我遇到的问题是,目录上的组访问权限和全局访问权限/srv在重新启动时会恢复。
每当我授予世界写访问权限sudo chmod a+rwx /srv时,一切都很好,除了重新启动后,权限恢复为旧权限。
我可以在 VirtualBox 中使用全新的 Linux Mint 18 安装来重现这一点。
经过更多测试,似乎/dev、/home、/proc、/run和/sys的权限/var在重新启动后也会重置。
目录/bin、/boot、/cdrom、/etc、/lib、/lib64、/lost+found、/media、/mnt、/opt、 、/root、/sbin和不受影响/tmp。/usr
我还尝试删除 中的所有脚本/etc/init.d,希望找出“智能”初始化脚本,但重新启动后权限仍然被重置。 Mint 18 显然默认使用 systemd,我没有尝试删除 systemd 脚本,因为这可能只会破坏系统。
我检查了安装输出,看看是否安装了一些奇怪的东西,据我所知,情况并非如此(下面的安装输出)。
我尝试使用稍旧的 Linux Mint 17.3 重现这种现象,我已经使用了一段时间,没有出现任何问题。看来 Mint 17.3 也重置了权限,但不是在/srv目录上。为了完整起见,它确实重置/dev、/proc和。/run/sys
为了找到在哪里搜索的线索,我/bin/chmod用一个调用“真实”chmod 的 shell 脚本替换,该 shell 脚本另外将 chmod 调用及其参数记录到磁盘上的文件中。不幸的是,除了我自己的chmod a+rwx *测试呼叫外,没有记录任何呼叫。
所以我感觉某些应用程序二进制文件正在尝试变得智能并为我“修复”权限,但是是哪一个呢?
有人有想法吗?
ls -l安装后输出:
user@system / $ ls -l /
total 96
drwxr-xr-x 2 root root 4096 Feb 6 20:50 bin
drwxr-xr-x 3 root root 4096 Feb 6 20:50 boot
drwxr-xr-x 2 root root 4096 Feb 6 20:46 cdrom
drwxr-xr-x 19 root root 4240 Feb 6 20:51 dev
drwxr-xr-x 150 root root 12288 Feb 6 20:50 etc
drwxr-xr-x 3 root root 4096 Feb 6 20:46 home
lrwxrwxrwx 1 root root 32 Feb 6 20:50 initrd.img -> boot/initrd.img-4.4.0-21-generic
drwxr-xr-x 25 root root 4096 Feb 6 20:50 lib
drwxr-xr-x 2 root root 4096 Jun 28 2016 lib64
drwx------ 2 root root 16384 Feb 6 20:44 lost+found
drwxr-xr-x 2 root root 4096 Jun 28 2016 media
drwxr-xr-x 2 root root 4096 Jun 28 2016 mnt
drwxr-xr-x 2 root root 4096 Jun 28 2016 opt
dr-xr-xr-x 173 root root 0 Feb 6 2017 proc
drwx------ 4 root root 4096 Feb 6 20:51 root
drwxr-xr-x 30 root root 940 Feb 6 20:51 run
drwxr-xr-x 2 root root 12288 Feb 6 20:50 sbin
drwxr-xr-x 2 root root 4096 Jun 28 2016 srv
dr-xr-xr-x 13 root root 0 Feb 6 20:51 sys
drwxrwxrwt 10 root root 4096 Feb 6 20:51 tmp
drwxr-xr-x 10 root root 4096 Jun 28 2016 usr
drwxr-xr-x 11 root root 4096 Jun 28 2016 var
lrwxrwxrwx 1 root root 29 Feb 6 20:50 vmlinuz -> boot/vmlinuz-4.4.0-21-generic
user@system / $
ls -l之后输出sudo chmod a+rwx *
user@system / $ ls -lah
total 96
drwxrwxrwx 2 root root 4096 Feb 6 20:50 bin
drwxrwxrwx 3 root root 4096 Feb 6 20:50 boot
drwxrwxrwx 2 root root 4096 Feb 6 20:46 cdrom
drwxrwxrwx 19 root root 4240 Feb 6 20:51 dev
drwxrwxrwx 150 root root 12288 Feb 6 20:50 etc
drwxrwxrwx 3 root root 4096 Feb 6 20:46 home
lrwxrwxrwx 1 root root 32 Feb 6 20:50 initrd.img -> boot/initrd.img-4.4.0-21-generic
drwxrwxrwx 25 root root 4096 Feb 6 20:50 lib
drwxrwxrwx 2 root root 4096 Jun 28 2016 lib64
drwxrwxrwx 2 root root 16384 Feb 6 20:44 lost+found
drwxrwxrwx 2 root root 4096 Jun 28 2016 media
drwxrwxrwx 2 root root 4096 Jun 28 2016 mnt
drwxrwxrwx 2 root root 4096 Jun 28 2016 opt
drwxrwxrwx 167 root root 0 Feb 6 2017 proc
drwxrwxrwx 4 root root 4096 Feb 6 20:51 root
drwxrwxrwx 30 root root 960 Feb 6 20:56 run
drwxrwxrwx 2 root root 12288 Feb 6 20:50 sbin
drwxrwxrwx 2 root root 4096 Jun 28 2016 srv
drwxrwxrwx 13 root root 0 Feb 6 20:51 sys
drwxrwxrwt 10 root root 4096 Feb 6 20:56 tmp
drwxrwxrwx 10 root root 4096 Jun 28 2016 usr
drwxrwxrwx 11 root root 4096 Jun 28 2016 var
lrwxrwxrwx 1 root root 29 Feb 6 20:50 vmlinuz -> boot/vmlinuz-4.4.0-21-generic
user@system / $
重新启动后:(为了确定,我sync在重新启动之前做了一个手册)
user@system / $ ls -l
total 96
drwxrwxrwx 2 root root 4096 Feb 6 20:50 bin
drwxrwxrwx 3 root root 4096 Feb 6 20:50 boot
drwxrwxrwx 2 root root 4096 Feb 6 20:46 cdrom
