1、问题描述
Aix 5.3 level07的操作系统,以root登陆后ftp其它的主机没有任何问题,以非root的任何用户登陆ftp其它主机键入用户名、口令回车后报如下的报错:
$ ftp 192.168.1.10
Connected to 192.168.1.10.
220 sd11 FTP server (Version 1.1.214.4(PHNE_27765) Wed Sep 4 05:59:34 GMT 2002) ready.
Name (192.168.1.10:root): oracle
331 Password required for oracle.
530 Login incorrect.
Login failed.
ftp>
2、问题诊断
检查过 /etc/ftpusers file format, /etc/inetd.conf等配置文件及用户的设置均未发现问题。google了一下也未发现相似问题的处理。
为细查一下产生问题的原因,决定用truss跟踪一下。
2.1 首先开一个ftp的交乎进程:
oracle>ftp 192.168.1.10
2.2 再改一个窗口以truss进程跟踪
# ps -ef|grep ftp
root 311514 463062 0 09:00:20 pts/2 0:00 grep ftp
oracle 413866 487606 0 08:59:40 pts/1 0:00 ftp 192.168.1.10
# truss -p 446626
ftp窗口报错后,truss捕获到如下信息:
kread(0, 0x00000000, 0) (sleeping...)
kread(0, 0x00000000, 0) = 10
_sigaction(2, 0x2FF1FAB0, 0x2FF1FAC0) = 0
kwrite(4, " U S E R r o o t\r\n", 11) = 11
_sigaction(2, 0x2FF1A9E0, 0x2FF1A9F0) = 0
kread(4, " 3 3 1 P a s s w o r d".., 4096) = 33
kwrite(1, " 3 3 1 P a s s w o r d".., 32) = 32
kfcntl(1, F_GETFL, 0x2FF22FFC) = 2
_sigaction(2, 0x2FF1A9E0, 0x2FF1A9F0) = 0
_sigaction(2, 0x2FF1FAB0, 0x2FF1FAC0) = 0
_getpid() = 446626
open("/dev/tty", O_RDWR) Err#13 EACCES
_sigaction(2, 0x2FF22310, 0x2FF22320) = 0
_sigaction(2, 0x2FF1FAB0, 0x2FF1FAC0) = 0
kwrite(4, " P A S S \r\n", 7) = 7
_sigaction(2, 0x2FF1A9E0, 0x2FF1A9F0) = 0
kread(4, " 5 3 0 L o g i n i n".., 4096) = 22
kwrite(1, " 5 3 0 L o g i n i n".., 21) = 21
kfcntl(1, F_GETFL, 0x2FF22FFC) = 2
_sigaction(2, 0x2FF1A9E0, 0x2FF1A9F0) = 0
_sigaction(2, 0x2FF1FAB0, 0x2FF1FAC0) = 0
_getpid() = 446626
kwrite(1, " L o g i n f a i l e d".., 14) = 14
seteuid(0) = 0
_getpid() = 446626
sigprocmask(0, 0x2FF222A0, 0x2FF222A8) = 0
auditlog("TCPIP_access", -1, "TCP/IP", 56) Err#22 EINVAL
sigprocmask(2, 0x2FF222A0, 0x2FF222A8) = 0
seteuid(202) = 0
_sigaction(2, 0x2FF225E0, 0x2FF225F0) = 0
_sigaction(13, 0x2FF225E0, 0x2FF225F0) = 0
_getpid() = 446626
kwrite(1, " f t p > ", 5) = 5
kfcntl(1, F_GETFL, 0x00000020) = 2
kread(0, " u s e r r o o t\n\0\0".., 4096) (sleeping...)
2.3 问题分析
看一下标红的部分,报EACCES错,表明/dev/下的tty设备的权限位设置有问题。
确认一下:
#ls -l /dev/tty*
crwxr-xr-x 1 root system 1, 0 Jul 29 14:09 tty
crwxr-xr-x 1 root system 18, 0 Jun 23 11:57 tty0
crw-r--r-- 1 root system 30, 0 Jun 23 12:45 ttyp0
crwxr-xr-x 1 root system 30, 1 Jun 23 12:45 ttyp1
crwxr-xr-x 1 root system 30, 2 Jun 23 12:45 ttyp2
crwxr-xr-x 1 root system 30, 3 Jun 23 12:45 ttyp3
crwxr-xr-x 1 root system 30, 4 Jun 23 12:45 ttyp4
crwxr-xr-x 1 root system 30, 5 Jun 23 12:45 ttyp5
crwxr-xr-x 1 root system 30, 6 Jun 23 12:45 ttyp6
crwxr-xr-x 1 root system 30, 7 Jun 23 12:45 ttyp7
crwxr-xr-x 1 root system 30, 8 Jun 23 12:45 ttyp8
crwxr-xr-x 1 root system 30, 9 Jun 23 12:45 ttyp9
crwxr-xr-x 1 root system 30, 10 Jun 23 12:45 ttypa
crwxr-xr-x 1 root system 30, 11 Jun 23 12:45 ttypb
crwxr-xr-x 1 root system 30, 12 Jun 23 12:45 ttypc
crwxr-xr-x 1 root system 30, 13 Jun 23 12:45 ttypd
crwxr-xr-x 1 root system 30, 14 Jun 23 12:45 ttype
crwxr-xr-x 1 root system 30, 15 Jun 23 12:45 ttypf
可以看到除root用户外其它用户对tty设备没有写的权限。
3 问题的处理
明白了报错的原因,处理起来非常容易了,tty设备加上写权限就可以了:
#chmod g+w tty*
#chmod o+w tty*
4 测试一下发现问题正是源于此,问题解决了。
文章出自:http://space.itpub.net/?uid-9134-action-viewspace-itemid-412167
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/11134237/viewspace-661590/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/11134237/viewspace-661590/