Posts by zurcherart

    :thumbup:— cool thanks . Yes, now that you mention it I could also forward my external port to internal port 22. That’s a good tip for me.

    Thanks for the thoughts and tips on staring a new sshd. I will try this at some point. I think you gave me enough to go on.

    And, I trust linux to be secure—I don’t trust myself to understand all the config issues so I get nervous with security. That’s why I prefer to stick with the easy menus on OMV when I can. (I’ve really come to appreciate the OMV set up and menus—so thanks to he OMV team). You point out all the places I need to be aware, and so that helps me relax.

    Thanks again.

    Thanks for your thoughts on using rsynch over ssh (using a non-standard port and potentially fail2ban). That makes sense.

    Why didn't I want to do this? I know enough about UNIX networking from days of old to be concerned about security, and I don’t know nearly enough about ssh tunnelling and modern linux/debian/omv configuration to feel confident configuring things so they are secure.

    What i liked about the OMV sftp plug is how straightforward the gui menus are to set it up. It was easy to move an sftp listener to a non-standard port, and it was also simple to create users and assign the shares they access (especially after reading the key info in your old forum posts about the sftp-access privilege group).

    I would like to see the same configuration options under the rsync service in the OMV gui for rsync over ssh. Rsync seems just slightly more complicated because you have to make changes to the ssh service while you’re configuring the rsynch servive and make sure it’s all secure. I will also have to remember the relation between the ssh configuration and the rsynch configuration years from now when I go to change something else so that i don’t open up a new security hole. (Although I should remember not to enable login :P)

    Although it would be nice for me at least, It looks like rsync on OMV doesn’t offer those options exactly. I feel a bit more confident setting it up after your thoughts though.

    One more question: Is is possible to listen for ssh connections on 2 ports ? (Probably be changing config files because I’m pretty sure it’s not an option from the omv menus.) If that’s possible can I disable password auth on one port but not the other?

    My idea would be to leave port ssh on 22 with passwd auth on my LAN so I can keep administering things the way I’m used to. I would offer another ssh listener for rsync on an open non-standard port that rejected password auth. (This would be more or less what the sftp plugin seems to be doing for sftp.) I’ll google around for answers, but curious about your thoughts.



    First, sorry for the question on the last version OMV. I’m hoping this is an easy answer.

    I want to be able to synch files with a partner far away. I’d like to expose an rsync connection from OMV to the outside world via SSH with SSH Key Authentication.

    Of course, I need to forward the correct port from my router to my OMV. But, I don’t want to expose the ssh login to the outside world.

    And here is where I get stuck. Is there a simple way to set this up so that my partner can sync with certain modules (shares) on the OMV on my network, using key authentication without exposing SSH login as well?

    I hope this question makes sense. I searched this forum and I think I don't understand enough about rsync and ssh to understand the other similar questions.

    For what it’s worth, I have configured SFTP from the omv-extras to do exactly what I want (router is forwarded to port xxxxx, the sftp service is listening/responding on that port, we can authenticate with the ssh public key, and use the shares that I’ve granted access, and ssh login from outside my lan is not permitted). Now I’d like to do the same type of thing with rsynch instead of sftp.

    Is this possible and easy with OMV4?


    I fixed something.

    I deleted /var/spool/postfix/maildrop
    after the system logged a directory not found error, postfix recreated the missing directory with different default permissions than what it had.

    I now have (under /var/spool/postfix):
    drwx-wx--- 2 postfix postdrop 40 Jan 8 18:06 maildrop

    Previously the permissions on maildrop were:
    drwx--s--T 2 postfix postdrop 40 Jan 8 01:05 maildrop

    Don't know why that was, but that was what was broken I guess.

    Email works. Also login to the web gui works again. It failed while email was failing because it is sending an email anytime someone logs in. When postfix failed on the mail send, the login failed. Uggh. But I guess that's expected.

    Since I'm using folder2ram I removed maildrop referenced on the actual SSD store, and copied /var/spool/postfix/maildrop to /var/folder2ram/spool/postfix so that the directory on the backing store would have the same permission as the file in ram. At least I think that would be the effect.

    Not sure what caused, or how I caused, this problem to manifest itself. But the problem was there and now it's gone.


    Thank you, gderf.

    I was unclear in my request. /var/spool/postfix is owned by root in group root on my system too. How should the permissions for all the files in the tree below be set:

    I have this;
    drwxr-xr-x 20 root root 400 Sep 23 19:20 .
    drwxr-xr-x 7 root root 160 Sep 23 19:20 ..
    drwx------ 2 postfix root 40 Jan 8 01:05 active
    drwx------ 2 postfix root 40 Sep 23 19:20 bounce
    drwx------ 2 postfix root 40 Sep 23 19:20 corrupt
    drwx------ 11 postfix root 220 Sep 23 19:20 defer
    drwx------ 11 postfix root 220 Sep 23 19:20 deferred
    drwxr-xr-x 2 root root 100 Jan 5 15:08 dev
    drwxr-xr-x 3 root root 180 Jan 5 15:08 etc
    drwx------ 2 postfix root 40 Sep 23 19:20 flush
    drwx------ 2 postfix root 40 Sep 23 19:20 hold
    drwx------ 2 postfix root 40 Jan 8 01:05 incoming
    drwxr-xr-x 3 root root 60 Sep 23 19:20 lib
    drwx--s--T 2 postfix postdrop 40 Jan 8 01:05 maildrop
    drwxr-xr-x 2 root root 180 Sep 23 19:20 pid
    drwx------ 2 postfix root 420 Jan 5 15:08 private
    drwx--s--- 2 postfix postdrop 140 Jan 5 15:08 public
    drwx------ 2 postfix root 40 Sep 23 19:20 saved
    drwx------ 2 postfix root 40 Sep 23 19:20 trace
    drwxr-xr-x 3 root root 60 Sep 23 19:20 usr

    I think those are correct.