drwxr-xr-x 19 root root 4240 Feb 6 20:57 dev
drwxrwxrwx 150 root root 12288 Feb 6 20:50 etc
drwxr-xr-x 3 root root 4096 Feb 6 20:46 home
lrwxrwxrwx 1 root root 32 Feb 6 20:50 initrd.img -> boot/initrd.img-4.4.0-21-generic
drwxrwxrwx 25 root root 4096 Feb 6 20:50 lib
drwxrwxrwx 2 root root 4096 Jun 28 2016 lib64
drwxrwxrwx 2 root root 16384 Feb 6 20:44 lost+found
drwxrwxrwx 2 root root 4096 Jun 28 2016 media
drwxrwxrwx 2 root root 4096 Jun 28 2016 mnt
drwxrwxrwx 2 root root 4096 Jun 28 2016 opt
dr-xr-xr-x 177 root root 0 Feb 6 2017 proc
drwxrwxrwx 4 root root 4096 Feb 6 20:51 root
drwxr-xr-x 29 root root 920 Feb 6 20:57 run
drwxrwxrwx 2 root root 12288 Feb 6 20:50 sbin
drwxr-xr-x 2 root root 4096 Jun 28 2016 srv
dr-xr-xr-x 13 root root 0 Feb 6 20:57 sys
drwxrwxrwt 10 root root 4096 Feb 6 20:57 tmp
drwxrwxrwx 10 root root 4096 Jun 28 2016 usr
drwxr-xr-x 11 root root 4096 Jun 28 2016 var
lrwxrwxrwx 1 root root 29 Feb 6 20:50 vmlinuz -> boot/vmlinuz-4.4.0-21-generic
user@system / $
安装输出:
user@system / $ mount
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
udev on /dev type devtmpfs (rw,nosuid,relatime,size=1132716k,nr_inodes=283179,mode=755)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs (rw,nosuid,noexec,relatime,size=230660k,mode=755)
/dev/sda1 on / type ext4 (rw,relatime,errors=remount-ro,data=ordered)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k)
tmpfs on /sys/fs/cgroup type tmpfs (rw,mode=755)
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd,nsroot=/)
pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,nosuid,nodev,noexec,relatime,hugetlb,release_agent=/run/cgmanager/agents/cgm-release-agent.hugetlb,nsroot=/)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer,nsroot=/)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct,nsroot=/)
cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory,nsroot=/)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset,clone_children,nsroot=/)
cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls,net_prio,nsroot=/)
cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event,release_agent=/run/cgmanager/agents/cgm-release-agent.perf_event,nsroot=/)
cgroup on /sys/fs/cgroup/pids type cgroup (rw,nosuid,nodev,noexec,relatime,pids,release_agent=/run/cgmanager/agents/cgm-release-agent.pids,nsroot=/)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio,nsroot=/)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices,nsroot=/)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=32,pgrp=1,timeout=0,minproto=5,maxproto=5,direct)
mqueue on /dev/mqueue type mqueue (rw,relatime)
debugfs on /sys/kernel/debug type debugfs (rw,relatime)
hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime)
fusectl on /sys/fs/fuse/connections type fusectl (rw,relatime)
binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,relatime)
cgmfs on /run/cgmanager/fs type tmpfs (rw,relatime,size=100k,mode=755)
tmpfs on /run/user/1000 type tmpfs (rw,nosuid,nodev,relatime,size=230660k,mode=700,uid=1000,gid=1000)
gvfsd-fuse on /run/user/1000/gvfs type fuse.gvfsd-fuse (rw,nosuid,nodev,relatime,user_id=1000,group_id=1000)
user@system / $
PS 虽然通常让/srv目录世界可写可能是一个坏主意,但就我而言,我在防火墙环境中有一个单独的系统用于嵌入式开发目的。
答案1
权限是由 systemd-tmpfiles 设置的,这似乎已记录在案这里。
我可以通过编辑来解决它/usr/lib/tmpfiles.d/home.conf,我在该行之前添加了注释q /srv 0755 - - -
感谢 DopeGhoti 帮助查明。