Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2.6, wrong permissions on "/var/"

    Scheduled Pinned Locked Moved pfSense Packages
    14 Posts 6 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pete35 @viktor_g
      last edited by

      @viktor_g

      The service refused to start:

      root 18535 0.0 0.0 11012 2580 - Is Wed08 0:02.51 /usr/local/sbin/radvd -p /var/run/radvd.pid -C /var/etc/radvd.conf -m syslog
      root 83714 0.0 0.0 11452 3044 - S 15:17 0:00.00 sh -c ps auxwww | grep radvd 2>&1
      root 83921 0.0 0.0 11208 2704 - S 15:17 0:00.00 grep radvd

      1b74c1ef-b1a6-43be-9f1b-21e1a4a47d3f-image.png

      Shell Output - grep -A 10 -B 10 "bad ownership or modes" /var/log/*.log

      /var/log/system.log:Feb 2 08:42:25 pfsense ladvd[15644]: bad ownership or modes for chroot directory component "/var/"
      /var/log/system.log-Feb 2 08:42:25 pfsense ladvd[15328]: child exited with return code 1
      /var/log/system.log-Feb 2 08:42:25 pfsense ladvd[15328]: quitting
      /var/log/system.log:Feb 6 18:56:44 pfsense ladvd[85373]: bad ownership or modes for chroot directory component "/var/"
      /var/log/system.log-Feb 6 18:56:44 pfsense ladvd[85313]: child exited with return code 1
      /var/log/system.log-Feb 6 18:56:44 pfsense ladvd[85313]: quitting
      /var/log/system.log:Feb 6 18:57:04 pfsense ladvd[94004]: bad ownership or modes for chroot directory component "/var/"
      /var/log/system.log-Feb 6 18:57:04 pfsense ladvd[93865]: child exited with return code 1
      /var/log/system.log-Feb 6 18:57:04 pfsense ladvd[93865]: quitting
      /var/log/system.log-Feb 6 18:57:50 pfsense php-fpm[31131]: /pkg_mgr_install.php: Configuration Change: admin@10.1.44.66 (Local Database): Creating restore point before package installation.
      /var/log/system.log-Feb 6 18:57:50 pfsense check_reload_status[483]: Syncing firewall
      /var/log/system.log-Feb 6 18:57:54 pfsense php[40524]: /etc/rc.packages: The command '/usr/local/etc/rc.d/ladvd.sh stop' returned exit code '1', the output was 'No matching processes were found'
      /var/log/system.log-Feb 6 18:57:54 pfsense php[40524]: /etc/rc.packages: Configuration Change: (system): Intermediate config write during package removal for LADVD.
      /var/log/system.log-Feb 6 18:57:54 pfsense check_reload_status[483]: Syncing firewall
      /var/log/system.log-Feb 6 18:57:54 pfsense php[41402]: /etc/rc.packages: Beginning package installation for LADVD .
      /var/log/system.log-Feb 6 18:57:54 pfsense php[41402]: /etc/rc.packages: Configuration Change: (system): Intermediate config write during package install for LADVD.
      /var/log/system.log-Feb 6 18:57:54 pfsense check_reload_status[483]: Syncing firewall
      /var/log/system.log-Feb 6 18:57:54 pfsense php[41402]: /etc/rc.packages: Configuration Change: (system): Overwrote previous installation of LADVD.
      /var/log/system.log-Feb 6 18:57:54 pfsense php[41402]: /etc/rc.packages: Successfully installed package: LADVD.
      /var/log/system.log-Feb 6 18:57:54 pfsense pkg-static[87086]: pfSense-pkg-LADVD reinstalled: 1.2.2_2 -> 1.2.2_2
      /var/log/system.log-Feb 6 18:57:56 pfsense check_reload_status[483]: Reloading filter
      /var/log/system.log-Feb 6 18:57:56 pfsense check_reload_status[483]: Starting packages
      /var/log/system.log-Feb 6 18:57:57 pfsense php-fpm[31131]: /rc.start_packages: Restarting/Starting all packages.
      /var/log/system.log:Feb 6 18:58:04 pfsense ladvd[19255]: bad ownership or modes for chroot directory component "/var/"
      /var/log/system.log-Feb 6 18:58:04 pfsense ladvd[18972]: child exited with return code 1
      /var/log/system.log-Feb 6 18:58:04 pfsense ladvd[18972]: quitting
      /var/log/system.log-Feb 6 18:58:05 pfsense vnstatd[50274]: Error: pidfile "/var/run/vnstat/vnstat.pid" lock failed (Resource temporarily unavailable), exiting.
      /var/log/system.log-Feb 6 18:58:15 pfsense vnstatd[15983]: SIGTERM received, exiting.
      /var/log/system.log:Feb 6 18:58:15 pfsense ladvd[82303]: bad ownership or modes for chroot directory component "/var/"
      /var/log/system.log-Feb 6 18:58:15 pfsense ladvd[82058]: child exited with return code 1
      /var/log/system.log-Feb 6 18:58:15 pfsense ladvd[82058]: quitting
      /var/log/system.log:Feb 6 18:58:15 pfsense ladvd[82460]: bad ownership or modes for chroot directory component "/var/"
      /var/log/system.log-Feb 6 18:58:15 pfsense ladvd[82329]: child exited with return code 1
      /var/log/system.log-Feb 6 18:58:15 pfsense ladvd[82329]: quitting
      /var/log/system.log-Feb 6 18:58:15 pfsense radiusd[35076]: Signalled to terminate
      /var/log/system.log-Feb 6 18:58:15 pfsense radiusd[35076]: Exiting normally
      /var/log/system.log-Feb 6 18:58:15 pfsense vnstatd[84197]: vnStat daemon 2.8 started. (pid:84197 uid:0 gid:0)
      /var/log/system.log-Feb 6 18:58:15 pfsense tail_pfb[91233]: [pfBlockerNG] Firewall Filter Service stopped
      /var/log/system.log-Feb 6 18:58:15 pfsense php_pfb[92083]: [pfBlockerNG] filterlog daemon stopped
      /var/log/system.log-Feb 6 18:58:15 pfsense vnstatd[93039]: Error: pidfile "/var/run/vnstat/vnstat.pid" lock failed (Resource temporarily unavailable), exiting.
      /var/log/system.log-Feb 6 18:58:15 pfsense tail_pfb[94644]: [pfBlockerNG] Firewall Filter Service started
      Execute Shell Command
      grep -A 10 -B 10 "bad ownership or modes" /var/log/*.log

