Linux常见问题及解决错误.docx

1. locate无法查询文件，提示locate:can no stat () /var/lib/mlocate/mlocate.db:no such file or director解决方法：使用updatedb命令更新一下数据库即可2. 修改httpd.conf中的监听端口为8081，然后重启httpd服务，提示错误解决办法：1.设置色Linux的模式为宽容模式(permissive)1） 查看selinux的模式：getenforce2） 查看selinux的政策（Policy）：sestatus3） 修改selinux的模式：setenforcea) 0：转成permissive宽容模式；b) 1：转成enforcing强制模式；4） 重启httpd服务5） 如果防火墙没有开放TCP8081端口，需要使用iptables添加端口准入6） 重启失效，需要重新设置，或者将SELinux设置为永久宽容模式，但是不建议这样设置，于系统造成不安全2.设置SELinux中允许http的服务的允许端口为需要的端口-待完善3. 重启http的服务提示Starting httpd: httpd: Could not reliably determine the servers fully qualified domain name, using localhost.localdomain for ServerName解决办法：-截图另做1） 修改/etc/httpd/conf/httpd.conf#vi /etc/httpd/conf/httpd.conf. #ServerName :80 ServerName localhost:80.2） 重启httpd服务#service httpd restart4. Samba服务共享目录成功，但是目录中没有文件，只能看见目录名称，共享配置如下sharepath=/home/sharebrowseable=yespublic=yes解决办法：由于SELinux上下文设置出错，不允许共享文件1） 关闭selinux2） 修改上下文5. FTP下载失败文件失败1） 从windows上的cmd中使用ftp连接到linux服务器中，然后可以正常下载所需文件；2） 从linux上使用ftp命令连接到linux服务器中，可以正常切换目录，但是使用ls命令时不能正常显示该目录下所有文件，提示错误信息是“ftp: connect: No route to host”；3） 检查ftp服务状态，两部linux服务器的ftp服务都已开启，且端口21都是出于listen状态；4） 检查防火墙状态，ftp客户端一方的服务器防火墙关闭，目标服务器防火墙打开；5） 把防火墙关闭后，linux ftp客户端可以正常从目标服务器中下载所需文件6. 修改时区，当前时区为PDT，需要修改为CST解决办法：1） 修改/etc/sysconfig/clock文件rootticom # vi /etc/sysconfig/clock rootticom # more /etc/sysconfig/clock ZONE=Asia/Shanghai2） 删除/etc/localtime文件rootticom etc# rm -f localtime 3） 连接时区设置文件到/etc/localtimerootticom etc# ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime4） 重启主机即可rootticom etc# init 67. 与主机网络正常，但是无法使用ssh远程连接Linux主机原因：ssh服务所使用的部分文件权限错误，导致服务无法正常使用解决办法：1） 重启sshd服务，查找是哪些文件权限更改导致无法正常使用ssh服务rootlocalhost network-scripts# service sshd restartStopping sshd: OK Starting sshd: WARNING: UNPROTECTED PRIVATE KEY FILE! Permissions 0777 for /etc/ssh/ssh_host_rsa_key are too open.It is required that your private key files are NOT accessible by others.This private key will be ignored.bad permissions: ignore key: /etc/ssh/ssh_host_rsa_keyCould not load host key: /etc/ssh/ssh_host_rsa_key WARNING: UNPROTECTED PRIVATE KEY FILE! Permissions 0777 for /etc/ssh/ssh_host_dsa_key are too open.It is required that your private key files are NOT accessible by others.This private key will be ignored.bad permissions: ignore key: /etc/ssh/ssh_host_dsa_keyCould not load host key: /etc/ssh/ssh_host_dsa_key/var/empty/sshd must be owned by root and not group or world-writable. FAILED2） 根据提示权限错误修改部分文件权限rootlocalhost network-scripts# cd /etc/ssh/rootlocalhost ssh# lsmoduli ssh_host_dsa_key ssh_host_key.pubssh_config ssh_host_dsa_key.pub ssh_host_rsa_keysshd_config ssh_host_key ssh_host_rsa_key.pubrootlocalhost ssh# lltotal 156-rwxrwxrwx. 1 root root 125811 Nov 13 2014 moduli-rwxrwxrwx. 1 root root 2047 Nov 13 2014 ssh_config-rwxrwxrwx. 1 root root 3879 Nov 13 2014 sshd_config-rwxrwxrwx. 1 root root 668 Nov 17 2014 ssh_host_dsa_key-rwxrwxrwx. 1 root root 590 Nov 17 2014 ssh_host_dsa_key.pub-rwxrwxrwx. 1 root root 963 Nov 17 2014 ssh_host_key-rwxrwxrwx. 1 root root 627 Nov 17 2014 ssh_host_key.pub-rwxrwxrwx. 1 root root 1675 Nov 17 2014 ssh_host_rsa_key-rwxrwxrwx. 1 root root 382 Nov 17 2014 ssh_host_rsa_key.pubrootlocalhost ssh# chmod -R 700 ./*rootlocalhost ssh# lltotal 156-rwx-. 1 root root 125811 Nov 13 2014 moduli-rwx-. 1 root root 2047 Nov 13 2014 ssh_config-rwx-. 