Saya memiliki PC dengan Ubuntu 16.04 terinstal. Baru-baru ini saya ingin menginstal beberapa paket tetapi kesulitan menginstalnya. Setelah beberapa penggalian, saya menemukan bahwa kegagalan tersebut tampaknya terkait dengan sistem akun pengguna linux. Masalahnya adalah bahwa file apa pun dengan nama yang diawali dengan passwd.tidak dapat dibuat di /etcjalur.
# ls /etc/passwd.*
ls: cannot access '/etc/passwd.*': No such file or directory
# touch /etc/passwd.test-test-test
touch: cannot touch '/etc/passwd.test-test-test': Permission denied
# ls /etc/passwe.*
ls: cannot access '/etc/passwe.*': No such file or directory
# touch /etc/passwe.test-test-test
#
Saya bisa membuat file itu di jalur lain, seperti /atau /usr, tetapi tidak di /etc, dan saya bisa membuat file dengan nama file lain /etc, tetapi tidak dengan nama file yang diawali oleh passwd.. Saya tidak dapat mereproduksi masalah ini dengan PC lain.
Saya sudah mencoba perintah lain:
nano /etc/shadow.xxxecho xxx > /etc/shadow.xxxtouch /etc/test-temp-file && mv /etc/test-temp-file /etc/shadow.xxxsystemctl stop apparmor- Mulai ulang sistem
Tidak ada yang berhasil.
Apa yang bisa menyebabkan masalah ini?
Berikut adalah beberapa output perintah debug:
# ls -ld /etc
drwxr-xr-x 136 root root 12288 Aug 12 10:07 /etc
# lsattr -d /etc
----------I--e-- /etc
# ls -dZ /etc
? /etc
# type -a touch
touch is /usr/bin/touch
touch is /bin/touch
# file "$(command -v touch)"
/usr/bin/touch: symbolic link to /bin/touch
Berikut stracehasilnya:
# strace touch /etc/passwd.test-test-test
execve("/usr/bin/touch", ["touch", "/etc/passwd.test-test-test"], [/* 22 vars */]) = 0
brk(NULL) = 0x8da000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=80559, ...}) = 0
mmap(NULL, 80559, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f9bc360e000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\t\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1868984, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9bc360d000
mmap(NULL, 3971488, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f9bc3033000
mprotect(0x7f9bc31f3000, 2097152, PROT_NONE) = 0
mmap(0x7f9bc33f3000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c0000) = 0x7f9bc33f3000
mmap(0x7f9bc33f9000, 14752, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f9bc33f9000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9bc360c000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9bc360b000
arch_prctl(ARCH_SET_FS, 0x7f9bc360c700) = 0
mprotect(0x7f9bc33f3000, 16384, PROT_READ) = 0
mprotect(0x60e000, 4096, PROT_READ) = 0
mprotect(0x7f9bc3622000, 4096, PROT_READ) = 0
munmap(0x7f9bc360e000, 80559) = 0
brk(NULL) = 0x8da000
brk(0x8fb000) = 0x8fb000
open("/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=1668976, ...}) = 0
mmap(NULL, 1668976, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f9bc3473000
close(3) = 0
open("/etc/passwd.test-test-test", O_WRONLY|O_CREAT|O_NOCTTY|O_NONBLOCK, 0666) = -1 EACCES (Permission denied)
utimensat(AT_FDCWD, "/etc/passwd.test-test-test", NULL, 0) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=2995, ...}) = 0
read(3, "# Locale name alias data base.\n#"..., 4096) = 2995
read(3, "", 4096) = 0
close(3) = 0
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale-langpack/en_US.UTF-8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale-langpack/en_US.utf8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale-langpack/en_US/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale-langpack/en.UTF-8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale-langpack/en.utf8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale-langpack/en/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
write(2, "touch: ", 7touch: ) = 7
write(2, "cannot touch '/etc/passwd.test-t"..., 41cannot touch '/etc/passwd.test-test-test') = 41
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale-langpack/en_US.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale-langpack/en_US.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale-langpack/en_US/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale-langpack/en.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale-langpack/en.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale-langpack/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
write(2, ": Permission denied", 19: Permission denied) = 19
write(2, "\n", 1
) = 1
close(1) = 0
close(2) = 0
exit_group(1) = ?
+++ exited with 1 +++
ubuntu
permissions
EFANZH
sumber
sumber
ls -ld /etcdikatakan? Bagaimana denganlsattr -d /etc? Jika Anda menggunakan SELinux, apals -dZ /etcisinya? Jika Anda menggunakan AppArmor, apa kata perintah yang setara (saya tidak tahu apa itu) katakan? Bagaimana ini/etc/berbeda dari/etcpada PC lain? Jalankan perintah yang sama di sana dan cari perbedaannya.touchfungsi atau skrip atau sesuatu? Apa yang dilaporkantype -a touchdanfile "$(command -v touch)"dilaporkan? Saya tidak dapat mereproduksi pada kotak 16.04 saya.root, kan?Jawaban:
Saya menemukan alasannya. Itu karena ISecTP (Keamanan Titik Akhir untuk Pencegahan Ancaman Linux) diinstal pada PC saya. Ini termasuk " Access Protection ", yang menggunakan antarmuka kernel fanotify, atau injeksi modul khusus ke dalam kernel (dapat dikonfigurasi yang mana di antaranya ), menyebabkan akses ke jalur arbitrer ditolak. Saya tidak menyadarinya karena saya bukan satu-satunya yang menggunakan PC. Setelah menghapusnya, semuanya baik-baik saja sekarang.
Terima kasih semuanya, atas bantuan Anda!
sumber