FTP Upload configuration

20 Jul 2013

      Dear all,

I'm installing a local version of Galaxy but I'm having issues 
configuring the FTP upload functionality that I need. I assume the 
documentation in the wiki about configuring proftpd is outdated since 
Galaxy has recently changed authentication method.
I apologize in advance for the length of this e-mail, thanks to everyone 
who will bother to reply.

My Galaxy set up uses Postgresql as db and nginx and it seems working 
fine. I installed the latest available version of Proftpd (1.3.5rc3) and 
compiled it with all the needed (I think) modules. Here they are:

mod_core.c
mod_xfer.c
mod_rlimit.c
mod_auth_unix.c
mod_auth.c
mod_ls.c
mod_log.c
mod_site.c
mod_delay.c
mod_facts.c
mod_sql.c
mod_sql_postgres.c
mod_sql_passwd.c
mod_auth_pam.c
mod_cap.c

***********************

My proftpd.conf looks like this:

# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use.  It establishes a single server
# and a single anonymous login.  It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName			"ProFTPD 4 Galaxy"
ServerType			standalone
DefaultServer			on
AuthPAM				off
SyslogFacility                  DAEMON
SyslogLevel                     debug
# Set up mod_sql_password - Galaxy passwords are stored as hex-encoded SHA1
SQLPasswordEngine               on
SQLPasswordEncoding             hex
AuthOrder			mod_sql.c 	
RequireValidShell       	off

# Set up mod_sql to authenticate against the Galaxy database
SQLEngine                       on
SQLBackend                      postgres
SQLConnectInfo			galaxy_prod@localhost:5432 galaxy password
#SQLAuthTypes                   SHA1
SQLAuthTypes	 		SHA1 SHA256 pbkdf2
SQLPasswordPBKDF2	 	SHA256 1000 24
SQLAuthenticate                 users
SQLDefaultHomedir               /var/opt/local/proftpd
SQLUserInfo                     custom:/LookupGalaxyUser
SQLPasswordUserSalt	 	sql:/GetUserSalt
#SQLNamedQuery                  LookupGalaxyUser SELECT 
"email,password,'497','495','/home/galaxy/galaxy_dist/database/ftp/%U','/bin/bash' 
FROM galaxy_user WHERE email='%U'"
SQLNamedQuery	 LookupGalaxyUser  SELECT "email, (CASE WHEN 
substring(password from 1 for 6) = 'PBDKF2' THEN substring(password from 
38 for 69) ELSE password END) AS 
password2,'galaxy','galaxy','/home/galaxy/galaxy-dist/database/ftp/%U','/bin/bash' 
FROM galaxy_user WHERE email='%U'"
SQLNamedQuery	 GetUserSalt SELECT "(CASE WHEN SUBSTRING (password from 1 
for 6) = 'PBDKF2' THEN SUBSTRING (password from 21 for 36) END) AS salt 
FROM galaxy_user WHERE email='%U'"

SQLLogFile                      /var/log/proftpd.log
SQLDefaultGID                   1002
SQLDefaultUID                   1002

# Port 21 is the standard FTP port.
Port				21
PassivePorts                    30000 40000

# Don't use IPv6 support by default.
UseIPv6				off

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask				077

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances			30

# Set the user and group under which the server will run.
User				galaxy
Group				galaxy

# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
DefaultRoot ~
CreateHome                      on dirmode 700

# Normally, we want files to be overwriteable.
AllowOverwrite		on
AllowStoreRestart               on

# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
   DenyAll
</Limit>

# Bar use of RETR (download) since this is not a public file drop
<Limit RETR>
  DenyAll
</Limit>

*************************************************

I have found the SQLNamedQuery directives by googling around and I have 
figured out they should work both with old and new password encryption 
methods used by Galaxy. My installation however is fresh and thus I 
should have only password encrypted with the new method.

When I try to ftp the server this is what shows up in the log:

