OpenWrt Forum Archive

Topic: File permissions changing on my USB drive by some process or something

The content of this topic has been archived on 2 May 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

I just recently purchased a Netgear Nighthawk R9000 router and discovered it's running OpenWRT.  I've posted my question to their list as well with no responses...  Here is the issue:

Has anyone else noticed file perms changing on their USB drive over time by some process (no idea what process is doing this)?

As an example I have a media dir /mnt/sda1/nas/media.  If I perform a "chmod 755 /mnt/sda1/nas/media/*" I see the perms get set correctly...here is one of the subdirs:
drwxr-xr-x    5 root     root    4096 Apr 16  2017 Photos

"Sometime" later, the perms will end up going to something like:
drwsrwsrwt   5 root    root    4096 Apr 16 2017 Photos

I cannot figure out what process is doing this to/for me wink At first I thought it was possibly samba (not that I believed it...just a guess).  Initially I tried to simply kill both smb and nmb processes but noted those were respawned.  An /etc/init.d/samba stop didn't help either.  I saw update_smb would wake up and restart samba.  So, I disabled samba in /etc/init.d (via /etc/init.d/samba disable).  I also went through all /etc/init.d scripts that had update_smb denoted, and commented out those line.  Rebooted the router and no more smb - so far so good.  Again, after "some" time the perms changed.  So, doesn't appear to be samba sad

I'm not sure what to look for now.  I did some googling in hopes of finding a way to monitor a dir/file and see what process changed it - came up with auditd.  Unfortunately I was unable to install it...tried to do so in a chroot'd debian but the kernel support isn't there.

Any and all help will be greatly appreciated!

If one is curious why this matters:  as I mentioned, I have a chroot'd instance of debian and I'd like to enable ssh in it.  The /etc/ssh dir's perms are being changed in such a way that sshd gets very unhappy.

(Last edited by flossware on 10 Dec 2017, 01:04)

it might be a root kit, the s is setuid/getgrpid bits and the t is the sticky bit.  since these are owned by root, this is a huge security hole......

Under normal scenarios I'd agree.  I've only had the router for two weeks and this has been happening since day one - even when I didn't have ssh enabled.

What filesystem do you have on your USB disk? Windows filesystems (FAT32/NTFS) may not support this.

I put ext2 on the USB drive...

Oddly when I had this on my Buffalo DD-WRT router, I never had this issue at all.  Not sure if there is some difference in DD-WRT and OpenWRT (this is my first OpenWRT router - all my past routers have been and are DD-WRT).  Not sure if it could be something Netgear is doing with OpenWRT...nothing is obvious to me...

I did try to disable Samba (as in disabled with no smb, nmb or update_smb running) - still same issue (although it seemed like it took longer)...

Last night I did a little more experimenting.  I disabled samba entirely and unmounted/mounted the USB drive.  What I discovered is that I can "chmod 755 /mnt/sda1/*", see the perms changed correctly, unmount and remount...and suddenly the perms are back to drwsrwsrwt.

I have no idea where to look based upon this firmware where one might denote the mount options...

How do you mount it exactly? What is in your fstab file?

In the /etc/mtab file, its being generated as this:

/dev/sda1 /tmp/mnt/sda1 ext2 rw,nodev,noatime,errors=continue 0 0

When I was manually mounting, I'd perform:

mount /dev/sda1 /mnt/sda1

I've seen some mention of a /etc/config/fstab (or something like that), but one does not exist on this unit.

Turns out this is 100% something in whatever Netgear is doing w/ their firmware and Open-WRT...

The discussion might have continued from here.