我使用 isc-dhcp-server 在 ubuntu 18:04 上创建了一个 DHCP 服务器,该服务器正常运行。我想运行位于 /user/sbin 中的脚本,但出现权限被拒绝的错误,退出状态为 32512。这可能是权限错误,但我不是专家。这是我的 dhcp 服务器,位于:
/etc/dhcp/dhcpd.conf
default-lease-time 86400;
max-lease-time 7200;
ignore client-updates;
authoritative;
use-host-decl-names on;
log-facility local7;
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.101 192.168.1.150;
option subnet-mask 255.255.255.0;
option routers 192.168.1.3;
option domain-name-servers 192.168.1.100;
ddns-rev-domainname "in-addr.arpa.";
}
on commit {
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
set ClientMac = binary-to-ascii(16, 8, ":", substring(hardware, 1, 6));
log(concat("Commit: IP: ", ClientIP, " Mac: ", ClientMac));
execute("/usr/sbin/update_DB.sh", "commit", ClientIP, ClientMac);
}
/var/log/syslog
Apr 8 14:28:05 dhcp dhcpd[1223]: Commit: IP: 192.168.1.102 Mac: XXX
Apr 8 14:28:05 dhcp dhcpd[1223]: execute_statement argv[0] = /usr/sbin/update_DB.sh
Apr 8 14:28:05 dhcp dhcpd[1223]: execute_statement argv[1] = commit
Apr 8 14:28:05 dhcp dhcpd[1223]: execute_statement argv[2] = 192.168.1.102
Apr 8 14:28:05 dhcp dhcpd[1223]: execute_statement argv[3] = XXX
Apr 8 14:28:05 dhcp dhcpd[1227]: Unable to execute /usr/sbin/update_DB.sh: Permission denied
Apr 8 14:28:05 dhcp dhcpd[1223]: execute: /usr/sbin/update_DB.sh exit status 32512
/usr/sbin/update_DB.sh
#!/bin/bash
echo "Hello world!"
有人知道怎么解决吗?谢谢!
答案1
解决了!
运行:dmesg | grep dhcp
我注意到了这样的消息:
apparmor="DENIED" operation="exec" namespace="root//lxd-dhcp_" profile="/usr/sbin/dhcpd" name="/var/lib/dhcp/bin/myscript.sh" pid=9646 comm="dhcpd" requested_mask="x" denied_mask="x" fsuid=165647 ouid=165536
因此,问题在于 apparmor 阻止了我的脚本。我修改了,通过添加 到文件/etc/apparmor.d/usr.sbin.dhcpd允许执行。/usr/sbin/update_DB.sh/usr/sbin/update_DB.sh r