我正在尝试安装并运行syslog-ng但是我被阻止了以下错误.
Error opening configuration file; filename='/etc/syslog-ng/syslog-ng.conf',error='Permission denied (13)'
我用sudo运行它,文件和目录现在都有777权限.我已经使用了strace,这肯定是一个公开的电话,但是EACCESS失败了.据我们所知,它不会变成另一个用户.
更新:
按要求:strace输出
[edward.sargisson@apps-mgmt-fe1 syslog-ng]$sudo strace -f -v -eopen /etc/init.d/syslog-ng start
open("/etc/ld.so.cache",O_RDONLY) = 3
open("/lib64/libtermcap.so.2",O_RDONLY) = 3
open("/lib64/libdl.so.2",O_RDONLY) = 3
open("/lib64/libc.so.6",O_RDONLY) = 3
open("/dev/tty",O_RDWR|O_NONBLOCK) = 3
open("/usr/lib/locale/locale-archive",O_RDONLY) = 3
open("/proc/meminfo",O_RDONLY) = 3
open("/usr/lib64/gconv/gconv-modules.cache",O_RDONLY) = 3
open("/etc/init.d/syslog-ng",O_RDONLY) = 3
open("/etc/init.d/functions",O_RDONLY) = 3
Process 4802 attached (waiting for parent)
Process 4802 resumed (parent 4801 ready)
Process 4803 attached (waiting for parent)
Process 4803 resumed (parent 4802 ready)
Process 4802 suspended
[pid 4803] open("/etc/ld.so.cache",O_RDONLY) = 3
[pid 4803] open("/lib64/libc.so.6",O_RDONLY) = 3
Process 4802 resumed
Process 4803 detached
[pid 4802] --- SIGCHLD (Child exited) @ 0 (0) ---
Process 4802 detached
--- SIGCHLD (Child exited) @ 0 (0) ---
open("/etc/profile.d/lang.sh",O_RDONLY) = 3
open("/etc/sysconfig/i18n",O_RDONLY) = 3
open("/etc/sysconfig/init",O_RDONLY) = 3
open("/usr/share/locale/locale.alias",O_RDONLY) = 3
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/initscripts.mo",O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/initscripts.mo",O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/initscripts.mo",O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/initscripts.mo",O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/initscripts.mo",O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/initscripts.mo",O_RDONLY) = -1 ENOENT (No such file or directory)
open("/etc/sysconfig/syslog-ng",O_RDONLY) = 3
Process 4804 attached (waiting for parent)
Process 4804 resumed (parent 4801 ready)
Process 4801 suspended
[pid 4804] open("/etc/ld.so.cache",O_RDONLY) = 3
[pid 4804] open("/lib64/libnsl.so.1",O_RDONLY) = 3
[pid 4804] open("/lib64/librt.so.1",O_RDONLY) = 3
[pid 4804] open("/lib64/libnet.so.1",O_RDONLY) = 3
[pid 4804] open("/lib64/libdl.so.2",O_RDONLY) = 3
[pid 4804] open("/lib64/libc.so.6",O_RDONLY) = 3
[pid 4804] open("/lib64/libpthread.so.0",O_RDONLY) = 3
[pid 4804] open("/etc/eventlog.conf",O_RDONLY) = -1 ENOENT (No such file or directory)
[pid 4804] open("/etc/localtime",O_RDONLY) = 3
[pid 4804] open("/etc/syslog-ng/syslog-ng.conf",O_RDONLY) = -1 EACCES (Permission denied)
Error opening configuration file; filename='/etc/syslog-ng/syslog-ng.conf',error='Permission denied (13)'
Process 4801 resumed
Process 4804 detached
--- SIGCHLD (Child exited) @ 0 (0) ---
作为测试,我们将syslog-ng.conf移动到某个地方并将其复制回来 – 这使它工作但没有帮助.如果我使用chef替换文件,那么syslog-ng将无法启动.
解决方法
好的,结果证明这是一个与SELinux相关的问题.只是为了记录,可以检查/var/log/audit/audit.log以获取与SELinux相关的事件,应该启动auditd以启用此日志.有两种可能的解决方案:禁用SELinux(不推荐)或创建允许访问此文件的自定义SELinux策略.也许该文件没有与之关联的适当安全上下文,因此不需要自定义策略.
提问者补充:使用ls -Z我现在可以看到该文件具有user_u:object_r:tmp_t的上下文.我的猜测是,厨师从厨师服务器复制文件,然后获取tmp_t上下文.但是,该文件需要/ etc的默认上下文,即etc_t.厨师有一个selinux食谱,似乎有适当的功能来控制它.
