/usr/bin/mysqld_safe_helper: Cannot change uid/gid (errno: 1) (转)
From: https://www.rootusers.com/how-to-fix-mariadb-10-0-29-selinux-update-failure/
安装mysql 10.0.29后,启动mysql失败:
[root@server centos]# systemctl status mysql
â mysql.service - LSB: start and stop MySQL
Loaded: loaded (/etc/rc.d/init.d/mysql; bad; vendor preset: disabled)
Active: failed (Result: exit-code) since Sat -- :: UTC; 4s ago
Docs: man:systemd-sysv-generator()
Process: ExecStop=/etc/rc.d/init.d/mysql stop (code=exited, status=/SUCCESS)
Process: ExecStart=/etc/rc.d/init.d/mysql start (code=exited, status=/FAILURE) Jan :: server systemd[]: Starting LSB: start and stop MySQL...
Jan :: server mysql[]: Starting MySQL. :: mysqld_safe Logging to '/var/lib/mysql/server.err'.
Jan :: server mysql[]: :: mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
Jan :: server mysql[]: /usr/bin/mysqld_safe_helper: Cannot change uid/gid (errno: )
Jan :: server mysql[]: ERROR!
Jan :: server systemd[]: mysql.service: control process exited, code=exited status=
Jan :: server systemd[]: Failed to start LSB: start and stop MySQL.
Jan :: server systemd[]: Unit mysql.service entered failed state.
Jan :: server systemd[]: mysql.service failed.
可以看到,myql服务状态是down。错误显示mysqld_safe_helper 试图更改UID/GID:
Jan :: server mysql[]: /usr/bin/mysqld_safe_helper: Cannot change uid/gid (errno: )
根据错误提示,执行 journalctl -xe命令:
[root@server mysql]# journalctl -xe
Jan :: server setroubleshoot[]: SELinux is preventing /usr/bin/mysqld_safe_helper from using the setgid capability. For complete SELinux messages. run sealert -l 640a7d54-35ab-43b5--db6f159e1449
Jan :: server python[]: SELinux is preventing /usr/bin/mysqld_safe_helper from using the setgid capability. ***** Plugin catchall (. confidence) suggests ************************** If you believe that mysqld_safe_helper should have the setgid capability by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'mysqld_safe_hel' --raw | audit2allow -M my-mysqldsafehel
# semodule -i my-mysqldsafehel.pp
通过以上日志可以看出SELinux阻止了mysqld_safe_helper 的行为,因此mysql服务启动失败是因为SELinux的权限问题。
为了获取更多信息,执行以下命令:
[root@server mysql]# sealert -a /var/log/audit/audit.log
SELinux is preventing /usr/bin/mysqld_safe_helper from using the setuid capability. ***** Plugin catchall (. confidence) suggests ************************** If you believe that mysqld_safe_helper should have the setuid capability by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'mysqld_safe_hel' --raw | audit2allow -M my-mysqldsafehel
# semodule -i my-mysqldsafehel.pp Additional Information:
Source Context system_u:system_r:mysqld_safe_t:s0
Target Context system_u:system_r:mysqld_safe_t:s0
Target Objects Unknown [ capability ]
Source mysqld_safe_hel
Source Path /usr/bin/mysqld_safe_helper
Port
Host
Source RPM Packages MariaDB-server-10.0.-.el7.centos.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.-.el7_3..noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name server
Platform Linux server
3.10.-514.2..el7.x86_64 # SMP Tue Dec
:: UTC x86_64 x86_64
Alert Count
First Seen -- :: UTC
Last Seen -- :: UTC
Local ID f3462d4b-ed6b-4e94--7ab0970c0af0 Raw Audit Messages
type=AVC msg=audit(1484389402.769:): avc: denied { setuid } for pid= comm="mysqld_safe_hel" capability= scontext=system_u:system_r:mysqld_safe_t:s0 tcontext=system_u:system_r:mysqld_safe_t:s0 tclass=capability type=SYSCALL msg=audit(1484389402.769:): arch=x86_64 syscall=setuid success=no exit=EPERM a0=3e4 a1=3e4 a2=7f2c90e772e0 a3=7f2c90e772e0 items= ppid= pid= auid= uid= gid= euid= suid= fsuid= egid= sgid= fsgid= tty=(none) ses= comm=mysqld_safe_hel exe=/usr/bin/mysqld_safe_helper subj=system_u:system_r:mysqld_safe_t:s0 key=(null) Hash: mysqld_safe_hel,mysqld_safe_t,mysqld_safe_t,capability,setuid
根据以上建议,执行建议中的命令创建本地策略:
ausearch -c 'mysqld_safe_hel' --raw | audit2allow -M my-mysqldsafehel
semodule -i my-mysqldsafehel.pp
再次启动mysql服务,仍然失败。查看错误信息,仍是关于SELinux的:
SELinux is preventing /usr/bin/mysqld_safe_helper from using the setgid capability.
