当前位置:网站首页>【DNS】“Can‘t resolve host“ as non-root user, but works fine as root
【DNS】“Can‘t resolve host“ as non-root user, but works fine as root
2022-07-05 10:53:00 【HunterMichaelG】
One 、 The problem background
After virtual machine drift restart , Some of the above applications failed to restart
See the relevant application startup log , The host name cannot be resolved , But the host name resolution used has been written in /etc/hosts 了
xx.xx.xx.xx oa.bogon.com
ping: oa.bogon.com: Name or service not known
Then run the user identity with the business process pingoa.bogon.com , It's really hard to resolve the discovery ;ping oa.bogon.com go DNS Parsing is normal .
But , When you su - root After user Again ping, But it can be parsed normally !
Two 、 Problem tracking
Yes Linux For servers , It's not always /etc/hosts Is the resolution priority of the highest , Now how /etc/hosts It doesn't work
Of course , There are limited conditions for the invalidity here , That is only for ordinary users , When using root There is no problem at all when the user !
So naturally, I began to doubt whether it was related to parsing files 、 Network permissions ?
use strace System calls that track the parsing process of different users :
# su - root
# strace -e trace=open ping oa.bogon.com
open("/etc/ld.so.preload", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libonion.so", O_RDONLY|O_CLOEXEC) = 3
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libcap.so.2", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libidn.so.11", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libcrypto.so.10", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libresolv.so.2", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libm.so.6", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libattr.so.1", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libz.so.1", O_RDONLY|O_CLOEXEC) = 3
open("/etc/pki/tls/legacy-settings", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3
open("/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 4
open("/etc/host.conf", O_RDONLY|O_CLOEXEC) = 4
open("/etc/resolv.conf", O_RDONLY|O_CLOEXEC) = 4
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 4
open("/lib64/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = 4
open("/etc/hosts", O_RDONLY|O_CLOEXEC) = 4
PING oa.bogon.com (10.0.8.7) 56(84) bytes of data.
open("/etc/hosts", O_RDONLY|O_CLOEXEC) = 4
64 bytes from oa.bogon.com (10.0.8.7): icmp_seq=1 ttl=64 time=0.033 ms
64 bytes from oa.bogon.com (10.0.8.7): icmp_seq=2 ttl=64 time=0.044 ms
64 bytes from oa.bogon.com (10.0.8.7): icmp_seq=3 ttl=64 time=0.044 ms
64 bytes from oa.bogon.com (10.0.8.7): icmp_seq=4 ttl=64 time=0.043 ms
64 bytes from oa.bogon.com (10.0.8.7): icmp_seq=5 ttl=64 time=0.042 ms
64 bytes from oa.bogon.com (10.0.8.7): icmp_seq=6 ttl=64 time=0.045 ms
64 bytes from oa.bogon.com (10.0.8.7): icmp_seq=7 ttl=64 time=0.045 ms
strace: Process 18039 detached
# su - test
$ strace -e trace=open ping oa.bogon.com
open("/etc/ld.so.preload", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libonion.so", O_RDONLY|O_CLOEXEC) = 3
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libcap.so.2", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libidn.so.11", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libcrypto.so.10", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libresolv.so.2", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libm.so.6", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libattr.so.1", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libz.so.1", O_RDONLY|O_CLOEXEC) = 3
open("/etc/pki/tls/legacy-settings", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3
open("/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 3
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
ping: socket: Operation not permitted
+++ exited with 2 +++
Focus on the following 3 On a file :
/etc/hosts
/etc/host.conf
/etc/nsswitch.conf
$ ls -l /etc/hosts
-rw-r--r-- 1 root root 257 Jul 2 11:58 /etc/hosts
$ ls -l /etc/host.conf
-rw-r--r-- 1 root root 9 Jun 7 2013 /etc/host.conf
$ ls -l /etc/nsswitch.conf
-rw-rw----. 1 root root 1746 Mar 7 2019 /etc/nsswitch.conf
$ cat /etc/nsswitch.conf
cat: /etc/nsswitch.conf: Permission denied
3、 ... and 、 resolvent
# chmod 644 /etc/hosts
# chmod 644 /etc/host.conf
# chmod 644 /etc/nsswitch.conf
nsswitch.conf(name service switch configuration, Name service switch configuration ) The file is located in /etc Under the table of contents , It specifies which ways and in what order and through which to find specific types of information , You can also specify what action the system will take when a method works or fails .
