2017-07-24 06:33 CEST

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0001759openmediavaultBugpublic2017-07-06 22:35
Reporterjohn3voltas 
Assigned Tovotdev 
PriorityhighSeverityminorReproducibilityalways
StatusresolvedResolutionfixed 
Product VersionErasmus (3.x) 
Target VersionFixed in VersionErasmus (3.x) 
Summary0001759: FTP running although it's disabled
DescriptionLooking at Diagnostics > Dashboard I can see FTP is disabled but running.
Services > FTP clearly shows a disabled icon but the truth is I can FTP into this OMV instance. :-O
Steps To ReproduceJust install OMV3 (iso from sourceforge), install, update, et voilá.
Additional Informationtrying to mitigate the issue:
- I enabled the service
- Saved/applied
- Disabled the service again
- Saved/applied again.
Now Diagnostics > Dashboard shows FTP disabled and not running.
And now I actually cannot FTP into this OMV instance.
Rebooted OMV and now everything looks fine. Diagnostics > Dashboard keeps showing FTP as disabled and not running and now, as expected, I can't FTP into the box.
I consider this a sort of a security issue because FTP is a liability and the GUI shows contradicting information on a freshly installed OMV 3 box.
I think this is also happening with SMB, NFS and SNMP.
Tagsftp
Product build3.0.79
Attached Files

-Relationships
+Relationships

-Notes

~0004799

votdev (administrator)

Last edited: 2017-06-12 12:55

View 2 revisions

I really don't know why this happens because the services are disabled in debian/postinst during the package installation, see https://github.com/openmediavault/openmediavault/blob/3.x/deb/openmediavault/debian/openmediavault.postinst#L106. This issue is not reproductible if you setup a development system via Vagrant.

Any hint is welcome.

~0004800

votdev (administrator)

Last edited: 2017-06-12 16:10

View 2 revisions

Maybe systemd is the reason: https://major.io/2016/05/05/preventing-ubuntu-16-04-starting-daemons-package-installed, but this would not explain why this behaviour does not occur if you are using Vagrant to setup a VM. Maybe something from live-build or the Debian installer does some additional actions that wil result in this behaviour.

~0004801

RomaNNN (reporter)

It happens even if install OMV 3 on clean debian minimal (via apt) and not only with ftp.

~0004829

john3voltas (reporter)

Just tried it again today on a VMware Player VM and I get the same results.
And I am not dreaming, the services are really enabled even though in the GUI they look to be configured in order to be disabled.
Systemctl confirms that proftpd is enabled and I am sure it will do the same with the other services like SMB, etc.
If this is not reproducible with Vagrant there's nothing you guys can do? Because this clearly ain't a vitualbox issue...
I'm leaving some GUI screenshots of a VM freshly installed.

~0004830

john3voltas (reporter)

GUI screenshot with FTP service disabled.

~0004831

john3voltas (reporter)

GUI screenshot with SMB service disabled.

~0004832

john3voltas (reporter)

GUI screenshot with SNMP service disabled.

~0004833

john3voltas (reporter)

CLI screenshot with systemctl showing services are in fact enabled.

~0004835

votdev (administrator)

Question has been asked how to disable services in debian/postinst, see https://lists.debian.org/debian-dpkg/2017/07/msg00000.html.

According your problem. I really do not understand how to reproduce this behaviour, but it is not e general bug, otherwise this would not work for many many many thousands OMV users.

The interesting part is how the system acts if you try to disable the service via CLI, e.g.

# systemctrl stop proftpd

The related code is here: https://github.com/openmediavault/openmediavault/blob/3.x/deb/openmediavault/usr/share/php/openmediavault/system/systemctl.inc. No really special thing, only executing systemctrl with arguments.

The main problem is this: https://github.com/openmediavault/openmediavault/blob/3.x/deb/openmediavault/debian/openmediavault.postinst#L97. See questin in Debian mailing list above.

To workaround this issue you simply have to go to the service pages, click enable, save, click disable, save, apply configuration changes. Voila, the service is stopped.

~0004836

john3voltas (reporter)

"...but it is not e general bug, otherwise this would not work for many many many thousands OMV users."

Well, I'm not saying this is a general bug, nor am I implying that it is occuring on all the thousands of OMV systems that exist all over the place.
People use virtualization for many purposes but surely not for NAS appliances, so this is obvisously not impacting production OMV systems.
But from my little experience with it, I would say that there must be hundreds of testing OMV systems installed on VM's. From those hundreds, a smaller portion will be using VMware Player/Virtualbox and some of those (or perhaps all of those) should be experiencing the exact same issue that myself and RomaNNN have tried to show on this bug.
I found at least 3 or 4 people on IRC channel that already knew about it before I asked for help. So this is surely not an isolated random case.

Tomorrow I'll try this out on a VMware ESXi 5.5 VM and next week I'll try to find some physical server where I can install OMV. I'll keep you posted.
Cheers

~0004837

john3voltas (reporter)

After all I still found a bit of time to test it on VMware ESXi 5.5 today.
The result was exactly the same: looking at the dashboard all the aforementioned services are automatically enabled and started even though they are actually disabled in the configuration section of the GUI.
So far I've run these tests on two different hypervisor hardware (an HP laptop and an HP server) and on three different hypervisor software (VMware ESXi, VMware Player and Oracle Virtualbox).

I now am looking forward to finding a free physical server so that I can test it on a real machine.
Cheers

~0004838

votdev (administrator)

Fixed with the 3.0.82 ISO image.
+Notes

-Issue History
Date Modified Username Field Change
2017-06-10 22:18 john3voltas New Issue
2017-06-10 22:18 john3voltas Status new => assigned
2017-06-10 22:18 john3voltas Assigned To => votdev
2017-06-10 22:18 john3voltas Tag Attached: ftp
2017-06-12 12:55 votdev Note Added: 0004799
2017-06-12 12:55 votdev Note Edited: 0004799 View Revisions
2017-06-12 16:08 votdev Note Added: 0004800
2017-06-12 16:10 votdev Note Edited: 0004800 View Revisions
2017-06-12 23:51 RomaNNN Note Added: 0004801
2017-07-06 08:08 john3voltas File Added: omv_dashboard.jpg
2017-07-06 08:08 john3voltas Note Added: 0004829
2017-07-06 08:09 john3voltas File Added: omv_ftp_disabled.jpg
2017-07-06 08:09 john3voltas Note Added: 0004830
2017-07-06 08:10 john3voltas File Added: omv_smb_disabled.jpg
2017-07-06 08:10 john3voltas Note Added: 0004831
2017-07-06 08:11 john3voltas File Added: omv_snmp_disabled.jpg
2017-07-06 08:11 john3voltas Note Added: 0004832
2017-07-06 08:14 john3voltas File Added: omv_systemctl.jpg
2017-07-06 08:14 john3voltas Note Added: 0004833
2017-07-06 10:54 votdev Note Added: 0004835
2017-07-06 18:30 john3voltas Note Added: 0004836
2017-07-06 21:02 john3voltas Note Added: 0004837
2017-07-06 22:35 votdev Status assigned => resolved
2017-07-06 22:35 votdev Resolution open => fixed
2017-07-06 22:35 votdev Fixed in Version => Erasmus (3.x)
2017-07-06 22:35 votdev Note Added: 0004838
+Issue History