NAS520 Can't activate FTP-Server

tronic
tronic Posts: 1  Freshman Member
edited February 2018 in Personal Cloud Storage
Hello everyone,

ive got a problem with my NAS520 V5.21(AASZ.0)
Every time i try to start the FTP-server it changes the port and after that, it stops again.
In the log it looks like that:

What can i do?

Thanks in advance,
Josh

#NAS_January
«13

Answers

  • Wiasouda
    Wiasouda Posts: 156  Ally Member
    The ftp setting is simple, might not have the problem.
    Do you have configure any special setting or install 3party package?
    If you still can't find the root cause, reset would be the only way to solve.
  • Mark
    Mark Posts: 11  Freshman Member

    I Too have this issue. I have not been able to resolve it.

    If you get a solution I would be keen to know.

  • Mijzelf
    Mijzelf Posts: 1,796  Guru Member
    Can you login over ssh (as root), and post the output of
    sh -x /usr/local/sbin/vsftpd_start.sh


  • Mark
    Mark Posts: 11  Freshman Member

    Hi Mijzelf


    Please see the output as requested below. There are some errors highlighted.

    FYI I have ffp installed (I seem to recall I had an issue with NFS which was related to FFP but I cannot recall how I resolved it) - May be unrelated.


    Mark

    [email protected]_MASTER:~# sh -x /usr/local/sbin/vsftpd_start.sh


    + /bin/killall -9 pure-ftpd
    killall: pure-ftpd: no process killed
    + mkdir -p /home/shares
    + chmod 0777 /home/shares
    ++ /bin/ps
    ++ /bin/grep pure-ftpd
    ++ /bin/grep -v grep
    + PS=
    + '[' -n '' ']'
    + cat /proc/mounts
    + grep /home/shares/
    + sed -e 's/ (deleted)$//'
    + sed -e 's/\\040/ /g'
    + xargs umount
    + awk '{print $2}'
    + sed -e 's/^/"/g'
    + sed -e 's/$/"/g'
    Usage: umount -h | -V
           umount -a [-d] [-f] [-r] [-n] [-v] [-t vfstypes] [-O opts]
           umount [-d] [-f] [-r] [-n] [-v] special | node...
    + cat /proc/mounts
    + sed -e 's/\\040/ /g'
    + xargs umount
    + awk '{print $2}'
    + sed -e 's/^/"/g'
    + sed -e 's/$/"/g'
    + grep /home/shares/
    Usage: umount -h | -V
           umount -a [-d] [-f] [-r] [-n] [-v] [-t vfstypes] [-O opts]
           umount [-d] [-f] [-r] [-n] [-v] special | node...
    + find /home/shares -type d
    + grep -E '^\/home\/shares\/[0-9]+'
    + xargs rmdir
    + sed -e 's/$/"/g'
    + sed -e 's/^/"/g'
    + grep -v '^\/home\/shares$'
    + sort -r
    rmdir: missing operand
    Try `rmdir --help' for more information.
    + '[' '!' -d /etc/ssl/private ']'
    + '[' -f /etc/service_conf/CA.cer ']'
    + '[' -f /etc/service_conf/CA_key.cer ']'
    + cat /etc/service_conf/CA.cer /etc/service_conf/CA_key.cer
    + '[' -x /usr/local/sbin/pure-ftpd ']'
    + '[' -f /etc/service_conf/CA_key.cer ']'
    ++ cat /var/zyxel/pure-ftpd.arg
    cat: /var/zyxel/pure-ftpd.arg: No such file or directory
    + /bin/nice -n 20 /usr/local/sbin/pure-ftpd

  • Mark
    Mark Posts: 11  Freshman Member
    edited February 2018

    Hi Mijzelf

    Just playing with the command you gave me...

    The command Stops at the point you can see in the log...... At this point FTP works fine, until I break out of the script with ctrl-c.


    The issue seems to be with whatever the admin web interface is trying to do, Maybe it is not launching ftpd in the background with something like nohup??

    Just casting my mind back to my solaris / unix days many years ago!

