From 38f06ab373002ff3c2f082b4f1c014a97c04190a Mon Sep 17 00:00:00 2001 From: Nicola Murino Date: Thu, 17 Sep 2020 09:45:40 +0200 Subject: [PATCH] ftpd: fix TLS for active connections See https://github.com/fclairamb/ftpserverlib/issues/177 Some minor doc improvements --- docs/howto/postgresql-s3.md | 10 ++++++++-- go.mod | 6 +++--- go.sum | 11 +++++------ init/sftpgo.service | 1 + 4 files changed, 17 insertions(+), 11 deletions(-) diff --git a/docs/howto/postgresql-s3.md b/docs/howto/postgresql-s3.md index 7ab9d709..09d02581 100644 --- a/docs/howto/postgresql-s3.md +++ b/docs/howto/postgresql-s3.md @@ -28,6 +28,12 @@ whoami the output should be `sftpgo`. +NOTE: once you completed this tutorial you can, optionally, remove the user `sftpgo` from the `sudo` group with the following command. + +```shell +sudo delgroup sftpgo sudo +``` + ## Install PostgreSQL Before installing any packages on the Ubuntu system, update and upgrade all packages using the `apt` commands below. @@ -56,7 +62,7 @@ Next, check the PostgreSQL service using the following command. systemctl status postgresql ``` -## Create a new PostgreSQL user +## Configure PostgreSQL PostgreSQL uses roles for user authentication and authorization, it just like Unix-Style permissions. By default, PostgreSQL creates a new user called `postgres` for basic authentication. @@ -246,7 +252,7 @@ The easiest way to add virtual users is to use the built-in Web interface. You can expose the Web Admin interface over the network replacing `"bind_address": "127.0.0.1"` in the `httpd` configuration section with `"bind_address": ""` and apply the change restarting the SFTPGo service with the following command. ```shell -systemctl restart sftpgo +sudo systemctl restart sftpgo ``` So now open the Web Admin URL. diff --git a/go.mod b/go.mod index bed981a2..542ae7c4 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/drakkan/sftpgo -go 1.13 +go 1.14 require ( cloud.google.com/go/storage v1.11.0 @@ -8,7 +8,7 @@ require ( github.com/alexedwards/argon2id v0.0.0-20200802152012-2464efd3196b github.com/aws/aws-sdk-go v1.34.21 github.com/eikenb/pipeat v0.0.0-20200430215831-470df5986b6d - github.com/fclairamb/ftpserverlib v0.8.1-0.20200828235935-8e22c5f260e1 + github.com/fclairamb/ftpserverlib v0.8.1-0.20200917000118-04bdfa67808e github.com/fsnotify/fsnotify v1.4.9 // indirect github.com/go-chi/chi v4.1.2+incompatible github.com/go-chi/render v1.0.1 @@ -30,7 +30,7 @@ require ( github.com/rs/cors v1.7.1-0.20200626170627-8b4a00bd362b github.com/rs/xid v1.2.1 github.com/rs/zerolog v1.19.0 - github.com/spf13/afero v1.3.5 + github.com/spf13/afero v1.4.0 github.com/spf13/cast v1.3.1 // indirect github.com/spf13/cobra v1.0.0 github.com/spf13/jwalterweatherman v1.1.0 // indirect diff --git a/go.sum b/go.sum index 07af1aa7..1ae9c2d2 100644 --- a/go.sum +++ b/go.sum @@ -124,8 +124,8 @@ github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.m github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= -github.com/fclairamb/ftpserverlib v0.8.1-0.20200828235935-8e22c5f260e1 h1:0futNS5JlIOTHAPljFKGcCdnO9U2o4JDI94wuTIuZAQ= -github.com/fclairamb/ftpserverlib v0.8.1-0.20200828235935-8e22c5f260e1/go.mod h1:ShLpSOXbtoMDYxTb5eRs9wDBfkQ7VINYghclB4P2z4E= +github.com/fclairamb/ftpserverlib v0.8.1-0.20200917000118-04bdfa67808e h1:5xOb4GQWtP3KdV0xR6T7xinapp5QkM5pcXQms2eWPNY= +github.com/fclairamb/ftpserverlib v0.8.1-0.20200917000118-04bdfa67808e/go.mod h1:quM2Z2Kg1E8NSrLif4q3O9rcYwy52UdUvkK7+LBFIkI= github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= @@ -416,7 +416,7 @@ github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQD github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= -github.com/secsy/goftp v0.0.0-20190720192957-f31499d7c79a/go.mod h1:MnkX001NG75g3p8bhFycnyIjeQoOjGL6CEIsdE/nKSY= +github.com/secsy/goftp v0.0.0-20200609142545-aa2de14babf4/go.mod h1:MnkX001NG75g3p8bhFycnyIjeQoOjGL6CEIsdE/nKSY= github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= @@ -428,9 +428,8 @@ github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4k github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= -github.com/spf13/afero v1.3.4/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I= -github.com/spf13/afero v1.3.5 h1:AWZ/w4lcfxuh52NVL78p9Eh8j6r1mCTEGSRFBJyIHAE= -github.com/spf13/afero v1.3.5/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I= +github.com/spf13/afero v1.4.0 h1:jsLTaI1zwYO3vjrzHalkVcIHXTNmdQFepW4OI8H3+x8= +github.com/spf13/afero v1.4.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cast v1.3.1 h1:nFm6S0SMdyzrzcmThSipiEubIDy8WEXKNZ0UOgiRpng= github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= diff --git a/init/sftpgo.service b/init/sftpgo.service index abc3527e..bde868d9 100644 --- a/init/sftpgo.service +++ b/init/sftpgo.service @@ -13,6 +13,7 @@ EnvironmentFile=-/etc/sftpgo/sftpgo.env ExecStart=/usr/bin/sftpgo serve ExecReload=/bin/kill -s HUP $MAINPID KillMode=mixed +PrivateTmp=true Restart=always RestartSec=10s