Installing F*EX Fram's Fast File Exchange

I’d like to install F*EX on my Pioneer Freedombox. I don’t need to have it added to plinth. Just need to install a working version listening on a free port.

So I added the source to /etc/apt/sources.list
deb http://http.us.debian.org/debian buster main non-free
deb-src http://http.us.debian.org/debian buster main non-free

Then try to install:

Blockquote
Log started: 2021-04-29 00:23:00
Setting up fex (20160919-2~deb10u1) …
Upgrading version file in /var/lib/fex/htdocs
/var/lib/fex/htdocs exists already, checking for default install
Updating 20160919-2~deb10u1 default htdocs to new default htdocs
Adding default spool keys dirs with secure permissions: done.
Running fex_cleanup to verify config integrity …
su: Permission denied
dpkg: error processing package fex (–configure):
installed fex package post-installation script subprocess returned error exit status 1
Errors were encountered while processing:
fex
Log ended: 2021-04-29 00:23:15

Not sure why I’m getting the “su permission denied” error.

I have installed F*EX on openmediavault without any errors just by running
apt install fex fex-utils

Not sure what’s different on the FreedomBox setup that’s causing the issue with permissions.

Thanks for any help.

“su permission denied” error is because of security settings. You can go to security app in FreedomBox and disable the “Restrict console logins” feature. Do this temporarily while you install the app.

Could you share in which ways F*EX compares better to freedombox’s bepasty?

I did a “apt remove freedombox; apt autoremove”

Blockquote
The following packages were automatically installed and are no longer required:
avahi-utils batctl bridge-utils dnsutils fail2ban firewalld flite fonts-fork-awesome fonts-lato gettext gir1.2-atk-1.0 gir1.2-freedesktop
gir1.2-gdkpixbuf-2.0 gir1.2-gtk-3.0 gir1.2-nm-1.0 gir1.2-notify-0.7 gir1.2-pango-1.0 gir1.2-udisks-2.0 haveged iftop ipset ldap-utils ldapscripts
libapache2-mod-auth-pubtkt libflite1 libhavege1 libipset11 libirs161 libiw30 libjs-modernizr libnss-gw-name libnss-ldapd libnss-myhostname libodbc1
libpam-abl libpam-ldapd libpam-tmpdir libpangoxft-1.0-0 libpci3 locales-all node-turbolinks nslcd nslcd-utils pciutils pppoe pwgen python3-argon2
python3-bootstrapform python3-cherrypy3 python3-decorator python3-django python3-django-appconf python3-django-axes python3-django-captcha
python3-django-ipware python3-django-ranged-response python3-django-stronghold python3-docopt python3-keyutils python3-psutil python3-repoze.lru
python3-routes python3-ruamel.yaml python3-selinux python3-slip python3-slip-dbus python3-sqlparse python3-systemd python3-webob rfkill sharutils slapd
sudo tcpdump udiskie whois wireless-tools zile
Use ‘sudo apt autoremove’ to remove them.
The following packages will be REMOVED:
freedombox

Then is asked about removing LDAP configuration from nsswitch.conf
and I went with the default “NO”

Blockquote
The following services are still configured to use LDAP for lookups:
passwd, group, shadow
but the libnss-ldapd package is about to be removed.
You are advised to remove the entries if you don’t plan on using LDAP for name resolution any more. Not removing ldap from nsswitch.conf should, │
for most services, not cause problems, but host name resolution could be affected in subtle ways.
You can edit /etc/nsswitch.conf by hand or choose to remove the entries automatically now. Be sure to review the changes to /etc/nsswitch.conf if
you choose to remove the entries now.
Remove LDAP from nsswitch.conf now?

I then removed fex: “apt remove fex fexutils” and then reinstalled them
“apt install fex fex-utils”

And F*EX successfully installed.
So right now i"ve got these three

apps working on my Pioneer HSK Olimex A20 Lime2 computer::

  • i2p-Bote,
  • F*Ex
  • Hubzilla

They all seem to be working correctly.
Now I’ll try to reinstall Freedombox and see if they break.

Seems too drastical, think this was a good hint for installing unsupported web apps:

1 Like

Oh, one other thing that came up while uninstalling Freedombox. It said that freedombox ldap user might not be able to login and that therefore I should create a password for root, ie. “sudo passwd” which I did. That might be the real solution to installing F*Ex in debian.

If you manually unpack the F*Ex tarball, then run the installation script, somewhere IIRC it wants to run something like “su -c ‘some command’ fex” which generates a permission denied in debian, even if you first do “sudo su” to become root. Maybe you still actually need a root with password.

Anyhow, debian unpacks/install the fex files to /usr/share/fex and /var/lib/fex and /usr/bin/fexp whereas the fex install script just puts everything in /home/fex.

I needed to send an email with a 40+M attachment for an Easter letter but my protonmail account has a limit of 10M for attachments. My main postfix server had FEx integrated to automatically generate a fex download link for large file attachments, but its motherboard died so I need to buy a new main server. Just haven’t had time to do so yet and I really needed to get this late Easter letter emailed and I couldn’t be bothered with breaking the file up into smaller pieces to email separately. Now that I’ve got FEx installed, I can just paste the download link in my email.