仍然按照以上步骤,执行建议命令。然后,再次重启mysql服务:
[root@server ~]# systemctl restart mysql
[root@server ~]# systemctl status mysql.service -l
â mysql.service - LSB: start and stop MySQL
Loaded: loaded (/etc/rc.d/init.d/mysql; bad; vendor preset: disabled)
Active: active (running) since Sat -- :: UTC; 29min ago
当然我们可以通过执行以下命令,通过临时关闭SELinux,解决这个问题:
setenforce
但是如果想要永久解决该问题,并保证系统的安全,还是建议通过添加SELinux策略的方式解决启动服务失败的问题。
/usr/bin/mysqld_safe_helper: Cannot change uid/gid (errno: 1) (转)的更多相关文章
- 安装Pod时提示ERROR: While executing gem ... (Errno::EPERM) Operation not permitted - /usr/bin/pod
环境:OSX EI 10.11.1 昨天切换gem源后,招待pod安装没有任何问题,也可以正常用$ gem sources --add https://ruby.taobao.org/ --remov ...
- ERROR: While executing gem ... (Errno::EPERM) Operation not permitted - /usr/bin/pod
因为突然要用到cocospod,突然发现在使用pod install的时候出现 -bash: pod: command not found 我去-不知道为什么,然后我就想重新安装下cocospod,在 ...
- sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set 的解决办法
Linux新建用户 ,sudo报错: sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set 解决办法:重置一下s ...
- 解决普通用户sudo时出现/usr/bin/sudo must be owned by uid 0 and have the setuid bit set
一:因为之前误操作使用sudo chmod -R 777 /usr命令修改了usr文件的所有者导致了此问题: 二:网上说需要进入recovery mode,经过自己的测试是不需要的: 三:步骤(只需登 ...
- sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set
使用root 登录,然后执行: chown root:root /usr/bin/sudo chmod 4755 /usr/bin/sudo reboot
- #!/System/Library/Frameworks/Ruby.framework/Versions/Current/usr/bin/ruby
#!/System/Library/Frameworks/Ruby.framework/Versions/Current/usr/bin/ruby # This script installs to ...
- 解决Ubuntu sudo apt-get install遇到的E: Sub-process /usr/bin/dpkg returned an error code (1)问题
如题,本人在安装samba等软件的时候,在命令行敲入: sudo apt-get install samba4命令的时候,系统在下载之后报错,大致内容如下: ~$ sudo apt-get insta ...
- 【问题】/usr/bin/env: php: 没有那个文件或目录
php不是默认安装的,在使用symfony创建新项目时,出现这个提示. [root@localhost html]# symfony demo /usr/bin/env: php: 没有那个文件或目录 ...
- /usr/bin/expect介绍
/usr/bin/expect介绍 http://blog.csdn.net/zhu_tianwei/article/details/44180637 概述 我们通过Shell可以实现简单的控制流功能 ...
随机推荐
- hdu 3518 Boring counting 后缀数组 height分组
题目链接 题意 对于给定的字符串,求有多少个 不重叠的子串 出现次数 \(\geq 2\). 思路 枚举子串长度 \(len\),以此作为分界值来对 \(height\) 值进行划分. 显然,对于每一 ...
- 让你的qstardict读单词
作为编程行当的人员,英语是躲不掉的,很多资料英文更加有效,字典就显得尤为重要,我希望字典不但能查到中文意思,还能发生,那就跟我来吧: 一.安装字典程序: pacman -S qstartdic sox ...
- check source code after macro expand
Some time I'd like check source code after macro expand. We can use -E option to stop after the prep ...
- 浅谈控件(组件)制作方法一(附带一delphi导出数据到Excel的组件实例)(原创)
来自:http://blog.csdn.net/zhdwjie/article/details/1490741 -------------------------------------------- ...
- Android与H5互调
前言 微信,微博,微商,QQ空间,大量的软件使用内嵌了H5,这个时候就需要了解Android如何更H5交互的了:有些外包公司,为了节约成本,采用Android内嵌H5模式开发,便于在IOS上直接复用页 ...
- 洛谷——P2781 传教
P2781 传教 题目背景 写完暑假作业后,bx2k去找pear玩.pear表示他要去汉中传教,于是bx2k准备跟着去围观. 题目描述 pear把即将接受传教的人排成一行,每个人从左到右的编号为1-n ...
- gtest 自动化测试 部署
1.部署 a)编译框架 1.1下载gtest库1.6.0 并解压到文件夹 "/user/{user}/gtest.1.6.0" 下载地址:https://code.google.c ...
- 使用nginx实现的灰度发布思路研究(待实践)
灰度发布也叫 A/B 测试,原理是一套系统在实现了负载均衡,全国节点都部署了系统之后,可以在新功能上线后,让一小部分用户先使用,从中收集使用信息来做对比和发现bug,及时调整,最终分发到全国的节点. ...
- 受检查异常要求try catch或者throws,但是要记住只要catch异常了,就不会向下继续抛了
所以在框架中,要想异常被统一的异常拦截器处理,就要将受检查异常转换为运行异常,在受检查异常的catch时候,手动throw new runtime exception
- SilverLight-DataBinding-DataTemplates: 三、数据绑定 DataTemplates模板的使用(求助,没有到达实例效果,求高人指点迷津)
ylbtech-SilverLight-DataBinding-DataTemplates: 三.数据绑定 DataTemplates模板的使用 1.A, Data Templates Intro(数 ...