  • Mijzelf
    Mijzelf Posts: 1,796  Guru Member
    The actual start command in that script is 
    /bin/nice -n 20 /usr/local/sbin/pure-ftpd `cat /var/zyxel/pure-ftpd.arg`<br>
    which means the contents of /var/zyxel/pure-ftpd.arg is provided as command line switches for pure-ftpd.
    On my box the file contains a '-B', which means pure-ftpd will daemonize. On your box the file is lacking, which means pure-ftpd stays in foreground, until you kill it with Ctrl-C. 
    So the question is, why is that file not available? 
    Did you run that command *after* the firmware tried to start the ftp server?
    This file should reflect your ftp server settings, and so it is generated when needed.

    According to grep the file is created by either /usr/local/apache/web_framework/models/ftp_main_model.pyc, which is a part of the webinterface, or by /usr/bin/applyservice.suid, which, as it's name suggests, indeed has the suid bit set. It is called by /sbin/zyshd, which is the firmware background daemon.
  • Mark
    Mark Posts: 11  Freshman Member

    Hi.

    Initially, "/var/zyxel/pure-ftpd.arg" does not exist at all.


    I tried to enable the FTP server via the web admin, which failed as before, and still there was no pure-ftpd.arg file. (So the web interface is not creating it)

    I manually created the file with "-B" as yours, Still no difference when enabling via the Web admin interface (so the web admin does not appear to be running the same script??).

    Manually running the script puts the FTPD in the background as you said.

    Do you know how I can find out what happens when I try to enable the FTPD via the web interface (The normal NAS log is not very helpful).

    How can I find out what scripts it is trying to run?

    I am using packages from "http://downloads.zyxel.nascentral.org/Users/Mijzelf/zypkg-repo/" could anything there be interfering (I can't think what)

    Any more ideas? 

  • Mijzelf
    Mijzelf Posts: 1,796  Guru Member

    I am using packages from "http://downloads.zyxel.nascentral.org/Users/Mijzelf/zypkg-repo/" could anything there be interfering (I can't think what)

    The Tweaks package can intercept the calls to the pure-ftpd binary, and add some command line switches. Of course that can interfere, although I have no reports that it actually does. (Apart from intended functionality.)
    How can I find out what scripts it is trying to run?
    If you have Tweaks installed, and the 'FTP Daemon Tweak' active, the binary pure-ftpd is exchanged by a script, which exec's the original binary.
    This gives a fighting chance to log the call stack.
    If you edit /usr/local/sbin/pure-ftpd (which can only be done with the Tweak active, else it's a ro binary), you'll find at the end
    <div>ftp_OnStart()</div><div>{</div><div>&nbsp; &nbsp; <snip><br>}<br></div><div><br></div><div>intercept_pure_ftpd()</div><div>{</div><div>	PKG_NAME=Tweaks</div><div>	TWEAKS_STORAGE=/tmp/.${PKG_NAME}/</div><div>	. ${TWEAKS_STORAGE}env</div><div>	[ -f /tmp/${PKG_NAME}.log ] && echo "` date ` $0 [email protected] ` cat ${TWEAKS_STORAGE}ftp_param `" >>/tmp/${PKG_NAME}.log<br></div><div>	exec /ram_bin${PUREFTPD} [email protected] ` cat ${TWEAKS_STORAGE}ftp_param `</div><div>}</div><div></div>
    the function intercept_pure_ftpd() does the real work here. The rest of the script above is the relevant part of the Tweaks webinterface and background daemon.

