linux - 无法触摸 `/var/run/myfile/myfile.pid' : Permission denied

Question

我的 /var/run/myfile 的权限是:

-rwxr-xr-x 1 opentsdb opentsdb 2861 Nov  2 11:31 /etc/init.d/opentsdb

运行 opentsdb 的脚本包含以下行:

EDIT: 
$PID_FILE = myfile.pid
$TSD_USER = opentsdb

if start-stop-daemon --test --start --pidfile "$PID_FILE" \
--user "$TSD_USER" --exec "$JAVA_HOME/bin/java" \
>/dev/null; then   touch "$PID_FILE" &&  chown "$TSD_USER":"$TSD_GROUP" "$PID_FILE"

touch "$PID_FILE" && chown "$TSD_USER":"$TSD_GROUP" "$PID_FILE"

在运行脚本时我得到这个错误:

touch: cannot touch `/var/run/myfile/myfile.pid': Permission denied
start-stop-daemon: unable to open myfile '/var/run/myfile/myfile.pid' for writing (Permission denied)

我已经做了一个

sudo chown opentsdb:opentsdb /var/run/myfile

并将用户和组更改为 opentsdb 也做了一个

sudo chmod 755 /var/run/myfile 

并更改了权限。

"touch" 命令是否需要一些特殊权限？

并且由于触摸无法成功，因此未创建 myfile.pid 且 myfile 文件夹为空!

编辑:在执行 sudo touch 和 sudo chown 时，我可以创建文件，但我不想以 sudo 运行!

我在这里完全感到困惑!

Answer 1

没有。您不需要对 touch 命令的特殊许可。您也不应该摆弄系统目录的权限，因为这具有安全隐患 - 正如您所发现的。

请确认

1. 脚本使用有效用户 ID opentsdb 执行。 See the docs for details about setuid
2. 请确保 upstart 脚本由用户 root 和组 root 拥有，并将其权限设置为 0644
3. 通过执行以下操作确保 /var/run/myfile 是一个目录sudo rm -rf/var/run/myfile && sudo install -o opentsdb -m 0755 -d/var/run/mydir

4. 如果您使用的是 upstart，请在 /etc/init 中编辑您的 upstart 脚本，如下所示

   # You can omit 4 - it is a run level for custom use, but then...
   start on runlevel [345]
   # ... add it here
   stop on runlevel [0126]
   
   pre-start script
   # Sanitizing environment
   # The contents of var run are _not_ guaranteed to persist over reboot
   if [ ! -d /var/run/mydir ]
   then
     install -m 0755 -o opentsdb -d /var/run/mydir
   else
     chown opentsdb.opentsdb /var/run/mydir
     chmod 0755 /var/run/mydir
   fi
   
   # Remove stale pidfile if it exists
   # Note that if your process does not fork
   # this can be omitted, as upstart will keep track of
   # your processes pid automatically - same goes for the piddir.
   if [ -e /var/run/mydir/myfile.pid ]
   then
     rm /var/run/mydir/myfile.pid
   fi
   end script
   
   # Set this to the numeric uid for opentsdb
   # as shown in /etc/passwd
   setuid 1234
   
   # Same as for setuid, but for the primary group as it can be found
   # in /etc/group 
   setgid 1234
   
   # This is critical!
   # Read http://upstart.ubuntu.com/cookbook/#expect _very carefully_
   # This one assumes that your process forks to background
   expect fork
   
   script
    # Do your stuff here - but don't fiddle with permissions
   end script
   

(请滚动上面...)