Samba 无法通过 systemd 启动

tag-icon tag-icon linux centos samba systemd
Samba 无法通过 systemd 启动

我在 centos 8 上从源代码安装 samba 4.12.6。

当我直接启动 samba 时

/usr/local/samba/sbin/samba

其运行符合预期。

现在我创建一个 systemd 单元:

[Unit]
Description=Samba Active Directory Domain Controller
After=network.target

[Service]
Type=forking
ExecStart=/usr/local/samba/sbin/samba -D
PIDFile=/usr/local/samba/var/run/samba.pid
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=default.target

启动它但失败并显示权限被拒绝

[root@centos-server-01 ~]# systemctl status samba-ad.service
● samba-ad.service - Samba Active Directory Domain Controller
   Loaded: loaded (/etc/systemd/system/samba-ad.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Fri 2020-09-04 19:03:24 CEST; 14s ago
  Process: 1549 ExecStart=/usr/local/samba/sbin/samba -D (code=exited, status=203/EXEC)

Sep 04 19:03:24 centos-server-01 systemd[1]: Starting Samba Active Directory Domain Controller...
Sep 04 19:03:24 centos-server-01 systemd[1]: samba-ad.service: Control process exited, code=exited status=203
Sep 04 19:03:24 centos-server-01 systemd[1]: samba-ad.service: Failed with result 'exit-code'.
Sep 04 19:03:24 centos-server-01 systemd[1]: Failed to start Samba Active Directory Domain Controller.

journalctl显示:

journalctl _PID=1549
-- Logs begin at Fri 2020-09-04 18:00:19 CEST, end at Fri 2020-09-04 19:03:39 CEST. --
Sep 04 19:03:24 centos-server-01 systemd[1549]: samba-ad.service: Failed to execute command: Permission denied
Sep 04 19:03:24 centos-server-01 systemd[1549]: samba-ad.service: Failed at step EXEC spawning /usr/local/samba/sbin/samba: Permission denied

samba 二进制文件是可执行的:

ls -al /usr/local/samba/sbin/
total 2816
-rwxr-xr-x.  1 root root  771608 Sep  2 17:28 eventlogadm
-rwxr-xr-x.  1 root root  331304 Sep  2 17:28 nmbd
-rwxr-xr-x.  1 root root   58280 Sep  2 17:27 samba
-rwxr-xr-x.  1 root root    3616 Sep  1 20:15 samba-gpupdate
.
.

file显示:

/usr/local/samba/sbin/samba: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically li    nked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=3f9ee20e102f467fc    12e1b4bc913472f23dcde0b, not stripped

我总是以 root 身份登录。我读过步骤 EXEC 生成失败...权限被拒绝以及以下内容,但没有帮助。

也许有人能给我一些线索

答案1

SELinux 将 ExecStart 中可以使用的二进制文件限制为已system_u:object_r:bin_t:s0设置属性的路径。通常这些是/usr/bin /usr/sbin /usr/libexec /usr/local/bin目录。您需要将 samba 二进制文件移动到其中一个目录中,或更改 selinux 策略以允许 systemd 使用 /usr/local/samba/sbin/ 中的二进制文件,如下所示:

chcon -R -t bin_t /usr/local/samba/sbin/

相关内容