当前位置:网站首页>【DNS】“Can‘t resolve host“ as non-root user, but works fine as root
【DNS】“Can‘t resolve host“ as non-root user, but works fine as root
2022-07-05 10:18:00 【HunterMichaelG】
一、 问题背景
虚拟机漂移重启后,上面某些应用重启失败
看相关应用启动日志,显示无法解析主机名,但是用到的主机名解析已经写在/etc/hosts了
xx.xx.xx.xx oa.bogon.com
ping: oa.bogon.com: Name or service not known
于是用业务进程运行用户身份 pingoa.bogon.com ,发现还真是解析不了;ping oa.bogon.com走DNS 解析却可以正常解析。
可是,当你 su - root 用户后 再ping,却都可以正常解析!
二、 问题追踪
对Linux服务器而言,一般不都是 /etc/hosts 的解析优先级最高吗,现在怎么 /etc/hosts 不生效了
当然,此处的不生效有限定条件,那就是只针对普通用户,当使用root用户时候是完全没问题的!
于是自然开始怀疑是不是跟解析有关的文件、网络权限有关?
用strace 追踪不同用户的解析过程的系统调用:
# su - root
# strace -e trace=open ping oa.bogon.com
open("/etc/ld.so.preload", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libonion.so", O_RDONLY|O_CLOEXEC) = 3
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libcap.so.2", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libidn.so.11", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libcrypto.so.10", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libresolv.so.2", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libm.so.6", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libattr.so.1", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libz.so.1", O_RDONLY|O_CLOEXEC) = 3
open("/etc/pki/tls/legacy-settings", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3
open("/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 4
open("/etc/host.conf", O_RDONLY|O_CLOEXEC) = 4
open("/etc/resolv.conf", O_RDONLY|O_CLOEXEC) = 4
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 4
open("/lib64/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = 4
open("/etc/hosts", O_RDONLY|O_CLOEXEC) = 4
PING oa.bogon.com (10.0.8.7) 56(84) bytes of data.
open("/etc/hosts", O_RDONLY|O_CLOEXEC) = 4
64 bytes from oa.bogon.com (10.0.8.7): icmp_seq=1 ttl=64 time=0.033 ms
64 bytes from oa.bogon.com (10.0.8.7): icmp_seq=2 ttl=64 time=0.044 ms
64 bytes from oa.bogon.com (10.0.8.7): icmp_seq=3 ttl=64 time=0.044 ms
64 bytes from oa.bogon.com (10.0.8.7): icmp_seq=4 ttl=64 time=0.043 ms
64 bytes from oa.bogon.com (10.0.8.7): icmp_seq=5 ttl=64 time=0.042 ms
64 bytes from oa.bogon.com (10.0.8.7): icmp_seq=6 ttl=64 time=0.045 ms
64 bytes from oa.bogon.com (10.0.8.7): icmp_seq=7 ttl=64 time=0.045 ms
strace: Process 18039 detached
# su - test
$ strace -e trace=open ping oa.bogon.com
open("/etc/ld.so.preload", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libonion.so", O_RDONLY|O_CLOEXEC) = 3
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libcap.so.2", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libidn.so.11", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libcrypto.so.10", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libresolv.so.2", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libm.so.6", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libattr.so.1", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libz.so.1", O_RDONLY|O_CLOEXEC) = 3
open("/etc/pki/tls/legacy-settings", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3
open("/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 3
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
ping: socket: Operation not permitted
+++ exited with 2 +++
将关注点放在如下3个文件身上:
/etc/hosts
/etc/host.conf
/etc/nsswitch.conf
$ ls -l /etc/hosts
-rw-r--r-- 1 root root 257 Jul 2 11:58 /etc/hosts
$ ls -l /etc/host.conf
-rw-r--r-- 1 root root 9 Jun 7 2013 /etc/host.conf
