Secure_Path and Login_getclass erroar

[FirstServer]

Hello,

Firstly, thank you to everyone in advance. FreeNAS is impressive and I'm genuinely amazed at the support offered on this forum.

Today I tried to setup my first implementation of FreeNAS. After installing several plugins, I am seeing the following error messages repeatedly:

couchpotato_1 cron[60211]: _secure_path: /etc/login.conf is world writable
couchpotato_1 cron[60211]: login_getclass: unknown class 'daemon'

sickbeard_1 cron [60213]: _secure_path: /etc/login.conf is world writable
sickbeard_1 cron [60213]: login_getclass: unknown class 'daemon'

From my (limited) perspective, the plugins do not appear to be able to access the internet.

I have searched for several hours on this forum and have not found a solution. Any help would be greatly appreciated.

With Thanks,

Jon

 

[dlavigne]

Which version of FreeNAS.

Other than the error messages, are the plugins working?

 

[FirstServer]

Which version of FreeNAS.

Other than the error messages, are the plugins working?

Thank you for the response. I believe I'm running 9.1.1 release. Initially, the plugins did not work. I reset my NAS to defaults and imported my ZFS volume. After reinstalling the plugins to new jails, they are working. However, the error messages persist. Since it works, I'm not too concerned about it. If anyone would like me to pursue it further, I'd be glad to help troubleshoot.

 

[FirstServer]

Okay, I spoke too soon. I am now unable start my plugins, and I am also unable to move files between datasets or jails (through a CIFS share). After far too many hours, I decided to do a clean install and upgrade to 9.2.0 release. I deleted all my jails and reinstalled them through the automated plugins installation. After restart, the plugins stopped functioning. Whenever I try to start a plugin, I receive the following errors (in addition to the errors I mentioned above):

su: pam_start: system error
su: in openpam_check_desc_owner_perm(): /etc/pam.d/su: insecure ownership or permissions

Thanks in advance (again) for any help, and I am sincerely embarrassed to keep "crying wolf" on this issue.

 

[cyberjock]

System specs?

 

[FirstServer]

Cyberjock,

Thank you for your time. My specs are:
Dual 2.6GHZ Low Voltage Xeon
Supermicro X7DWN+ MB
24GB DDR2 FB-DIMM ECC RAM
6 3TB WD RED HD (RAID-Z2)
FreeNAS 9.2.0 RELEASE - 64Bit

 

[cyberjock]

That sounds like a problem inside the jail. Have you been playing with permissions inside the jail? Normally my first guess would be someone is playing with permissions blindly and changed something they shouldn't have.

 

[FirstServer]

I haven't changed anything (as far I know). Before doing a clean install of FreeNAS, I deleted all my Jails' datasets. I then reinstalled them using the plugins installer. Whenever I reinstall the jail/plugin, or reset the OS to defaults, the plugins work for a short period. But, inevitably, they all fail.

 

[cyberjock]

I don't have any recommendations. It works for me.

 

[FirstServer]

Thanks for trying.

 

[dlavigne]

That is weird. Anything else applicable in /var/log/messages? Can you double-check that you installed the 64-bit version of FreeNAS?

 

[FirstServer]

dlavigne,

I double checked and my build is: FreeNAS-9.2.0-RELEASE-x64 (ab098f4)

Each jail repeats the same two errors in the logs. It then returns the third ("pam_start") whenever I try to start the plugin. I'll attach one as an example.

