FTP access to a qtree on your NetApp

Recently I was asked to add FTP access to a file share for a vendor.  The vendor uses a script from their side to ftp to the NetApp and drop some files to our EHR interface server, which we then can digest and get into our system.  The vendor has a site to site VPN and restricted end point access via some ACL’s on the networking side, so it’s not really a big issue if they want to use FTP to me.

The NetApp actually can use the AD account to authenticate users and uses NTFS permissions for said user as long as we are using a CIFS share, so that made life easy.  In this case I’m not using a separate vFiler, I only need to have FTP access to this one file share.  If I were going to have FTP access to various qtree’s this would have to be done differently.

Log into your NetApp from the command line.  You can check your FTP settings:

FILER> options ftp
ftpd.3way.enable off 
ftpd.anonymous.enable off 
ftpd.anonymous.name anonymous 
ftpd.auth_style mixed 
ftpd.bypass_traverse_checking on 
ftpd.dir.restriction off 
ftpd.enable off 
ftpd.explicit.allow_secure_data_conn on 
ftpd.explicit.enable off 
ftpd.idle_timeout 900s (value might be overwritten in takeover)
ftpd.implicit.enable off 
ftpd.ipv6.enable off 
ftpd.locking none 
ftpd.log.enable on 
ftpd.log.filesize 512k 
ftpd.log.nfiles 6 
ftpd.max_connections 500 (value might be overwritten in takeover)
ftpd.max_connections_threshold 0% (value might be overwritten in takeover)
ftpd.tcp_window_size 28960

The ones, for this very simple exercise, we care about are:
ftpd.enable – Enables or disables FTP on your filer.

ftpd.dir.override – This setting is used to restrict FTP users to their home directories or a default directory.  In my case I added a default directory.

ftpd.bypass_traverse_checking – If the ftpd.bypass_traverse_checking option is set to off, when a user attempts to access a file using FTP, OnTap checks the execute permission for all directories in the path to the file. If any of the intermediate directories does not have the correct permission,  OnTap denies access to the file. If the ftpd.bypass_traverse_checking option is set to on, when a user attempts to access a file, OnTap does not check the traverse permission for the intermediate directories when determining whether to grant or deny access to the file.  In this case we want to turn this on.

So simply set them:

options ftpd.enable on
options ftpd.bypass_traverse_checking on
options ftpd.dir.override /vol/PATH/TO/CIFS/QTREE

AD users with access to the share can now use FTP to get or put files.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s