[BlueOnyx:21227] Re: FTP login defaultroot wrong path

Mon Jul 31 13:00:43 -05 2017

Hi all,

Jochen wrote:
> Maybe it's possible to opt out of this behaviour so you can leave the
> default as is but give a switch per user so that they land into the
> directory I'm wishing for.

Joachim wrote:
> I cannot think about the time I have lost for customer support
> about this.

I agree with both of you that the current FTP implementation is a silly
anachronism. The reason why it is this way is: Because it always was
this way. Which isn't really a good reason to begin with.

On the other hand: We know from experience that changing default
"expected behavior" of a feature will always exacts a price to pay and
makes nobody really happy.

Making the default directory for uploads configurable on a per Vsite
level is not possible. At best we could make it configurable on a per IP
level. Even that would cause immediate legacy problems with certain
components that create/recreate/change proftpd.conf and proftpds.conf.

Furthermore: "User owned webs" in itself are - for the most part - a
thing of the past. Almost nobody still uses it and certain offered PHP
implementations (suPHP and PHP-FPM) outright don't work that way. Hence
- if enabled - they disable "User owned webs".

But here is the kicker: If we set the Vsite document root as default
directory for FTP logins, then anyone who is *not* a siteAdmin and who
connects via an FTP account will receive an error message during login,
as their FTP client will be unable to "CWD" to that directory.

Of course the GUI allows you to disallow FTP for any Vsite member who
isn't a siteAdmin. That would get around this particular issue.

Still: We'd be breaking traditional behavior, cause confusion, throw in
more potential problems and possible misconfigurations and at the end of
the day the support overhead for you (and us!) doesn't change at all.

Let us face it: FTP is shit.

Not only as is, but in general. It's plain and simply some legacy
baggage from the past that causes more grief than good. SSL/TLS is only
supported via dirty hacks, FTP through firewalls is and will always be a
problem that forces you to tear some unnecessary holes. And we can't
even properly disallow certain Vsite members from logging in via FTP
except through yet another dirty hack where we allow logins, but deny
them every imaginable FTP command once they are in. Why? Because FTP is
either "on" or "off". For everybody.

ProFTPd itself is also in a sorry state as far as the code and its
documentation are concerned. Switching it to vsftpd (which I considered
and prototyped on a BlueOnyx test-box) would not solve enough of these
problems to make it a worthwhile endeavor. Because it would as well rock
the boat too much without providing enough tangible gains.

The current plan is to provide WebDAV as a simple, more robust and more
usable alternative in the short to mid-term. That way users could either
use a WebDAV client or even a browser that supports WebDAV to handle
their file uploads. And it won't take away FTP, which can still be
provided as it currently is for those that didn't get the memo or have
other reasons to continue to use it.

Any thoughts or reservations against this?

-- 
With best regards

Michael Stauber