cannot connect to web min interface or ssh anymore- messed up access to folders
87 views
Skip to first unread message
marlon brand
Nov 8, 2016, 5:02:44 PM11/8/16
to Alt-F
Hello,
I need your help for resuming a colleague's Nas
Alt-f has been installed on a DNS-325 with two disks in Raid 1
I cannot connect to the system anymore after a problem with access rights to disks
Basically he messed up access to disks and folders that now belongs all to user root and group root
I think this is causing the startup failure of all services (web interface included)
I cannot ssh to the system as well..
The only services working is samba which gives a useless access to a shared folder
Can anyone advise if is there any chance for me to resume access to this system?
even drastic solutions are welcome in order to get back to a clean installation
thanks
João Cardoso
Nov 9, 2016, 12:55:03 PM11/9/16
to Alt-F
On Tuesday, 8 November 2016 22:02:44 UTC, marlon brand wrote:
Hello,I need your help for resuming a colleague's NasAlt-f has been installed on a DNS-325 with two disks in Raid 1I cannot connect to the system anymore after a problem with access rights to disksBasically he messed up access to disks and folders that now belongs all to user root and group rootI think this is causing the startup failure of all services (web interface included)I cannot ssh to the system as well..The only services working is samba which gives a useless access to a shared folder
Are you sure that the box is booting? Does the buttons and leds behave as expected? Please read the "About leds and buttons wiki" and try the recovery actions -- telnet on port 26, no pass, or fully clearing all settings in flash memory if needed.
You can also boot without any disk attached; if it boots OK without disks and don't boot with disks, than there must exist some conflicting disk-installed package or service running
marlon brand
Nov 9, 2016, 7:04:54 PM11/9/16
to Alt-F
thanks Joao
by long pressing the back button I managed to re establish web after controlled reboot
unfortunately services don't start as expected
Sambashare do not work (though reported as to started and running)
synching doesn't start (without any message) and can't be configured either
minidlna doesn't start either (permission denied can' execute the program)
how can i try to recover a stable situation?
João Cardoso
Nov 10, 2016, 10:18:20 AM11/10/16
to Alt-F
On Thursday, 10 November 2016 00:04:54 UTC, marlon brand wrote:
thanks Joaoby long pressing the back button I managed to re establish web after controlled rebootunfortunately services don't start as expectedSambashare do not work (though reported as to started and running)
If it is reported as being run, then it is running.
Remember that settings where cleared, network share definitions need to be re/defined, use Services->Network->smn, Configure to re/define them.
The same applies to several other configurations. Only the configurations stored on disk survive (and override) the flash-saved settings.
synching doesn't start (without any message) and can't be configured either
Most services generate a log at /var/log/, or use System->Utilities->View logs to have further details
minidlna doesn't start either (permission denied can' execute the program)
Only factual data will help. Logs, screen shots, etc...
how can i try to recover a stable situation?
Most people just reinstall the OS (MS Windows?) when they can't fix something (and in the process they loose their disk-saved data).
That is a very drastic measure, and shouldn't be needed, but to avoid that each problem has to be diagnosed and fixed one by one.
Reinstalling Alt-F ***does not*** means reflashing it, but instead reinstalling the disk-installed Alt-F Packages, Packages->Alt-F. See https://groups.google.com/d/msg/alt-f/MSSVaFQ4378/ssgFz7SIAgAJ and following for further comments
marlon brand
Nov 10, 2016, 10:38:25 PM11/10/16
to Alt-F
Trying to figure out war's the problem I tried to install a package I've never installed before
the daap server for iTunes.
installation and configuration runs smoothly from web ui
but the service doesn't start
looking at system log report i see these lines
Nov 11 04:29:33 DNS-325 daemon.info avahi-daemon[2584]: Found user 'avahi' (UID 68) and group 'avahi' (GID 68). Nov 11 03:29:33 DNS-325 daemon.info avahi-daemon[2584]: Successfully dropped root privileges. Nov 11 03:29:33 DNS-325 daemon.err avahi-daemon[2584]: open(/var/run/avahi-daemon//pid): Permission denied Nov 11 03:29:33 DNS-325 daemon.err avahi-daemon[2584]: Failed to create PID file: Permission denied
Il giorno martedì 8 novembre 2016 23:02:44 UTC+1, marlon brand ha scritto:
João Cardoso
Nov 11, 2016, 2:34:44 PM11/11/16
to Alt-F
On Friday, 11 November 2016 03:38:25 UTC, marlon brand wrote:
Trying to figure out war's the problem I tried to install a package I've never installed beforethe daap server for iTunes.
