chown 操作不允许

tag-icon tag-icon sudo python3 chown jupyter
chown 操作不允许

我原本做过Stack Overflow 帖子

这个命令导致我的 Jupyter Notebook 出现错误(在 SO 帖子中详细说明):

! chown -R daemon:daemon elasticsearch-7.9.2

给出许多这样的输出:

chown: changing ownership of ‘elasticsearch-7.9.2/NOTICE.txt’: Operation not permitted
...
---------------------------------------------------------------------------
SubprocessError                           Traceback (most recent call last)
<ipython-input-25-5f043305a2ca> in <module>
      8 es_server = Popen(['elasticsearch-7.9.2/bin/elasticsearch'],
      9                    stdout=PIPE, stderr=STDOUT,
---> 10                    preexec_fn=lambda: os.setuid(1)  # as daemon
     11                   )
     12 # wait until ES has started

~/anaconda3/envs/mxnet_latest_p37/lib/python3.7/subprocess.py in __init__(self, args, bufsize, executable, stdin, stdout, stderr, preexec_fn, close_fds, shell, cwd, env, universal_newlines, startupinfo, creationflags, restore_signals, start_new_session, pass_fds, encoding, errors, text)
    798                                 c2pread, c2pwrite,
    799                                 errread, errwrite,
--> 800                                 restore_signals, start_new_session)
    801         except:
    802             # Cleanup if the child failed starting.

~/anaconda3/envs/mxnet_latest_p37/lib/python3.7/subprocess.py in _execute_child(self, args, executable, preexec_fn, close_fds, pass_fds, cwd, env, startupinfo, creationflags, shell, p2cread, p2cwrite, c2pread, c2pwrite, errread, errwrite, restore_signals, start_new_session)
   1550                             err_msg += ': ' + repr(err_filename)
   1551                     raise child_exception_type(errno_num, err_msg, err_filename)
-> 1552                 raise child_exception_type(err_msg)
   1553 
   1554 

SubprocessError: Exception occurred in preexec_fn.
---------------------------------------------------------------------------
SubprocessError                           Traceback (most recent call last)
<ipython-input-25-5f043305a2ca> in <module>
      8 es_server = Popen(['elasticsearch-7.9.2/bin/elasticsearch'],
      9                    stdout=PIPE, stderr=STDOUT,
---> 10                    preexec_fn=lambda: os.setuid(1)  # as daemon
     11                   )
     12 # wait until ES has started

~/anaconda3/envs/mxnet_latest_p37/lib/python3.7/subprocess.py in __init__(self, args, bufsize, executable, stdin, stdout, stderr, preexec_fn, close_fds, shell, cwd, env, universal_newlines, startupinfo, creationflags, restore_signals, start_new_session, pass_fds, encoding, errors, text)
    798                                 c2pread, c2pwrite,
    799                                 errread, errwrite,
--> 800                                 restore_signals, start_new_session)
    801         except:
    802             # Cleanup if the child failed starting.

~/anaconda3/envs/mxnet_latest_p37/lib/python3.7/subprocess.py in _execute_child(self, args, executable, preexec_fn, close_fds, pass_fds, cwd, env, startupinfo, creationflags, shell, p2cread, p2cwrite, c2pread, c2pwrite, errread, errwrite, restore_signals, start_new_session)
   1550                             err_msg += ': ' + repr(err_filename)
   1551                     raise child_exception_type(errno_num, err_msg, err_filename)
-> 1552                 raise child_exception_type(err_msg)
   1553 
   1554 

SubprocessError: Exception occurred in preexec_fn.

附加sudo似乎可以部分解决我的问题,因为Operation not permitted语句不再出现:

! sudo chown -R daemon:daemon elasticsearch-7.9.2

然而,SubprocessError回溯仍然存在。

如何授予 Python 或内核或 AWS SageMaker 根权限?

答案1

有两种可能以 root 权限运行程序或脚本。

  1. 使用sudo: 而不是 来运行它。配置可能有助于它不要求输入此特定文件的密码。您可以通过将文件(任意名称)放入包含以下内容的目录中来实现这一点:/path/to/your/script.pysudo /path/to/your/script.pysudo/etc/sudoers.d

    ALL ALL=(root) NOPASSWD: /path/to/your/script.py

  2. 用一个setuid 位。此方法主要用于二进制程序,因为对于脚本(如 Python 脚本),Linux 出于安全原因会忽略 setuid 位。但是,可以通过二进制包装器,即非常小的二进制程序,除了调用脚本外什么都不做。然后,您应该将chown二进制程序设置为 root 并使用 设置 setuid 位chmod u+s /path/to/your/binary。具有 setuid 位的程序以其所有者的权限运行 - 即在本例中为 root。

    包装程序可以用 C 语言编写,如下所示:

    #include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>
#include <sys/wait.h>

int main()
{
  int rc;
  setuid( 0 );
  rc=WEXITSTATUS(system( "/path/to/your/script.py" ));
  exit(rc);
}

    (要编译 C 程序,您需要安装build-essential包,因为 Ubuntu 上默认没有安装 C 编译器)。

相关内容