1 root root 3879 Nov 13 2014 sshd_config-rwx-. 1 root root 668 Nov 17 2014 ssh_host_dsa_key-rwx-. 1 root root 590 Nov 17 2014 ssh_host_dsa_key.pub-rwx-. 1 root root 963 Nov 17 2014 ssh_host_key-rwx-. 1 root root 627 Nov 17 2014 ssh_host_key.pub-rwx-. 1 root root 1675 Nov 17 2014 ssh_host_rsa_key-rwx-. 1 root root 382 Nov 17 2014 ssh_host_rsa_key.pub3） 然后再重启ssh服务看是否还有文件权限错误，如果有继续修改，没有则可以正常使用ssh远程连接主机rootlocalhost ssh# service sshd startStarting sshd: /var/empty/sshd must be owned by root and not group or world-writable. FAILEDrootlocalhost ssh# lltotal 156-rwx-. 1 root root 125811 Nov 13 2014 moduli-rwx-. 1 root root 2047 Nov 13 2014 ssh_config-rwx-. 1 root root 3879 Nov 13 2014 sshd_config-rwx-. 1 root root 668 Nov 17 2014 ssh_host_dsa_key-rwx-. 1 root root 590 Nov 17 2014 ssh_host_dsa_key.pub-rwx-. 1 root root 963 Nov 17 2014 ssh_host_key-rwx-. 1 root root 627 Nov 17 2014 ssh_host_key.pub-rwx-. 1 root root 1675 Nov 17 2014 ssh_host_rsa_key-rwx-. 1 root root 382 Nov 17 2014 ssh_host_rsa_key.pubrootlocalhost ssh# cd /var/empty/rootlocalhost empty# lltotal 4drwxrwxrwx. 2 root root 4096 Nov 13 2014 sshdrootlocalhost empty# chmod -R 700 sshd/8. 无法使用图形化界面，登录虚拟机图形界面，发现出现的是单用户模式，使用init 5命令更改主机运行级别提示失败，检查发现没有安装图形界面（redhat图形界面，非centos界面）解决办法：1） 将操作系统光盘或ISO镜像文件挂载到系统中，并给予文件中的读取权限，创建光盘镜像文件挂载点rootomcr-test # mkdir -p /mnt/rhel2）将光盘镜像文件挂载到系统中rootomcr-test # mount -o loop /OMCdata/ISO/rhel-server-6.5-x86_64-dvd.iso /mnt/rhel/3）安装createreporootomcr-test Packages# rpm -ivh createrepo-0.9.9-18.el6.noarch.rpm warning: createrepo-0.9.9-18.el6.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEYerror: Failed dependencies:python-deltarpm is needed by createrepo-0.9.9-18.el6.noarch注：安装失败，缺少依赖包，先安装依赖包，再安装createreporootomcr-test Packages# rpm -ivh deltarpm-3.5-0.5.20090913git.el6.x86_64.rpm warning: deltarpm-3.5-0.5.20090913git.el6.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEYPreparing. # 100% 1:deltarpm # 100%rootomcr-test Packages# rootomcr-test Packages# rpm -ivh python-deltarpm-3.5-0.5.20090913git.el6.x86_64.rpm warning: python-deltarpm-3.5-0.5.20090913git.el6.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEYPreparing. # 100% 1:python-deltarpm # 100%rootomcr-test Packages# rpm -ivh createrepo-0.9.9-18.el6.noarch.rpm warning: createrepo-0.9.9-18.el6.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEYPreparing. # 100% 1:createrepo # 100%4）配置本地yum：local.reporootomcr-test /# cd /etc/yum.repos.d/rootomcr-test yum.repos.d# lsrhel-source.reporootomcr-test yum.repos.d# vi local.reporootomcr-test yum.repos.d# yum clean allLoaded plugins: product-id, security, subscription-managerThis system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.Cleaning repos: BaseCleaning up Everythingrootomcr-test yum.repos.d# lslocal.repo rhel-source.reporootomcr-test yum.repos.d# more local.repo Basename=baseurl=file:/mnt/rhelgpgcheck=0enable=15）查看图形界面安装需要的rpm包在本地是否存在rootomcr-test yum.repos.d# yum grouplist DesktopLoaded plugins: product-id, security, subscription-managerThis system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.Setting up Group ProcessBase | 3.9 kB 00:00 . Base/primary_db |3.1 MB 00:00 . Base/group_gz | 204 kB 00:00 . Available Groups: 桌面Done6）使用yum命令安装图形化界面rootomcr-test yum.repos.d# yum groupinstall Desktop7）验证安装是否成功：使用root用户登录操作系统，更改运行级别为5，如果出现界面表示安装成功，否则失败rootomcr-test yum.repos.d# init 58）修改默认运行界别为5，即支持图形化界面：修改“id:3:initdefault:”为“id:5:initdefault:”rootomcr-test etc# more /etc/inittab # inittab is only used by upstart for the default runlevel.