특정 사용자( )로 디렉터리의 파일에 액세스하려고 하면 매우 이상한 권한 문제가 발생합니다 adventho. 이것은 몇 달 동안 잘 작동했습니다. 최근에 이러한 오류가 발생하는 것을 발견했으며 한동안 시스템에서 아무것도 변경하지 않았습니다. 사용자가 파일에 액세스하려고 하면 다음과 같은 일이 발생합니다.
# su adventho
adventho@snail:/root
$ stat /home/adventho/public_html/hotelimg/187-1-1403380618.jpg
stat: cannot stat `/home/adventho/public_html/hotelimg/187-1-1403380618.jpg': Permission denied
그러나 루트로는 잘 액세스할 수 있습니다.
root@snail:~# stat /home/adventho/public_html/hotelimg/187-1-1403380618.jpg
File: `/home/adventho/public_html/hotelimg/187-1-1403380618.jpg'
Size: 528535 Blocks: 1040 IO Block: 4096 regular file
Device: 906h/2310d Inode: 918000 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 1030/adventho) Gid: ( 1008/adventho)
Access: 2014-12-15 17:23:44.318374774 -0500
Modify: 2014-06-21 15:56:58.000000000 -0400
Change: 2014-10-23 16:44:57.502377342 -0400
Birth: -
실제로 ls -la디렉토리에서 작업을 수행하면 .및에 대해서도 출력에 "?"가 많이 생성됩니다 ...
d????????? ? ? ? ? ? .
d????????? ? ? ? ? ? ..
-????????? ? ? ? ? ? 106-1-1239840962_800_600_180_135.jpg
-????????? ? ? ? ? ? 106-1-1239840962_800_600_240_180.jpg
-????????? ? ? ? ? ? 106-1-1239840962_800_600.jpg
-????????? ? ? ? ? ? 106-2-1239840963_800_600_180_135.jpg
-????????? ? ? ? ? ? 106-2-1239840963_800_600_240_180.jpg
-????????? ? ? ? ? ? 106-2-1239840963_800_600.jpg
-????????? ? ? ? ? ? 106-3-1239840964_800_600_180_135.jpg
-????????? ? ? ? ? ? 106-3-1239840964_800_600_240_180.jpg
-????????? ? ? ? ? ? 106-3-1239840964_800_600.jpg
하지만 이렇게 하면 ls -ld hotelimg/다음과 같은 결과가 나옵니다.
drw-rw-r-- 2 adventho www-data 69632 Dec 15 17:23 hotelimg/
내가 추가하면아무것슬래시 뒤에는 내 권한이 거부되었습니다.
$ ls -ld hotelimg/../index.php
ls: cannot access hotelimg/../some_existent_file: Permission denied
$ ls -ld hotelimg/.
ls: cannot access hotelimg/.: Permission denied
$ ls -ld hotelimg/../
ls: cannot access hotelimg/../: Permission denied
하나 만들어 보았는데 결과는 다음과 같습니다 strace.ls
$ strace ls /home/adventho/public_html/hotelimg/187-1-1403380618.jpg
execve("/bin/ls", ["ls", "/home/adventho/public_html/hotel"...], [/* 13 vars */]) = 0
brk(0) = 0x1db6000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f931a148000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=26612, ...}) = 0
mmap(NULL, 26612, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f931a141000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libselinux.so.1", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\260f\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=126232, ...}) = 0
mmap(NULL, 2226160, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f9319d0b000
mprotect(0x7f9319d29000, 2093056, PROT_NONE) = 0
mmap(0x7f9319f28000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1d000) = 0x7f9319f28000
mmap(0x7f9319f2a000, 2032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f9319f2a000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/librt.so.1", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\220!\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=31744, ...}) = 0
mmap(NULL, 2128856, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f9319b03000
mprotect(0x7f9319b0a000, 2093056, PROT_NONE) = 0
mmap(0x7f9319d09000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7f9319d09000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libacl.so.1", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`\"\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=35320, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f931a140000
mmap(NULL, 2130560, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f93198fa000
mprotect(0x7f9319902000, 2093056, PROT_NONE) = 0
mmap(0x7f9319b01000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x7000) = 0x7f9319b01000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\300\357\1\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1603600, ...}) = 0
mmap(NULL, 3717176, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f931956e000
mprotect(0x7f93196f0000, 2097152, PROT_NONE) = 0
mmap(0x7f93198f0000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x182000) = 0x7f93198f0000
mmap(0x7f93198f5000, 18488, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f93198f5000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340\r\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=14768, ...}) = 0
mmap(NULL, 2109696, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f931936a000
mprotect(0x7f931936c000, 2097152, PROT_NONE) = 0