      1 Reply Last reply Reply Quote 0
      • viktor_gV
        viktor_g Netgate
        last edited by

        Unable to reproduce
        Please show the Package / Services: LADVD / General page

        P 1 Reply Last reply Reply Quote 0
        • P
          pete35 @viktor_g
          last edited by

          This post is deleted!
          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            I checked over a dozen different installs with various versions (most of them on 22.01 and 2.6.0 snapshots) and they all had the same expected permissions:

            : ls -ld /var
            drwxr-xr-x  30 root  wheel  30 Jan 31 15:20 /var
            

            Something on your installation has altered the permissions on /var/, it doesn't appear to be a general problem.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            P 2 Replies Last reply Reply Quote 0
            • P
              pete35 @jimp
              last edited by

              @jimp
              @viktor_g

              Changed permissions of /var to 0755, ladvd is up and running.
              Excuse me, i should have checked this before.
              No clue, why permissons are different.
              Thank you!

              R 1 Reply Last reply Reply Quote 0
              • R
                revolt112 @pete35
                last edited by revolt112

                @pete35

                I have two systems with exact same behaviour. After every reboot my /var directory has the same wrong permissions set.

                Manually changing it to 0755 is fixing it till next reboot

                EDIT: 2.6.0-RELEASE

                P 1 Reply Last reply Reply Quote 0
                • P
                  pete35 @revolt112
                  last edited by

                  @revolt112

                  hmm, checked again after reboot, no change on /var on permissions,
                  do you have a watchdog or a startup service which can change the permisions on reboot?

                  1 Reply Last reply Reply Quote 0
                  • P
                    pete35 @jimp
                    last edited by

                    @jimp
                    @viktor_g

                    The /var directory reverts to the false permission after a reboot. Had this situation today. A fresh installation doesn´t behave like that. So we need to find out , which process changed that permissions.

