我正在尝试安装并运行syslog-ng但是我被阻止了以下错误.
- Error opening configuration file; filename='/etc/syslog-ng/syslog-ng.conf',error='Permission denied (13)'
我用sudo运行它,文件和目录现在都有777权限.我已经使用了strace,这肯定是一个公开的电话,但是EACCESS失败了.据我们所知,它不会变成另一个用户.
更新:
按要求:strace输出
- [edward.sargisson@apps-mgmt-fe1 syslog-ng]$sudo strace -f -v -eopen /etc/init.d/syslog-ng start
- open("/etc/ld.so.cache",O_RDONLY) = 3
- open("/lib64/libtermcap.so.2",O_RDONLY) = 3
- open("/lib64/libdl.so.2",O_RDONLY) = 3
- open("/lib64/libc.so.6",O_RDONLY) = 3
- open("/dev/tty",O_RDWR|O_NONBLOCK) = 3
- open("/usr/lib/locale/locale-archive",O_RDONLY) = 3
- open("/proc/meminfo",O_RDONLY) = 3
- open("/usr/lib64/gconv/gconv-modules.cache",O_RDONLY) = 3
- open("/etc/init.d/syslog-ng",O_RDONLY) = 3
- open("/etc/init.d/functions",O_RDONLY) = 3
- Process 4802 attached (waiting for parent)
- Process 4802 resumed (parent 4801 ready)
- Process 4803 attached (waiting for parent)
- Process 4803 resumed (parent 4802 ready)
- Process 4802 suspended
- [pid 4803] open("/etc/ld.so.cache",O_RDONLY) = 3
- [pid 4803] open("/lib64/libc.so.6",O_RDONLY) = 3
- Process 4802 resumed
- Process 4803 detached
- [pid 4802] --- SIGCHLD (Child exited) @ 0 (0) ---
- Process 4802 detached
- --- SIGCHLD (Child exited) @ 0 (0) ---
- open("/etc/profile.d/lang.sh",O_RDONLY) = 3
- open("/etc/sysconfig/i18n",O_RDONLY) = 3
- open("/etc/sysconfig/init",O_RDONLY) = 3
- open("/usr/share/locale/locale.alias",O_RDONLY) = 3
- open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/initscripts.mo",O_RDONLY) = -1 ENOENT (No such file or directory)
- open("/usr/share/locale/en_US.utf8/LC_MESSAGES/initscripts.mo",O_RDONLY) = -1 ENOENT (No such file or directory)
- open("/usr/share/locale/en_US/LC_MESSAGES/initscripts.mo",O_RDONLY) = -1 ENOENT (No such file or directory)
- open("/usr/share/locale/en.UTF-8/LC_MESSAGES/initscripts.mo",O_RDONLY) = -1 ENOENT (No such file or directory)
- open("/usr/share/locale/en.utf8/LC_MESSAGES/initscripts.mo",O_RDONLY) = -1 ENOENT (No such file or directory)
- open("/usr/share/locale/en/LC_MESSAGES/initscripts.mo",O_RDONLY) = -1 ENOENT (No such file or directory)
- open("/etc/sysconfig/syslog-ng",O_RDONLY) = 3
- Process 4804 attached (waiting for parent)
- Process 4804 resumed (parent 4801 ready)
- Process 4801 suspended
- [pid 4804] open("/etc/ld.so.cache",O_RDONLY) = 3
- [pid 4804] open("/lib64/libnsl.so.1",O_RDONLY) = 3
- [pid 4804] open("/lib64/librt.so.1",O_RDONLY) = 3
- [pid 4804] open("/lib64/libnet.so.1",O_RDONLY) = 3
- [pid 4804] open("/lib64/libdl.so.2",O_RDONLY) = 3
- [pid 4804] open("/lib64/libc.so.6",O_RDONLY) = 3
- [pid 4804] open("/lib64/libpthread.so.0",O_RDONLY) = 3
- [pid 4804] open("/etc/eventlog.conf",O_RDONLY) = -1 ENOENT (No such file or directory)
- [pid 4804] open("/etc/localtime",O_RDONLY) = 3
- [pid 4804] open("/etc/syslog-ng/syslog-ng.conf",O_RDONLY) = -1 EACCES (Permission denied)
- Error opening configuration file; filename='/etc/syslog-ng/syslog-ng.conf',error='Permission denied (13)'
- Process 4801 resumed
- Process 4804 detached
- --- SIGCHLD (Child exited) @ 0 (0) ---
作为测试,我们将syslog-ng.conf移动到某个地方并将其复制回来 – 这使它工作但没有帮助.如果我使用chef替换文件,那么syslog-ng将无法启动.
解决方法
好的,结果证明这是一个与SELinux相关的问题.只是为了记录,可以检查/var/log/audit/audit.log以获取与SELinux相关的事件,应该启动auditd以启用此日志.有两种可能的解决方案:禁用SELinux(不推荐)或创建允许访问此文件的自定义SELinux策略.也许该文件没有与之关联的适当安全上下文,因此不需要自定义策略.
提问者补充:使用ls -Z我现在可以看到该文件具有user_u:object_r:tmp_t的上下文.我的猜测是,厨师从厨师服务器复制文件,然后获取tmp_t上下文.但是,该文件需要/ etc的默认上下文,即etc_t.厨师有一个selinux食谱,似乎有适当的功能来控制它.
