dhcpd: Can't create PID file /run/dhcp-server/dhcpd.pid: Permission denied.
service isc-dhcp-server start
在 Ubuntu 15.10 上启动 isc_dhcp_server 时在 /var/log/syslog 中此处报告错误软件包的版本是4.3.1-5ubuntu3
进程命令dhcpd -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid -cf /etc/dhcp/dhcpd.conf eth0
来自/etc/init.d/isc-dhcp-server
文件
user@host: /$ cat /etc/init.d/isc-dhcp-server
#!/bin/sh
#
#
### BEGIN INIT INFO
# Provides: isc-dhcp-server
# Required-Start: $remote_fs $network $syslog
# Required-Stop: $remote_fs $network $syslog
# Should-Start: $local_fs slapd $named
# Should-Stop: $local_fs slapd
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: DHCP server
# Description: Dynamic Host Configuration Protocol Server
### END INIT INFO
PATH=/sbin:/bin:/usr/sbin:/usr/bin
test -f /usr/sbin/dhcpd || exit 0
DHCPD_DEFAULT="${DHCPD_DEFAULT:-/etc/default/isc-dhcp-server}"
# It is not safe to start if we don't have a default configuration...
if [ ! -f "$DHCPD_DEFAULT" ]; then
echo "$DHCPD_DEFAULT does not exist! - Aborting..."
if [ "$DHCPD_DEFAULT" = "/etc/default/isc-dhcp-server" ]; then
echo "Run 'dpkg-reconfigure isc-dhcp-server' to fix the problem."
fi
exit 0
fi
. /lib/lsb/init-functions
# Read init script configuration
[ -f "$DHCPD_DEFAULT" ] && . "$DHCPD_DEFAULT"
NAME=dhcpd
DESC="ISC DHCP server"
# fallback to default config file
DHCPD_CONF=${DHCPD_CONF:-/etc/dhcp/dhcpd.conf}
# try to read pid file name from config file, with fallback to /var/run/dhcpd.pid
if [ -z "$DHCPD_PID" ]; then
DHCPD_PID=$(sed -n -e 's/^[ \t]*pid-file-name[ \t]*"(.*)"[ \t]*;.*$/\1/p' < "$DHCPD_CONF" 2>/dev/null | head -n 1)
fi
DHCPD_PID="${DHCPD_PID:-/var/run/dhcpd.pid}"
test_config()
{
if ! /usr/sbin/dhcpd -t $OPTIONS -q -cf "$DHCPD_CONF" > /dev/null 2>&1; then
echo "dhcpd self-test failed. Please fix $DHCPD_CONF."
echo "The error was: "
/usr/sbin/dhcpd -t $OPTIONS -cf "$DHCPD_CONF"
exit 1
fi
touch /var/lib/dhcp/dhcpd.leases
}
# single arg is -v for messages, -q for none
check_status()
{
if [ ! -r "$DHCPD_PID" ]; then
test "$1" != -v || echo "$NAME is not running."
return 3
fi
if read pid < "$DHCPD_PID" && ps -p "$pid" > /dev/null 2>&1; then
test "$1" != -v || echo "$NAME is running."
return 0
else
test "$1" != -v || echo "$NAME is not running but $DHCPD_PID exists."
return 1
fi
}
case "$1" in
start)
test_config
log_daemon_msg "Starting $DESC" "$NAME"
start-stop-daemon --start --quiet --pidfile "$DHCPD_PID" \
--exec /usr/sbin/dhcpd -- \
-q $OPTIONS -cf "$DHCPD_CONF" -pf "$DHCPD_PID" $INTERFACES
sleep 2
if check_status -q; then
log_end_msg 0
else
log_failure_msg "check syslog for diagnostics."
log_end_msg 1
exit 1
fi
;;
stop)
log_daemon_msg "Stopping $DESC" "$NAME"
start-stop-daemon --stop --quiet --pidfile "$DHCPD_PID"
log_end_msg $?
rm -f "$DHCPD_PID"
;;
restart | force-reload)
test_config
$0 stop
sleep 2
$0 start
if [ "$?" != "0" ]; then
exit 1
fi
;;
status)
echo -n "Status of $DESC: "
check_status -v
exit "$?"
;;
*)
echo "Usage: $0 {start|stop|restart|force-reload|status}"
exit 1
esac
exit 0
答案1
我也在实际的票上做出了回应,但是在 15.10......
它看起来像 /lib/systemd/system/isc-dhcp-server.service 中的行:
exec dhcpd -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid -cf $CONFIG_FILE $INTERFACES'
是硬编码的,并忽略来自 /etc/default/isc-dhcp-server 的 DHCPD_PID 变量。
我认为应该是:
exec dhcpd -user dhcpd -group dhcpd -f -4 -pf $DHCPD_PID -cf $CONFIG_FILE $INTERFACES'
改变之后,你必须运行
systemctl daemon-reload
然后,您必须在 /etc/default/isc-dhcp-server 中设置值,因为如果不这样做,则不会给出默认值,并且服务无法启动。
DHCPD_PID=/var/run/dhcp-server/dhcpd.pid
然后该文件还存在其他问题,例如它总是尝试运行:
ExecStartPre=/bin/chown dhcpd:dhcpd /run/dhcp-server
无论指定路径如何。我不确定预期的行为是什么,但这两个更改帮我解决了这个问题。
但是之后
AppArmor 阻止了文件的写入。我不太熟悉它,但我添加了
capability dac_override,
到 /etc/apparmor.d/usr.sbin.dhcpd 附近的其他功能,重新启动服务,现在我有一个 PID 文件。
看起来这个包有几个问题。
答案2
我在没有 systemd 的 Ubuntu Vivid 15.04 上遇到了同样的问题。
审计:类型 = 1400 审计(1453391318.882:44):apparmor =“DENIED”操作 =“capable”配置文件 =“/usr/sbin/dhcpd”pid = 15957 comm =“dhcpd”功能 = 1 capname =“dac_override”审计:类型 = 1400 审计(1453391318.882:45):apparmor =“DENIED”操作 =“capable”配置文件 =“/usr/sbin/dhcpd”pid = 15957 comm =“dhcpd”功能 =2 capname =“dac_read_search”
我将这两行添加到/etc/apparmor.d/usr.sbin.dhcpd
capability dac_override,
capability dac_read_search,
線下capability setuid,
。
然后apparmor_parser -r /etc/apparmor.d/usr.sbin.dhcpd
然后stop isc-dhcp-server; start isc-dhcp-server
答案3
isc-dhcp-server(IPv4)和 isc-dhcp-server6(IPv6)共享同一个 tmpfolder/run/dhcp-server/
来保存 PID。
如果未配置 DHCPv6,它会破坏该/run/dhcp-server/
文件夹并且 DHCPv4 无法使用它。
解决方案是禁用 DHCPv6 服务 ( systemctl disable isc-dhcp-server6
) 或将 PID 文件放在不同的文件夹中。一个用于 IPv4 ( /run/dhcpv4/
),另一个用于 IPv6 ( /run/dhcpv6/
)。