$ cat /etc/nsswitch.conf
hosts: files dns myhostname
First use /etc/hosts Search for ; If it fails , according to /etc/resolv.conf In file nameserver Search for ; If you fail again , check myhostname Find out the host information .
3、 ... and 、 Problem handling reply
without root Authorized users ping As a contrast , Maybe I can't find the direction for a while
By using root user strace track ping system call , Find the relevant open file
If ordinary users are not right /etc/nsswitch.conf read jurisdiction , Then you can't use /etc/hosts
Four 、 Reference resources
/etc/hosts entries not being used for non-root users
https://www.unixsherpa.com/solution/etchosts-entries-not-being-used-for-non-root-users/
Cannot resolve host as non-root user
https://serverfault.com/questions/637274/cannot-resolve-host-as-non-root-user
“Can’t resolve host” as user, but works fine as root
https://www.linuxquestions.org/questions/linux-networking-3/can%27t-resolve-host-as-user-but-works-fine-as-root-494270/·`
Linux can PING IP But not PING The solution of host domain name
https://www.cnblogs.com/gaoyuechen/p/8378138.html
Linux Under the system /etc/nsswitch.conf file
https://www.bbsmax.com/A/Ae5RaXXLJQ
https://blog.csdn.net/waqwn/article/details/51687719
System management guide : Naming and directory services (DNS、NIS and LDAP)
https://docs.oracle.com/cd/E24847_01/html/E22302/a12swit-22067.html
Linux Artifact strace analysis
https://www.cnblogs.com/johnny666888/p/12629216.html
nslookup-OK-but-ping-fail
https://plantegg.github.io/2019/01/09/nslookup-OK-but-ping-fail/
边栏推荐
- 在C# 中实现上升沿,并模仿PLC环境验证 If 语句使用上升沿和不使用上升沿的不同
- Explanation of message passing in DGL
- About the use of Vray 5.2 (self research notes)
- 数据库中的范式:第一范式,第二范式,第三范式
- regular expression
- 关于vray 5.2的使用(自研笔记)(二)
- LSTM应用于MNIST数据集分类(与CNN做对比)
- Crawler (9) - scrape framework (1) | scrape asynchronous web crawler framework
- 一次edu证书站的挖掘
- 中职组网络安全2021年江苏省省赛题目5套题目环境+解析全有需要的私信我
猜你喜欢
32:第三章:开发通行证服务:15:浏览器存储介质,简介;(cookie,Session Storage,Local Storage)
基于昇腾AI丨以萨技术推出视频图像全目标结构化解决方案,达到业界领先水平
在C# 中实现上升沿,并模仿PLC环境验证 If 语句使用上升沿和不使用上升沿的不同
微信核酸检测预约小程序系统毕业设计毕设(7)中期检查报告
Web3基金会「Grant计划」赋能开发者,盘点四大成功项目
2022 t elevator repair operation certificate examination questions and answers
How to close the log window in vray5.2
风控模型启用前的最后一道工序,80%的童鞋在这都踩坑
About the use of Vray 5.2 (self research notes)
csdn软件测试入门的测试基本流程
随机推荐
【JS】提取字符串中的分数,汇总后算出平均分,并与每个分数比较,输出
图片懒加载的方案
Process control
GBase 8c数据库如何查看登录用户的登录信息,如上一次登录认证通过的日期、时间和IP等信息?
SAP ui5 objectpagelayout control usage sharing
【DNS】“Can‘t resolve host“ as non-root user, but works fine as root
DOM//
Bidirectional RNN and stacked bidirectional RNN
[vite] 1371 - develop vite plug-ins by hand
Ad20 make logo
2021年山东省赛题库题目抓包
uniapp
BOM//
小程序框架Taro
C language QQ chat room small project [complete source code]
2022 mobile crane driver examination question bank and simulation examination
DGL中的消息传递相关内容的讲解
【tcp】服务器上tcp连接状态json形式输出
2022 t elevator repair operation certificate examination questions and answers
关于vray5.2怎么关闭日志窗口