linux-无法写入我拥有的并被标记为可写的文件?
作者:互联网
我正在研究Debian Jessie.作为用户opuser,我创建了一个文件,并且拥有它:
opuser@mymachine: $ls -lash /webapps/myapp/run/gunicorn.sock
0 srwxrwxrwx 1 opuser webapps 0 Sep 1 18:50 /webapps/myapp/run/gunicorn.sock
现在,如果我尝试打开文件进行写入:
opuser@mymachine: $vi /webapps/myapp/run/gunicorn.sock
vi在底部显示错误:“〜/ run / gunicorn.sock” [权限被拒绝].
拥有文件后,为什么不能打开文件进行写入,并且文件权限显示该文件可全局写入?
更新:
该文件是通过运行gunicorn创建的,而我要进行调试的原因是,gunicorn用户也无法写入该文件:
gunicorn openprescribing.wsgi:application --name myapp_prod --workers 3 --bind=unix:/webapps/webapps/run/gunicorn.sock --user opuser --group webapps --log-level=debug
这是完整的错误:
[2015-09-01 11:18:36 +0000] [9439] [DEBUG] Current configuration:
proxy_protocol: False
worker_connections: 1000
statsd_host: None
max_requests_jitter: 0
post_fork: <function post_fork at 0x7efebefd2230>
pythonpath: None
enable_stdio_inheritance: False
worker_class: sync
ssl_version: 3
suppress_ragged_eofs: True
syslog: False
syslog_facility: user
when_ready: <function when_ready at 0x7efebefc6ed8>
pre_fork: <function pre_fork at 0x7efebefd20c8>
cert_reqs: 0
preload_app: False
keepalive: 2
accesslog: None
group: 999
graceful_timeout: 30
do_handshake_on_connect: False
spew: False
workers: 3
proc_name: myapp_prod
sendfile: True
pidfile: None
umask: 0
on_reload: <function on_reload at 0x7efebefc6d70>
pre_exec: <function pre_exec at 0x7efebefd27d0>
worker_tmp_dir: None
post_worker_init: <function post_worker_init at 0x7efebefd2398>
limit_request_fields: 100
on_exit: <function on_exit at 0x7efebefd2e60>
config: None
secure_scheme_headers: {'X-FORWARDED-PROTOCOL': 'ssl', 'X-FORWARDED-PROTO': 'https', 'X-FORWARDED-SSL': 'on'}
proxy_allow_ips: ['127.0.0.1']
pre_request: <function pre_request at 0x7efebefd2938>
post_request: <function post_request at 0x7efebefd2a28>
user: 999
forwarded_allow_ips: ['127.0.0.1']
worker_int: <function worker_int at 0x7efebefd2500>
threads: 1
max_requests: 0
limit_request_line: 4094
access_log_format: %(h)s %(l)s %(u)s %(t)s "%(r)s" %(s)s %(b)s "%(f)s" "%(a)s"
certfile: None
worker_exit: <function worker_exit at 0x7efebefd2b90>
chdir: /webapps/myapp/myapp
paste: None
default_proc_name: myapp.wsgi:application
errorlog: -
loglevel: debug
logconfig: None
syslog_addr: udp://localhost:514
syslog_prefix: None
daemon: False
ciphers: TLSv1
on_starting: <function on_starting at 0x7efebefc6c08>
worker_abort: <function worker_abort at 0x7efebefd2668>
bind: ['unix:/webapps/myapp/run/gunicorn.sock']
raw_env: []
reload: False
check_config: False
limit_request_field_size: 8190
nworkers_changed: <function nworkers_changed at 0x7efebefd2cf8>
timeout: 30
ca_certs: None
django_settings: None
tmp_upload_dir: None
keyfile: None
backlog: 2048
logger_class: gunicorn.glogging.Logger
statsd_prefix:
[2015-09-01 11:18:36 +0000] [9439] [INFO] Starting gunicorn 19.3.0
Traceback (most recent call last):
File "/home/anna/.virtualenvs/myapp/bin/gunicorn", line 11, in <module>
sys.exit(run())
File "/home/anna/.virtualenvs/myapp/local/lib/python2.7/site-packages/gunicorn/app/wsgiapp.py", line 74, in run
WSGIApplication("%(prog)s [OPTIONS] [APP_MODULE]").run()
File "/home/anna/.virtualenvs/myapp/local/lib/python2.7/site-packages/gunicorn/app/base.py", line 189, in run
super(Application, self).run()
File "/home/anna/.virtualenvs/myapp/local/lib/python2.7/site-packages/gunicorn/app/base.py", line 72, in run
Arbiter(self).run()
File "/home/anna/.virtualenvs/myapp/local/lib/python2.7/site-packages/gunicorn/arbiter.py", line 171, in run
self.start()
File "/home/anna/.virtualenvs/myapp/local/lib/python2.7/site-packages/gunicorn/arbiter.py", line 130, in start
self.LISTENERS = create_sockets(self.cfg, self.log)
File "/home/anna/.virtualenvs/myapp/local/lib/python2.7/site-packages/gunicorn/sock.py", line 211, in create_sockets
sock = sock_type(addr, conf, log)
File "/home/anna/.virtualenvs/myapp/local/lib/python2.7/site-packages/gunicorn/sock.py", line 104, in __init__
os.remove(addr)
OSError: [Errno 13] Permission denied: '/webapps/myapp/run/gunicorn.sock'
解决方法:
您尝试打开的节点是一个套接字.更确切地说,是一个unix域套接字(权限标志中的s发出信号).套接字不是按常规方式打开(2)的(这是vi(1)失败的原因.)必须使用socket(PF_UNIX,…)系统调用(请参见unix(7))来获取它们,然后进行绑定( 2)到文件系统中的正确路径(这是使它们出现在文件系统层次结构中的原因).
一旦使此类套接字工作,就必须将其连接(2)到另一个套接字(或将其绑定到文件系统节点,然后接受(2)),以允许通信从一个套接字流向另一个套接字.
有关套接字api编程(和UNIX域套接字)的介绍,请阅读R.W.Stevens着名的Unix Network Programming,第1卷:套接字网络API(第3版).
标签:debian,file-permissions,linux 来源: https://codeday.me/bug/20191027/1948372.html