权限 – 以模式777以root身份打开文件时权限被拒绝

前端之家收集整理的这篇文章主要介绍了权限 – 以模式777以root身份打开文件时权限被拒绝前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我正在尝试安装并运行syslog-ng但是我被阻止了以下错误.
Error opening configuration file; filename='/etc/syslog-ng/syslog-ng.conf',error='Permission denied (13)'

我用sudo运行它,文件和目录现在都有777权限.我已经使用了strace,这肯定是一个公开的电话,但是EACCESS失败了.据我们所知,它不会变成另一个用户.

更新:
按要求:strace输出

[edward.sargisson@apps-mgmt-fe1 syslog-ng]$sudo strace -f -v -eopen /etc/init.d/syslog-ng start
open("/etc/ld.so.cache",O_RDONLY)      = 3
open("/lib64/libtermcap.so.2",O_RDONLY) = 3
open("/lib64/libdl.so.2",O_RDONLY)     = 3
open("/lib64/libc.so.6",O_RDONLY)      = 3
open("/dev/tty",O_RDWR|O_NONBLOCK)     = 3
open("/usr/lib/locale/locale-archive",O_RDONLY) = 3
open("/proc/meminfo",O_RDONLY)         = 3
open("/usr/lib64/gconv/gconv-modules.cache",O_RDONLY) = 3
open("/etc/init.d/syslog-ng",O_RDONLY) = 3
open("/etc/init.d/functions",O_RDONLY) = 3
Process 4802 attached (waiting for parent)
Process 4802 resumed (parent 4801 ready)
Process 4803 attached (waiting for parent)
Process 4803 resumed (parent 4802 ready)
Process 4802 suspended
[pid  4803] open("/etc/ld.so.cache",O_RDONLY) = 3
[pid  4803] open("/lib64/libc.so.6",O_RDONLY) = 3
Process 4802 resumed
Process 4803 detached
[pid  4802] --- SIGCHLD (Child exited) @ 0 (0) ---
Process 4802 detached
--- SIGCHLD (Child exited) @ 0 (0) ---
open("/etc/profile.d/lang.sh",O_RDONLY) = 3
open("/etc/sysconfig/i18n",O_RDONLY)   = 3
open("/etc/sysconfig/init",O_RDONLY)   = 3
open("/usr/share/locale/locale.alias",O_RDONLY) = 3
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/initscripts.mo",O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/initscripts.mo",O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/initscripts.mo",O_RDONLY) = -1 ENOENT (No    such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/initscripts.mo",O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/initscripts.mo",O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/initscripts.mo",O_RDONLY) = -1 ENOENT (No such file or directory)
open("/etc/sysconfig/syslog-ng",O_RDONLY) = 3
Process 4804 attached (waiting for parent)
Process 4804 resumed (parent 4801 ready)
Process 4801 suspended
[pid  4804] open("/etc/ld.so.cache",O_RDONLY) = 3
[pid  4804] open("/lib64/libnsl.so.1",O_RDONLY) = 3
[pid  4804] open("/lib64/librt.so.1",O_RDONLY) = 3
[pid  4804] open("/lib64/libnet.so.1",O_RDONLY) = 3
[pid  4804] open("/lib64/libdl.so.2",O_RDONLY) = 3
[pid  4804] open("/lib64/libc.so.6",O_RDONLY) = 3
[pid  4804] open("/lib64/libpthread.so.0",O_RDONLY) = 3
[pid  4804] open("/etc/eventlog.conf",O_RDONLY) = -1 ENOENT (No such file or directory)
[pid  4804] open("/etc/localtime",O_RDONLY) = 3
[pid  4804] open("/etc/syslog-ng/syslog-ng.conf",O_RDONLY) = -1 EACCES (Permission denied)
Error opening configuration file; filename='/etc/syslog-ng/syslog-ng.conf',error='Permission denied (13)'
Process 4801 resumed
Process 4804 detached
--- SIGCHLD (Child exited) @ 0 (0) ---

作为测试,我们将syslog-ng.conf移动到某个地方并将其复制回来 – 这使它工作但没有帮助.如果我使用chef替换文件,那么syslog-ng将无法启动.

解决方法

好的,结果证明这是一个与SELinux相关的问题.只是为了记录,可以检查/var/log/audit/audit.log以获取与SELinux相关的事件,应该启动auditd以启用此日志.有两种可能的解决方案:禁用SELinux(不推荐)或创建允许访问此文件自定义SELinux策略.也许该文件没有与之关联的适当安全上下文,因此不需要自定义策略.

提问者补充:使用ls -Z我现在可以看到该文件具有user_u:object_r:tmp_t的上下文.我的猜测是,厨师从厨师服务器复制文件,然后获取tmp_t上下文.但是,该文件需要/ etc的默认上下文,即etc_t.厨师有一个selinux食谱,似乎有适当的功能来控制它.

猜你在找的Linux相关文章