFile paths based on your SFTPPlus installation. You can run SFTPPlus under a non-root account through systemd by changing User and Group in the systemd unit file.
On Alpine Linux, you may use the included OpenRC service file:
You should copy it to /etc/init.d/sftpplus-mft, customizing the INSTALL_ROOT variable, if necessary for your SFTPPlus installation. You can run SFTPPlus under a non-root account through OpenRC by changing DAEMON_USER in the OpenRC service file.
On FreeBSD, you can use the following rc script:
You should copy it to /usr/local/etc/rc.d/sftplus_mft, customizing the sftpplus_mft_chdir variable, if necessary for your SFTPPlus installation. You can run SFTPPlus under a non-root account in FreeBSD by changing DAEMON_USER in the SysV init script referenced in command.
Depending on your operating system, you will have to either manually create symbolic links to the initialization script from the rcN.d directories (where N is the runlevel) or run a specific tool that will automatically do that.
Examples (as root):
RHEL, Amazon Linux, and SUSE:
chkconfig --add sftpplus-mft
update-rc.d sftpplus-mft defaults
Linux systems with systemd (including RHEL 7, Ubuntu 16.04 and 18.04, Debian 9, Amazon Linux 2, and SLES 12):
systemctl enable sftpplus-mft
rc-update add sftpplus-mft
ln -s /etc/init.d/sftpplus-mft /etc/rc3.d/S99sftpplus-mft
ln -s /etc/rc.d/init.d/sftpplus-mft /etc/rc.d/rc2.d/S99sftpplus-mft
ln -s /sbin/init.d/sftpplus-mft /sbin/rc3.d/S999sftpplus-mft
echo 'sftpplus_mft_enable="YES"' >> /etc/rc.conf
On Solaris the above command will configure the service using the legacy init scripting start-up mechanism common to prior releases of Solaris and other UNIX operating systems. Please contact us in the case that you need integration with the Service Management Facility (SMF).
On Linux systems, in order to start / stop / restart SFTPPlus, or to check its status, you can either call the script directly as:
or through the relevant service management tool provided by the operating system:
service sftpplus-mft COMMAND
For Linux systems with systemd you may use:
systemctl COMMAND sftpplus-mft
For Alpine Linux you may use:
rc-service sftpplus-mft COMMAND
The following COMMANDs are available:
- force-reload (only for the SysV init script)
- force-stop (only for the SysV init script)
- zap (only for the OpenRC service file)
- describe (only for the OpenRC service file)
The force-reload action is an alias for restart, in order to comply with the Linux Standard Base.
On FreeBSD, you can directly call the SysV init script from the installation directory with the above options. Or you can call the supplied rc script, either directly or through the service command. The following options are available: start, stop, restart, and status.
Please note that the poll action is not yet supported, and fast, force, quiet actions are identical to the default actions.
On other Unix systems (AIX, Solaris, HP-UX) the same commands are supported as for the Linux systems, but only the option to call the script directly is available.
When running the legacy SFTPPlus WebAdmin on the same machine, SFTPPlus should be started after Apache, as it will check the availability of the configured legacy SFTPPlus WebAdmin.
For Mac OS X systems newer than 10.8, the following launchd job definition is provided together with the SFTPPlus distribution. The job definition file is formatted as XML, and it is called a property list file or plist:
The sample job definition file assumes that SFTPPlus is installed in the /Library/sftpplus directory. Depending on where the job definition is stored, it will be treated as a daemon or an agent. In order to have SFTPPlus act as a global daemon, launching it each time the OS X system starts, you need to copy the plist file into the following location: /Library/LaunchDaemons/sftpplus.plist
After the file is copied, you need to instruct launchd to load/read the new job definition file using the command:
launchctl load /Library/LaunchDaemons/sftpplus.plist
At boot time, the launchd process will scan and automatically load job definitions found in the /Library/LaunchDaemons directory.
To stop SFTPPlus, use the following command:
launchctl unload /Library/LaunchDaemons/sftpplus.plist
In the case that there are problems starting the server, you can check the log files at /var/log/system.log and /var/log/sftpplus-launchd.log.
You can also launch SFTPPlus in debug mode using:
You can read more about launchd on the official documentation page
Once unpacked, the SFTPPlus installation should have the following hierarchical directory structure on disk.
This list also describes the permissions required for the service account.
- bin/ - read-only Contains SFTPPlus administration commands and the init script. Only available on Unix and Linux systems.
- configuration/ - read-only Stores all data related to SFTPPlus configuration.
- configuration/server.ini - read-and-write Stores the main configuration.
- doc/ - read-only Contains documentation and release notes for SFTPPlus.
- extension/ - read-only Contains custom extensions implemented using the SFTPPlus API.
- include/ - read-only This directory is for developers interested in extending the functionality of SFTPPlus. May be missing in some releases.
- lib/ - read-only This directory is for internal use.
- log/ - read, write, create file and delete file Stores all SFTPPlus log messages. SFTPPlus will write log entries into the log files. When log rotation is enabled, it will also create new rotated files and delete old rotated files.
- run/ - read, write, create file and delete file Stores various SFTPPlus runtime information.
We highly recommend going through the Getting Started guide first as it contains additional tips for new SFTPPlus installations.
There is also an FAQ section if you have an idea, but are in search of answers.