Project

General

Profile

Enhancement #536

(partially) Deprecate FTP services

Added by Marc Dequènes almost 2 years ago. Updated 9 months ago.

Status:
In Progress
Priority:
Normal
Category:
Service :: FTP
Start date:
2017-05-10
Due date:
% Done:

20%

Patch Available:
Confirmed:
No
Branch:
Entity:
DuckCorp
Security:
Help Needed:

Description

FTP is running on Elwing and Toushirou.

On Elwing, according to the logs the few allowed users are no more using it (including me). StuffCloud clearly make storing private files more practical. I could move the possible user content onto their home on Toushirou. This would also participate in separating DC from DL a bit more.

On Toushirou, I see mostly attack attempts in the log, so not sure about its usage. It was used to:
- bouncer_old: old IRC bouncer logs. We could move data in user's home on Toushirou.
- private: same
- public: some obsolete things I think, and some still useful. I think switching to HTTPS access would be fine but some project pages would need to be updated (bip, ufwi…). seems doable.
- repository: used to upload in the Debian repository without SSH access. I guess we could replace it with scp-only accounts. Currently only arnau and me are allowed to upload, so it's only to not block future usage but nothing to implement to go further
- sendfile: proposal to deprecate exist, see #535
- sites: access to websites files. I would favour allowing people to push via some git method instead. anyway we don't have many people managing their site I think, and the only one I think of has SSH access anyway. further inventory needed

Please discuss this proposal, and either close if rejected or reassign to me for implementation.

elwing__proftpd.conf View (4.37 KB) Marc Dequènes, 2017-05-23 19:31


Related issues

Related to DuckCorp Infrastructure - Enhancement #535: Deprecate sendfile service Resolved 2017-05-10
Related to DuckCorp Infrastructure - Bug #524: Toushirou: /var/log/proftpd/tls.log not rotated Resolved 2017-04-20

History

#1 Updated by Marc Dequènes almost 2 years ago

#2 Updated by Marc Dequènes almost 2 years ago

  • Related to Bug #524: Toushirou: /var/log/proftpd/tls.log not rotated added

#3 Updated by Pierre-Louis Bonicoli almost 2 years ago

  • Assignee changed from Pierre-Louis Bonicoli to Marc Dequènes

For Bip project, tarballs need to be available without using our own CA and currently ftp://ftp.duckcorp.org/bip is the only way. We may want to switch to let's encrypt for projects.duckcorp.org before removing it.

What is sendfile ?

#4 Updated by Marc Dequènes almost 2 years ago

We may use more letsencrypt certs for public-facing services. We should probably discuss the matter in another ticket. Just to say your proposal is an acceptable solution.

As for sendfile: « Sendfile (Unix), a push-based asynchronous file transfer, regardless of whether local or remote, using the Simple Asynchronous File Transfer (SAFT), an Internet protocol bound to TCP port 487 » (see http://fex.belwue.de/saft/index.html)

#5 Updated by Marc Dequènes almost 2 years ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 10

DL FTP has been removed. Gorou's files were hande-over via StuffCloud. No other valuable user data.

#6 Updated by Marc Dequènes almost 2 years ago

Proftpd config is not that easy, so keeping the old config file here for remembrance.

#7 Updated by Marc Dequènes over 1 year ago

So, as for Toushirou, I think we have still use for a public FTP, as Pilou said. I saw other uses which may be able to move to HTTP but that's not always easy as crawlers would not find the files anymore and links/refs may be broken.

So I would change my proposal for Toushirou as: deprecate private user storage using FTP. StuffCloud clearly are some success and is much more practical to give access to external people, and you can even create private groups without admin intervention. Also port may be filtered, PASSV stuff… makes things complicated. So I think web is the modern way of exchanging files nowadays and FTP can retire slowly. This would mean removing /srv/ftp/ftp.duckcorp.org/private. I'm already asking users about their needs while cleaning up other things for #564.

So this would leave:
  • the public area, with users access as usual
  • DC Debian repository upload area, useful
  • websites access: still useful but may disappear as the web hosting time is clearly over, and we admins do not need FTP
  • bouncer_old: should be moved elsewhere

#8 Updated by Marc Dequènes over 1 year ago

  • % Done changed from 10 to 20

#9 Updated by Marc Dequènes 11 months ago

`bouncer_old` was no longer needed for users and removed.

#10 Updated by Marc Dequènes 9 months ago

  • Subject changed from Deprecate FTP services to (partially) Deprecate FTP services

Also available in: Atom PDF