DSM-G600, DNS-3xx and NSA-220 Hack Forum
Unfortunately no one can be told what fun_plug is - you have to see it for yourself.
You are not logged in.
Announcement
IRC Channel #funplug on irc.freenode.org
#1 2008-10-07 20:43:59
- halfsoul
- Member
- Registered: 2008-01-28
- Posts: 57
FTP Broken and ffp woes
Hi all,
I am battling what appears to be multiple issues, and the single-point failure solution eludes me. Any help you can give will be much appreciated. First brief background:
1. I have been using ffp 0.5 on usb for quite some time.
2. I run two independent drives with nightly backup using crontab & rsync.
3. I run an ftp server to a specific folder for anonymous access
4. FW 1.05
5. Started to set up OpenVPN, but got too busy to continue.
1st Symptom (resolved): A friend informed me that he could no longer access my anonymous ftp folder, that it was requiring a password.
2nd Symptom (resolved): When I checked the ftp settings via web utility, the user account assigned to that folder was "ftp" instead of anonymous. I had never created this account, and it was not even a valid user.
- I deleted the ftp server for that location, then created a new folder share with the "Anonymous" account
3rd Symptom (persistent): Now I can successfully log in anonymously, but there are zero files/folders displayed, as if the directory were empty.
4th Symptom (resolved): I attempted to telnet in to grab some logs, but the putty window closed immediately as if the telnet service wasn't even running.
- I replaced my fun_plug with a known-good backup to boot ffp from the HDD instead of USB = still no telnet
- I installed a brand-new ffp = telnet access works
- I tried my original fun_plug (usb) and the known-good backup (HDD) with new ffp dir structure = no telnet
- solution was removing the duplicate ftp user (thanks fonz)
The 3rd symptom is my first priority. Here are some of the troubleshooting steps I've taken to address the FTP issue (all to no avail):
- delete all ftp accounts, stop ftp server, re-add solitary anonymous folder
- Restore Factory defaults & no funplug
- Confirmed via rsync logs that no unwanted file changes have occured (or at least been recognized & copied)
- Power-cycled everything upstream of the DNS (switch, router, modem)
- Confirmed via router that port 21 is forwarded
- Confirmed via ShieldsUp! that port 21 is open
- Disabled other servers & optionals (UPnP, iTunes, DHCP, LLTD, DDNS, Jumbo Frames)
- Unplug USB entirely
The 4th symptom is the most puzzling to me. How could ffp just stop working all of a sudden, but a new version works fine?? Here are some of the troubleshooting steps I've taken to address the ffp issue (all to no avail):
- Confirmed via rsync logs that no fun_plug files have changed (or at least been recognized & copied)
- Restore Factory defaults
- Unplug USB entirely
Here is the ffp log for a good (fresh install) start:
Code:
**** fun_plug script for DNS-323 (2008-08-11 tp@fonz.de) **** Tue Oct 7 10:42:27 GMT 2008 ln -snf /mnt/HD_a2/ffp /ffp * Running /ffp/etc/fun_plug.init ... * Running /ffp/etc/rc ... * /ffp/start/syslogd.sh inactive * /ffp/start/SERVERS.sh inactive * /ffp/start/portmap.sh inactive * /ffp/start/unfsd.sh inactive * /ffp/start/nfsd.sh inactive * /ffp/start/ntpd.sh inactive * /ffp/start/LOGIN.sh inactive * /ffp/start/telnetd.sh ... Starting /ffp/sbin/telnetd -l /ffp/bin/sh * /ffp/start/sshd.sh inactive * /ffp/start/rsyncd.sh inactive * /ffp/start/mediatomb.sh inactive * /ffp/start/kickwebs.sh inactive * /ffp/start/lighttpd.sh inactive * /ffp/start/inetd.sh inactive * OK
Here is a failed ffp startup from USB (original):
Code:
**** fun_plug script for DNS-323 (2008-04-13 tp@fonz.de) **** Mon Oct 6 10:15:26 GMT 2008 Found usb-storage.ko module. Copying... insmod usb-storage.ko ln -snf /mnt/HD_a2/ffp /ffp Waiting for ee750485-1b0a-414f-a32d-4c2f8d7f9e75 (up to 30 seconds) ... /dev/sdc1: UUID="ee750485-1b0a-414f-a32d-4c2f8d7f9e75" TYPE="ext2" /dev/sdc1: UUID="ee750485-1b0a-414f-a32d-4c2f8d7f9e75" TYPE="ext2" Success. Found ee750485-1b0a-414f-a32d-4c2f8d7f9e75. Mounting /dev/sdc1 on /mnt/USB USB stick mounted * Found FFP on USB device ln -snf /mnt/USB/ffp /ffp * Running /ffp/etc/rc ... * /ffp/start/rcS.sh ... utmp:x:22: * /ffp/start/adjtimex.sh inactive * /ffp/start/passwd.sh ... Saving /etc/passwd to /etc/passwd.orig ... Changing shells: /bin/sh -> /ffp/bin/sh ... Updating /etc/shadow ...
