基本上我试图从php网页重启服务.
这是代码:
但是/var/log/httpd/error_log,我知道了
无法改为sudoers gid:不允许操作
在/ var/log/messages中,我明白了
9月22日15:01:56 ri kernel:audit(1222063316.536:777):avc:被拒绝{getattr} for pid = 4851 comm ="sh"name ="var"dev = dm-0 ino = 114241 scontext = root:system_r :httpd_sys_script_t tcontext = system_u:object_r:var_t tclass = dir
9月22日15:01:56 ri kernel:audit(1222063316.549:778):avc:denied {setrlimit} for pid = 4851 comm ="sudo"scontext = root:system_r: httpd_sys_script_t tcontext = root:system_r:httpd_sys_script_t tclass = process
9月22日15:01:56 ri kernel:audit(1222063316.565:779):avc:拒绝{read} for pid = 4851 comm ="sudo"name ="shadow"dev = dm-0 ino = 379669 scontext = root:system_r:httpd_sys_script_t tcontext = system_u:object_r:shadow_t tclass = file
9月22日15:01:56 ri kernel:audit(1222063316.568:780):avc:拒绝{read} for pid = 4851 comm ="sudo"name ="shadow"dev = dm-0 ino = 379669 scontext = root:system_r :httpd_sys_script_t tcontext = system_u:object_r:shadow_t tclass = file
9月22日15:01:56 ri kernel:audit(1222063316.571:781):avc:被拒绝{setgid} for pid = 4851 comm ="sudo"capability = 6 scontext = root :system_r:httpd_sys_script_t tcontext = root:system_r:httpd_sys_script_t tclass = capability
9月22日15:01:56 ri kernel:audit(1222063316.574:782):avc:拒绝{setuid} for pid = 4851 comm ="sudo"capability = 7 scontext = root:system_r:httpd_sys_script_t tcontext = root:system_r:httpd_sys_script_t tclass = capability
9月22日15:01:56 ri kernel:audit(1222063316.577:783):avc:拒绝{setgid} for pid = 4851 comm ="sudo"capability = 6 scontext = root:system_r:httpd_sys_script_t tcontext = root:system_r:httpd_sys_script_t tclass =能力
在我的visudo中,我添加了这些线条
User_Alias WWW = apache
WWW ALL =(全部)NOPASSWD:全部
你能帮我么 ?难道我做错了什么 ?
谢谢你的帮助,
tiBoun
问题不在于sudo,而是SELinux,它(合理地)设置为拒绝HTTPD获得root权限.
您需要明确允许这个(您可以使用audit2allow),或者将SELinux设置为允许.我建议前者.
您获得的错误似乎与您的SELinux配置有关.您可以尝试暂时禁用它.
顺便说一句,我强烈建议你调整你的sudo配置以限制更多.
User_Alias WWW=apache Cmnd_Alias WEBCMDS=/etc/init.d/portmap WWW ALL=NOPASSWD: WEBCMDS
京公网安备 11010802040832号 | 京ICP备19059560号-6 