There are two, mt-daapd and forked-daapd. I suppose you mean forked-daapd, as it depends on avahi, where the errors appears.
installation and configuration runs smoothly from web uibut the service doesn't startlooking at system log report i see these linesNov 11 04:29:33 DNS-325 daemon.info avahi-daemon[2584]: Found user 'avahi' (UID 68) and group 'avahi' (GID 68). Nov 11 03:29:33 DNS-325 daemon.info avahi-daemon[2584]: Successfully dropped root privileges. Nov 11 03:29:33 DNS-325 daemon.err avahi-daemon[2584]: open(/var/run/avahi-daemon//pid): Permission denied Nov 11 03:29:33 DNS-325 daemon.err avahi-daemon[2584]: Failed to create PID file: Permission denied
That means that /var/run has the wrong ownership or permissions.
In the first place, /var/run must be a symbolic link to /tmp/run.
In my system:
[root@DNS-327L]# ls -l /var/runlrwxrwxrwx 1 root root 8 Jan 1 1970 /var/run -> /tmp/run
[root@DNS-327L]# ls -l /var/run/total 36drwxr-xr-x 16 root root 540 Nov 11 19:20 .drwxrwxrwt 12 root root 360 Nov 11 19:20 ..drwxr-xr-x 2 avahi avahi 80 Nov 11 19:20 avahi-daemondrwxr-xr-x 2 root root 60 Nov 11 19:20 dbusdrwxr-xr-x 2 daapd multimed 60 Nov 11 19:20 forked-daapd
...
[root@DNS-327L]# ls -l /var/run/avahi-daemon/total 4drwxr-xr-x 2 avahi avahi 80 Nov 11 19:20 .drwxr-xr-x 16 root root 540 Nov 11 19:20 ..-rw-r--r-- 1 avahi avahi 5 Nov 11 19:20 pidsrwxrwxrwx 1 avahi avahi 0 Nov 11 19:20 socket
Are you sure that there are not stray files and folders under /Alt-F? Difficult to say which, as that depends on the user setup.
If that folder (in reality /mnt/<whatever>/Alt-F) was manipulated very bad thinks might happen. The faster cure is to just uninstall all Alt-F packages from disk and restart fresh. You can do that under Packages->Alt-F, and probably need a reboot afterwards.
What version of Alt-F are you running? RC4.1 or RC5 ?
marlon brand
Nov 11, 2016, 4:16:25 PM11/11/16
to Alt-F
this is what I get from command line
[root@DNS-325]# ls -l /var/run
lrwxrwxrwx 1 root root 8 Jan 1 1970 /var/run -> /tmp/run
[root@DNS-325]# ls -l /var/run/
total 32
-rw-r--r-- 1 root root 4 Nov 11 21:51 crond.pid
-rw-r--r-- 1 root root 10 Nov 11 21:51 ifstate
-rw-r--r-- 1 root root 4 Nov 11 21:51 inetd.pid
drwxr-xr-x 2 root root 40 Jan 1 1970 mdadm
-rw-r--r-- 1 root root 4 Nov 11 21:51 nmbd.pid
-rw-r--r-- 1 root root 4 Nov 11 21:51 smbd.pid
-rw------- 1 root root 4 Nov 11 21:51 sysctrl.pid
-rw-r--r-- 1 root root 4 Nov 11 21:51 syslogd.pid
-rw-r--r-- 1 root root 768 Nov 11 21:56 utmp
drwxr-xr-x 2 root root 40 Nov 11 21:51 vsftpd
I'm running on RC5
Il giorno martedì 8 novembre 2016 23:02:44 UTC+1, marlon brand ha scritto:
João Cardoso
Nov 12, 2016, 11:12:07 AM11/12/16
to Alt-F
Looks OK.
