ubuntu - systemd 服务文件执行命令失败:权限被拒绝
问题描述
我正在将systemd service file
ubuntu 18 和 NGINX 作为 Web 服务器的 DigitalOcean 服务器上创建。
的脚本systemd service file
是:
[Unit]
Description=gunicorn daemon
After=network.target
[Service]
Type=oneshot
User=root
Group=www-data
WorkingDirectory=/var/www/computationalMarketing
ExecStart=/var/www/computationalMarketing/bin/activate
ExecStart=/var/www/computationalMarketing/computationalMarketing/code/computationalMarketing/gunicorn --access-logfile --bind unix:/tmp/gunicorn.sock computationalMarketing.wsgi:application
[Install]
WantedBy=multi-user.target
错误日志是:
Warning: The unit file, source configuration file or drop-ins of gunicorn.service changed on disk. Run 'systemctl daemon-reload' to reload units.
● gunicorn.service - gunicorn daemon
Loaded: loaded (/etc/systemd/system/gunicorn.service; disabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Tue 2018-07-03 11:57:19 UTC; 10s ago
Process: 8446 ExecStart=/var/www/computationalMarketing/bin/activate (code=exited, status=217/USER)
Main PID: 8446 (code=exited, status=217/USER)
Jul 03 11:57:19 tfm-rius systemd[1]: Starting gunicorn daemon...
Jul 03 11:57:19 tfm-rius systemd[8446]: gunicorn.service: Failed to determine user credentials: No such process
Jul 03 11:57:19 tfm-rius systemd[8446]: gunicorn.service: Failed at step USER spawning /var/www/computationalMarketing/bin/activate: No such process
Jul 03 11:57:19 tfm-rius systemd[1]: gunicorn.service: Main process exited, code=exited, status=217/USER
Jul 03 11:57:19 tfm-rius systemd[1]: gunicorn.service: Failed with result 'exit-code'.
Jul 03 11:57:19 tfm-rius systemd[1]: Failed to start gunicorn daemon.
root@tfm-rius:/var/www/computationalMarketing/computationalMarketing/code/computationalMarketing#
此错误是否与服务主体中使用的用户有关,或者可能与 execStart 命令之一有关?
编辑:
我将服务机构的用户更改为:www-data
现在,日志错误是:gunicorn.service: Failed to execute command: Permission denied
应该使用哪个用户?我该如何纠正这个错误?
编辑2
正如奥利弗在我执行的评论中所说:
ls -la /var/www/computationalMarketing/bin/activate
输出是:
-rw-r--r-- 1 root root 2243 Jun 28 10:11 /var/www/computationalMarketing/bin/activate
我有两个 ExecStart 由于我必须先激活 virtualenv 然后激活 gunicorn 以允许应用程序工作。
执行后记录:chmod 755 /var/www/computationalMarketing/bin/activate
gunicorn.service - gunicorn daemon
Loaded: loaded (/etc/systemd/system/gunicorn.service; disabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Fri 2018-07-06 20:39:45 UTC; 9s ago
Process: 3472 ExecStart=/var/www/computationalMarketing/bin/activate (code=exited, status=203/EXEC)
Main PID: 3472 (code=exited, status=203/EXEC)
Jul 06 20:39:45 tfm-rius systemd[1]: Starting gunicorn daemon...
Jul 06 20:39:45 tfm-rius systemd[3472]: gunicorn.service: Failed to execute command: Exec format error
Jul 06 20:39:45 tfm-rius systemd[3472]: gunicorn.service: Failed at step EXEC spawning /var/www/computationalMarketing/bin/activate: Exec format error
Jul 06 20:39:45 tfm-rius systemd[1]: gunicorn.service: Main process exited, code=exited, status=203/EXEC
Jul 06 20:39:45 tfm-rius systemd[1]: gunicorn.service: Failed with result 'exit-code'.
Jul 06 20:39:45 tfm-rius systemd[1]: Failed to start gunicorn daemon.
解决方案
如果 SELinux 正在执行这将导致 Exec/203 错误。您可以检查并修复如下:
getenforce
tail -f /var/log/audit/audit.log
ls -lZ /var/www/computationalMarketing/bin/activate
semanage fcontext -a -t bin_t /var/www/computationalMarketing/bin/activate
restorecon -vF /var/www/computationalMarketing/bin/activate
推荐阅读
- ruby-on-rails - 模态打开后出现在 url 中的符号
- codenameone - 支持 DatagramSocket (UDP)?
- python - 如何用不同的情节修复颜色条
- php - 虽然 mysqli_fetch_array 因内部服务器错误而停止 (500)
- java - 线程池执行代码,但在 IDE 内容辅助中没有关闭选项
- python - 如何使用 tkinter 在 python 中修复“无法调用按钮命令”
- excel - #姓名!以前工作的 UDF 函数出错
- apache-kafka-streams - 写入 Kafka Streams 上的 GlobalStateStore
- sql-server - SQL Server - VIEWS - 跟踪上次更改时间和更改时间的用户
- json - 混合 GSP 和 JSON 视图时如何设置首选视图分辨率