Here is a failed ffp startup from HDD (known-good backup):
Code:
**** fun_plug script for DNS-323 (2008-04-13 tp@fonz.de) **** Mon Oct 6 09:01:19 GMT 2008 ln -snf /mnt/HD_a2/ffp /ffp * Running /ffp/etc/rc ... * /ffp/start/rcS.sh ... utmp:x:22: * /ffp/start/adjtimex.sh inactive * /ffp/start/passwd.sh ... Saving /etc/passwd to /etc/passwd.orig ... Changing shells: /bin/sh -> /ffp/bin/sh ... Updating /etc/shadow ...
How is this possible?? Why are rcS.sh & passwd.sh being executed when they are not executable in the /mnt/HD_a2/ffp/start dir? They are only executable in the /mnt/HD_a2/ffp_old/start dir!
Code:
/mnt/usb/ffp/start # ls -l -rw-r--r-- 1 root root 52 Apr 19 05:26 LOGIN.sh -rw-r--r-- 1 root root 36 Apr 19 05:26 SERVERS.sh -rw-r--r-- 1 root root 698 Apr 19 05:26 adjtimex.sh -rwxr-xr-x 1 root root 381 Aug 14 16:42 editcron.sh -rw-r--r-- 1 root root 203 Apr 19 04:11 inetd.sh -rw-r--r-- 1 root root 229 Apr 15 06:06 kickwebs.sh -rw-r--r-- 1 root root 223 Apr 15 06:06 lighttpd.sh -rw-r--r-- 1 root root 267 Apr 15 06:52 mediatomb.sh -rw-r--r-- 1 root root 1468 Apr 15 13:50 nfsd.sh -rw-r--r-- 1 root root 526 Apr 15 09:00 ntpd.sh -rwxr-xr-x 1 root root 552 Apr 19 05:26 passwd.sh -rw-r--r-- 1 root root 160 Apr 15 14:18 portmap.sh -rwxr-xr-x 1 root root 861 Apr 19 05:26 rcS.sh -rw-r--r-- 1 root root 224 Apr 15 23:37 rsyncd.sh -rwxr-xr-x 1 root root 534 Apr 19 05:26 shells.sh -rw-r--r-- 1 root root 971 Apr 14 13:19 sshd.sh -rw-r--r-- 1 root root 398 Apr 19 04:11 syslogd.sh -rwxr-xr-x 1 root root 169 Apr 19 05:26 telnetd.sh -rw-r--r-- 1 root root 998 Apr 16 13:33 unfsd.sh -rw-r--r-- 1 root root 2064 Apr 19 05:26 usbdisk.sh /mnt/usb/ffp/start # ls -l /mnt/HD_a2/ffp_old/start -rw-r--r-- 1 root root 52 Apr 19 05:26 LOGIN.sh -rw-r--r-- 1 root root 36 Apr 19 05:26 SERVERS.sh -rw-r--r-- 1 root root 698 Apr 19 05:26 adjtimex.sh -rw-r--r-- 1 root root 203 Apr 19 04:11 inetd.sh -rw-r--r-- 1 root root 229 Apr 15 06:06 kickwebs.sh -rw-r--r-- 1 root root 223 Apr 15 06:06 lighttpd.sh -rw-r--r-- 1 root root 267 Apr 15 06:52 mediatomb.sh -rw-r--r-- 1 root root 1468 Apr 15 13:50 nfsd.sh -rw-r--r-- 1 root root 526 Apr 15 09:00 ntpd.sh -rwxr-xr-x 1 root root 552 Apr 19 05:26 passwd.sh -rw-r--r-- 1 root root 160 Apr 15 14:18 portmap.sh -rwxr-xr-x 1 root root 861 Apr 19 05:26 rcS.sh -rw-r--r-- 1 root root 224 Apr 15 23:37 rsyncd.sh -rwxr-xr-x 1 root root 534 Apr 19 05:26 shells.sh -rw-r--r-- 1 root root 971 Apr 14 13:19 sshd.sh -rw-r--r-- 1 root root 398 Apr 19 04:11 syslogd.sh -rwxr-xr-x 1 root root 169 Apr 19 05:26 telnetd.sh -rw-r--r-- 1 root root 998 Apr 16 13:33 unfsd.sh -rw-r--r-- 1 root root 2064 Apr 19 05:26 usbdisk.sh /mnt/usb/ffp/start # ls -l /mnt/HD_a2/ffp/start -rw-r--r-- 1 root root 52 Aug 17 06:29 LOGIN.sh -rw-r--r-- 1 root root 35 Aug 17 06:29 SERVERS.sh -rw-r--r-- 1 root root 203 Sep 29 11:45 inetd.sh -rw-r--r-- 1 root root 229 Sep 30 03:19 kickwebs.sh -rw-r--r-- 1 root root 223 Sep 30 03:19 lighttpd.sh -rw-r--r-- 1 root root 267 Apr 15 06:52 mediatomb.sh -rw-r--r-- 1 root root 1468 Apr 15 13:50 nfsd.sh -rw-r--r-- 1 root root 526 Apr 15 09:00 ntpd.sh -rw-r--r-- 1 root root 160 Apr 15 14:18 portmap.sh -rw-r--r-- 1 root root 224 Sep 14 07:02 rsyncd.sh -rw-r--r-- 1 root root 971 Sep 30 01:38 sshd.sh -rw-r--r-- 1 root root 383 Sep 29 11:45 syslogd.sh -rwxr-xr-x 1 root root 169 Sep 29 11:45 telnetd.sh -rw-r--r-- 1 root root 998 Apr 16 13:33 unfsd.sh
And finally, here is my last successful ffp startup using the original USB boot:
Code:
**** fun_plug script for DNS-323 (2008-04-13 tp@fonz.de) **** Thu Aug 14 15:57:07 GMT 2008 Found usb-storage.ko module. Copying... insmod usb-storage.ko ln -snf /mnt/HD_a2/ffp /ffp Waiting for ee750485-1b0a-414f-a32d-4c2f8d7f9e75 (up to 30 seconds) ... /dev/sdc1: UUID="ee750485-1b0a-414f-a32d-4c2f8d7f9e75" TYPE="ext2" /dev/sdc1: UUID="ee750485-1b0a-414f-a32d-4c2f8d7f9e75" TYPE="ext2" Success. Found ee750485-1b0a-414f-a32d-4c2f8d7f9e75. Mounting /dev/sdc1 on /mnt/USB USB stick mounted * Found FFP on USB device ln -snf /mnt/USB/ffp /ffp * Running /ffp/etc/rc ... * /ffp/start/rcS.sh ... * /ffp/start/adjtimex.sh inactive * /ffp/start/passwd.sh ... Saving /etc/passwd to /etc/passwd.orig ... Changing shells: /bin/sh -> /ffp/bin/sh ... Updating /etc/shadow ... * /ffp/start/shells.sh ... * /ffp/start/syslogd.sh inactive * /ffp/start/SERVERS.sh inactive * /ffp/start/usbdisk.sh inactive * /ffp/start/portmap.sh inactive * /ffp/start/unfsd.sh inactive * /ffp/start/nfsd.sh inactive * /ffp/start/ntpd.sh inactive * /ffp/start/LOGIN.sh inactive * /ffp/start/telnetd.sh ... Starting /ffp/sbin/telnetd -l /ffp/bin/sh * /ffp/start/sshd.sh inactive * /ffp/start/rsyncd.sh inactive * /ffp/start/mediatomb.sh inactive * /ffp/start/kickwebs.sh inactive * /ffp/start/lighttpd.sh inactive * /ffp/start/inetd.sh inactive * OK
I do not know what utmp:x:22: means, or why it appears in the bad logs only. I am quickly running out of ideas, and really hope someone knows a solution off the top of their head (or at least more troubleshooting ideas). Some of the things I am considering:
- removing executables even though they shouldn't be accessed (this won't solve the ftp issue anyway)
- re-flashing firmware
Thanks in advance for helping me. Until I get this sorted out I have pulled my second hard drive
edit: 4th issue resolved.