But you said in your first post:
Basically he messed up access to disks and folders that now belongs all to user root and group root
So, there should be a lot of files with wrong permissions and ownership. And:
Can anyone advise if is there any chance for me to resume access to this system?even drastic solutions are welcome in order to get back to a clean installation
The "clean installation" (not affecting users data files) is to uninstall the Alt-F folder (*using* the webUI), clear settings, reboot and restart.
Otherwise, after solving this forked-daapd/avahi issue others will follow.
Regarding the avahi error: when you start forked-daapd, avahi-daemon is needed started, which by itself starts dbus. So you can focus on avahi, as dbus must be running ('rcdbus status' will tell you that)
To start a service, use 'rc<service> start|stop|status", such as 'rcavahi_daemon start'. That's a shortcut to the script /etc/init.d/S50avahi_daemon who does the real thing, setting up folders and starting the avahi-program, which by itself reads its pwn configuration files. The script can be edited for easy debugging or customizing it.
Those are some of the the files, permissions and ownership:
[root@DNS-327L]# ls -l /usr/sbin/avahi-daemon-rwxr-xr-x 1 root root 96732 Nov 11 18:12 /usr/sbin/avahi-daemon[root@DNS-327L]# ls -l /etc/avahi/total 20drwxr-xr-x 5 avahi avahi 140 Nov 12 15:02 .drwxr-xr-x 49 root root 4096 Nov 12 15:02 ..-rwxr-xr-x 1 avahi avahi 2509 Jun 24 17:02 avahi-autoipd.action-rw-r--r-- 1 avahi avahi 1560 Jun 24 17:02 avahi-daemon.conf-rwxr-xr-x 1 avahi avahi 2743 Jun 24 17:02 avahi-dnsconfd.action-rw-r--r-- 1 avahi avahi 1121 Jun 24 17:02 hostsdrwxr-xr-x 2 avahi avahi 560 Nov 12 15:05 services[root@DNS-327L]# ls -l /etc/avahi/services/total 60drwxr-xr-x 2 avahi avahi 560 Nov 12 15:05 .drwxr-xr-x 5 avahi avahi 140 Nov 12 15:02 ..-rw-r--r-- 1 avahi avahi 253 Nov 11 18:12 afpovertcp.service--rw-r--r-- 1 avahi avahi 248 Nov 11 18:12 daap.service--rw-r--r-- 1 avahi avahi 245 Nov 11 18:12 ftp.service-rw-r--r-- 1 avahi avahi 247 Nov 11 18:12 ftps.service-rw-r--r-- 1 avahi avahi 261 Nov 11 18:12 http.service-rw-r--r-- 1 avahi avahi 270 Nov 11 18:12 https.service-rw-r--r-- 1 avahi avahi 246 Nov 11 18:12 ipp.service--rw-r--r-- 1 avahi avahi 300 Nov 11 18:12 nfs.service--rw-r--r-- 1 avahi avahi 246 Nov 11 18:12 ntp.service-rw-r--r-- 1 avahi avahi 250 Nov 11 18:12 printer.service-rw-r--r-- 1 avahi avahi 248 Nov 11 18:12 rsync.service-rw-r--r-- 1 avahi avahi 250 Nov 11 18:12 sftp-ssh.service-rw-r--r-- 1 avahi avahi 246 Nov 11 18:12 smb.service-rw-r--r-- 1 avahi avahi 245 Nov 11 18:12 ssh.service-rw-r--r-- 1 avahi avahi 248 Nov 11 18:12 telnet.service
The log after starting the service:
Nov 12 15:05:02 DNS-327L daemon.info avahi-daemon[1954]: Found user 'avahi' (UID 68) and group 'avahi' (GID 68).
Nov 12 15:05:02 DNS-327L daemon.info avahi-daemon[1954]: Successfully dropped root privileges.
Nov 12 15:05:02 DNS-327L daemon.info avahi-daemon[1954]: avahi-daemon 0.6.31 starting up.
Nov 12 15:05:02 DNS-327L daemon.warn avahi-daemon[1954]: WARNING: No NSS support for mDNS detected, consider installing nss-mdns!
Nov 12 15:05:02 DNS-327L daemon.info avahi-daemon[1954]: Loading service file /etc/avahi/services/ftp.service.
Nov 12 15:05:02 DNS-327L daemon.info avahi-daemon[1954]: Loading service file /etc/avahi/services/ftps.service.
