isc_dhcp_server 启动错误:`dhcpd:无法创建 PID 文件 /run/dhcp-server/dhcpd.pid:权限被拒绝。`

tag-icon tag-icon dhcpd
isc_dhcp_server 启动错误:`dhcpd:无法创建 PID 文件 /run/dhcp-server/dhcpd.pid:权限被拒绝。`

dhcpd: Can't create PID file /run/dhcp-server/dhcpd.pid: Permission denied.service isc-dhcp-server start在 Ubuntu 15.10 上启动 isc_dhcp_server 时在 /var/log/syslog 中此处报告错误软件包的版本是4.3.1-5ubuntu3

进程命令dhcpd -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid -cf /etc/dhcp/dhcpd.conf eth0来自/etc/init.d/isc-dhcp-server文件

user@host: /$ cat /etc/init.d/isc-dhcp-server                
#!/bin/sh
#
#

### BEGIN INIT INFO
# Provides:          isc-dhcp-server
# Required-Start:    $remote_fs $network $syslog
# Required-Stop:     $remote_fs $network $syslog
# Should-Start:      $local_fs slapd $named
# Should-Stop:       $local_fs slapd
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: DHCP server
# Description:       Dynamic Host Configuration Protocol Server
### END INIT INFO

PATH=/sbin:/bin:/usr/sbin:/usr/bin

test -f /usr/sbin/dhcpd || exit 0

DHCPD_DEFAULT="${DHCPD_DEFAULT:-/etc/default/isc-dhcp-server}"

# It is not safe to start if we don't have a default configuration...
if [ ! -f "$DHCPD_DEFAULT" ]; then
        echo "$DHCPD_DEFAULT does not exist! - Aborting..."
        if [ "$DHCPD_DEFAULT" = "/etc/default/isc-dhcp-server" ]; then
                echo "Run 'dpkg-reconfigure isc-dhcp-server' to fix the problem."
        fi
        exit 0
fi

. /lib/lsb/init-functions

# Read init script configuration
[ -f "$DHCPD_DEFAULT" ] && . "$DHCPD_DEFAULT"

NAME=dhcpd
DESC="ISC DHCP server"
# fallback to default config file
DHCPD_CONF=${DHCPD_CONF:-/etc/dhcp/dhcpd.conf}
# try to read pid file name from config file, with fallback to /var/run/dhcpd.pid
if [ -z "$DHCPD_PID" ]; then
        DHCPD_PID=$(sed -n -e 's/^[ \t]*pid-file-name[ \t]*"(.*)"[ \t]*;.*$/\1/p' < "$DHCPD_CONF" 2>/dev/null | head -n 1)
fi
DHCPD_PID="${DHCPD_PID:-/var/run/dhcpd.pid}"

test_config()
{
        if ! /usr/sbin/dhcpd -t $OPTIONS -q -cf "$DHCPD_CONF" > /dev/null 2>&1; then
                echo "dhcpd self-test failed. Please fix $DHCPD_CONF."
                echo "The error was: "
                /usr/sbin/dhcpd -t $OPTIONS -cf "$DHCPD_CONF"
                exit 1
        fi
        touch /var/lib/dhcp/dhcpd.leases
}

# single arg is -v for messages, -q for none
check_status()
{
    if [ ! -r "$DHCPD_PID" ]; then
        test "$1" != -v || echo "$NAME is not running."
        return 3
    fi
    if read pid < "$DHCPD_PID" && ps -p "$pid" > /dev/null 2>&1; then
        test "$1" != -v || echo "$NAME is running."
        return 0
    else
        test "$1" != -v || echo "$NAME is not running but $DHCPD_PID exists."
        return 1
    fi
}

case "$1" in
        start)
                test_config
                log_daemon_msg "Starting $DESC" "$NAME"
                start-stop-daemon --start --quiet --pidfile "$DHCPD_PID" \
                        --exec /usr/sbin/dhcpd -- \
                        -q $OPTIONS -cf "$DHCPD_CONF" -pf "$DHCPD_PID" $INTERFACES
                sleep 2

                if check_status -q; then
                        log_end_msg 0
                else
                        log_failure_msg "check syslog for diagnostics."
                        log_end_msg 1
                        exit 1
                fi
                ;;
        stop)
                log_daemon_msg "Stopping $DESC" "$NAME"
                start-stop-daemon --stop --quiet --pidfile "$DHCPD_PID"
                log_end_msg $?
                rm -f "$DHCPD_PID"
                ;;
        restart | force-reload)
                test_config
                $0 stop
                sleep 2
                $0 start
                if [ "$?" != "0" ]; then
                        exit 1
                fi
                ;;
        status)
                echo -n "Status of $DESC: "
                check_status -v
                exit "$?"
                ;;
        *)
                echo "Usage: $0 {start|stop|restart|force-reload|status}"
                exit 1 
esac

exit 0

答案1

我也在实际的票上做出了回应,但是在 15.10......

它看起来像 /lib/systemd/system/isc-dhcp-server.service 中的行:

exec dhcpd -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid -cf $CONFIG_FILE $INTERFACES'

是硬编码的,并忽略来自 /etc/default/isc-dhcp-server 的 DHCPD_PID 变量。

我认为应该是:

exec dhcpd -user dhcpd -group dhcpd -f -4 -pf $DHCPD_PID -cf $CONFIG_FILE $INTERFACES'

改变之后,你必须运行

systemctl daemon-reload

然后,您必须在 /etc/default/isc-dhcp-server 中设置值,因为如果不这样做,则不会给出默认值,并且服务无法启动。

DHCPD_PID=/var/run/dhcp-server/dhcpd.pid

然后该文件还存在其他问题,例如它总是尝试运行:

ExecStartPre=/bin/chown dhcpd:dhcpd /run/dhcp-server

无论指定路径如何。我不确定预期的行为是什么,但这两个更改帮我解决了这个问题。

但是之后

AppArmor 阻止了文件的写入。我不太熟悉它,但我添加了

capability dac_override,

到 /etc/apparmor.d/usr.sbin.dhcpd 附近的其他功能,重新启动服务,现在我有一个 PID 文件。

看起来这个包有几个问题。

答案2

我在没有 systemd 的 Ubuntu Vivid 15.04 上遇到了同样的问题。

审计:类型 = 1400 审计(1453391318.882:44):apparmor =“DENIED”操作 =“capable”配置文件 =“/usr/sbin/dhcpd”pid = 15957 comm =“dhcpd”功能 = 1 capname =“dac_override”审计:类型 = 1400 审计(1453391318.882:45):apparmor =“DENIED”操作 =“capable”配置文件 =“/usr/sbin/dhcpd”pid = 15957 comm =“dhcpd”功能 =2 capname =“dac_read_search”

我将这两行添加到/etc/apparmor.d/usr.sbin.dhcpd

capability dac_override,
capability dac_read_search,

線下capability setuid,

然后apparmor_parser -r /etc/apparmor.d/usr.sbin.dhcpd

然后stop isc-dhcp-server; start isc-dhcp-server

答案3

isc-dhcp-server(IPv4)和 isc-dhcp-server6(IPv6)共享同一个 tmpfolder/run/dhcp-server/来保存 PID。

如果未配置 DHCPv6,它会破坏该/run/dhcp-server/文件夹并且 DHCPv4 无法使用它。

解决方案是禁用 DHCPv6 服务 ( systemctl disable isc-dhcp-server6) 或将 PID 文件放在不同的文件夹中。一个用于 IPv4 ( /run/dhcpv4/),另一个用于 IPv6 ( /run/dhcpv6/)。

相关内容