Last edited by halfsoul (2008-10-08 18:23:23)
Offline
#2 2008-10-07 21:26:06
Re: FTP Broken and ffp woes
You most likely have a duplicate ftp user. This is not a problem with the recent ffp versions, but made early 0.5 hang at /ffp/start/passwd.sh (-> no telnet)
See http://dns323.kood.org/howto:ffp#the_root_user (pwck and grpck).
Offline
#3 2008-10-08 18:20:42
- halfsoul
- Member
- Registered: 2008-01-28
- Posts: 57
Re: FTP Broken and ffp woes
fonz wrote:
You most likely have a duplicate ftp user. This is not a problem with the recent ffp versions, but made early 0.5 hang at /ffp/start/passwd.sh (-> no telnet)
See http://dns323.kood.org/howto:ffp#the_root_user (pwck and grpck).
fonz, you're the man, thank you!
However, my ftp is still broken. Any ideas on that front?
Thanks!
Offline
#4 2008-10-08 22:03:43
- halfsoul
- Member
- Registered: 2008-01-28
- Posts: 57
Re: FTP Broken and ffp woes
I finally took the relatively simple troubleshooting step of trying to access the DNS via FTP locally. It too fails, although all the communication seems to be operating normally. From the client log:
Code:
Status: Connecting to 192.168.0.200:21... Status: Connection established, waiting for welcome message... Response: 220---------- Welcome to Pure-FTPd [TLS] ---------- Response: 220-You are user number 1 of 10 allowed. Response: 220-Local time is now 11:56. Server port: 21. Response: 220 You will be disconnected after 2 minutes of inactivity. Command: USER anonymous Response: 230 Anonymous user logged in Command: SYST Response: 215 UNIX Type: L8 Command: FEAT Response: 211-Extensions supported: Response: EPRT Response: IDLE Response: MDTM Response: SIZE Response: REST STREAM Response: MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*; Response: MLSD Response: ESTP Response: PASV Response: EPSV Response: SPSV Response: ESTA Response: AUTH TLS Response: PBSZ Response: PROT Response: 211 End. Status: Connected Status: Retrieving directory listing... Command: PWD Response: 257 "/" is your current location Command: TYPE I Response: 200 TYPE is now 8-bit binary Command: PASV Response: 227 Entering Passive Mode (192,168,0,200,191,43) Command: LIST Response: 150 Accepted data connection Response: 226-ASCII Response: 226-Options: -l Response: 226 0 matches total Status: Directory listing successful
The DNS is still passing nothing to the client as if the folder were empty (I assure you it is not). What gives?? 
Offline
#5 2008-10-09 21:49:09
- halfsoul
- Member
- Registered: 2008-01-28
- Posts: 57
Re: FTP Broken and ffp woes
FINALLY! Got it solved
OK, I'm going to try and break this down in case anyone has a similar issue in the future. It seems the single-point failure I was seeking was fonz' original assessment: duplicate user entries. I still don't fully understand:
a) How the duplicate user entry came to be in the first place, and
b) why removing the duplicate user didn't solve my problem the first time, or
c) why hard resets and firmware flashes didn't fix it either
How I figured it out: I observed that newly-created users worked just fine. One thing I tried was to check the "All accounts" box when adding an ftp user, and was surprised to see three entries (attached):
ftp
testuser
anonymous
I was expecting only testuser and maybe anonymous, since I had deleted all other users and groups. I had previously discovered that pure-ftpd uses an account called "ftp" for Anonymous access, and also remembered my 2nd Symptom (see original post). With some more digging, I discovered that ftp account directory bindings are stored in /etc/passwd
Here is what mine contained:
Code:
/ # cat /etc/passwd root:x:0:0:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/bin/sh admin:x:500:500:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/bin/sh nobody:x:501:501:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/bin/sh ftp:x:95:95::/mnt/HD_a2/Media/Music/Indie:/bin/sh testuser:x:502:502:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/bin/sh ftp:*:95:95::/mnt/HD_a2/Media/Music/Indie:/bin/sh
At this point, I didn't know which ftp entry was the correct entry, so I guessed and used pwck to delete the second entry, then deleted the ftp user entry "ftp" via the web interface. For some reason (undoubtedly related to me deleting the wrong duplicate entry), an ftp user still existed:
Code:
/ # cat /etc/passwd root:x:0:0:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/bin/sh admin:x:500:500:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/bin/sh nobody:x:501:501:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/bin/sh ftp:x:95:95::/home/ftp:/bin/sh testuser:x:502:502:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/bin/sh
I added the Anonymous ftp user via the web interface again, and sure enough: the ftp user was duplicated again:
Code:
/ # cat /etc/passwd root:x:0:0:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/bin/sh admin:x:500:500:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/bin/sh nobody:x:501:501:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/bin/sh ftp:x:95:95::/home/ftp:/bin/sh testuser:x:502:502:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/bin/sh ftp:*:95:95::/mnt/HD_a2/Media/Music/Indie:
This time I deleted the correct passwd entry and viola, the anonymous account is restored!
