权限 – 以模式777以root身份打开文件时权限被拒绝

前端之家收集整理的这篇文章主要介绍了权限 – 以模式777以root身份打开文件时权限被拒绝前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我正在尝试安装并运行syslog-ng但是我被阻止了以下错误.
  1. Error opening configuration file; filename='/etc/syslog-ng/syslog-ng.conf',error='Permission denied (13)'

我用sudo运行它,文件和目录现在都有777权限.我已经使用了strace,这肯定是一个公开的电话,但是EACCESS失败了.据我们所知,它不会变成另一个用户.

更新:
按要求:strace输出

  1. [edward.sargisson@apps-mgmt-fe1 syslog-ng]$sudo strace -f -v -eopen /etc/init.d/syslog-ng start
  2. open("/etc/ld.so.cache",O_RDONLY) = 3
  3. open("/lib64/libtermcap.so.2",O_RDONLY) = 3
  4. open("/lib64/libdl.so.2",O_RDONLY) = 3
  5. open("/lib64/libc.so.6",O_RDONLY) = 3
  6. open("/dev/tty",O_RDWR|O_NONBLOCK) = 3
  7. open("/usr/lib/locale/locale-archive",O_RDONLY) = 3
  8. open("/proc/meminfo",O_RDONLY) = 3
  9. open("/usr/lib64/gconv/gconv-modules.cache",O_RDONLY) = 3
  10. open("/etc/init.d/syslog-ng",O_RDONLY) = 3
  11. open("/etc/init.d/functions",O_RDONLY) = 3
  12. Process 4802 attached (waiting for parent)
  13. Process 4802 resumed (parent 4801 ready)
  14. Process 4803 attached (waiting for parent)
  15. Process 4803 resumed (parent 4802 ready)
  16. Process 4802 suspended
  17. [pid 4803] open("/etc/ld.so.cache",O_RDONLY) = 3
  18. [pid 4803] open("/lib64/libc.so.6",O_RDONLY) = 3
  19. Process 4802 resumed
  20. Process 4803 detached
  21. [pid 4802] --- SIGCHLD (Child exited) @ 0 (0) ---
  22. Process 4802 detached
  23. --- SIGCHLD (Child exited) @ 0 (0) ---
  24. open("/etc/profile.d/lang.sh",O_RDONLY) = 3
  25. open("/etc/sysconfig/i18n",O_RDONLY) = 3
  26. open("/etc/sysconfig/init",O_RDONLY) = 3
  27. open("/usr/share/locale/locale.alias",O_RDONLY) = 3
  28. open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/initscripts.mo",O_RDONLY) = -1 ENOENT (No such file or directory)
  29. open("/usr/share/locale/en_US.utf8/LC_MESSAGES/initscripts.mo",O_RDONLY) = -1 ENOENT (No such file or directory)
  30. open("/usr/share/locale/en_US/LC_MESSAGES/initscripts.mo",O_RDONLY) = -1 ENOENT (No such file or directory)
  31. open("/usr/share/locale/en.UTF-8/LC_MESSAGES/initscripts.mo",O_RDONLY) = -1 ENOENT (No such file or directory)
  32. open("/usr/share/locale/en.utf8/LC_MESSAGES/initscripts.mo",O_RDONLY) = -1 ENOENT (No such file or directory)
  33. open("/usr/share/locale/en/LC_MESSAGES/initscripts.mo",O_RDONLY) = -1 ENOENT (No such file or directory)
  34. open("/etc/sysconfig/syslog-ng",O_RDONLY) = 3
  35. Process 4804 attached (waiting for parent)
  36. Process 4804 resumed (parent 4801 ready)
  37. Process 4801 suspended
  38. [pid 4804] open("/etc/ld.so.cache",O_RDONLY) = 3
  39. [pid 4804] open("/lib64/libnsl.so.1",O_RDONLY) = 3
  40. [pid 4804] open("/lib64/librt.so.1",O_RDONLY) = 3
  41. [pid 4804] open("/lib64/libnet.so.1",O_RDONLY) = 3
  42. [pid 4804] open("/lib64/libdl.so.2",O_RDONLY) = 3
  43. [pid 4804] open("/lib64/libc.so.6",O_RDONLY) = 3
  44. [pid 4804] open("/lib64/libpthread.so.0",O_RDONLY) = 3
  45. [pid 4804] open("/etc/eventlog.conf",O_RDONLY) = -1 ENOENT (No such file or directory)
  46. [pid 4804] open("/etc/localtime",O_RDONLY) = 3
  47. [pid 4804] open("/etc/syslog-ng/syslog-ng.conf",O_RDONLY) = -1 EACCES (Permission denied)
  48. Error opening configuration file; filename='/etc/syslog-ng/syslog-ng.conf',error='Permission denied (13)'
  49. Process 4801 resumed
  50. Process 4804 detached
  51. --- SIGCHLD (Child exited) @ 0 (0) ---

作为测试,我们将syslog-ng.conf移动到某个地方并将其复制回来 – 这使它工作但没有帮助.如果我使用chef替换文件,那么syslog-ng将无法启动.

解决方法

好的,结果证明这是一个与SELinux相关的问题.只是为了记录,可以检查/var/log/audit/audit.log以获取与SELinux相关的事件,应该启动auditd以启用此日志.有两种可能的解决方案:禁用SELinux(不推荐)或创建允许访问此文件自定义SELinux策略.也许该文件没有与之关联的适当安全上下文,因此不需要自定义策略.

提问者补充:使用ls -Z我现在可以看到该文件具有user_u:object_r:tmp_t的上下文.我的猜测是,厨师从厨师服务器复制文件,然后获取tmp_t上下文.但是,该文件需要/ etc的默认上下文,即etc_t.厨师有一个selinux食谱,似乎有适当的功能来控制它.

猜你在找的Linux相关文章