On Mon, 28 Jan 2019 at 07:35, Rui Wang <ruiwang.sz@gmail.com> wrote:

Hey Folks,

I tried a few times with different configurations, but none worked. Did anyone have the successful experience that could share? :-)

Cheers,
Rui

On Sat, Jan 19, 2019 at 1:43 PM Rui Wang <ruiwang.sz@gmail.com> wrote:
Hey Folks,

I'm looking at the instructions of using ftp with proftpd. There is a section talking about extending it to use sftp. However, the sample config isn't comprehensive. I'm wondering if anyone has a working config for reference?

What's the setting of user and group? It says it should match the one in the SQLNamedQuery, what does it mean exactly? I start proftpd as root, but start galaxy as bioinfoadmin(normal user with sudo).

Just fyi, my proftpd config module and config file are pasted below. I'm working it out on a trial and error fashion, please feel free to point out if anything is wrong!

Cheers,
Rui

modules:
$ sbin/proftpd -l
Compiled-in modules:
mod_core.c
mod_xfer.c
mod_rlimit.c
mod_auth_unix.c
mod_auth.c
mod_ls.c
mod_log.c
mod_site.c
mod_delay.c
mod_facts.c
mod_sql.c
mod_sql_postgres.c
mod_sql_passwd.c
mod_sftp.c
mod_cap.c

etc/proftpd.conf

ServerType standalone
# You must put this in a virtual host if you want it to listen on its own port. VHost != Apache Vhost.
<VirtualHost 10.3.17.42>
Port 2222
SFTPEngine on
AuthOrder mod_auth_unix.c mod_sql.c # If you don't do this you will get weird disconnects
SFTPHostKey /etc/ssh/ssh_host_rsa_key
RequireValidShell no
MaxLoginAttempts 6
ServerName "Galaxy SFTP"
DefaultServer on
Umask 077
User bioinfoadmin
Group bioinfoadmin
UseFtpUsers off
DefaultRoot ~
AllowOverwrite on
AllowStoreRestart on
SQLEngine on
SQLGroupInfo sftp_groups name id members

# Do not authenticate against real (system) users
<IfModule mod_auth_pam.c>
AuthPAM off
</IfModule>

# Common SQL authentication options
SQLPasswordEngine on
SQLBackend postgres
SQLConnectInfo galaxy@galaxy.my.org:5432 bioinfoadmin dbpwd
SQLAuthenticate users

# Configuration that handles PBKDF2 encryption
# Set up mod_sql to authenticate against the Galaxy database
SQLAuthTypes PBKDF2
SQLPasswordPBKDF2 SHA256 10000 24
SQLPasswordEncoding base64
SQLPasswordUserSalt sql:/GetUserSalt

# Define a custom query for lookup that returns a passwd-like entry. Replace 512s with the UID and GID of the user running the Galaxy server
SQLUserInfo custom:/LookupGalaxyUser
SQLNamedQuery LookupGalaxyUser SELECT "email, (CASE WHEN substring(password from 1 for 6) = 'PBKDF2' THEN substring(password from 38 for 69) ELSE password END) AS password2,512,512,'/media/galaxy/galaxy/database/ftp/%U','/bin/bash' FROM galaxy_user WHERE email='%U'"

# Define custom query to fetch the password salt
SQLNamedQuery GetUserSalt SELECT "(CASE WHEN SUBSTRING (password from 1 for 6) = 'PBKDF2' THEN SUBSTRING (password from 21 for 16) END) AS salt FROM galaxy_user WHERE email='%U'"
</VirtualHost>

# Don't use IPv6 support by default.
UseIPv6 off
MaxInstances 30

# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
DenyAll
</Limit>

# Bar use of RETR (download) since this is not a public file drop
<Limit RETR>
DenyAll
</Limit>
~

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client. To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
http://galaxyproject.org/search/