search

dlandon / unassigned.devices

Unassigned Devices plugin for unRAID
Other
81 stars 39 forks source link

Unassigned Devices mounting sets permission to 777 for '/' breaking SSH key auth #83

Closed TheJulianJES closed 2 years ago

TheJulianJES commented 2 years ago

Edit: I'm not completely sure it's an issue with Unassigned Devices yet, but I'll update the issue as I continue to track down the origin.

For a couple of hours, I've been trying to track down an issue where I'm getting the following issue in my syslog when trying to log in via SSH keys:

Feb 28 04:12:49 Prime sshd[11498]: Connection from 192.168.1.148 port 63201 on 192.168.1.11 port 22 rdomain ""
Feb 28 04:12:49 Prime sshd[11498]: Authentication refused: bad ownership or modes for directory /
Feb 28 04:12:49 Prime sshd[11498]: Failed publickey for root from 192.168.1.148 port 63201 ssh2: RSA SHA256:XXX
Feb 28 04:12:49 Prime sshd[11498]: Postponed keyboard-interactive for root from 192.168.1.148 port 63201 ssh2 [preauth]

It seems like the permissions for '/' are set to 777 instead of 755 for some reason. This seems to break SSH key authentication.

To debug this, I eventually restarted the server and connected every second (via SSH key auth). While it worked at the start, it stopped eventually. Shortly before it stopped working, this message appears in the syslog:

Feb 28 04:12:49 Prime unassigned.devices: Mounting 'Auto Mount' Devices...
Feb 28 04:12:49 Prime unassigned.devices: Disk with serial 'TOSHIBA_MG08ACA16TE_XXXX', mountpoint 'XXXX-part1' is set as passed through.
Feb 28 04:12:49 Prime unassigned.devices: Partition 'sdf1' does not have a file system and cannot be mounted.
Feb 28 04:12:49 Prime unassigned.devices: Adding partition 'SSD_Storage'...
Feb 28 04:12:49 Prime unassigned.devices: Mounting partition 'SSD_Storage' at mountpoint '/mnt/disks/SSD_Storage'...
Feb 28 04:12:49 Prime unassigned.devices: Using luksKeyfile to open the 'crypto_LUKS' device.

After these messages, I'm immediately denied access and get the "Authentication refused: bad ownership or modes for directory /" message in the log again. This lead me to believe that Unassigned Devices somehow changes the permissions of '/'.

I've randomly looked through the source and found the following lines that may or may not be of relevance: https://github.com/dlandon/unassigned.devices/blob/59c6a38aaea76dcd982e5b4af2a7b859ea5b5d94/unassigned.devices.plg#L1749 https://github.com/dlandon/unassigned.devices/blob/59c6a38aaea76dcd982e5b4af2a7b859ea5b5d94/source/Unassigned.devices/include/lib.php#L1259 https://github.com/dlandon/unassigned.devices/blob/59c6a38aaea76dcd982e5b4af2a7b859ea5b5d94/source/Unassigned.devices/include/lib.php#L1300

I'm now going to try and disable auto-mount for that unassigned disk and see if the issue "disappears". That should mostly "confirm" that the issue comes from Unassigned Devices. Edit: Still seems to happen, even when no disk auto mounts. Manually mounting disks does not cause '/' to be set to 777 again (when manually executing chmod 755 / before). Maybe it only changes the permissions of '/' to 777 when starting up?

(UNRAID version: 6.10.0-rc1 (can't run rc2 because of Samba bugs in that version) (Unassigned Devices: 2022.02.27a)

TheJulianJES commented 2 years ago

Oops, sorry. Completely uninstalled "Unassigned Devices" and the issue is still happening. I guess something else starts when Unassigned Devices writes those messages to the logs