以 root 身份 ping 无法使用主机名,但使用 ip,普通用户可以

以 root 身份 ping 无法使用主机名,但使用 ip,普通用户可以

从 ubuntu 12.04 升级到 14.04 后,我遇到了一个奇怪的 ping 问题。我无法使用主机名进行 ping,但使用 ip 可以。我没有遇到其他服务或程序的 DNS 问题。我可以以普通用户身份工作,但不能以 root 身份工作。作为 root 用户,host 和 dig 可以将 dnsname 解析为 ip。busybox ping 也可以使用主机名。

这是错误:

root@myhost:~# ping ubuntu.com
ping: unknown host ubuntu.com

这有效:

root@myhost:~# host ubuntu.com
ubuntu.com has address 91.189.94.40
ubuntu.com mail is handled by 10 mx.canonical.com.


root@myhost:~# ping 91.189.94.40 -c 1
PING 91.189.94.40 (91.189.94.40) 56(84) bytes of data.
64 bytes from 91.189.94.40: icmp_seq=1 ttl=53 time=16.1 ms


root@myhost:~# busybox ping ubuntu.com -c 1
PING ubuntu.com (91.189.94.40): 56 data bytes
64 bytes from 91.189.94.40: seq=0 ttl=53 time=16.189 ms


user@myhost:~$ ping ubuntu.com -c 1
PING ubuntu.com (91.189.94.40) 56(84) bytes of data.
64 bytes from ovinnik.canonical.com (91.189.94.40): icmp_seq=1 ttl=53 time=16.1 ms

文件 /etc/nsswitch.conf

root@myhost:~# cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.


passwd:         compat
group:          compat
shadow:         compat


hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
networks:       files


protocols:      db files
services:       db files
ethers:         db files
rpc:            db files


netgroup:       nis

一些额外的信息。感谢 strace 提示。appamor 未处于活动状态。

strace:打开 /etc/resolv.conf 似乎有问题,但 root 工作时问题较少

root@myhost:~# strace -e open ping -c 1 ubuntu.com
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
open("/lib/x86_64-linux-gnu/libcap.so.2", O_RDONLY|O_CLOEXEC) = 3
open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
open("/etc/resolv.conf", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/lib/x86_64-linux-gnu/tls/x86_64/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/lib/x86_64-linux-gnu/tls/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/lib/x86_64-linux-gnu/x86_64/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/lib/x86_64-linux-gnu/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/usr/lib/x86_64-linux-gnu/tls/x86_64/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/usr/lib/x86_64-linux-gnu/tls/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/usr/lib/x86_64-linux-gnu/x86_64/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/usr/lib/x86_64-linux-gnu/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/lib/tls/x86_64/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/lib/tls/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/lib/x86_64/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/lib/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/usr/lib/tls/x86_64/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/usr/lib/tls/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/usr/lib/x86_64/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/usr/lib/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
ping: unknown host ubuntu.com
+++ exited with 2 +++

获取:

root@myhost:~# getent 主机 ubuntu.com 91.189.94.40 ubuntu.com

获取cap:

root@myhost:~# getcap -rv /bin/ping
/bin/ping

权限:

root@myhost:/etc# ls -lha /etc/resolv.conf
lrwxrwxrwx 1 root root 29 Jan  9 11:11 /etc/resolv.conf -> ../run/resolvconf/resolv.conf
root@myhost:/etc# ls -lha /run/resolvconf/resolv.conf
-rw-r--r-- 1 root root 237 Jan 10 08:52 /run/resolvconf/resolv.conf
root@myhost:/etc# ls -lha /etc/hosts
-rw-r--r-- 1 root root 485 Jan  8 09:15 /etc/hosts
root@myhost:/etc# ls -lha /etc/nsswitch.conf
-rw-r--r-- 1 root root 513 Jan  8 09:08 /etc/nsswitch.conf

resolv.conf:(与另一台主机上相同,可以正常工作)

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 213.133.98.98
nameserver 213.133.99.99
nameserver 213.133.100.100

答案1

输出strace显示,就在放弃权限的位置,每次调用ping都会出现错误。这表明权限问题是根本原因。EACCESopen

/etc由于、/lib和上的路径/usr都受到问题的影响,因此最明显的检查就是 上的权限/。以下是它们在健康的 Ubuntu 14.04 系统上的样子:

$ ls -ld /
drwxr-xr-x 23 root root 4096 Jan  7 16:55 /

在你的情况下,x所有者缺少特权

drw-r-xr-x 26 root root 4096 Dec 30 23:09 /

这种特定情况会导致问题,因为某个进程已经失去了访问文件系统中任何文件的能力,但保留了用户 ID 0。

相关内容