当前位置:网站首页>【DNS】“Can‘t resolve host“ as non-root user, but works fine as root
【DNS】“Can‘t resolve host“ as non-root user, but works fine as root
2022-07-05 10:53:00 【HunterMichaelG】
One 、 The problem background
After virtual machine drift restart , Some of the above applications failed to restart
See the relevant application startup log , The host name cannot be resolved , But the host name resolution used has been written in /etc/hosts 了
xx.xx.xx.xx oa.bogon.com
ping: oa.bogon.com: Name or service not known
Then run the user identity with the business process pingoa.bogon.com , It's really hard to resolve the discovery ;ping oa.bogon.com go DNS Parsing is normal .
But , When you su - root After user Again ping, But it can be parsed normally !
Two 、 Problem tracking
Yes Linux For servers , It's not always /etc/hosts Is the resolution priority of the highest , Now how /etc/hosts It doesn't work
Of course , There are limited conditions for the invalidity here , That is only for ordinary users , When using root There is no problem at all when the user !
So naturally, I began to doubt whether it was related to parsing files 、 Network permissions ?
use strace System calls that track the parsing process of different users :
# su - root
# strace -e trace=open ping oa.bogon.com
open("/etc/ld.so.preload", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libonion.so", O_RDONLY|O_CLOEXEC) = 3
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libcap.so.2", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libidn.so.11", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libcrypto.so.10", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libresolv.so.2", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libm.so.6", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libattr.so.1", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libz.so.1", O_RDONLY|O_CLOEXEC) = 3
open("/etc/pki/tls/legacy-settings", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3
open("/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 4
open("/etc/host.conf", O_RDONLY|O_CLOEXEC) = 4
open("/etc/resolv.conf", O_RDONLY|O_CLOEXEC) = 4
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 4
open("/lib64/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = 4
open("/etc/hosts", O_RDONLY|O_CLOEXEC) = 4
PING oa.bogon.com (10.0.8.7) 56(84) bytes of data.
open("/etc/hosts", O_RDONLY|O_CLOEXEC) = 4
64 bytes from oa.bogon.com (10.0.8.7): icmp_seq=1 ttl=64 time=0.033 ms
64 bytes from oa.bogon.com (10.0.8.7): icmp_seq=2 ttl=64 time=0.044 ms
64 bytes from oa.bogon.com (10.0.8.7): icmp_seq=3 ttl=64 time=0.044 ms
64 bytes from oa.bogon.com (10.0.8.7): icmp_seq=4 ttl=64 time=0.043 ms
64 bytes from oa.bogon.com (10.0.8.7): icmp_seq=5 ttl=64 time=0.042 ms
64 bytes from oa.bogon.com (10.0.8.7): icmp_seq=6 ttl=64 time=0.045 ms
64 bytes from oa.bogon.com (10.0.8.7): icmp_seq=7 ttl=64 time=0.045 ms
strace: Process 18039 detached
# su - test
$ strace -e trace=open ping oa.bogon.com
open("/etc/ld.so.preload", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libonion.so", O_RDONLY|O_CLOEXEC) = 3
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libcap.so.2", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libidn.so.11", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libcrypto.so.10", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libresolv.so.2", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libm.so.6", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libattr.so.1", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libz.so.1", O_RDONLY|O_CLOEXEC) = 3
open("/etc/pki/tls/legacy-settings", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3
open("/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 3
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
ping: socket: Operation not permitted
+++ exited with 2 +++
Focus on the following 3 On a file :
/etc/hosts
/etc/host.conf
/etc/nsswitch.conf
$ ls -l /etc/hosts
-rw-r--r-- 1 root root 257 Jul 2 11:58 /etc/hosts
$ ls -l /etc/host.conf
-rw-r--r-- 1 root root 9 Jun 7 2013 /etc/host.conf
$ ls -l /etc/nsswitch.conf
-rw-rw----. 1 root root 1746 Mar 7 2019 /etc/nsswitch.conf
$ cat /etc/nsswitch.conf
cat: /etc/nsswitch.conf: Permission denied
3、 ... and 、 resolvent
# chmod 644 /etc/hosts
# chmod 644 /etc/host.conf
# chmod 644 /etc/nsswitch.conf
nsswitch.conf(name service switch configuration, Name service switch configuration ) The file is located in /etc Under the table of contents , It specifies which ways and in what order and through which to find specific types of information , You can also specify what action the system will take when a method works or fails .
