无法触及`/var/run/myfile/myfile.pid'：权限被拒绝

Question

我/var/run/myfile的权限是：

-rwxr-xr-x 1 opentsdb opentsdb 2861 Nov  2 11:31 /etc/init.d/opentsdb

运行opentsdb的脚本包含以下行：

EDIT: 
$PID_FILE = myfile.pid
$TSD_USER = opentsdb

if start-stop-daemon --test --start --pidfile "$PID_FILE" \
--user "$TSD_USER" --exec "$JAVA_HOME/bin/java" \
>/dev/null; then   touch "$PID_FILE" &&  chown "$TSD_USER":"$TSD_GROUP" "$PID_FILE"

touch "$PID_FILE" && chown "$TSD_USER":"$TSD_GROUP" "$PID_FILE"

在运行脚本时我收到此错误：

touch: cannot touch `/var/run/myfile/myfile.pid': Permission denied
start-stop-daemon: unable to open myfile '/var/run/myfile/myfile.pid' for writing (Permission denied)

我已经完成了

sudo chown opentsdb:opentsdb /var/run/myfile

并将用户和组更改为opentsdb  还做了一个

sudo chmod 755 /var/run/myfile 

并更改了权限。

我是否需要"touch"命令的特殊权限？

由于触摸无法成功，因此未创建myfile.pid且myfile文件夹为空！

编辑： 做sudo touch和sudo chown我可以创建文件，但我不想以sudo身份运行！

我在这里完全不知所措！

Answer 1

没有。您不需要touch命令的特殊权限。您也不应该使用系统目录的权限，因为这会产生安全隐患 - 正如您所发现的那样。

请确保

1. 使用有效的用户标识opentsdb执行脚本。 See the docs for details about setuid
2. 请确保upstart脚本归用户root和group root所有，并将其权限设置为0644
3. 通过执行操作确保/var/run/myfile是一个目录 sudo rm -rf /var/run/myfile && sudo install -o opentsdb -m 0755 -d /var/run/mydir

4. 如果您使用的是upstart，请在 / etc / init 中编辑您的upstart脚本，如下所示

   # You can omit 4 - it is a run level for custom use, but then...
   start on runlevel [345]
   # ... add it here
   stop on runlevel [0126]
   
   pre-start script
   # Sanitizing environment
   # The contents of var run are _not_ guaranteed to persist over reboot
   if [ ! -d /var/run/mydir ]
   then
     install -m 0755 -o opentsdb -d /var/run/mydir
   else
     chown opentsdb.opentsdb /var/run/mydir
     chmod 0755 /var/run/mydir
   fi
   
   # Remove stale pidfile if it exists
   # Note that if your process does not fork
   # this can be omitted, as upstart will keep track of
   # your processes pid automatically - same goes for the piddir.
   if [ -e /var/run/mydir/myfile.pid ]
   then
     rm /var/run/mydir/myfile.pid
   fi
   end script
   
   # Set this to the numeric uid for opentsdb
   # as shown in /etc/passwd
   setuid 1234
   
   # Same as for setuid, but for the primary group as it can be found
   # in /etc/group 
   setgid 1234
   
   # This is critical!
   # Read http://upstart.ubuntu.com/cookbook/#expect _very carefully_
   # This one assumes that your process forks to background
   expect fork
   
   script
    # Do your stuff here - but don't fiddle with permissions
   end script
   

（请滚动以上内容......）

Answer 2

您是否在尝试触摸之前设置了用户 - 我假设您不希望您的进程以root用户身份运行。

... su - $TSD_USER && touch "$PID_FILE" ...

我为运行Tomcat做了类似的事情

... RETVAL=0 start(){ echo "Author: Modified from Brandon Klimek's script " echo "URL: http://blog.sixthpoint.com/tomcat-service-script/ " echo "Starting Tomcat 7: " su - $TOMCAT_USER -c "$CATALINA_HOME/bin/startup.sh" RETVAL=$? echo [ $RETVAL -eq 0 ] && touch $LOCKFILE return $RETVAL } ...

HTH