从 ubuntu 12.04 升级到 14.04 后,我遇到了一个奇怪的 ping 问题。我无法使用主机名进行 ping,但使用 ip 可以。我没有遇到其他服务或程序的 DNS 问题。我可以以普通用户身份工作,但不能以 root 身份工作。作为 root 用户,host 和 dig 可以将 dnsname 解析为 ip。busybox ping 也可以使用主机名。
这是错误:
root@myhost:~# ping ubuntu.com
ping: unknown host ubuntu.com
这有效:
root@myhost:~# host ubuntu.com
ubuntu.com has address 91.189.94.40
ubuntu.com mail is handled by 10 mx.canonical.com.
root@myhost:~# ping 91.189.94.40 -c 1
PING 91.189.94.40 (91.189.94.40) 56(84) bytes of data.
64 bytes from 91.189.94.40: icmp_seq=1 ttl=53 time=16.1 ms
root@myhost:~# busybox ping ubuntu.com -c 1
PING ubuntu.com (91.189.94.40): 56 data bytes
64 bytes from 91.189.94.40: seq=0 ttl=53 time=16.189 ms
user@myhost:~$ ping ubuntu.com -c 1
PING ubuntu.com (91.189.94.40) 56(84) bytes of data.
64 bytes from ovinnik.canonical.com (91.189.94.40): icmp_seq=1 ttl=53 time=16.1 ms
文件 /etc/nsswitch.conf
root@myhost:~# cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: compat
group: compat
shadow: compat
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
一些额外的信息。感谢 strace 提示。appamor 未处于活动状态。
strace:打开 /etc/resolv.conf 似乎有问题,但 root 工作时问题较少
root@myhost:~# strace -e open ping -c 1 ubuntu.com
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
open("/lib/x86_64-linux-gnu/libcap.so.2", O_RDONLY|O_CLOEXEC) = 3
open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
open("/etc/resolv.conf", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/lib/x86_64-linux-gnu/tls/x86_64/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/lib/x86_64-linux-gnu/tls/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/lib/x86_64-linux-gnu/x86_64/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/lib/x86_64-linux-gnu/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/usr/lib/x86_64-linux-gnu/tls/x86_64/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/usr/lib/x86_64-linux-gnu/tls/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/usr/lib/x86_64-linux-gnu/x86_64/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/usr/lib/x86_64-linux-gnu/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/lib/tls/x86_64/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/lib/tls/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/lib/x86_64/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/lib/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/usr/lib/tls/x86_64/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/usr/lib/tls/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/usr/lib/x86_64/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/usr/lib/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
ping: unknown host ubuntu.com
+++ exited with 2 +++
获取:
root@myhost:~# getent 主机 ubuntu.com 91.189.94.40 ubuntu.com
获取cap:
root@myhost:~# getcap -rv /bin/ping
/bin/ping
权限:
root@myhost:/etc# ls -lha /etc/resolv.conf
lrwxrwxrwx 1 root root 29 Jan 9 11:11 /etc/resolv.conf -> ../run/resolvconf/resolv.conf
root@myhost:/etc# ls -lha /run/resolvconf/resolv.conf
-rw-r--r-- 1 root root 237 Jan 10 08:52 /run/resolvconf/resolv.conf
root@myhost:/etc# ls -lha /etc/hosts
-rw-r--r-- 1 root root 485 Jan 8 09:15 /etc/hosts
root@myhost:/etc# ls -lha /etc/nsswitch.conf
-rw-r--r-- 1 root root 513 Jan 8 09:08 /etc/nsswitch.conf
resolv.conf:(与另一台主机上相同,可以正常工作)
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 213.133.98.98
nameserver 213.133.99.99
nameserver 213.133.100.100
答案1
输出strace显示,就在放弃权限的位置,每次调用ping都会出现错误。这表明权限问题是根本原因。EACCESopen
/etc由于、/lib和上的路径/usr都受到问题的影响,因此最明显的检查就是 上的权限/。以下是它们在健康的 Ubuntu 14.04 系统上的样子:
$ ls -ld /
drwxr-xr-x 23 root root 4096 Jan 7 16:55 /
在你的情况下,x所有者缺少特权
drw-r-xr-x 26 root root 4096 Dec 30 23:09 /
这种特定情况会导致问题,因为某个进程已经失去了访问文件系统中任何文件的能力,但保留了用户 ID 0。