Code:
/ # pwck duplicate password entry delete line 'ftp:x:95:95::/home/ftp:/bin/sh'? y user testuser: no group 502 user ftp: no group 95 pwck: the files have been updated / # cat /etc/passwd root:x:0:0:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/bin/sh admin:x:500:500:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/bin/sh nobody:x:501:501:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/bin/sh testuser:x:502:502:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/bin/sh ftp:*:95:95::/mnt/HD_a2/Media/Music/Indie:
Now for what I hope will be the last two questions of this thread:
1) Since I checked the "All accounts" box when adding an ftp user as part of my troubleshooting, the root, admin, and nobody users have a default ftp directory associated with them. Should I be concerned? If so, what is the correct way to restore default?
2) Can someone please verify that my passwd entries are OK/normal, perhaps even be good enough to post an example of your own passwd file?
Offline
#6 2008-10-09 23:02:57
Re: FTP Broken and ffp woes
Wow. Thanks for investigating the issue that thoroughly. I've added a link to your analysis to http://dns323.kood.org/howto:ffp#troubleshooting . I think others will find it useful 
1) Since I checked the "All accounts" box when adding an ftp user as part of my troubleshooting, the root, admin, and nobody users have a default ftp directory associated with them. Should I be concerned? If so, what is the correct way to restore default?
You can always use 'usermod -d' to adjust home directories. I've set all home directories to /mnt/HD_a2/home/<user> and never use the web interface (it's constantly asking to reformat, so I don't touch it). The tools in ffp should allow for complete user management without the help of the web interface.
2) Can someone please verify that my passwd entries are OK/normal, perhaps even be good enough to post an example of your own passwd file?
Looks ok to me. There's another file, /etc/shadow that stores encrypted passwords. There should be another line for each user (you can use pwconv to create missing entries).
Offline
#7 2008-10-13 20:03:16
- halfsoul
- Member
- Registered: 2008-01-28
- Posts: 57
Re: FTP Broken and ffp woes
I found a probable root cause. After implementing OpenVPN, activating the root user, and enabling SSL, ftp ceased to work again. I believe one of those three changed my user entries, because after making those changes my user definitions changed:
root@T4HDD:~# cat /etc/passwd
root:x:0:0:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/ffp/bin/sh
admin:x:500:500:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/bin/sh
nobody:x:501:501:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/bin/sh
ftp:x:95:95::/mnt/HD_a2/Media/Music/Indie:
sshd:x:33:33:sshd:/:/bin/false
(notice the x instead of a * in the ftp entry)
I made the correction (x to *) using vipw, and all was well again...
Code:
root@T4HDD:~# cat /etc/passwd root:x:0:0:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/ffp/bin/sh admin:x:500:500:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/bin/sh nobody:x:501:501:Linux User,,,:/mnt/HD_a2/Media/Music/Indie:/bin/sh ftp:*:95:95::/mnt/HD_a2/Media/Music/Indie: sshd:x:33:33:sshd:/:/bin/false
...until a reboot. Then the passwd reverted back to the non-anonymous configuration. Made the correction once again, then wrote to flash using store-passwd.sh
Now a reboot does not affect the anonymous ftp account. *whew*
I suspect the change occurred after creating the root password.
Offline