I'm using Centos 8.0 and my kernel version:
4.18.0-147.5.1.x86_64
Backgroud:
The messages on my host not rotated for a long time,and when I use "logrotate -v -f" to force rotating messages, it shows "rename messages: Operation not permitted".So I try renaming the messages immediately.
-rw------- 1 root 15464299992 Jul 15 10:12 messages
-rw------- 1 root 11644353 Sep 7 2020 messages-20200907.gz
-rw------- 1 root 8834073 Sep 13 2020 messages-20200913.gz
renaming /var/log/messages to /var/log/messages-20210715
error: failed to rename /var/log/messages to /var/log/messages-20210715: Operation not permitted
Here is my operation and the terminal's output:
[root#node-5 log]# mv messages messages-20210715
mv: cannot move ‘messages’ to ‘messages-20210715’: Operation not permitted
[root#node-5 ~]# whoami
root
I login as root,why do I still come across such problem? How can I solve this?
#DavidC.Rankin
Thx for replying.Here is the ls -ald . for messages:
[root#node-5 log]# ls -ald
drwxr-xr-x. 30 root 8192 Jul 15 11:14 .
So I don't think this may be a problem about permissions.
I also used strace to follow the syscall:
stat("messages2", 0x7fff6c37aae0) = -1 ENOENT (No such file or directory)
lstat("messages", {st_mode=S_IFREG|0600, st_size=15464637645, ...}) = 0
lstat("messages2", 0x7fff6c37a790) = -1 ENOENT (No such file or directory)
renameat2(AT_FDCWD, "messages", AT_FDCWD, "messages2", 0) = -1 EPERM (Operation not permitted)
Unfortunately,there are too many branches in function do_renameat2 so I haven't found the exact exit yet.
The problem got solved:
Show the file attributes with lsattr, it seems that messages got an attribute 'a',so it can't be renamed.
---------------- ./maillog-20201004
-----a---------- ./messages
And with command chattr -a messages,messages can be renamed again.
Related
We are getting the error "permission denied" when trying to write to a file that is owned by a service user and a shared group. In particular that is www-data:www-data and the user trying to write to it is in the group www-data.
There is no acl on none of the parent folders and the permissions to the file and folders are correct.
Here some details:
$ sudo -u deploy id -Gn
www-data
$ ls -lah /tmp
drwxrwxrwt 17 root root 4.0K Jul 11 11:22 .
drwxr-xr-x 23 root root 4.0K Jul 8 10:08 ..
...
-rw-rw-r-- 1 www-data www-data 0 Jul 11 10:50 test
...
$ echo 'hello world' | sudo -u deploy tee -a /tmp/test
tee: /tmp/test: Permission denied
hello world
we tried that on different folders and made sure there is no acl on any of the folders or parents or files...
Unfortunately that is not described in the link stark posted in the comment. And also not in any other page I found until I found an answer here on stackoverflow that clarified it.
2018 two new filesystem configurations got added to sysctl that should prevent regular files and fifos from beeing opened with the O_CREAT flag (as append mode is doing) in directories with the sticky bit set unless the user is the owner of the file. This commit added the settings: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=30aba6656f61ed44cba445a3c0d38b296fa9e8f5
To change that behaviour you have to set fs.protected_regular to 0:
sudo sysctl fs.protected_regular=0
Or to persist the change add fs.protected_regular=0 to your sysctl.conf.
side node: since O_CREAT is not deleting or renaming the file I'm wondered why it is connected to the sticky bit. It really is possible to create a file in directories with the stick bit set.
