linux ll 限制个数,解决SELINUX限制quota的问题

环境：centos 6.2 ，/quotadisk为独立分区，专用于磁盘限额。

问题：在运行quotacheck命令时，提示“权限不够”并且无法建立aquota.user和aquota.group两个文件。

解决办法：

[root@centos www.linuxidc.com quotadisk]# tail -4 /var/log/messages | grep setroubleshootFeb 29 15:36:12 centos62 setroubleshoot: SELinux is preventing /sbin/quo        tacheck from write access on the directory /quotadisk. For complete SELi        nux messages. run sealert -l 7e9da0aa-387f-49c8-afaa-315812ca3b23

[root@centos www.linuxidc.com quotadisk]# sealert -l 7e9da0aa-387f-49c8-afaa-315812ca3b23SELinux is preventing /sbin/quotacheck from write access on the directory /quotadisk.

*****  Plugin catchall_labels (83.8 confidence) suggests  ********************

If you want to allow quotacheck to have write access on the quotadisk directory

Then you need to change the label on /quotadisk

Do

# semanage fcontext -a -t FILE_TYPE '/quotadisk' <=执行此命令，要把FILE_TYPE换成下面的一种

where FILE_TYPE is one of the following:boot_t, root_t, tmp_t, usr_t, var_t, mail_spool_t, etc_t, mqueue_spool_t, var_spool_t, home_root_t.

Then execute:

restorecon -v '/quotadisk'

*****  Plugin catchall (17.1 confidence) suggests  ***************************

If you believe that quotacheck should be allowed write access on the quotadisk directory by default.

Then you should report this as a bug.

You can generate a local policy module to allow this access.

Do

allow this access for now by executing:

# grep quotacheck /var/log/audit/audit.log | audit2allow -M mypol

# semodule -i mypol.pp

---------------------------------------------------------------

[root@centos www.linuxidc.com ~]# semanage fcontext -a -t usr_t '/quotadisk'

[root@centos www.linuxidc.com ~]# restorecon -v '/quotadisk'restorecon reset /quotadisk context system_u:object_r:default_t:s0->system_u:object_r:usr_t:s0

[root@centos www.linuxidc.com ~]# quotacheck -acvugquotacheck: Your kernel probably supports journaled quota but you are not using it. Consider switching to journaled quota to avoid running quotacheck after an unclean shutdown.

quotacheck: Scanning /dev/sda11 [/quotadisk] done

quotacheck: Cannot stat old user quota file: 没有那个文件或目录

quotacheck: Cannot stat old group quota file: 没有那个文件或目录

quotacheck: Cannot stat old user quota file: 没有那个文件或目录

quotacheck: Cannot stat old group quota file: 没有那个文件或目录

quotacheck: Checked 2 directories and 2 files

quotacheck: Old file not found.

quotacheck: Old file not found.

[root@centos www.linuxidc.com ~]# ll -Z /quotadisk/-rw-------. root root unconfined_u:object_r:quota_db_t:s0 aquota.group

-rw-------. root root unconfined_u:object_r:quota_db_t:s0 aquota.user

drwxr-x---. wolf2012 wolf2012 unconfined_u:object_r:usr_t:s0   wold2012

[root@centos www.linuxidc.com ~]# quotaon -avug

[root@centos www.linuxidc.com ~]# edquota -u wolf2012编辑配额，搞定。