{"id":22217720,"url":"https://github.com/fredhutch/sti_crc_method_comparison","last_synced_at":"2025-06-25T14:38:26.216Z","repository":{"id":138662003,"uuid":"84342609","full_name":"FredHutch/sti_crc_method_comparison","owner":"FredHutch","description":"Chef Cookbook for configuring Microbiome Data Sharing Portal","archived":false,"fork":false,"pushed_at":"2018-01-02T20:47:20.000Z","size":34,"stargazers_count":0,"open_issues_count":3,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-06-04T21:43:45.786Z","etag":null,"topics":["chef-application","chef-cookbook","microbiome"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/FredHutch.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-03-08T16:33:48.000Z","updated_at":"2017-03-13T17:44:36.000Z","dependencies_parsed_at":null,"dependency_job_id":"64b538e4-ccf4-4cff-8098-70c2f7477f3d","html_url":"https://github.com/FredHutch/sti_crc_method_comparison","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/FredHutch/sti_crc_method_comparison","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FredHutch%2Fsti_crc_method_comparison","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FredHutch%2Fsti_crc_method_comparison/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FredHutch%2Fsti_crc_method_comparison/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FredHutch%2Fsti_crc_method_comparison/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/FredHutch","download_url":"https://codeload.github.com/FredHutch/sti_crc_method_comparison/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FredHutch%2Fsti_crc_method_comparison/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":261892983,"owners_count":23226024,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["chef-application","chef-cookbook","microbiome"],"created_at":"2024-12-02T22:17:34.641Z","updated_at":"2025-06-25T14:38:26.180Z","avatar_url":"https://github.com/FredHutch.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Data Exchange Host\n\n## Purpose\n\nThis cookbook configures a host for uploading non-confidential data from remote\ninstitutions for analysis at the Hutch.\n\n## Constraints\n\n - The data is non-confidential (non-human control specimens), but remote\n   agents should not be able to see the uploads from other agents to ensure\n   blinding between remote sites.\n - Accounts will be managed locally\n\n## Implementation\n\nThe host's default (OS-configured) SSH server will be restricted to the host's\ndefault interface.  A second IP interface (by default configured as a\nsubinterface on the default network device) is used for SFTP.  A second OpenSSH\ndaemon is configured to listen on that second IP address- this OpenSSH daemon\nhas been configured such that the only available subsystem is SFTP, thus no\nshell access via this interface.  Firewall rules thus only allow remote access\nto this second IP address on port 22.\n\nFurther customizations are used to configure SFTP- the `chroot` directory is\nconfigured to use the incoming connection's username, appending it to the root\nupload directory.  This directory needs to be configured as owned by root, so a subdirectory under this (called `upload`) is created with permissions such that the connecting account can read and write inside this directory.\n\n- `\u003cdata directory\u003e`: the top-level directory for uploading data. Owned by root.\n- `\u003cdata directory\u003e/\u003cusername\u003e`: the chroot directory for the upload account.\n  Owned by root, no write access for others\n- `\u003cdata directory\u003e/\u003cusername\u003e/uploads`: the chroot directory for the upload\n  account.  Owned by the upload account, mode 0755\n\nAs this data needs to be uploaded to networked storage, a subdirectory is\nmounted via SMB to the location indicated by `\u003cdata directory\u003e`.  This mount\nwill use a service account such that the uploaded data on the server will have\npermissions allowing Hutch staff to manage this data.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffredhutch%2Fsti_crc_method_comparison","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffredhutch%2Fsti_crc_method_comparison","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffredhutch%2Fsti_crc_method_comparison/lists"}