                    1 Reply Last reply Reply Quote 0
                    • A
                      ashtonianagain
                      last edited by

                      same issue on pfsense plus.
                      workaround via shellcmd chmod 0755 /var

                      1 Reply Last reply Reply Quote 0
                      • jimpJ jimp moved this topic from CE 2.6.0 Development Snapshots (Retired) on
                      • A
                        Atom2
                        last edited by

                        I know this is an old topic, but the problem persists even with the latest CE release 2.7.0-RELEASE. I have done some investigation and I am confident, I have been able to dig to the root of the issue:

                        1.) The problem with the incorrect permissions on /var seems to only occur in case pfSense is configured to use a RAM Disk for /var (configured under System->Advanced->Miscellaneous)
                        2.) In my view, the permissions are (most likely wrongly, but) deliberatly set to 1777 during pfSense's boot process and I can pinpoint it to a specific file/sequence of actions:

                        If you follow the boot process on the console there is a message coming up showing

                        Setting up memory disks... done
                        

                        shortly before the "pfsense" charcater artwork pops up. This message shown on the console only exists in a single file on the pfSense box and that's named "/etc/rc.embedded". In this shell script - after checking the requested size of the RAM disk against the available memory (call of function "ramdisk_check_size") - a call is made twice to "ramdisk_try_mount - once for "tmp" and also for "var" (both being passed as arguments). The relevant line reads:

                        ...
                        if ramdisk_check_size && ramdisk_try_mount tmp && ramdisk_try_mount var; then
                        ...
                        

                        The function "ramdisk_try_mount" is part of the shell script "/etc/rc.ramdisk_functions.sh" and reads as follows:

                        ...
                        # Attempt to mount the given RAM disk (var or tmp)
                        # Usage:
                        #   ramdisk_try_mount tmp
                        #   ramdisk_try_mount var
                        ramdisk_try_mount () {
                                NAME=$1
                                if [ ramdisk_check_size ]; then
                                        SIZE=$(eval echo \${${NAME}size})m
                                        /sbin/mount -o rw,size=${SIZE},mode=1777 -t tmpfs tmpfs /${NAME}
                                        return $?
                                else
                                        return 1;
                                fi
                        }
                        ...
                        

                        and here you go: the RAM disk for /var (and also /tmp) is specifically mounted as a tmpfs with a mode of 1777 (the "mode" parameter reading "mode=1777" is specific to the tmpfs file system mount call - see tmpfs(5): "Specifies the mode (in octal notation) of the root inode of the file system."):

                        drwxrwxrwt  15 root  wheel  832 Nov 28 13:20 /var
                        

                        In other words, in the resulting permissions, the sticky bit is set (denoted by the "t" at the end) and all permission bits are set for everybody. And exactly this is the mode LADVD is complaining about.

                        The exact same mode is also set for /tmp - but it appears, that did not create any issues so far or might even be the standard permission set on FreeBSD.

                        Thanks, Atom2

                        1 Reply Last reply Reply Quote 2
                        • A
                          Atom2
                          last edited by

                          @jimp
                          Having done some further digging, the whole issues now makes even more sense:

                          @pete35 said in 2.6, wrong permissions on "/var/":

                          it runs flawless before the update from 2.5.2

                          The switch from ufs on md devices to tmpfs is documented under redmine issue #12145. This change was introduced for release 2.6 and includes the (not specifically documented but) deliberate mode setting to 1777. So I'd consider this a regression - which as stated earlier only shows up in case /var is configured as a RAM disk.

                          Most likely there needs to be a distinction in the code between /var and /tmp in order to set the mode correctly for /var (i.e. 0755 instead of 1777).

                          Thanks Atom2

                          1 Reply Last reply Reply Quote 0
                          • jimpJ
                            jimp Rebel Alliance Developer Netgate
                            last edited by

                            I opened https://redmine.pfsense.org/issues/15054 to fix up the permissions for /var RAM disks.

                            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                            Need help fast? Netgate Global Support!

                            Do not Chat/PM for help!

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.