2013-07-20 16:35:54,618 mod_sql/4.3[4127]: >>> sql_sess_init
2013-07-20 16:35:54,618 mod_sql/4.3[4127]: entering 	postgres 
cmd_defineconnection
2013-07-20 16:35:54,618 mod_sql/4.3[4127]:  name: 'default'
2013-07-20 16:35:54,618 mod_sql/4.3[4127]:  user: 'galaxy'
2013-07-20 16:35:54,618 mod_sql/4.3[4127]:  host: 'localhost'
2013-07-20 16:35:54,618 mod_sql/4.3[4127]:    db: 'galaxy_prod'
2013-07-20 16:35:54,618 mod_sql/4.3[4127]:  port: '5432'
2013-07-20 16:35:54,618 mod_sql/4.3[4127]:   ttl: '0'
2013-07-20 16:35:54,618 mod_sql/4.3[4127]: exiting 	postgres 
cmd_defineconnection
2013-07-20 16:35:54,618 mod_sql/4.3[4127]: connection 'default' 
successfully established
2013-07-20 16:35:54,618 mod_sql/4.3[4127]: mod_sql engine     : on
2013-07-20 16:35:54,618 mod_sql/4.3[4127]: negative_cache     : off
2013-07-20 16:35:54,618 mod_sql/4.3[4127]: authenticate       : users
2013-07-20 16:35:54,618 mod_sql/4.3[4127]: usertable          : users
2013-07-20 16:35:54,618 mod_sql/4.3[4127]: userid field       : userid
2013-07-20 16:35:54,618 mod_sql/4.3[4127]: password field     : passwd
2013-07-20 16:35:54,618 mod_sql/4.3[4127]: UID field          : uid
2013-07-20 16:35:54,618 mod_sql/4.3[4127]: GID field          : gid
2013-07-20 16:35:54,618 mod_sql/4.3[4127]: homedir field      : homedir
2013-07-20 16:35:54,618 mod_sql/4.3[4127]: homedir(default)   : 
'/var/opt/local/proftpd'
2013-07-20 16:35:54,618 mod_sql/4.3[4127]: shell field        : shell
2013-07-20 16:35:54,618 mod_sql/4.3[4127]: SQLMinUserUID      : 999
2013-07-20 16:35:54,618 mod_sql/4.3[4127]: SQLMinUserGID      : 999
2013-07-20 16:35:54,618 mod_sql/4.3[4127]: <<< sql_sess_init
2013-07-20 16:36:01,533 mod_sql/4.3[4127]: >>> sql_escapestr
2013-07-20 16:36:01,533 mod_sql/4.3[4127]: entering 	postgres 
cmd_escapestring
2013-07-20 16:36:01,533 mod_sql/4.3[4127]: entering 	postgres cmd_open
2013-07-20 16:36:01,537 mod_sql/4.3[4127]: Postgres server version: 9.2.4
2013-07-20 16:36:01,537 mod_sql/4.3[4127]: connection 'default' opened
2013-07-20 16:36:01,537 mod_sql/4.3[4127]: connection 'default' count is 
now 2
2013-07-20 16:36:01,537 mod_sql/4.3[4127]: exiting 	postgres cmd_open
2013-07-20 16:36:01,537 mod_sql/4.3[4127]: entering 	postgres cmd_close
2013-07-20 16:36:01,537 mod_sql/4.3[4127]: connection 'default' count is 
now 1
2013-07-20 16:36:01,537 mod_sql/4.3[4127]: exiting 	postgres cmd_close
2013-07-20 16:36:01,537 mod_sql/4.3[4127]: exiting 	postgres 
cmd_escapestring
2013-07-20 16:36:01,537 mod_sql/4.3[4127]: <<< sql_escapestr
2013-07-20 16:36:01,537 mod_sql/4.3[4127]: >>> sql_lookup
2013-07-20 16:36:01,537 mod_sql/4.3[4127]: >>> process_named_query 
'GetUserSalt'
2013-07-20 16:36:01,537 mod_sql/4.3[4127]: entering 	postgres 
cmd_escapestring
2013-07-20 16:36:01,537 mod_sql/4.3[4127]: entering 	postgres cmd_open
2013-07-20 16:36:01,537 mod_sql/4.3[4127]: connection 'default' count is 
now 2
2013-07-20 16:36:01,537 mod_sql/4.3[4127]: exiting 	postgres cmd_open
2013-07-20 16:36:01,537 mod_sql/4.3[4127]: entering 	postgres cmd_close
2013-07-20 16:36:01,537 mod_sql/4.3[4127]: connection 'default' count is 
now 1
2013-07-20 16:36:01,537 mod_sql/4.3[4127]: exiting 	postgres cmd_close
2013-07-20 16:36:01,537 mod_sql/4.3[4127]: exiting 	postgres 
cmd_escapestring
2013-07-20 16:36:01,537 mod_sql/4.3[4127]: entering 	postgres cmd_select
2013-07-20 16:36:01,537 mod_sql/4.3[4127]: entering 	postgres cmd_open
2013-07-20 16:36:01,537 mod_sql/4.3[4127]: connection 'default' count is 
now 2
2013-07-20 16:36:01,537 mod_sql/4.3[4127]: exiting 	postgres cmd_open