# ADDING OTHER CONFIGURATION HERE WILL HAVE NO EFFECT ON YOUR SYSTEM.# System initialization is started by /etc/init/rcS.conf# Individual runlevels are started by /etc/init/rc.conf# Ctrl-Alt-Delete is handled by /etc/init/control-alt-delete.conf# Terminal gettys are handled by /etc/init/tty.conf and /etc/init/serial.conf,# with configuration in /etc/sysconfig/init.# For information on how to write upstart event handlers, or how# upstart works, see init(5), init(8), and initctl(8).# Default runlevel. The runlevels used are:# 0 - halt (Do NOT set initdefault to this)# 1 - Single user mode# 2 - Multiuser, without NFS (The same as 3, if you do not have networking)# 3 - Full multiuser mode# 4 - unused# 5 - X11# 6 - reboot (Do NOT set initdefault to this)# id:3:initdefault:9. SSH连接缓慢答：由于/etc/resolv.conf中定义了DNS，在/etc/nsswitch.conf中定义了需要使用DNS解析IP地址和主机名，但是定义的DNS无法找到，导致连接变慢，可是在一段时间后可以连接上。解决办法：1）修改server中的/etc/hosts,将客户端的主机ip地址和主机名添加到该文件中；2）修改server中的/etc/ssh/sshd_config,修改UseDNS=yes为UseDNS=no；3）修改server中的/etc/nsswitch.conf,修改hosts:files dns为hosts:files；4）修改server中的/etc/resolv.conf,将所有内容注释；5）重启server即可注：如果是由于DNS无法找到导致的，直接注释/etc/resolv.conf中的所有不可用DNS即可；10. scp拷贝文件速度先快后慢，然后报stalled定位问题步骤：1） 最开始时是以为文件拷贝出问题了，因为在拷贝文件时总有几个文件无法拷贝完成，只有部分文件以及文件夹可以成功拷贝到目的主机中，然后就将需要拷贝的文件打包压缩再进行拷贝，现象没有好转；2） 两台linux主机都安装并运行了samba服务，然后直接通过samba拷贝目录及文件，结果却是提示“网络连接异常，请检查连接是否正常”，拷贝压缩后的文件也是提示同样的错误；3） 这台源主机拷贝到其他主机上都是正常的，不管是scp或者是samba都可以，只有这台目的主机不管是从哪台主机拷贝到本地还是拷贝到别的主机都是先快后慢，之后就stalled。解决办法：网上查资料造成这种情况的原因是由于两台主机的网络接口设置不一致。出现这种情况的两台主机，其中一台主机的网口是1000M全双工，观察ip范围是协商决定的，另一台是100M全双工，观察ip是-54，将该网口设置为100M全双工，观察ip范围协商决定以后，拷贝文件正常，不管是scp还是samba拷贝。11. /etc/resolv.conf被自动修改答：是由于dhclient运行导致该文件被修改解决办法;1）修改 /sbin/dhclient-script，注释掉对 resolv.conf 进行操作的地方。把 make_resolv_conf 这个函数的调用都给注释掉！2）强制修改 resolv.conf 的文件flag，设定为不可被更改.chattr +i /etc/resolv.conf3）变更DHCP Client的配置文件，在特定的环节追加我们的设定.在 /etc/dhcp3/dhclient.conf 中增加如下设定：prepend domain-name-servers , ;12. userdel删除用户时提示”userdel:user zyj is curently used by process 1”，无法删除用户答：该用户的uid和gid与root用户一样，当前使用的root用户登录，并且root用户无法删除自身，所以无法执行删除动作解决办法：将该用户的uid与gid都改成没有使用过的uid和gid，并把相应的目录以及文件的所属用户、所属组改成该用户，其中主要包括/home目录下的家目录以及/var/spool/mail/下的邮件文件，然后执行userdel -r userName即可删除该用户以及家目录和文件。13. 修改/etc/fstab文件，输入格式错误，导致机器重启失败 等等解决办法：1） 输入root用户密码，进入单用户模式；2） 查看fstab文件是否可读可写：文件是只读模式3） 重新挂载根目录，使文件可写(because root directory / is mounted in read only mode. type follwing command, then you should be able to edit rc.sysint script.)#mount / -o remount4） 修改fstab文件中出错的行，使之正确，然后重启机器即可14. 使用ntpq命令查询当前NTP同步状态时提示“No association IDs returned”错误原因：SELinux设置导致无法进行时间同步解决方案：关闭SELinux，之后再使用ntpdate或者从windows与该机器进行时间同步成功#getenforceEnforcing#setenforce 0Permissive网络解释：1.Description of problem:If I do /ifup eth0, where eth0 is a DHCP interface, you get an AVC.Restorecon -R -v /etc always produces the following after ifuping:restorecon reset ./ntp.conf contextsystem_u:object_r:dhcpc_state_t:s0-system_u:object_r:net_conf_t:s0It seems to me that ifup (more specifically /sbin/dhclient-script, Id guess),when its putting NTP servers learned through DHCP to ntp.conf, is resettingselinux context information when it rewrites ntp.conf?Version-Release number of selected