Jan 9 10:22:00 couchpotato_1 cron[57676]: _secure_path: /etc/login.conf is world writable
Jan 9 10:22:00 couchpotato_1 cron[57676]: login_getclass: unknown class 'daemon' Jan 9 10:22:00 couchpotato_1 cron[57676]: _secure_path: /etc/login.conf is world writable Jan 9 10:25:00 couchpotato_1 cron[57702]: _secure_path: /etc/login.conf is world writable Jan 9 10:25:00 couchpotato_1 cron[57702]: login_getclass: unknown class 'daemon' Jan 9 10:25:00 couchpotato_1 cron[57702]: _secure_path: /etc/login.conf is world writable Jan 9 10:30:00 couchpotato_1 cron[57759]: _secure_path: /etc/login.conf is world writable Jan 9 10:30:00 couchpotato_1 cron[57759]: login_getclass: unknown class 'daemon' Jan 9 10:30:00 couchpotato_1 cron[57759]: _secure_path: /etc/login.conf is world writable Jan 9 10:33:00 couchpotato_1 cron[57822]: _secure_path: /etc/login.conf is world writable Jan 9 10:33:00 couchpotato_1 cron[57822]: login_getclass: unknown class 'daemon' Jan 9 10:33:00 couchpotato_1 cron[57822]: _secure_path: /etc/login.conf is world writable Jan 9 10:35:00 couchpotato_1 cron[57856]: _secure_path: /etc/login.conf is world writable Jan 9 10:35:00 couchpotato_1 cron[57856]: login_getclass: unknown class 'daemon' Jan 9 10:35:00 couchpotato_1 cron[57856]: _secure_path: /etc/login.conf is world writable Jan 9 10:36:50 couchpotato_1 syslogd: exiting on signal 15 Jan 9 10:39:52 couchpotato_1 syslogd: kernel boot file is /boot/kernel/kernel Jan 9 10:39:52 couchpotato_1 su: in openpam_check_desc_owner_perms(): /etc/pam.d/su: insecure ownership or permissions Jan 9 10:39:52 couchpotato_1 su: pam_start: system error Jan 9 10:39:52 couchpotato_1 root: /etc/rc: WARNING: failed to start couchpotato Jan 9 10:39:52 couchpotato_1 /usr/sbin/cron[5118]: _secure_path: /etc/login.conf is world writable Jan 9 10:39:52 couchpotato_1 /usr/sbin/cron[5118]: login_getclass: unknown class 'daemon' Jan 9 10:39:52 couchpotato_1 /usr/sbin/cron[5118]: _secure_path: /etc/login.conf is world writable Jan 9 10:39:52 couchpotato_1 /usr/sbin/cron[5118]: login_getclass: unknown class 'daemon' Jan 9 10:39:52 couchpotato_1 /usr/sbin/cron[5118]: _secure_path: /etc/login.conf is world writable Jan 9 10:39:52 couchpotato_1 /usr/sbin/cron[5118]: login_getclass: unknown class 'daemon' Jan 9 10:39:52 couchpotato_1 /usr/sbin/cron[5118]: _secure_path: /etc/login.conf is world writable Jan 9 10:39:52 couchpotato_1 /usr/sbin/cron[5118]: login_getclass: unknown class 'daemon' Jan 9 10:39:52 couchpotato_1 /usr/sbin/cron[5118]: _secure_path: /etc/login.conf is world writable Jan 9 10:39:52 couchpotato_1 /usr/sbin/cron[5118]: login_getclass: unknown class 'daemon' Jan 9 10:39:52 couchpotato_1 /usr/sbin/cron[5118]: _secure_path: /etc/login.conf is world writable Jan 9 10:39:52 couchpotato_1 /usr/sbin/cron[5118]: login_getclass: unknown class 'daemon' Jan 9 10:39:52 couchpotato_1 /usr/sbin/cron[5118]: _secure_path: /etc/login.conf is world writable Jan 9 10:39:52 couchpotato_1 /usr/sbin/cron[5118]: login_getclass: unknown class 'daemon' Jan 9 10:40:00 couchpotato_1 cron[6055]: _secure_path: /etc/login.conf is world writable Jan 9 10:40:00 couchpotato_1 cron[6055]: login_getclass: unknown class 'daemon' Jan 9 10:40:00 couchpotato_1 cron[6055]: _secure_path: /etc/login.conf is world writable Jan 9 10:42:04 couchpotato_1 su: in openpam_check_desc_owner_perms(): /etc/pam.d/su: insecure ownership or permissions Jan 9 10:42:04 couchpotato_1 su: pam_start: system error Jan 9 10:42:04 couchpotato_1 root: /usr/local/etc/rc.d/couchpotato: WARNING: failed to start couchpotato Jan 9 10:44:00 couchpotato_1 cron[18905]: _secure_path: /etc/login.conf is world writable Jan 9 10:44:00 couchpotato_1 cron[18905]: login_getclass: unknown class 'daemon' Jan 9 10:44:00 couchpotato_1 cron[18905]: _secure_path: /etc/login.conf is world writable Jan 9 10:45:00 couchpotato_1 cron[18946]: _secure_path: /etc/login.conf is world writable Jan 9 10:45:00 couchpotato_1 cron[18946]: login_getclass: unknown class 'daemon' Jan 9 10:45:00 couchpotato_1 cron[18946]: _secure_path: /etc/login.conf is world writable Jan 9 10:50:00 couchpotato_1 cron[19415]: _secure_path: /etc/login.conf is world writable Jan 9 10:50:00 couchpotato_1 cron[19415]: login_getclass: unknown class 'daemon' Jan 9 10:50:00 couchpotato_1 cron[19415]: _secure_path: /etc/login.conf is world writable
root@couchpotato_1:/ #

 

[dlavigne]

That error is starting to show up in the forums but I don't think there is a ticket for it yet. Could you please double-check bugs.freenas.org and create a ticket with those errors and post the issue number here. If someone beats you to it, please post their issue number here so thread folllowers can follow the ticket's process.

 

[cyberjock]

That error is strictly because someone(or something) changed the permissions of /etc/login.conf. It probably poses a security risk or reliability issue for the software, so it's checking and reporting this error.

Unfortunately, this is going to be a complex problem to solve because it will be necessary to figure out if:

1. The user is wrongly changing permissions(considering so many threads around here revolve around permissions I wouldn't be surprised if this was the most prevalent reason).
2. The plugin is changing permissions when it shouldn't.
3. The jail's permissions itself are somehow at fault.

Right now, if I were a betting man I'd put most of my money on #1. Most of the people that have had this problem have been lower post count individuals. Normally that would mean less experienced with FreeNAS, so more prone to causing errors themselves because of them trying to get things to work and not understanding a given error message or how to properly configure things.

Plugins and jails are actually rather amazing in my opinion. They are rather complex and I find it fairly amazing they even work as well as they do.

I will admit that if you are familiar with FreeBSD/Linux permissions complaints it should be obvious to experienced users that the error makes it clear what the problem is as well as what the solution is(don't let the file mentioned be world-wide writeable or the permissions are otherwise inappropriate). The common solution that many people inexperienced with FreeBSD/Linux permissions do is just make everything with full read/write permissions. This is great except it's also not how things should be done. This results in people doing it and then asking questions later when it doesn't actually work.


(No offense intended to the OP in my discussion).

 

[HiddenHand]

I made no changes to my configuration; after replacing my router (static IP's on all my jails, both routers run DD-WRT) I got this error. Oddly enough all my plugins report the error but Plex, Subsonic and Firefly all still work. Transmission, CouchPotato, and sabNZBd not so much.
https://www.dropbox.com/s/5cvso0on390149i/loginconf.JPG

 

[HiddenHand]

Thinking I would give the server one last power cycle prior to re-installing all my plugins, i booted back into this https://www.dropbox.com/s/syghjn5zbs8a43k/somerror.JPG trying to start a plugin gives a "some error occurred" notification.