2013-07-20 16:36:01,537 mod_sql/4.3[4127]: query "SELECT (CASE WHEN 
SUBSTRING (password from 1 for 6) = 'PBDKF2' THEN SUBSTRING (password 
from 21 for 36) END) AS salt FROM galaxy_user WHERE 
email='federico.zambelli@gmail.com'"
2013-07-20 16:36:01,540 mod_sql/4.3[4127]: entering 	postgres cmd_close
2013-07-20 16:36:01,540 mod_sql/4.3[4127]: connection 'default' count is 
now 1
2013-07-20 16:36:01,540 mod_sql/4.3[4127]: exiting 	postgres cmd_close
2013-07-20 16:36:01,540 mod_sql/4.3[4127]: exiting 	postgres cmd_select
2013-07-20 16:36:01,540 mod_sql/4.3[4127]: <<< process_named_query 
'GetUserSalt'
2013-07-20 16:36:01,540 mod_sql/4.3[4127]: <<< sql_lookup
2013-07-20 16:36:01,540 mod_sql/4.3[4127]: >>> sql_pre_pass
2013-07-20 16:36:01,540 mod_sql/4.3[4127]: <<< sql_pre_pass
2013-07-20 16:36:01,540 mod_sql/4.3[4127]: >>> cmd_getpwnam
2013-07-20 16:36:01,540 mod_sql/4.3[4127]: entering 	postgres 
cmd_escapestring
2013-07-20 16:36:01,540 mod_sql/4.3[4127]: entering 	postgres cmd_open
2013-07-20 16:36:01,540 mod_sql/4.3[4127]: connection 'default' count is 
now 2
2013-07-20 16:36:01,540 mod_sql/4.3[4127]: exiting 	postgres cmd_open
2013-07-20 16:36:01,540 mod_sql/4.3[4127]: entering 	postgres cmd_close
2013-07-20 16:36:01,540 mod_sql/4.3[4127]: connection 'default' count is 
now 1
2013-07-20 16:36:01,540 mod_sql/4.3[4127]: exiting 	postgres cmd_close
2013-07-20 16:36:01,540 mod_sql/4.3[4127]: exiting 	postgres 
cmd_escapestring
2013-07-20 16:36:01,540 mod_sql/4.3[4127]: cache miss for user 
'federico.zambelli@gmail.com'
2013-07-20 16:36:01,540 mod_sql/4.3[4127]: >>> sql_lookup
2013-07-20 16:36:01,540 mod_sql/4.3[4127]: >>> process_named_query 
'LookupGalaxyUser'
2013-07-20 16:36:01,540 mod_sql/4.3[4127]: entering 	postgres 
cmd_escapestring
2013-07-20 16:36:01,540 mod_sql/4.3[4127]: entering 	postgres cmd_open
2013-07-20 16:36:01,540 mod_sql/4.3[4127]: connection 'default' count is 
now 2
2013-07-20 16:36:01,540 mod_sql/4.3[4127]: exiting 	postgres cmd_open
2013-07-20 16:36:01,540 mod_sql/4.3[4127]: entering 	postgres cmd_close
2013-07-20 16:36:01,540 mod_sql/4.3[4127]: connection 'default' count is 
now 1
2013-07-20 16:36:01,540 mod_sql/4.3[4127]: exiting 	postgres cmd_close
2013-07-20 16:36:01,540 mod_sql/4.3[4127]: exiting 	postgres 
cmd_escapestring
2013-07-20 16:36:01,540 mod_sql/4.3[4127]: entering 	postgres 
cmd_escapestring
2013-07-20 16:36:01,540 mod_sql/4.3[4127]: entering 	postgres cmd_open
2013-07-20 16:36:01,540 mod_sql/4.3[4127]: connection 'default' count is 
now 2
2013-07-20 16:36:01,540 mod_sql/4.3[4127]: exiting 	postgres cmd_open
2013-07-20 16:36:01,540 mod_sql/4.3[4127]: entering 	postgres cmd_close
2013-07-20 16:36:01,540 mod_sql/4.3[4127]: connection 'default' count is 
now 1
2013-07-20 16:36:01,540 mod_sql/4.3[4127]: exiting 	postgres cmd_close
2013-07-20 16:36:01,540 mod_sql/4.3[4127]: exiting 	postgres 
cmd_escapestring
2013-07-20 16:36:01,540 mod_sql/4.3[4127]: entering 	postgres cmd_select
2013-07-20 16:36:01,540 mod_sql/4.3[4127]: entering 	postgres cmd_open
2013-07-20 16:36:01,540 mod_sql/4.3[4127]: connection 'default' count is 
now 2
2013-07-20 16:36:01,540 mod_sql/4.3[4127]: exiting 	postgres cmd_open
2013-07-20 16:36:01,540 mod_sql/4.3[4127]: query "SELECT email, (CASE 
WHEN substring(password from 1 for 6) = 'PBDKF2' THEN substring(password 
from 38 for 69) ELSE password END) AS 
password2,'galaxy','galaxy','/home/galaxy/galaxy-dist/database/ftp/federico.zambelli@gmail.com','/bin/bash' 
FROM galaxy_user WHERE email='federico.zambelli@gmail.com'"
