Project

General

Profile

Actions

Enhancement #536

closed

(partially) Deprecate FTP services

Added by Marc Dequènes almost 7 years ago. Updated almost 5 years ago.

Status:
Resolved
Priority:
Normal
Category:
Service :: FTP
Start date:
2017-05-10
Due date:
% Done:

100%

Estimated time:
Patch Available:
Confirmed:
No
Branch:
Entity:
DuckCorp
Security:
Help Needed:

Description

FTP is running on Elwing and Toushirou.

On Elwing, according to the logs the few allowed users are no more using it (including me). StuffCloud clearly make storing private files more practical. I could move the possible user content onto their home on Toushirou. This would also participate in separating DC from DL a bit more.

On Toushirou, I see mostly attack attempts in the log, so not sure about its usage. It was used to:
- bouncer_old: old IRC bouncer logs. We could move data in user's home on Toushirou.
- private: same
- public: some obsolete things I think, and some still useful. I think switching to HTTPS access would be fine but some project pages would need to be updated (bip, ufwi…). seems doable.
- repository: used to upload in the Debian repository without SSH access. I guess we could replace it with scp-only accounts. Currently only arnau and me are allowed to upload, so it's only to not block future usage but nothing to implement to go further
- sendfile: proposal to deprecate exist, see #535
- sites: access to websites files. I would favour allowing people to push via some git method instead. anyway we don't have many people managing their site I think, and the only one I think of has SSH access anyway. further inventory needed

Please discuss this proposal, and either close if rejected or reassign to me for implementation.


Files

elwing__proftpd.conf (4.37 KB) elwing__proftpd.conf Marc Dequènes, 2017-05-23 19:31

Related issues 2 (0 open2 closed)

Related to DuckCorp Infrastructure - Enhancement #535: Deprecate sendfile serviceResolvedMarc Dequènes2017-05-10

Actions
Related to DuckCorp Infrastructure - Bug #524: Toushirou: /var/log/proftpd/tls.log not rotatedResolvedPierre-Louis Bonicoli2017-04-20

Actions
Actions #1

Updated by Marc Dequènes almost 7 years ago

Actions #2

Updated by Marc Dequènes almost 7 years ago

  • Related to Bug #524: Toushirou: /var/log/proftpd/tls.log not rotated added
Actions #3

Updated by Pierre-Louis Bonicoli almost 7 years ago

  • Assignee changed from Pierre-Louis Bonicoli to Marc Dequènes

For Bip project, tarballs need to be available without using our own CA and currently ftp://ftp.duckcorp.org/bip is the only way. We may want to switch to let's encrypt for projects.duckcorp.org before removing it.

What is sendfile ?

Actions #4

Updated by Marc Dequènes almost 7 years ago

We may use more letsencrypt certs for public-facing services. We should probably discuss the matter in another ticket. Just to say your proposal is an acceptable solution.

As for sendfile: « Sendfile (Unix), a push-based asynchronous file transfer, regardless of whether local or remote, using the Simple Asynchronous File Transfer (SAFT), an Internet protocol bound to TCP port 487 » (see http://fex.belwue.de/saft/index.html)

Actions #5

Updated by Marc Dequènes almost 7 years ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 10

DL FTP has been removed. Gorou's files were hande-over via StuffCloud. No other valuable user data.

Actions #6

Updated by Marc Dequènes almost 7 years ago

Proftpd config is not that easy, so keeping the old config file here for remembrance.

Actions #7

Updated by Marc Dequènes over 6 years ago

So, as for Toushirou, I think we have still use for a public FTP, as Pilou said. I saw other uses which may be able to move to HTTP but that's not always easy as crawlers would not find the files anymore and links/refs may be broken.

So I would change my proposal for Toushirou as: deprecate private user storage using FTP. StuffCloud clearly are some success and is much more practical to give access to external people, and you can even create private groups without admin intervention. Also port may be filtered, PASSV stuff… makes things complicated. So I think web is the modern way of exchanging files nowadays and FTP can retire slowly. This would mean removing /srv/ftp/ftp.duckcorp.org/private. I'm already asking users about their needs while cleaning up other things for #564.

So this would leave:
  • the public area, with users access as usual
  • DC Debian repository upload area, useful
  • websites access: still useful but may disappear as the web hosting time is clearly over, and we admins do not need FTP
  • bouncer_old: should be moved elsewhere
Actions #8

Updated by Marc Dequènes over 6 years ago

  • % Done changed from 10 to 20
Actions #9

Updated by Marc Dequènes almost 6 years ago

`bouncer_old` was no longer needed for users and removed.

Actions #10

Updated by Marc Dequènes almost 6 years ago

  • Subject changed from Deprecate FTP services to (partially) Deprecate FTP services
Actions #11

Updated by Marc Dequènes almost 5 years ago

  • Status changed from In Progress to Resolved
  • % Done changed from 20 to 100

The remaining user private data were moved in the home directory and I warned them.

The public space was already cleaned up and only contains useful stuff.

So I think we're all good now.

Actions

Also available in: Atom PDF