root用户下无法切换普通用户

情景模拟:

[root@cloud ~]# id oracle-admin
uid=500(oracle-admin) gid=500(oracle-admin) 组=500(oracle-admin)
[root@cloud ~]# su oracle-admin
su: /bin/bash: Permission denied
[root@cloud ~]# 

排查思路:

· 用户目录/home/ 权限问题

· su 程序执行权限问题

· 程序依赖的共享库权限问题

· SELinux 问题导致

· 系统根空间问题

排查问题

·目录属主与权限没异常:

[root@cloud ~]# ls -la /home |grep oracle-admin
drwx------.  4 oracle-admin oracle-admin 4096 3月   6 18:55 oracle-admin 
[root@cloud ~]# 

·su也有执行权限

[root@cloud ~]# ll /bin/su
-rwsr-xr-x. 1 root root 34904 11月 22 2013 /bin/su
[root@cloud ~]# 

·su命令依赖共享库文件也没看出啥

[root@cloud ~]# ldd /bin/su
linux-vdso.so.1 =>  (0x00007fff2bf5f000)
libpam.so.0 => /lib64/libpam.so.0 (0x00007f6793ca1000)
libpam_misc.so.0 => /lib64/libpam_misc.so.0 (0x00007f6793a9d000)
libc.so.6 => /lib64/libc.so.6 (0x00007f6793708000)
libaudit.so.1 => /lib64/libaudit.so.1 (0x00007f67934ec000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f67932e8000)
libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f67930b0000)
/lib64/ld-linux-x86-64.so.2 (0x00007f67940c3000)
libfreebl3.so => /lib64/libfreebl3.so (0x00007f6792e39000)
[root@cloud ~]# 

·SELinux 也是忽略的

[root@cloud ~]# grep "SELINUX" /etc/selinux/config 
# SELINUX= can take one of these three values:
SELINUX=permissive
# SELINUXTYPE= can take one of these two values:
SELINUXTYPE=targeted 
[root@cloud ~]# 

最后看下根空间
根空间没跑满

[root@cloud ~]# df -Th
Filesystem     Type   Size  Used Avail Use% Mounted on
/dev/sda3      ext4    36G  2.2G   32G   7% /
tmpfs          tmpfs  931M  228K  931M   1% /dev/shm
/dev/sda1      ext4   388M   31M  337M   9% /boot
[root@cloud ~]#


[root@cloud ~]# ls -la /home/
总用量 12
drwxr-xr-x.  3 root         root         4096 3月   6 19:03 .
drw-rw-rw-. 22 root         root         4096 12月 17 07:09 ..
drwx------.  4 oracle-admin oracle-admin 4096 3月   6 18:55 oracle-admin
[root@cloud ~]# stat /
File: "/"
Size: 4096      	Blocks: 8          IO Block: 4096   目录
Device: 803h/2051d	Inode: 2           Links: 22
Access: (0666/drw-rw-rw-)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2017-03-06 19:02:25.519997870 +0800
Modify: 2016-12-17 07:09:52.524078813 +0800
Change: 2017-03-06 18:05:47.224990662 +0800
[root@cloud ~]# 

此时发现 / 目录下 root 并没有执行权限,加下权限试试

[root@cloud ~]# chmod 755 /
[root@cloud ~]# su oracle-admin
[oracle-admin@cloud root]$ 

[root@cloud ~]# ls -la /home/
总用量 12
drwxr-xr-x.  3 root        root        4096 3月   6 18:02 .
dr-xr-xr-x. 22 root        root        4096 12月 17 07:09 ..
drwx------.  4 orcal-admin orcal-admin 4096 3月   6 18:02 orcal-admin

到此问题解决了,根目录权限默认是755 ,当/目录为666时没有执行权限是无法切换到其他用户的

comments powered by Disqus