    "postfix check" gives errors if I change maildrop to be owned by root. Since the postfix daemon is running as the postfix user and the command runs suid these permissions make sense to me. But I still get a constant stream of "postfix/postdrop[2639]: warning: mail_queue_enter: create file maildrop/822547.2639: Permission denied" in syslog. And mail is not working, Or maybe it's not just permissions problem. Looking for help to resolve this.


    Can anyone suggest what the permissions should be in /var/spool/postfix should be? Seems these permissions problems are causing an issue for me to receive email alerts among other things. (I can't log in to the webadmin at the moment either ... think that is a permissions problem as well but not sure if it's this directory or another that's having a problem there.)

    Hi All:

    I'm not getting email alerts from OMV.

    I see some version of this error in my syslog: "postfix/postdrop[2639]: warning: mail_queue_enter: create file maildrop/822547.2639: Permission denied"

    This is logged about 3 times a minute.

    I've checked what i can find and the permissions look reasonable to me, but I'm also not sure what they should be.

    This is what I have for the maildrop file in /var/spool/postfix:
    drwx--s--T 2 postfix postdrop 4.0K Dec 25 01:02 maildrop

    (I see the directory was touched early in the morning on the 25th. I'm not recalling any significant events on Dec 25. I was doing Dec 25 things, which didn't include restarting or reconfiguring OMV or doing configs that I recall. That date could be a red herring, or maybe a jolly old elf was bored after eating his cookies. These days you get config problems on your OMV NAS instead of coal in your stocking if you're on the naughty list? HaHa)

    One more thing, I'm using folder2ram so this is a virtual filesystem in ram. But the permisions are in sync near as I can tell with the physical store that backsup the ram data.

    Any tips to fix this?


    Hi Again,

    I think I should be using rclone on OMV to move files between my OMV NAS and Dropbox.

    It looks easy enough to install rclone from the CLI on OMV. (Which means using it from the CLI too I suppose). However, I saw there was some initial work to add an rclone plugin to extras.

    Seems it didn't go very far because that validation think for dropbox is weird (and hard to document). But wondered if there was any thoughts about picking that back up.


    I thought I had answered this, but I don't see my reply.

    To close the loop the drive is pretty new, but it was used in a synology 1512+ . My buddy got larger drives and gave me his old drives.

    However, the real issue seems to be invalid user at keyboard. When I thought this through my scenario was that I was using Transmit (which if you are not aware) is a macos ftp client that also interacts with Dropbox. What I was doing was using my macbook to download files form Dropbox and save them to a Samba share that was being served my local OMV NAS.

    So the client was transmit, and almost certainly the quota error was coming form the api on the dropbox "server".

    Anyway thanks for the help, wanted to close the loop. That leads me to a new question which I'll ask in a new thread.

    I want to reopen my question.

    I was just transferring a lot of data to a new drive in my OMV system. And after a bit the client gave me an error that the server (OMV) sent the message "insufficient_quota....".

    There are no user quota's set for that filesystem (or any filesystem). I *am* running 4.0 (never ran any other versions), but it seems to be doing some quota checking. I've looked around and don't find a place to disable this.

    Can you give me some new help?

    Oh well, that's way before my time. I'm not THAT far behind.

    (Completely unrelated question, I see I didn't set up my profile well. Is there a way to change my forum user name away from my email address?! -- Never mind. Found it. :) )

    Thanks for the very fast reply.

    Glad you've disabled quotas by default now.

    When did that happen? I haven't installed any updated for a while. (I know, I know....) So i suppose there is a good chance that I missed the update.


    Hi All,

    In regards to quotas, I have seen @ryecoaaron write in this forum recently:

    "I agree they should be disabled by default (or have a place to disable them). The arm images I create have the quota service disabled by default."

    What's the best and cleanest way to completely disable the quota service?

    I've searched the forum but failed to turn up the definitive answer.

    And before I disable quota's completely... Is there any benefit to leaving them on? I'm the only user accessing the OMV NAS, and I can't think of a reason to use quotas. Course one thing I love about OMV and the OMV developer community is how you don't let users do stupid things easily. So I'm curious if there's a benefit to enabling the quota service that I haven't groked.


    Thanks for your lightning fast reply.

    This is my first month running OMV. Is this a recent change ?

    It's confusing because I've seen several guides in this forum that refer to some tabs under "System Backup".

    Is it no longer necessary to install the "openmediavault-backup" plugin to run Clonezilla?

    I realize this is an old thread. Hope it's ok to resurrect it.

    The original question was about cloning the system partition I believe.

    @ryecoaaron wrote a helpfull tutorial that says "Install openmediavault-backup from Plugins section"
    and it also says "Go to Clonezilla tab in System | Backup"

    I want to run clonezilla (make a new bootable system partition). But I don't find the tab for clonezilla.

    After installing the omvbackup plugin, I do find system->backup with what looks to be an rsync frontend. Can someone tell me where should I find the clonezilla tab? Or has it been removed from teh newer releases?