2013-07-20 16:36:01,541 mod_sql/4.3[4127]: entering 	postgres cmd_close
2013-07-20 16:36:01,541 mod_sql/4.3[4127]: connection 'default' count is 
now 1
2013-07-20 16:36:01,541 mod_sql/4.3[4127]: exiting 	postgres cmd_close
2013-07-20 16:36:01,541 mod_sql/4.3[4127]: exiting 	postgres cmd_select
2013-07-20 16:36:01,541 mod_sql/4.3[4127]: <<< process_named_query 
'LookupGalaxyUser'
2013-07-20 16:36:01,541 mod_sql/4.3[4127]: <<< sql_lookup
2013-07-20 16:36:01,541 mod_sql/4.3[4127]: custom SQLUserInfo query 
'LookupGalaxyUser' returned 6 columns for user 'federico.zambelli@gmail.com'
2013-07-20 16:36:01,541 mod_sql/4.3[4127]: user UID 0 below 
SQLMinUserUID 999, using SQLDefaultUID 1002
2013-07-20 16:36:01,541 mod_sql/4.3[4127]: user GID 0 below 
SQLMinUserGID 999, using SQLDefaultGID 1002
2013-07-20 16:36:01,541 mod_sql/4.3[4127]: cache miss for user 
'federico.zambelli@gmail.com'
2013-07-20 16:36:01,541 mod_sql/4.3[4127]: user 
'federico.zambelli@gmail.com' cached
2013-07-20 16:36:01,541 mod_sql/4.3[4127]: + pwd.pw_name  : 
federico.zambelli@gmail.com
2013-07-20 16:36:01,541 mod_sql/4.3[4127]: + pwd.pw_uid   : 1002
2013-07-20 16:36:01,541 mod_sql/4.3[4127]: + pwd.pw_gid   : 1002
2013-07-20 16:36:01,541 mod_sql/4.3[4127]: + pwd.pw_dir   : 
/home/galaxy/galaxy-dist/database/ftp/federico.zambelli@gmail.com
2013-07-20 16:36:01,541 mod_sql/4.3[4127]: + pwd.pw_shell : /bin/bash
2013-07-20 16:36:01,541 mod_sql/4.3[4127]: <<< cmd_getpwnam
2013-07-20 16:36:01,541 mod_sql/4.3[4127]: >>> cmd_auth
2013-07-20 16:36:01,541 mod_sql/4.3[4127]: entering 	postgres 
cmd_escapestring
2013-07-20 16:36:01,541 mod_sql/4.3[4127]: entering 	postgres cmd_open
2013-07-20 16:36:01,541 mod_sql/4.3[4127]: connection 'default' count is 
now 2
2013-07-20 16:36:01,541 mod_sql/4.3[4127]: exiting 	postgres cmd_open
2013-07-20 16:36:01,541 mod_sql/4.3[4127]: entering 	postgres cmd_close
2013-07-20 16:36:01,541 mod_sql/4.3[4127]: connection 'default' count is 
now 1
2013-07-20 16:36:01,541 mod_sql/4.3[4127]: exiting 	postgres cmd_close
2013-07-20 16:36:01,541 mod_sql/4.3[4127]: exiting 	postgres 
cmd_escapestring
2013-07-20 16:36:01,541 mod_sql/4.3[4127]: cache hit for user 
'federico.zambelli@gmail.com'
2013-07-20 16:36:01,541 mod_sql/4.3[4127]: >>> cmd_check
2013-07-20 16:36:01,541 mod_sql/4.3[4127]: checking password using 
SQLAuthType 'sha1'
2013-07-20 16:36:01,541 mod_sql/4.3[4127]: 'sha1' SQLAuthType handler 
reports failure
2013-07-20 16:36:01,541 mod_sql/4.3[4127]: checking password using 
SQLAuthType 'sha256'
2013-07-20 16:36:01,541 mod_sql/4.3[4127]: 'sha256' SQLAuthType handler 
reports failure
2013-07-20 16:36:01,541 mod_sql/4.3[4127]: checking password using 
SQLAuthType 'pbkdf2'
2013-07-20 16:36:01,547 mod_sql/4.3[4127]: 'pbkdf2' SQLAuthType handler 
reports failure
2013-07-20 16:36:01,547 mod_sql/4.3[4127]: <<< cmd_check
2013-07-20 16:36:01,547 mod_sql/4.3[4127]: <<< cmd_auth
2013-07-20 16:36:02,861 mod_sql/4.3[4127]: entering 	postgres cmd_exit

*********************************************************************

It looks like it is able to retrieve the user from the db but then it 
somewhat fails to check the password validity.

Thanks again.

Bye and have a nice w.e.

-- 
============================================
Federico Zambelli, Ph.D.
Bioinformatics, Evolution and Comparative Genomics Lab
Dept. of Biosciences
University of Milano - Italy

What can be asserted without proof can be dismissed without proof.
============================================

Federico Zambelli

tags

participants (1)