In case it matters: I stumbled over this problem when backing up a directory using rsync in a Cygwin environment, and rsync suddenly gave the error message:
rsync: readdir("/cygdrive/d/portable/FirefoxPortable/Data/profile/storage/default/moz-extension+++4c6d0e71-68ce-470e-87aa-8db1a3f6524d^userContextId=4294967295/idb"): File exists (17)
Here, /cygdrive/d/portable/FirefoxPortable is the directory to be saved, and until now, this has worked fine. Suspecting that the real problem is not related to rsync, I did a
ls /cygdrive/d/portable/FirefoxPortable/Data/profile/storage/default/moz-extension+++4c6d0e71-68ce-470e-87aa-8db1a3f6524d^userContextId=4294967295/idb
and indeed got the error message
ls: reading directory '/cygdrive/d/portable/FirefoxPortable/Data/profile/storage/default/moz-extension+++4c6d0e71-68ce-470e-87aa-8db1a3f6524d^userContextId=4294967295/idb': File exists
So, idb is a directory (which is true), because ls says that it is reading this direcory, but why do I get a File exists error for a directory?
ls -ld /cygdrive/d/portable/FirefoxPortable/Data/profile/storage/default/moz-extension+++4c6d0e71-68ce-470e-87aa-8db1a3f6524d^userContextId=4294967295/idb
yields
drwxr-xr-x 1 FISRONA Domain Users 0 May 6 2019 '/cygdrive/d/portable/FirefoxPortable/Data/profile/storage/default/moz-extension+++4c6d0e71-68ce-470e-87aa-8db1a3f6524d^userContextId=4294967295/idb'
and
stat /cygdrive/d/portable/FirefoxPortable/Data/profile/storage/default/moz-extension+++4c6d0e71-68ce-470e-87aa-8db1a3f6524d^userContextId=4294967295/idb
displayed:
File: /cygdrive/d/portable/FirefoxPortable/Data/profile/storage/default/moz-extension+++4c6d0e71-68ce-470e-87aa-8db1a3f6524d^userContextId=4294967295/idb
Size: 0 Blocks: 0 IO Block: 65536 directory
Device: 5a61dfech/1516363756d Inode: 12873190524118251466 Links: 1
Access: (0755/drwxr-xr-x) Uid: (3672028/ FISRONA) Gid: (1049089/Domain Users)
Access: 2019-05-06 11:32:50.000000000 +0200
Modify: 2019-05-06 11:32:50.190000000 +0200
Change: 2019-05-06 11:32:50.190000000 +0200
Birth: 2019-05-06 11:32:50.190000000 +0200
What could be messed up here to cause this behaviour?
BTW, I also checked the parent directory (because sometimes, differences in upper/lower case filenames can result in odd effects under Cygwin, due to the underlying Windows operating system):
ls -l /cygdrive/d/portable/FirefoxPortable/Data/profile/storage/default/moz-extension+++4c6d0e71-68ce-470e-87aa-8db1a3f6524d^userContextId=4294967295/
total 0
drwxr-xr-x 1 FISRONA Domain Users 0 May 6 2019 idb
I'm trying to perform a save or bgsave on my redis instance to run through the backup/restore process. I'm getting errors when I try to save however:
532:M 28 Jun 23:58:30.396 # Failed opening the RDB file backup.rdb (in server root dir /var/lib/redis) for saving: Read-only file system
Permissions on the /var/lib/redis folder:
$#/var/lib$ ls -artl | grep redis
drwxrwxrwx 3 redis redis 4096 Jun 28 23:58 redis
Permissions on the /var/lib folder:
$#/var$ ls -artl | grep lib
drwxrwxrwx 31 root root 4096 Jun 28 23:44 lib
Permissions on the /var folder:
$#/$ ls -artl | grep var
drwxrwxrwx 11 root root 4096 Jul 18 2016 var
Redis CLI output for config get dir:
1) "dir"
2) "/var/lib/redis"
Redis CLI output for config get dbfilename:
1) "dbfilename"
2) "backup.rdb"
Error from redis:
532:M 28 Jun 23:58:30.396 # Failed opening the RDB file backup.rdb (in server root dir /var/lib/redis) for saving: Read-only file system
Any help would be much appreciated!
You need to add the following to your /etc/systemd/system/redis-server unit file:
ReadWriteDirectories=-/var/lib/redis
Note that /var/lib/redis is the default, but if in your /etc/redis/redis.conf you set a different dir config option, you will need to set ReadWriteDirectories to that.