Nov 12 15:05:02 DNS-327L daemon.info avahi-daemon[1954]: Loading service file /etc/avahi/services/http.service.
Nov 12 15:05:02 DNS-327L daemon.info avahi-daemon[1954]: Loading service file /etc/avahi/services/https.service.
Nov 12 15:05:02 DNS-327L daemon.info avahi-daemon[1954]: Loading service file /etc/avahi/services/ntp.service.
Nov 12 15:05:02 DNS-327L daemon.info avahi-daemon[1954]: Loading service file /etc/avahi/services/printer.service.
Nov 12 15:05:02 DNS-327L daemon.info avahi-daemon[1954]: Loading service file /etc/avahi/services/rsync.service.
Nov 12 15:05:02 DNS-327L daemon.info avahi-daemon[1954]: Loading service file /etc/avahi/services/sftp-ssh.service.
Nov 12 15:05:02 DNS-327L daemon.info avahi-daemon[1954]: Loading service file /etc/avahi/services/smb.service.
Nov 12 15:05:02 DNS-327L daemon.info avahi-daemon[1954]: Loading service file /etc/avahi/services/ssh.service.
Nov 12 15:05:02 DNS-327L daemon.info avahi-daemon[1954]: Loading service file /etc/avahi/services/telnet.service.
Nov 12 15:05:02 DNS-327L daemon.warn avahi-daemon[1954]: socket() failed: Address family not supported by protocol
Nov 12 15:05:02 DNS-327L daemon.notice avahi-daemon[1954]: Failed to create IPv6 socket, proceeding in IPv4 only mode
Nov 12 15:05:02 DNS-327L daemon.warn avahi-daemon[1954]: socket() failed: Address family not supported by protocol
Nov 12 15:05:02 DNS-327L daemon.info avahi-daemon[1954]: Joining mDNS multicast group on interface eth0.IPv4 with address 192.168.1.69.
Nov 12 15:05:02 DNS-327L daemon.info avahi-daemon[1954]: New relevant interface eth0.IPv4 for mDNS.
Nov 12 15:05:02 DNS-327L daemon.info avahi-daemon[1954]: Network interface enumeration completed.
Nov 12 15:05:02 DNS-327L daemon.info avahi-daemon[1954]: Registering new address record for 192.168.1.69 on eth0.IPv4.
Nov 12 15:05:02 DNS-327L daemon.info avahi-daemon[1954]: Registering HINFO record with values 'ARMV7L'/'LINUX'.
Nov 12 15:05:03 DNS-327L daemon.info avahi-daemon[1954]: Server startup complete. Host name is DNS-327L.local. Local service cookie is 3051134004.
Nov 12 15:05:04 DNS-327L daemon.info avahi-daemon[1954]: Service "DNS-327L" (/etc/avahi/services/telnet.service) successfully established.
Nov 12 15:05:04 DNS-327L daemon.info avahi-daemon[1954]: Service "DNS-327L" (/etc/avahi/services/ssh.service) successfully established.
Nov 12 15:05:04 DNS-327L daemon.info avahi-daemon[1954]: Service "DNS-327L" (/etc/avahi/services/smb.service) successfully established.
Nov 12 15:05:04 DNS-327L daemon.info avahi-daemon[1954]: Service "DNS-327L" (/etc/avahi/services/sftp-ssh.service) successfully established.
Nov 12 15:05:04 DNS-327L daemon.info avahi-daemon[1954]: Service "DNS-327L" (/etc/avahi/services/rsync.service) successfully established.
Nov 12 15:05:04 DNS-327L daemon.info avahi-daemon[1954]: Service "DNS-327L" (/etc/avahi/services/printer.service) successfully established.
Nov 12 15:05:04 DNS-327L daemon.info avahi-daemon[1954]: Service "DNS-327L" (/etc/avahi/services/ntp.service) successfully established.
Nov 12 15:05:04 DNS-327L daemon.info avahi-daemon[1954]: Service "Secure Alt-F webUI on DNS-327L" (/etc/avahi/services/https.service) successfully established.
Nov 12 15:05:04 DNS-327L daemon.info avahi-daemon[1954]: Service "Alt-F webUI on DNS-327L" (/etc/avahi/services/http.service) successfully established.
Nov 12 15:05:04 DNS-327L daemon.info avahi-daemon[1954]: Service "DNS-327L" (/etc/avahi/services/ftps.service) successfully established.
