Enhancement #536
closed
(partially) Deprecate FTP services
Added by Marc Dequènes almost 8 years ago.
Updated almost 6 years ago.
Description
FTP is running on Elwing and Toushirou.
On Elwing, according to the logs the few allowed users are no more using it (including me). StuffCloud clearly make storing private files more practical. I could move the possible user content onto their home on Toushirou. This would also participate in separating DC from DL a bit more.
On Toushirou, I see mostly attack attempts in the log, so not sure about its usage. It was used to:
- bouncer_old: old IRC bouncer logs. We could move data in user's home on Toushirou.
- private: same
- public: some obsolete things I think, and some still useful. I think switching to HTTPS access would be fine but some project pages would need to be updated (bip, ufwi…). seems doable.
- repository: used to upload in the Debian repository without SSH access. I guess we could replace it with scp-only accounts. Currently only arnau and me are allowed to upload, so it's only to not block future usage but nothing to implement to go further
- sendfile: proposal to deprecate exist, see #535
- sites: access to websites files. I would favour allowing people to push via some git method instead. anyway we don't have many people managing their site I think, and the only one I think of has SSH access anyway. further inventory needed
Please discuss this proposal, and either close if rejected or reassign to me for implementation.
Files
- Related to Bug #524: Toushirou: /var/log/proftpd/tls.log not rotated added
- Assignee changed from Pierre-Louis Bonicoli to Marc Dequènes
For Bip project, tarballs need to be available without using our own CA and currently ftp://ftp.duckcorp.org/bip is the only way. We may want to switch to let's encrypt for projects.duckcorp.org before removing it.
What is sendfile ?
We may use more letsencrypt certs for public-facing services. We should probably discuss the matter in another ticket. Just to say your proposal is an acceptable solution.
As for sendfile: « Sendfile (Unix), a push-based asynchronous file transfer, regardless of whether local or remote, using the Simple Asynchronous File Transfer (SAFT), an Internet protocol bound to TCP port 487 » (see http://fex.belwue.de/saft/index.html)
- Status changed from New to In Progress
- % Done changed from 0 to 10
DL FTP has been removed. Gorou's files were hande-over via StuffCloud. No other valuable user data.
Proftpd config is not that easy, so keeping the old config file here for remembrance.
So, as for Toushirou, I think we have still use for a public FTP, as Pilou said. I saw other uses which may be able to move to HTTP but that's not always easy as crawlers would not find the files anymore and links/refs may be broken.
So I would change my proposal for Toushirou as: deprecate private user storage using FTP. StuffCloud clearly are some success and is much more practical to give access to external people, and you can even create private groups without admin intervention. Also port may be filtered, PASSV stuff… makes things complicated. So I think web is the modern way of exchanging files nowadays and FTP can retire slowly. This would mean removing /srv/ftp/ftp.duckcorp.org/private. I'm already asking users about their needs while cleaning up other things for #564.
So this would leave:
- the public area, with users access as usual
- DC Debian repository upload area, useful
- websites access: still useful but may disappear as the web hosting time is clearly over, and we admins do not need FTP
- bouncer_old: should be moved elsewhere
- % Done changed from 10 to 20
`bouncer_old` was no longer needed for users and removed.
- Subject changed from Deprecate FTP services to (partially) Deprecate FTP services
- Status changed from In Progress to Resolved
- % Done changed from 20 to 100
The remaining user private data were moved in the home directory and I warned them.
The public space was already cleaned up and only contains useful stuff.
So I think we're all good now.
Also available in: Atom
PDF
Updated by 
Updated by