mmap(0x7f931956c000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f931956c000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libpthread.so.0", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@\\\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=131107, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f931a13f000
mmap(NULL, 2208672, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f931914e000
mprotect(0x7f9319165000, 2093056, PROT_NONE) = 0
mmap(0x7f9319364000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16000) = 0x7f9319364000
mmap(0x7f9319366000, 13216, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f9319366000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libattr.so.1", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\25\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=18672, ...}) = 0
mmap(NULL, 2113880, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f9318f49000
mprotect(0x7f9318f4d000, 2093056, PROT_NONE) = 0
mmap(0x7f931914c000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7f931914c000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f931a13e000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f931a13c000
arch_prctl(ARCH_SET_FS, 0x7f931a13c7a0) = 0
mprotect(0x7f931914c000, 4096, PROT_READ) = 0
mprotect(0x7f9319364000, 4096, PROT_READ) = 0
mprotect(0x7f931956c000, 4096, PROT_READ) = 0
mprotect(0x7f93198f0000, 16384, PROT_READ) = 0
mprotect(0x7f9319b01000, 4096, PROT_READ) = 0
mprotect(0x7f9319d09000, 4096, PROT_READ) = 0
mprotect(0x7f9319f28000, 4096, PROT_READ) = 0
mprotect(0x61a000, 4096, PROT_READ) = 0
mprotect(0x7f931a14a000, 4096, PROT_READ) = 0
munmap(0x7f931a141000, 26612) = 0
set_tid_address(0x7f931a13ca70) = 22762
set_robust_list(0x7f931a13ca80, 0x18) = 0
futex(0x7fff8335414c, FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 1, NULL, 7f931a13c7a0) = -1 EAGAIN (Resource temporarily unavailable)
rt_sigaction(SIGRTMIN, {0x7f9319153ad0, [], SA_RESTORER|SA_SIGINFO, 0x7f931915d0a0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {0x7f9319153b60, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x7f931915d0a0}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM_INFINITY}) = 0
statfs("/sys/fs/selinux", 0x7fff833540a0) = -1 ENOENT (No such file or directory)
statfs("/selinux", {f_type="EXT2_SUPER_MAGIC", f_bsize=4096, f_blocks=1440781, f_bfree=1145015, f_bavail=1071826, f_files=366480, f_ffree=337819, f_fsid={-205162666, 1274914527}, f_namelen=255, f_frsize=4096}) = 0
brk(0) = 0x1db6000
brk(0x1dd7000) = 0x1dd7000
open("/proc/filesystems", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f931a147000
read(3, "nodev\tsysfs\nnodev\trootfs\nnodev\tb"..., 1024) = 385
read(3, "", 1024) = 0
close(3) = 0
munmap(0x7f931a147000, 4096) = 0
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=110939968, ...}) = 0
mmap(NULL, 110939968, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f931257c000
close(3) = 0
ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TIOCGWINSZ, {ws_row=39, ws_col=153, ws_xpixel=0, ws_ypixel=0}) = 0
stat("/home/adventho/public_html/hotelimg/187-1-1403380618.jpg", 0x1db70d0) = -1 EACCES (Permission denied)
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=2570, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f931a147000
read(3, "# Locale name alias data base.\n#"..., 4096) = 2570
read(3, "", 4096) = 0
close(3) = 0
munmap(0x7f931a147000, 4096) = 0
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
write(2, "ls: ", 4ls: ) = 4
write(2, "cannot access /home/adventho/pub"..., 70cannot access /home/adventho/public_html/hotelimg/187-1-1403380618.jpg) = 70
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
write(2, ": Permission denied", 19: Permission denied) = 19
write(2, "\n", 1
) = 1
close(1) = 0
close(2) = 0
exit_group(2) = ?
selinux를 언급했지만 설치되지 않은 것으로 나타났습니다. 다시 확인하기 위해 설치 policycoreutils(55개의 다른 패키지 설치)하고 실행했는데 sestatus출력이 "비활성화"되었습니다. 서버에 설치된 모든 것(lfd/csf만 제외)은 저장소에서 가져옵니다.
이러한 권한 거부 오류의 원인이 무엇인지 혼란스럽습니다.
답변1
디렉토리에 대한 읽기 권한을 사용하면 해당 내용을 나열할 수만 있습니다. 실제로 콘텐츠에 접근하려면 실행 권한이 필요합니다. 반대로 실행 권한만 있으면 콘텐츠에 액세스할 수 있지만 나열할 수는 없습니다. 바라보다비트를 실행하고 읽습니다. Linux에서 디렉토리 권한은 어떻게 작동합니까?
답변2
디렉토리는 두 가지 방법으로 작동할 수 있습니다. 첫 번째는 실행이라고도 하는 디렉터리를 읽거나 찾아보는 것입니다.엘에스명령이고 다른 하나는 실행 디렉터리입니다. 요청한 디렉터리에서 파일이나 디렉터리를 열려면 실행이 필요합니다. 실행은 요청된 이름의 inode 조회이며, 디렉토리를 읽을 필요는 없습니다.
귀하의 사례 디렉토리에호텔 경영실행 권한이 없습니다. 다음을 추가하세요.'chmod +x 호텔IMG'권한 문제가 해결되어야 합니다.