Setting up transfer groups
Transfer settings can be applied to your system's user groups. If users within a group do not have individual transfer settings, then the group's transfer settings are applied. HSTS doesn't create user groups on the operating system for you, so you must ensure that the groups exist before adding them to your Aspera product.
-
Determine the user groups to add to HSTS.
Ensure that you have an existing user group on your operating system, or create a new user group. Please refer to your operating system's documentation for information on creating user groups. HSTS reads group information from the following file:
/etc/group
-
Add the user group to your Aspera transfer product
When a transfer group is specified, it overwrites global settings and applies group configuration to corresponding users. To add group-specific transfer settings, you can use asconfigurator commands with the following syntax:
# asconfigurator -x "set_group_data;group_name,groupname;parameter,value"
For more information on available settings, see User, group, and default configurations and the references in the following table.
Category Description Configuration precedence When a user is a member of multiple groups, the precedence setting can be used to determine priority. aspera.conf - Authorization configuration Connection permissions, token key, and encryption requirements. aspera.conf - Transfer configuration Incoming and outgoing transfer bandwidth and policy settings. aspera.conf - File system configuration Docroot, file and directory creation, access permissions, block sizes, and so on. You can also manually edit aspera.conf with a text editor.
/opt/aspera/etc/aspera.conf
Add the following section to aspera.conf:
<?xml version='1.0' encoding='UTF-8'?> <CONF version="2"> <aaa> <realms> <realm> <users> ... <!-- user-specific settings --> </users> <groups> <group> <!-- Each group tag contains a group's profile. --> <name>aspgroup</name> <!-- The group name. --> <precedence>0</precedence> <!-- Group precedence. --> <authorization>...</authorization> <!-- Authorization settings. --> <transfer>...</transfer> <!-- Transfer settings. --> <file_system>...</file_system> <!-- File System settings. --> </group> <group> ... <!-- Another group's settings--> </group> </groups> </realm> <realms> </aaa> ... </CONF>
-
Configure the group's transfer settings.
Settings Description Configuration precedence When a user is a member of multiple groups, the precedence setting can be used to determine priority. aspera.conf - Authorization configuration Connection permissions, token key, and encryption requirements. aspera.conf - Transfer configuration Incoming and outgoing transfer bandwidth and policy settings. aspera.conf - File system configuration Docroot, file and directory creation, access permissions, block sizes, and so on. You can also manually edit aspera.conf with a text editor.
/opt/aspera/etc/aspera.conf
Add the following section to aspera.conf:
<?xml version='1.0' encoding='UTF-8'?> <CONF version="2"> <aaa> <realms> <realm> <users> ... <!-- user-specific settings --> </users> <groups> <group> <!-- Each group tag contains a group's profile. --> <name>aspgroup</name> <!-- The group name. --> <precedence>0</precedence> <!-- Group precedence. --> <authorization>...</authorization> <!-- Authorization settings. --> <transfer>...</transfer> <!-- Transfer settings. --> <file_system>...</file_system> <!-- File System settings. --> </group> <group> ... <!-- Another group's settings--> </group> </groups> </realm> <realms> </aaa> ... </CONF>
-
Verify your configuration.
When you have finished updating the group's settings in aspera.conf, use the following command to verify it (in this example, verify the group asp-group's settings):
# /opt/aspera/bin/asuserdata -g asp-group
-
Restart asperanoded and asperacentral to activate your
changes.
Run the following commands to restart asperanoded:
Or for Linux systems that use init.d:# systemctl restart asperanoded
# service asperanoded restart
Run the following command in a Terminal window to restart asperacentral:
Or for Linux systems that use init.d:# systemctl restart asperacentral
# service asperacentral restart