Linux(NAS)权限问题(Permission Denied)

Linux(NAS)权限问题(Permission Denied)

这可能比解释起来更容易……

-bash-3.2$ id
uid=501(admin) gid=503(admin) groups=100(users),501(admins),503(admin)
-bash-3.2$ groups
admin users admins
-bash-3.2$ ls -l
total 8
drwxrwxrwx 78 admin www 4096 Dec  9 09:02 Inbox
drwxrwxrwx 21 admin www 4096 Dec  8 21:45 Movies
drwxrwx---  3 admin www   52 Dec  9 07:57 TV
-bash-3.2$ cd Movies
-bash-3.2$ ls -l      
total 20
drwxrwx--- 7 admin www 4096 Dec  8 00:04 Action
drwxrwx--- 6 admin www 4096 Dec  8 00:05 Animation
drwxrwx--- 4 admin www 4096 Dec  8 00:17 Comedy
drwxrwx--- 4 admin www 4096 Dec  8 00:14 Drama
drwxrwx--- 4 admin www 4096 Dec  8 00:14 Family
drwxrwx--- 6 admin www   58 Dec  6 19:10 Foreign Language
drwxrwx--- 2 admin www   31 Dec  7 23:58 Horror
drwxrwx--- 3 admin www   50 Dec  8 00:15 Science Fiction
drwxrwx--- 2 admin www    6 Dec  8 00:16 Thriller
-bash-3.2$ cd ../Inbox
-bash: cd: ../Inbox: Permission denied

文件系统是 XFS。目录上是否有 ls -l 不会显示的权限?我是目录及其内所有文件的所有者。我可以使用 sudo 来修改文件权限或查看文件夹的内容,但我需要“管理员”可以访问它们。