$ cat /etc/nsswitch.conf
hosts: files dns myhostname
First use /etc/hosts Search for ; If it fails , according to /etc/resolv.conf In file nameserver Search for ; If you fail again , check myhostname Find out the host information .
3、 ... and 、 Problem handling reply
without root Authorized users ping As a contrast , Maybe I can't find the direction for a while
By using root user strace track ping system call , Find the relevant open file
If ordinary users are not right /etc/nsswitch.conf read jurisdiction , Then you can't use /etc/hosts
Four 、 Reference resources
/etc/hosts entries not being used for non-root users
https://www.unixsherpa.com/solution/etchosts-entries-not-being-used-for-non-root-users/
Cannot resolve host as non-root user
https://serverfault.com/questions/637274/cannot-resolve-host-as-non-root-user
“Can’t resolve host” as user, but works fine as root
https://www.linuxquestions.org/questions/linux-networking-3/can%27t-resolve-host-as-user-but-works-fine-as-root-494270/·`
Linux can PING IP But not PING The solution of host domain name
https://www.cnblogs.com/gaoyuechen/p/8378138.html
Linux Under the system /etc/nsswitch.conf file
https://www.bbsmax.com/A/Ae5RaXXLJQ
https://blog.csdn.net/waqwn/article/details/51687719
System management guide : Naming and directory services (DNS、NIS and LDAP)
https://docs.oracle.com/cd/E24847_01/html/E22302/a12swit-22067.html
Linux Artifact strace analysis
https://www.cnblogs.com/johnny666888/p/12629216.html
nslookup-OK-but-ping-fail
https://plantegg.github.io/2019/01/09/nslookup-OK-but-ping-fail/
边栏推荐
- Process control
- csdn软件测试入门的测试基本流程
- websocket
- About the use of Vray 5.2 (self research notes) (II)
- Advanced scaffold development
- Basic testing process of CSDN Software Testing Introduction
- 变量///
- About the use of Vray 5.2 (self research notes)
- 磨礪·聚變|知道創宇移動端官網煥新上線,開啟數字安全之旅!
- Use bat command to launch common browsers with one click
猜你喜欢
Broyage · fusion | savoir que le site officiel de chuangyu mobile end est en ligne et commencer le voyage de sécurité numérique!
Based on shengteng AI Aibi intelligence, we launched a digital solution for bank outlets to achieve full digital coverage of information from headquarters to outlets
【JS】提取字符串中的分数,汇总后算出平均分,并与每个分数比较,输出
一次edu证书站的挖掘
风控模型启用前的最后一道工序,80%的童鞋在这都踩坑
2022 t elevator repair operation certificate examination questions and answers
matlab cov函数详解
爬虫(9) - Scrapy框架(1) | Scrapy 异步网络爬虫框架
Basic testing process of CSDN Software Testing Introduction
谈谈对Flink框架中容错机制及状态的一致性的理解
随机推荐
NAS与SAN
App各大应用商店/应用市场网址汇总
Pull up loading principle
32:第三章:开发通行证服务:15:浏览器存储介质,简介;(cookie,Session Storage,Local Storage)
微信核酸检测预约小程序系统毕业设计毕设(8)毕业设计论文模板
【JS】提取字符串中的分数,汇总后算出平均分,并与每个分数比较,输出
Variables///
uniapp
小红书自研KV存储架构如何实现万亿量级存储与跨云多活
[observation] with the rise of the "independent station" model of cross-border e-commerce, how to seize the next dividend explosion era?
Operation of simulated examination platform of special operation certificate examination question bank for safety production management personnel of hazardous chemical production units in 2022
中职组网络安全2021年江苏省省赛题目5套题目环境+解析全有需要的私信我
关于vray5.2怎么关闭日志窗口
LSTM applied to MNIST dataset classification (compared with CNN)
MFC宠物商店信息管理系统
Function///
2022 chemical automation control instrument examination questions and online simulation examination
Crawler (9) - scrape framework (1) | scrape asynchronous web crawler framework
beego跨域问题解决方案-亲试成功
LSTM应用于MNIST数据集分类(与CNN做对比)