Uploading files to, and downloading files from, the active file module using the scp

A special administrative user named scpuser can use the Windows winscp utility or the Linux scp utility to upload and download files to a staging area of the active file module of the Storwize V7000 Unified system.

The scpuser administrative user can upload files, such as ssh keys and Kerberos certificates, and download files, such as dumps, to a staging area of the active management node. Uploaded files are not executable.

Note: The scpuser administrative user cannot use winscp to upload or download files to the service IP if they select the SCP protocol. Selecting the SFTP protocol, in winscp instead of SCP protocol, enables the scpuser administrative user to transfer files to and from Storwize V7000 Unified. The restricted shell on Storwize V7000 Unified supports browsing capabilities with SFTP, but not with SCP.

The scpuser user is automatically configured as a member of the cliuser administrative user group, and can access, but not log in to, the active file module using the management IP address or the service IP address of the active file module.

The scpuser user cannot access any user directories, files, or data. The scpuser user cannot log in to the Storwize V7000 Unified system to use the GUI or CLI, and can access files only in the staging area, which is the scpuser user’s root directory /home/scpuser. The scpuser user’s home directory is /home/scpuser/files. The /ftdc/files directory is bind mounted on /home/scpuser/files, and /ftdc is bind mounted on /home/scpuser/ftdc. Permissions are set so that the scpuser user can download files from any location within the /ftdc file system, but can upload files only to /ftdc/files. Files in /ftdc/files that are older than 3 hours are automatically deleted every hour.

The scpuser user definition is permanent, and cannot be removed. It is managed like other administrative users by any administrative user that has the Security Administrator role, using the GUI or the CLI administrative user management commands, such as chuser, lsuser, and chpasswordpolicy. The scpuser user is initially created without a password or ssh key, and therefore cannot access the Storwize V7000 Unified system until an administrative user that has the Security Administrator role configures its password or ssh key.

A file that is uploaded to a file module is not replicated to any other file module. If the file module that was active at the time of the upload has since failed over to another file module, the file must be uploaded again, as needed, to the current active file module.

Examples

To use the scp utility to upload a file named sol14031cert.pem to the /files directory of the Storwize V7000 Unified active management node, submit the scp command from the source host server, as in the following example:

# scp sol14031cert.pem scpuser@cluster1.in.ibm.com:/files/

where cluster1.in.ibm.com can be either the management IP address, or the full DNS name that maps to that address. Output similar to the following is displayed:

sol14031cert.pem                                  100%   36KB  35.7KB/s   00:00