有什么想法吗?我会定期检查这个问题,所以如果我需要用更多信息更新它,请告诉我。

谢谢

编辑 :添加了 strace

execve("/bin/ls", ["ls", "Inbox"], [/* 21 vars */]) = 0
brk(0)                                  = 0x26000
uname({sys="Linux", node="axentraserver.the-brodie-stora.mystora.com", ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4001c000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=17972, ...}) = 0
mmap2(NULL, 17972, PROT_READ, MAP_PRIVATE, 3, 0) = 0x4001d000
close(3)                                = 0
open("/lib/librt.so.1", O_RDONLY)       = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0P\25\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=39776, ...}) = 0
mmap2(NULL, 57816, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x40025000
mprotect(0x4002b000, 28672, PROT_NONE)  = 0
mmap2(0x40032000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5) = 0x40032000
close(3)                                = 0
open("/lib/libacl.so.1", O_RDONLY)      = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\0\24\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=134375, ...}) = 0
mmap2(NULL, 54368, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x40034000
mprotect(0x4003a000, 28672, PROT_NONE)  = 0
mmap2(0x40041000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5) = 0x40041000
close(3)                                = 0
open("/lib/libselinux.so.1", O_RDONLY)  = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\2147\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=297439, ...}) = 0
mmap2(NULL, 117504, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x40042000
mprotect(0x40056000, 28672, PROT_NONE)  = 0
mmap2(0x4005d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13) = 0x4005d000
close(3)                                = 0
open("/lib/libgcc_s.so.1", O_RDONLY)    = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\10\"\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=43164, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40022000
mmap2(NULL, 74572, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x4005f000
mprotect(0x4006a000, 28672, PROT_NONE)  = 0
mmap2(0x40071000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xa) = 0x40071000
close(3)                                = 0
open("/lib/libc.so.6", O_RDONLY)        = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0XI\1\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1517948, ...}) = 0
mmap2(NULL, 1245628, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x40072000
mprotect(0x40195000, 32768, PROT_NONE)  = 0
mmap2(0x4019d000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x123) = 0x4019d000
mmap2(0x401a0000, 8636, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x401a0000
close(3)                                = 0
open("/lib/libpthread.so.0", O_RDONLY)  = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\230A\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=121044, ...}) = 0
mmap2(NULL, 115184, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x401a3000
mprotect(0x401b5000, 28672, PROT_NONE)  = 0
mmap2(0x401bc000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x11) = 0x401bc000
mmap2(0x401be000, 4592, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x401be000
close(3)                                = 0
open("/lib/libattr.so.1", O_RDONLY)     = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\364\f\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=40571, ...}) = 0
mmap2(NULL, 45512, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x401c0000
mprotect(0x401c3000, 32768, PROT_NONE)  = 0
mmap2(0x401cb000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3) = 0x401cb000
close(3)                                = 0
open("/lib/libdl.so.2", O_RDONLY)       = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\254\10\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=15344, ...}) = 0
mmap2(NULL, 41116, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x401cc000
mprotect(0x401ce000, 28672, PROT_NONE)  = 0
mmap2(0x401d5000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0x401d5000
close(3)                                = 0
open("/lib/libsepol.so.1", O_RDONLY)    = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\330/\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=228044, ...}) = 0
mmap2(NULL, 301748, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x401d7000
mprotect(0x4020f000, 28672, PROT_NONE)  = 0
mmap2(0x40216000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x37) = 0x40216000
mmap2(0x40217000, 39604, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40217000
close(3)                                = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40221000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40222000
set_tls(0x40221d00, 0x40221d00, 0x40024000, 0x402223e8, 0x41) = 0
mprotect(0x401d5000, 4096, PROT_READ)   = 0
mprotect(0x401bc000, 4096, PROT_READ)   = 0
mprotect(0x4019d000, 8192, PROT_READ)   = 0
mprotect(0x4005d000, 4096, PROT_READ)   = 0
mprotect(0x40032000, 4096, PROT_READ)   = 0
mprotect(0x40023000, 4096, PROT_READ)   = 0
munmap(0x4001d000, 17972)               = 0
set_tid_address(0x402218a8)             = 9539
set_robust_list(0x402218b0, 0xc)        = 0
rt_sigaction(SIGRTMIN, {0x401a6d90, [], SA_SIGINFO|0x4000000}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {0x401a6c64, [], SA_RESTART|SA_SIGINFO|0x4000000}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM_INFINITY}) = 0
brk(0)                                  = 0x26000
brk(0x47000)                            = 0x47000
open("/proc/mounts", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4001d000
read(3, "rootfs / rootfs rw 0 0\nubi0:root"..., 1024) = 1024
read(3, "fs.xino,noplink,create=mfs,sum,b"..., 1024) = 428
read(3, "", 1024)                       = 0
close(3)                                = 0
munmap(0x4001d000, 4096)                = 0
access("/etc/selinux/", F_OK)           = 0
open("/etc/selinux/config", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TIOCGWINSZ, {ws_row=52, ws_col=153, ws_xpixel=918, ws_ypixel=728}) = 0
stat64("Inbox", {st_mode=S_IFDIR|0777, st_size=4096, ...}) = 0
socket(PF_FILE, SOCK_STREAM, 0)         = 3
fcntl64(3, F_GETFL)                     = 0x2 (flags O_RDWR)
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK)  = 0
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3)                                = 0
socket(PF_FILE, SOCK_STREAM, 0)         = 3
fcntl64(3, F_GETFL)                     = 0x2 (flags O_RDWR)
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK)  = 0
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3)                                = 0
open("/etc/nsswitch.conf", O_RDONLY)    = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=1696, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4001d000
read(3, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1696
read(3, "", 4096)                       = 0
close(3)                                = 0
munmap(0x4001d000, 4096)                = 0
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=17972, ...}) = 0
mmap2(NULL, 17972, PROT_READ, MAP_PRIVATE, 3, 0) = 0x4001d000
close(3)                                = 0
open("/lib/libnss_files.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\304\27\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=49256, ...}) = 0
mmap2(NULL, 70316, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x40223000
mprotect(0x4022c000, 28672, PROT_NONE)  = 0
mmap2(0x40233000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x8) = 0x40233000
close(3)                                = 0
mprotect(0x40233000, 4096, PROT_READ)   = 0
munmap(0x4001d000, 17972)               = 0
open("/etc/passwd", O_RDONLY)           = 3
fcntl64(3, F_GETFD)                     = 0
fcntl64(3, F_SETFD, FD_CLOEXEC)         = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=1661, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4001d000
read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1661
close(3)                                = 0
munmap(0x4001d000, 4096)                = 0
socket(PF_FILE, SOCK_STREAM, 0)         = 3
fcntl64(3, F_GETFL)                     = 0x2 (flags O_RDWR)
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK)  = 0
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3)                                = 0
socket(PF_FILE, SOCK_STREAM, 0)         = 3
fcntl64(3, F_GETFL)                     = 0x2 (flags O_RDWR)
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK)  = 0
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3)                                = 0
open("/etc/group", O_RDONLY)            = 3
fcntl64(3, F_GETFD)                     = 0
fcntl64(3, F_SETFD, FD_CLOEXEC)         = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=700, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4001d000
read(3, "root:x:0:root\nbin:x:1:root,bin,d"..., 4096) = 700
close(3)                                = 0
munmap(0x4001d000, 4096)                = 0
open("Inbox", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = -1 EACCES (Permission denied)
write(2, "ls: ", 4ls: )                     = 4
write(2, "Inbox", 5Inbox)                    = 5
write(2, ": Permission denied", 19: Permission denied)     = 19
write(2, "\n", 1
)                       = 1
close(1)                                = 0
exit_group(2)                           = ?

