Search:

[Advanced Search]



Guest Observer Facilities
& Science Centers
AGILE ASCA
Astro-H BeppoSAX
COBE CGRO
Chandra EUVE
Fermi GALEX
HETE-2 INTEGRAL
MAXI NuSTAR
ROSAT RXTE
Suzaku Swift
WMAP XMM-Newton
NASA Archives
ADS AstroGravS
EOSDIS ExoArchive
HORIZONS IRSA
KOA LAMBDA
MAST NExScI
NED NSSDC
PDS SDAC
SPDF SSC

DTS: Installation Summary

The Data Transfer System (DTS) must be installed at each site that files are to be transferred to and/or from. The DTS is composed of Perl scripts and associated configuration files and requires the creation of three user accounts of varying privilege. The DTS does not require root access to run, however, you will need such access or the cooperation of someone who has root access to set it up.

The following software must be installed:

* OpenSSH (any SSH2 implementation with sftp will work)

* Perl 5 (v5.6 recommended) with the following modules:

  • Data::Dumper
  • libnet
  • Time::Hires
  • MailTools
  • IO (comes with Perl 5.6)
  • MD5 and Digest::MD5
  • Expect (at least 1.12)

The following accounts must be created, each belonging to a common group called dts:

* DTS operator (dtsops) - A standard user account to run the DTS from

  • The mailbox for this account receives all error messages from the DTS, so the operator is notified when problems occur.
  • Unpack the DTS package in the dtsops home directory
  • Create a log directory (e.g. ~dtsops/log) with subdirectories, in and out, for storing the logs of incoming and outgoing transfers. Set DTS_IN and DTS_OUT in the dts.config file to their respective locations.
  • Create a staging area with subdirectories, in and out. Set DTS_STG and DTS_FTP in the dts.config file to their respective locations. The DTS_FTP directory should have dtsops as its owner and dts as its group with the following permissions: drwxrwsr-x (i.e. chmod 775, chmod g+s). The DTS_STG directory only requires that dtsops be able to write to it.
  • Choose a name that other DTS sites will refer to this DTS as, preferrably short and all-caps. Set it as MYSITE in the dts.config file.
  • Set OPSEMAIL in the dts.config file to dtsops@machinename, replacing "machinename" with the full hostname.
  • Set MAILFILE to the (future) location of the dtsmail account's mailbox (e.g. /var/spool/mail/dtsmail) and set MAILACCT to its associated email address.
  • Edit SITELIST and SCRIPTS to contain the path to the installed dts.sitelist and dts.scripts files (included with the DTS package). The dts.sitelist file should only be readable by the dtsops user.
  • Define an environmental variable, DTS_CONFIG, in your shell startup (e.g. ~/.tcshrc), setting it to the location of the dts.config file.

* DTS ftp (dtsftp) - A limited account which allows ftp/sftp transfers

  • The home directory for this account should be the path set as DTS_FTP.
  • The shell for the account should be /noshell if FTP is the protocol being used, or the location of the sftp-server executable if sftp is being used (e.g. /usr/libexec/openssh/sftp-server). No one will be able to log in to a shell on this account.
  • Also, if ftp is being used, chroot the account such that the home directory is the top level.

* DTS mail (dtsmail) - A limited account with a mailbox to send DTS requests

  • Set up host-based ssh authentication so that one can ssh from the dtsops account to the dtsmail account without entering a password.

    For OpenSSH/2, this means:

    • cat /etc/ssh/ssh_host_dsa_key.pub >> ~dtsmail/.ssh/known_hosts2
    • Edit ~dtsmail/.ssh/known_hosts2 inserting the machine name at the start of the line
    • Edit ~dtsmail/.shosts to contain the machine name and dtsops separated by a space on the first line.

    Settings differ depending on the version of ssh that you are using. See SnailBook.com for troubleshooting tips.

  • Now, configure this account with no password, so that no one can log into the account directly.
  • The DTS must be able to rename dtsmail's mail file in place to avoid corruption. This requires turning on the sticky bit for the directory containing the mail file (e.g. chmod u+t /var/spool/mail).