Looks like that should be possible with bepasty as well. Though, with bepasty it seems you would have to fumble around with creating separate password accounts and uploading a file for that login (FreedomBox).

One of the nice features of F*EX seems, to be also able to directly “fex” a file to someone, simply by specifying the upload file and the receiver (email), and it creates the download link and can automatically send the email notification.

It seems to have a current “SECURITY” problem though, without a new release: F*EX download

That’s odd that they would say there was a security bugfix but then not go ahead and release the new package with the fix.

Anyhow, I reinstalled freedombox and now fexsrv is unreachable even though it’s listening on port 8888

lsof -i :fex

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
xinetd 1151 root 5u IPv6 24455 0t0 TCP *:fex (LISTEN)

I’ve opened fex port 8888:

firewall-cmd --permanent --zone=public --add-port=8888/tcp
Warning: ALREADY_ENABLED: 8888:tcp
success

But port 8888 isn’t listed as allowed:

nft list ruleset
chain filter_IN_internal_allow {
tcp dport ssh ct state new,untracked accept
ip daddr 224.0.0.251 udp dport mdns ct state new,untracked accept
ip6 daddr ff02::fb udp dport mdns ct state new,untracked accept
udp dport netbios-ns ct state new,untracked accept
udp dport netbios-dgm ct state new,untracked accept
ip6 daddr fe80::/64 udp dport dhcpv6-client ct state new,untracked accept
tcp dport http ct state new,untracked accept
tcp dport https ct state new,untracked accept
tcp dport domain ct state new,untracked accept
udp dport domain ct state new,untracked accept
udp dport bootps ct state new,untracked accept
}

Guess I’ll have to slog through firewall manual.

While I don’t really need to send terabyte files, I often do need to send files from 50M to a few hundred megs. FEx is much quicker than burning the file to a cdrom or putting an a usb flash then mailing or FedEx’ing the media. FEx has always worked like a charm in these situations for me.

The --permanent option to firewall-cmd only edits the configuration files. You need to re-run the command a second time without the --permanent option to effect the currently running rules in nft (or reboot to ensure that the saved configuration is loaded).

Ha, just noticed something in the output of “lsof -i :fex” which shows that xinetd is listening on ipv6 but I’m on ipv4.

Looks like xinetd defaults to ipv6 unless flag is explicity set to ipv4:
#cat /etc/xinetd.d/fex
service fex
{
socket_type = stream
wait = no
type = unlisted
protocol = tcp
#flags = IPv6
flags = IPv4
bind = 192.168.11.243 127.0.0.1
port = 8888
cps = 10 2
user = fex
groups = yes
server = /usr/share/fex/bin/fexsrv
nice = 0
disable = no
}

Now, listening on ipv4 :8888

lsof -i :fex

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
xinetd 26695 root 5u IPv4 149866 0t0 TCP *:fex (LISTEN)

But fex port still not showing up in ruleset.

systemctl restart nftables; nft list ruleset

nft list ruleset

table inet filter {
chain input {
type filter hook input priority 0; policy accept;
}

    chain forward {
            type filter hook forward priority 0; policy accept;
    }

    chain output {
            type filter hook output priority 0; policy accept;
    }

}

systemctl restart firewalld; nft list ruleset

    chain filter_IN_internal_allow {
            tcp dport ssh ct state new,untracked accept
            ip daddr 224.0.0.251 udp dport mdns ct state new,untracked accept
            ip6 daddr ff02::fb udp dport mdns ct state new,untracked accept
            udp dport netbios-ns ct state new,untracked accept
            udp dport netbios-dgm ct state new,untracked accept
            ip6 daddr fe80::/64 udp dport dhcpv6-client ct state new,untracked accept
            tcp dport http ct state new,untracked accept
            tcp dport https ct state new,untracked accept
            tcp dport domain ct state new,untracked accept
            udp dport domain ct state new,untracked accept
            udp dport bootps ct state new,untracked accept
    }

Anyhow, got more reading to do on firewalld.

[FIXED]

Well, apparently there is no zone called “public”

firewall-cmd --get-active-zones

internal
interfaces: eth0

So, try adding fex port to internal zone:

firewall-cmd --zone=internal --add-port=8888/tcp

success

And make it permanent:

firewall-cmd --permanent --zone=internal --add-port=8888/tcp

success

And now fex port shows up in ruleset (Yeah!!!)

nft list ruleset

    chain filter_IN_internal_allow {
            tcp dport ssh ct state new,untracked accept
            ip daddr 224.0.0.251 udp dport mdns ct state new,untracked accept
            ip6 daddr ff02::fb udp dport mdns ct state new,untracked accept
            udp dport netbios-ns ct state new,untracked accept
            udp dport netbios-dgm ct state new,untracked accept
            ip6 daddr fe80::/64 udp dport dhcpv6-client ct state new,untracked accept
            tcp dport http ct state new,untracked accept
            tcp dport https ct state new,untracked accept
            tcp dport domain ct state new,untracked accept
            udp dport domain ct state new,untracked accept
            udp dport bootps ct state new,untracked accept
            tcp dport 8888 ct state new,untracked accept
    }

And now I can reach fexsrv from within my internal network. Haven’t tested from the WAN side yet, but will try shortly for both freedombox and fex.

1 Like

For WAN, set the zone=external in firewall-cmd commands.