第二次编辑:为迈克详细说明。

收件箱位于以下位置

/home/admin/MyLibrary/MyVideos/Inbox
/home/admin/MyLibrary/MyVideos/Movies

该系统是一个 Netgear Stora NAS 盒,我有 root 访问权限。/home/ 文件夹作为 smb 共享安装在房子周围的各种计算机上。文件夹 /Inbox 无法在任何这些机器上打开(它们都以“admin”身份连接)。当我使用“admin”凭据通过 ssh 进入盒子时,我也无法访问该文件夹。该文件夹是通过 NAS 上托管的 Web Admin 页面创建的。Inbox 文件夹的用户/组以前是 apache:www(预计该文件夹是由 Web 应用程序创建的),但我以 root 用户的身份 chmod/chowned 该文件夹,试图授予管理员用户(因此其余连接的机器)访问文件的权限。很抱歉之前没有包括这一点,我不确定它是否相关,也不想混淆情况。

-谢谢

第三次编辑再次抱歉 - 看起来这个 NAS 运行的是 Red Hat 的一些自定义版本,而不是之前所说的 Debian - 我不确定这是否有区别

答案1

这肯定不是 SELinux,但看起来你可能对该文件夹有 ACL。你可以通过运行 getfacl 来验证。以下是示例:

[root@localhost ~]# getfacl install.log
# file: install.log
# owner: root
# group: root
user::rw-
group::r--
other::r--

这可能解释了为什么您无法以管理员用户身份访问它,即使您拥有完全权限。

为了解决这个问题,您需要使用 setfacl 修改 acl,以提供对该文件夹的完全访问权限或允许管理员用户访问该文件夹。再次,以下是一个例子:

[root@localhost ~]# setfacl -m u:apache:rx install.log
[root@localhost ~]# getfacl install.log
# file: install.log
# owner: root
# group: root
user::rw-
user:apache:r-x
group::r--
mask::r-x
other::r--

如果您熟悉 Unix 风格的权限,那么您就会掌握它。请执行“man setfacl”以获取有关使用 setfacl 的更多说明。

编辑:我检查了一下,XFS 支持 acl。所以很有可能是这个。

以下页面可以更好地说明如何使用它们:

http://www.vanemery.com/Linux/ACL/linux-acl.html

答案2

您可以在这里找到答案:http://www.openstora.com/phpBB3/viewtopic.php?f=1&t=1506

您的 NAS 可能设置了 JBOD,权限不匹配。查看 /mnt/disk1 和 /mnt/disk2,并检查每个权限。您会发现它们不匹配。在两个地方将它们更改为正确的用户,您便可以访问。

答案3

SELinux 是否已启用。您可以在 /home/admin/MyLibrary/MyVideos/Inbox 上运行 ls -Z 吗?

相关内容