component (if applicable):selinux-policy-3.5.13-26.fc10How reproducible:ifup eth0 on dhcp interface where ntp option is advertised.Actual results:Two AVCs are printed (one for ./ntp.conf, one for /etc/ntp.conf) even thoughcontexts have been fixed.Expected results:No AVCs.Additional info:Summary:SELinux is preventing ntpd (ntpd_t) read to ./ntp.conf (dhcpc_state_t).Detailed Description:SELinux is in permissive mode, the operation would have been denied but waspermitted due to permissive mode.SELinux denied access requested by ntpd. It is not expected that this access isrequired by ntpd and this access may signal an intrusion attempt. It is alsopossible that the specific version or configuration of the application iscausing it to require additional access.Allowing Access:Sometimes labeling problems can cause SELinux denials. You could try to restorethe default system file context for ./ntp.conf,restorecon -v ./ntp.confIf this does not work, there is currently no automatic way to allow thisaccess.Instead, you can generate a local policy module to allow this access - see FAQ(/docs/selinux-faq-fc5/#id2961385) Or you can disableSELinux protection altogether. Disabling SELinux protection is not recommended.Please file a bug report (/bugzilla/enter_bug.cgi)against this package.Additional Information:Source Context unconfined_u:system_r:ntpd_tTarget Context system_u:object_r:dhcpc_state_tTarget Objects ./ntp.conf file Source ntpdSource Path /usr/sbin/ntpdPort Host core.fiSource RPM Packages ntp-4.2.4p5-2.fc10Target RPM Packages Policy RPM selinux-policy-3.5.13-26.fc10Selinux Enabled TruePolicy Type targetedMLS Enabled TrueEnforcing Mode PermissivePlugin Name catchall_fileHost Name core.fiPlatform Linux core.fi -117.fc10.i686 #1SMP Tue Nov 18 12:19:59 EST 2008 i686 athlonAlert Count 1First Seen Thu 04 Dec 2008 07:26:28 PM EETLast Seen Thu 04 Dec 2008 07:26:28 PM EETLocal ID a5bee7f3-7692-46d1-a828-09941f9a1c1fLine Numbers Raw Audit Messages node=core.fi type=AVC msg=audit(1228411588.717:40079): avc: denied read for pid=20245 comm=ntpd name=ntp.conf dev=md2 ino=1069749scontext=unconfined_u:system_r:ntpd_t:s0 tcontext=system_u:object_r:dhcpc_state_t:s0 tclass=filenode=core.fi type=SYSCALL msg=audit(1228411588.717:40079): arch=40000003syscall=5 success=yes exit=4 a0=b8042d5a a1=0 a2=1b6 a3=0 items=0 ppid=20244pid=20245 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm=ntpdexe=/usr/sbin/ntpd subj=unconfined_u:system_r:ntpd_t:s0 key=(null)2.The other AVC is like this:Summary:SELinux is preventing ntpd (ntpd_t) getattr to /etc/ntp.conf (dhcpc_state_t).Detailed Description:SELinux is in permissive mode, the operation would have been denied but waspermitted due to permissive mode.SELinux denied access requested by ntpd. It is not expected that this access isrequired by ntpd and this access may signal an intrusion attempt. It is alsopossible that the specific version or configuration of the application iscausing it to require additional access.Allowing Access:Sometimes labeling problems can cause SELinux denials. You could try to restorethe default system file context for /etc/ntp.conf,restorecon -v /etc/ntp.confIf this does not work, there is currently no automatic way to allow thisaccess.Instead, you can generate a local policy module to allow this access - see FAQ(/docs/selinux-f