Hi Rui,

there's a fairly complete explanation and example in in https://docs.galaxyproject.org/en/latest/admin/special_topics/ftp.html

Hope that helps,
Marius

On Mon, 28 Jan 2019 at 07:35, Rui Wang <ruiwang.sz@gmail.com> wrote:
Hey Folks,

I tried a few times with different configurations, but none worked. Did anyone have the successful experience that could share? :-)

Cheers,
Rui

On Sat, Jan 19, 2019 at 1:43 PM Rui Wang <ruiwang.sz@gmail.com> wrote:
Hey Folks,

I'm looking at the instructions of using ftp with proftpd. There is a section talking about extending it to use sftp. However, the sample config isn't comprehensive. I'm wondering if anyone has a working config for reference?

What's the setting of user and group? It says it should match the one in the SQLNamedQuery, what does it mean exactly? I start proftpd as root, but start galaxy as bioinfoadmin(normal user with sudo).

Just fyi, my proftpd config module and config file are pasted below. I'm working it out on a trial and error fashion, please feel free to point out if anything is wrong!

Cheers,
Rui

modules:
$ sbin/proftpd -l
Compiled-in modules:
  mod_core.c
  mod_xfer.c
  mod_rlimit.c
  mod_auth_unix.c
  mod_auth.c
  mod_ls.c
  mod_log.c
  mod_site.c
  mod_delay.c
  mod_facts.c
  mod_sql.c
  mod_sql_postgres.c
  mod_sql_passwd.c
  mod_sftp.c
  mod_cap.c

etc/proftpd.conf

ServerType                    standalone
  # You must put this in a virtual host if you want it to listen on its own port. VHost != Apache Vhost.
  <VirtualHost 10.3.17.42>
    Port 2222
    SFTPEngine on
    AuthOrder mod_auth_unix.c mod_sql.c # If you don't do this you will get weird disconnects
    SFTPHostKey /etc/ssh/ssh_host_rsa_key
    RequireValidShell no
    MaxLoginAttempts 6
    ServerName                      "Galaxy SFTP"
    DefaultServer                       on
    Umask                           077
    User                             bioinfoadmin
    Group                           bioinfoadmin
    UseFtpUsers off
    DefaultRoot                     ~
    AllowOverwrite                  on
    AllowStoreRestart               on
    SQLEngine                       on
    SQLGroupInfo                    sftp_groups name id members

# Do not authenticate against real (system) users
<IfModule mod_auth_pam.c>
AuthPAM                         off
</IfModule>

# Common SQL authentication options
SQLPasswordEngine               on
SQLBackend                      postgres
SQLConnectInfo                  galaxy@galaxy.my.org:5432 bioinfoadmin dbpwd
SQLAuthenticate                 users

# Configuration that handles PBKDF2 encryption
# Set up mod_sql to authenticate against the Galaxy database
SQLAuthTypes                    PBKDF2
SQLPasswordPBKDF2               SHA256 10000 24
SQLPasswordEncoding             base64
SQLPasswordUserSalt             sql:/GetUserSalt

# Define a custom query for lookup that returns a passwd-like entry. Replace 512s with the UID and GID of the user running the Galaxy server
SQLUserInfo                     custom:/LookupGalaxyUser
SQLNamedQuery                   LookupGalaxyUser SELECT "email, (CASE WHEN substring(password from 1 for 6) = 'PBKDF2' THEN substring(password from 38 for 69) ELSE password END) AS password2,512,512,'/media/galaxy/galaxy/database/ftp/%U','/bin/bash' FROM galaxy_user WHERE email='%U'"

# Define custom query to fetch the password salt
SQLNamedQuery                   GetUserSalt SELECT "(CASE WHEN SUBSTRING (password from 1 for 6) = 'PBKDF2' THEN SUBSTRING (password from 21 for 16) END) AS salt FROM galaxy_user WHERE email='%U'"
  </VirtualHost>

# Don't use IPv6 support by default.
UseIPv6                         off
MaxInstances                    30

# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
  DenyAll
</Limit>

# Bar use of RETR (download) since this is not a public file drop
<Limit RETR>
  DenyAll
</Limit>
~

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/