Nov 12 15:05:04 DNS-327L daemon.info avahi-daemon[1954]: Service "DNS-327L" (/etc/avahi/services/ftp.service) successfully established.
marlon brand
Nov 13, 2016, 4:09:59 AM11/13/16
to Alt-F
thanks Joao
I've moved to a clean state by reinstalling ALT-F
Samba now works as expected, but still I can't make synching work
after launching it from webui the program fail to start and this is what the log reports
[monitor] 09:03:08 INFO: Starting syncthing [monitor] 09:03:08 FATAL: open /dev/null: permission denied
I can start it from command line (as root) with assigned port 8384
but synching web ui is not accessible neither at 127.0.0.1:8384 nor at <nas-ip>:8383
what is happening now?
Il giorno martedì 8 novembre 2016 23:02:44 UTC+1, marlon brand ha scritto:
João Cardoso
Nov 13, 2016, 11:21:38 AM11/13/16
to Alt-F
On Sunday, 13 November 2016 09:09:59 UTC, marlon brand wrote:
thanks JoaoI've moved to a clean state by reinstalling ALT-FSamba now works as expected, but still I can't make synching workafter launching it from webui the program fail to start and this is what the log reports[monitor] 09:03:08 INFO: Starting syncthing [monitor] 09:03:08 FATAL: open /dev/null: permission denied
I can't reproduce that. What are /dev/null permissions? Evberybody should have read/write permissions on it:
[root@DNS-327L]# ls -l /dev/nullcrw-rw-rw- 1 root root 1, 3 Nov 11 18:12 /dev/null
I can start it from command line (as root) with assigned port 8384
The right way to start it is using 'rcsyncthing start|stop|status|restart' (rcsyncthing is a shortcut to /etc/init.d/S81syncthing, the script that really starts it).
If you start any program as the root user, some files might be created under his ownership, and later on, when running it under another user those files can't be read or written, giving permission errors. This applies to *all* services.
syncthing runs as user syncthing and belongs group sync. Just a couple of examples:
[root@DNS-327L]# ls -l /var/log/syncthing/ /var/run/syncthing/ /var/lib/syncthing//var/log/syncthing/:drwxr-xr-x 2 syncthin sync 60 Nov 13 15:58 .-rw-r--r-- 1 syncthin sync 1762 Nov 13 16:02 syncthing.log/var/run/syncthing/:drwxr-xr-x 2 syncthin sync 60 Nov 13 15:58 .-rw-r--r-- 1 syncthin sync 5 Nov 13 16:02 syncthing.pid
/var/lib/syncthing/:-rw-r--r-- 1 syncthin sync 619 Oct 21 18:25 cert.pem-rw------- 1 syncthin sync 2119 Oct 21 18:25 config.xml-rw------- 1 syncthin sync 33 Nov 13 16:03 csrftokens.txt-rw-r--r-- 1 syncthin sync 1066 Nov 13 15:59 https-cert.pem-rw------- 1 syncthin sync 1675 Nov 13 15:59 https-key.pemdrwxr-xr-x 2 syncthin sync 4096 Nov 13 16:02 index-v0.13.0.db-rw------- 1 syncthin sync 288 Oct 21 18:25 key.pem
but synching web ui is not accessible neither at 127.0.0.1:8384 nor at <nas-ip>:8383what is happening now?
Can't reproduce that
marlon brand
Nov 13, 2016, 12:21:59 PM11/13/16
to Alt-F
from command lini I get your very same results
[root@DNS-325]# ls -l /dev/null
crw-rw-rw- 1 root root 1, 3 Jun 25 16:30 /dev/null
I can't understand why the log message reports access denied
in any case , I can't start synchthing web ui neither from command line nor from alt-f web ui ..
Il giorno martedì 8 novembre 2016 23:02:44 UTC+1, marlon brand ha scritto:
marlon brand
Nov 13, 2016, 3:27:47 PM11/13/16
to Alt-F
For your info
issue got solved itself
I checked the option to start at boot and now it start correctly
port has been changed to 8088 by the system
Il giorno martedì 8 novembre 2016 23:02:44 UTC+1, marlon brand ha scritto:
Reply all
Reply to author
Forward
0 new messages