$ ls -l /etc/nsswitch.conf
-rw-rw----. 1 root root 1746 Mar 7 2019 /etc/nsswitch.conf
$ cat /etc/nsswitch.conf
cat: /etc/nsswitch.conf: Permission denied
三、解决方法
# chmod 644 /etc/hosts
# chmod 644 /etc/host.conf
# chmod 644 /etc/nsswitch.conf
nsswitch.conf(name service switch configuration,名字服务切换配置)文件位于/etc目录下,由它规定通过哪些途径以及按照什么顺序以及通过这些途径来查找特定类型的信息,还可以指定某个方法奏效或失效时系统将采取什么动作。
$ cat /etc/nsswitch.conf
hosts: files dns myhostname
先使用/etc/hosts 搜索;如果失败的话,根据/etc/resolv.conf文件中nameserver搜索;如果再次失败的话,核对myhostname找出主机信息。
三、问题处理复盘
如果没有root权限用户ping作为对比,可能一时找不到方向
通过使用root用户 strace 追踪 ping 系统调用,找到相关打开的文件
普通用户如果没有对 /etc/nsswitch.conf read权限,那么就无法使用 /etc/hosts
四、参考
/etc/hosts entries not being used for non-root users
https://www.unixsherpa.com/solution/etchosts-entries-not-being-used-for-non-root-users/
Cannot resolve host as non-root user
https://serverfault.com/questions/637274/cannot-resolve-host-as-non-root-user
“Can’t resolve host” as user, but works fine as root
https://www.linuxquestions.org/questions/linux-networking-3/can%27t-resolve-host-as-user-but-works-fine-as-root-494270/·`
Linux 能PING IP 但不能PING 主机域名的解决方法
https://www.cnblogs.com/gaoyuechen/p/8378138.html
Linux系统下的/etc/nsswitch.conf文件
https://www.bbsmax.com/A/Ae5RaXXLJQ
https://blog.csdn.net/waqwn/article/details/51687719
系统管理指南:命名和目录服务(DNS、NIS 和 LDAP)
https://docs.oracle.com/cd/E24847_01/html/E22302/a12swit-22067.html
Linux神器 strace解析
https://www.cnblogs.com/johnny666888/p/12629216.html
nslookup-OK-but-ping-fail
https://plantegg.github.io/2019/01/09/nslookup-OK-but-ping-fail/
边栏推荐
- AtCoder Beginner Contest 258「ABCDEFG」
- NCP1342芯片替代料PN8213 65W氮化镓充电器方案
- 学习笔记6--卫星定位技术(上)
- 请问大佬们 有遇到过flink cdc mongdb 执行flinksql 遇到这样的问题的么?
- @Jsonadapter annotation usage
- How can PostgreSQL CDC set a separate incremental mode, debezium snapshot. mo
- 驱动制造业产业升级新思路的领域知识网络,什么来头?
- How can non-technical departments participate in Devops?
- isEmpty 和 isBlank 的用法区别
- Customize the left sliding button in the line in the applet, which is similar to the QQ and Wx message interface
猜你喜欢
How can non-technical departments participate in Devops?
手机厂商“互卷”之年:“机海战术”失灵,“慢节奏”打法崛起
A large number of virtual anchors in station B were collectively forced to refund: revenue evaporated, but they still owe station B; Jobs was posthumously awarded the U.S. presidential medal of freedo
学习笔记6--卫星定位技术(上)
Constrained layout flow
驱动制造业产业升级新思路的领域知识网络,什么来头?
Advanced opencv:bgr pixel intensity map
爬虫(9) - Scrapy框架(1) | Scrapy 异步网络爬虫框架
Energy momentum: how to achieve carbon neutralization in the power industry?
Have you learned to make money in Dingding, enterprise micro and Feishu?
随机推荐
C语言实现QQ聊天室小项目 [完整源码]
LiveData 面试题库、解答---LiveData 面试 7 连问~
钉钉、企微、飞书学会赚钱了吗?
pytorch输出tensor张量时有省略号的解决方案(将tensor完整输出)
请问postgresql cdc 怎么设置单独的增量模式呀,debezium.snapshot.mo
橫向滾動的RecycleView一屏顯示五個半,低於五個平均分布
Using directive in angualr2 to realize that the picture size changes with the window size
Flink CDC cannot monitor MySQL logs. Have you ever encountered this problem?
Pseudo class elements -- before and after
微信小程序中,从一个页面跳转到另一个页面后,在返回后发现页面同步滚动了
The most complete is an I2C summary
学习笔记4--高精度地图关键技术(下)
Livedata interview question bank and answers -- 7 consecutive questions in livedata interview~
vscode的快捷键
SLAM 01.人类识别环境&路径的模型建立
Glide Mastery
【SWT组件】内容滚动组件 ScrolledComposite
Learning note 4 -- Key Technologies of high-precision map (Part 2)
[paper reading] kgat: knowledge graph attention network for recommendation
如何判断线程池已经执行完所有任务了?