Error says Read-only file system
So, check the mounting (/ or /var) of file system, if it is read only, remount the FS with rw mode(read and write mode)
Take backup of important data before mounting.
I try to install some package using yum, but there is a big problem, I don't know how to solve it. Please help me, thank so much!^^
This is yum error:
[root#localhost rpm]# yum
rpmdb: /var/lib/rpm/__db.001: Input/output error
error: db3 error(5) from dbenv->open: Input/output error
error: cannot open Packages index using db3 - Input/output error (5)
error: cannot open Packages database in /var/lib/rpm
CRITICAL:yum.main:
Error: rpmdb open failed
[root#localhost rpm]#
after that, I try to re-build rpmdb but:
[root#localhost rpm]# rm -rf /var/lib/rpm/__db.00*
rm: cannot remove `/var/lib/rpm/__db.001': Input/output error
rm: cannot remove `/var/lib/rpm/__db.002': Input/output error
rm: cannot remove `/var/lib/rpm/__db.003': Input/output error
rm: cannot remove `/var/lib/rpm/__db.004': Input/output error
[root#localhost rpm]#
And this is list file and permission:
[root#localhost rpm]# ls -l
ls: cannot access __db.001: Input/output error
ls: cannot access __db.004: Input/output error
ls: cannot access __db.002: Input/output error
ls: cannot access __db.003: Input/output error
total 52456
-rw-r--r-- 1 root root 2887680 May 26 2016 Basenames
-rw-r--r-- 1 root root 12288 May 26 2016 Conflictname
-????????? ? ? ? ? ? __db.001
-????????? ? ? ? ? ? __db.002
-????????? ? ? ? ? ? __db.003
-????????? ? ? ? ? ? __db.004
-rw-r--r-- 1 root root 1368064 May 26 2016 Dirnames
-rw-r--r-- 1 root root 5251072 May 26 2016 Filedigests
-rw-r--r-- 1 root root 16384 May 26 2016 Group
...
[root#localhost rpm]#
For some time, when trying to run dbus gives me the following error, even if I'm logged in as root:
gentoo herman # /etc/init.d/dbus start
* Starting D-BUS system messagebus ...
Failed to start message bus: Failed to bind socket "/var/run/dbus/system_bus_socket": Permission denied
* start-stop-daemon: failed to start `/usr/bin/dbus-daemon' [ !! ]
* ERROR: dbus failed to start
Listing directory:
gentoo herman # ls /var/run/dbus/ -all
ls: nie ma dostępu do /var/run/dbus/system_bus_socket: Brak dostępu
razem 1
drwxr-xr-x 2 root root 88 08-14 16:42 .
drwxr-xr-x 20 root root 824 08-16 16:45 ..
?????????? ? ? ? ? ? system_bus_socket
I tried to delete this file as root via the rm command, but displays the same error.
I have installed :
[ebuild R ] sys-apps/dbus-1.4.14 USE="X static-libs -debug -doc (-selinux) -test"
[ebuild R ] dev-libs/dbus-glib-0.94-r1 USE="static-libs -bash-completion -debug -doc -test"
uname -a :
Linux gentoo 2.6.38-gentoo #6 SMP Fri Jul 1 09:41:37 CEST 2011 x86_64 Intel(R) Core(TM)2 Duo CPU T9400 # 2.53GHz GenuineIntel GNU/Linux
Command "dmesg | grep dbus" nothing displays. Reinstalling dbus also in no way helped. Thanks for any help
Looks like you have corruption in your /var filesystem. Try fsck-ing the file-system.
Also, for a quick workaround you can rename the directory and create a new one, because you won't be able to delete the offending file.
Do as root:
# mv /var/run/dbus /var/run/dbus-broken
# mkdir /var/run/dbus
And start the daemon as usual.
But don't forget the fsck! If there is one error in the FS there may be others lurking around.