    You can change it this way:
    <div><div>ftp_OnStart()</div><div>{</div><div>&nbsp; &nbsp; <snip></div><div>}</div><div><br></div><div>ftp_stack_dump()</div><div>{</div><div>&nbsp; &nbsp; local self=$1</div><div>&nbsp; &nbsp; local parent=$( cat /proc/${self}/status | grep PPid | awk '{print $2}' )</div><div>&nbsp; &nbsp; local cmdline=$( cat /proc/${self}/cmdline | tr '\0' ' ' )</div><div>&nbsp; &nbsp; local exe=$( readlink /proc/${self}/exe || echo unknown )</div><div>&nbsp; &nbsp; echo "${self} ${exe} => ${cmdline}"</div><div>&nbsp; &nbsp; [ ${parent} -eq 1 ] && return</div><div>&nbsp; &nbsp; ftp_stack_dump ${parent}</div><div>}</div><div><br></div><div>intercept_pure_ftpd()</div><div>{</div><div>	PKG_NAME=Tweaks</div><div>	TWEAKS_STORAGE=/tmp/.${PKG_NAME}/</div><div>	. ${TWEAKS_STORAGE}env</div><div><br></div><div>	date >>/tmp/pure_ftpd.log</div><div>	ftp_stack_dump $$ >>/tmp/pure_ftpd.log</div><div>	</div><div>	[ -f /tmp/${PKG_NAME}.log ] && echo "` date ` $0 [email protected] ` cat ${TWEAKS_STORAGE}ftp_param `" >>/tmp/${PKG_NAME}.log</div><div>	exec /ram_bin${PUREFTPD} [email protected] ` cat ${TWEAKS_STORAGE}ftp_param `</div><div>}</div></div><div></div>
    Now dis- and enable the ftpserver in Control Panel->Services->FTP. A stackdump should show up in /tmp/pure_ftpd.log
    On my box I get:
    <div><div><span>Sat Feb&nbsp; 3 11:13:46 CET 2018
    </span>17875 /bin/busybox => /bin/sh /usr/local/sbin/pure-ftpd -A -B -b -D -H -M -l pam -R -U 000:000 -S 21 -L 200000:5 -J ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA2 -8 utf-8 -9 SHIFT_JIS -c 20 -C 20 -I 15 -E -Y 0&nbsp;</div><div>17838 /bin/busybox => /bin/sh /usr/local/sbin/vsftpd_start.sh&nbsp;</div><div>1336 /usr/bin/python2.7 => python /usr/local/apache/web_framework/main_wsgi.pyc&nbsp;</div></div><div></div>
    This stupid forum makes it a bit unreadable. The first line is the timestamp. Then each line starts with the PID of the program, then the executable involved, and then => the command line.
    The next line is the caller.
    As you can see the root is a python script.

    Of course it's hard to log why the file /var/zyxel/pure-ftpd.arg does [i]not[/i] exist. I think it should be possible to intercept the creation of that file, but you can't intercept the lack of that.

  • Mijzelf
    Mijzelf Posts: 1,796  Guru Member
    The forum really does it's best to screw up my code. In edit mode the newlines are honored, when I post the comment they are stripped.

    So, without code tags, this is how the script should be:

    ftp_OnStart()
    {
    <snip>
    }

    ftp_stack_dump()
    {
        local self=$1
        local parent=$( cat /proc/${self}/status | grep PPid | awk '{print $2}' )
        local cmdline=$( cat /proc/${self}/cmdline | tr '\0' ' ' )
        local exe=$( readlink /proc/${self}/exe || echo unknown )
        echo "${self} ${exe} => ${cmdline}"
        [ ${parent} -eq 1 ] && return
        ftp_stack_dump ${parent}
    }

    intercept_pure_ftpd()
    {
    PKG_NAME=Tweaks
    TWEAKS_STORAGE=/tmp/.${PKG_NAME}/
    . ${TWEAKS_STORAGE}env

    date >>/tmp/pure_ftpd.log
    ftp_stack_dump $$ >>/tmp/pure_ftpd.log
    [ -f /tmp/${PKG_NAME}.log ] && echo "` date ` $0 [email protected] ` cat ${TWEAKS_STORAGE}ftp_param `" >>/tmp/${PKG_NAME}.log
    exec /ram_bin${PUREFTPD} [email protected] ` cat ${TWEAKS_STORAGE}ftp_param `
    }

    And this is the result of the log:

    Sat Feb  3 11:13:46 CET 2018
    17875 /bin/busybox => /bin/sh /usr/local/sbin/pure-ftpd -A -B -b -D -H -M -l pam -R -U 000:000 -S 21 -L 200000:5 -J ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA2 -8 utf-8 -9 SHIFT_JIS -c 20 -C 20 -I 15 -E -Y 0 
    17838 /bin/busybox => /bin/sh /usr/local/sbin/vsftpd_start.sh 
    1336 /usr/bin/python2.7 => python /usr/local/apache/web_framework/main_wsgi.pyc 

  • Mark
    Mark Posts: 11  Freshman Member

    Hi

    I have had a little time to play with this, but it seems that the vsftpd_start.sh is NOT executed when I enable FTPD via the admin web interface.


    I Simply added an "echo I am Here >/somepublicfile.

    Running the script manually creates the correct text output, but via the admin I/F no text output. It must be running something else?