環境:CentOS 6.2 ,/quotadisk為獨立分區,專用於磁盤限額。
問題:在運行quotacheck命令時,提示“權限不夠”並且無法建立aquota.user和aquota.group兩個文件。
解決辦法:
[root@centos www.linuxidc.com quotadisk]# tail -4 /var/log/messages | grep setroubleshoot
Feb 29 15:36:12 centos62 setroubleshoot: SELinux is preventing /sbin/quo tacheck from write access on the directory /quotadisk. For complete SELi nux messages. run sealert -l 7e9da0aa-387f-49c8-afaa-315812ca3b23
[root@centos www.linuxidc.com quotadisk]# sealert -l 7e9da0aa-387f-49c8-afaa-315812ca3b23
SELinux is preventing /sbin/quotacheck from write access on the directory /quotadisk.
***** Plugin catchall_labels (83.8 confidence) suggests ********************
If you want to allow quotacheck to have write access on the quotadisk directory
Then you need to change the label on /quotadisk
Do
# semanage fcontext -a -t FILE_TYPE '/quotadisk' <=執行此命令,要把FILE_TYPE換成下面的一種
where FILE_TYPE is one of the following:boot_t, root_t, tmp_t, usr_t, var_t, mail_spool_t, etc_t, mqueue_spool_t, var_spool_t, home_root_t.
Then execute:
restorecon -v '/quotadisk'
***** Plugin catchall (17.1 confidence) suggests ***************************
If you believe that quotacheck should be allowed write access on the quotadisk directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep quotacheck /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
---------------------------------------------------------------
[root@centos www.linuxidc.com ~]# semanage fcontext -a -t usr_t '/quotadisk'
[root@centos www.linuxidc.com ~]# restorecon -v '/quotadisk'
restorecon reset /quotadisk context system_u:object_r:default_t:s0->system_u:object_r:usr_t:s0
[root@centos www.linuxidc.com ~]# quotacheck -acvug
quotacheck: Your kernel probably supports journaled quota but you are not using it. Consider switching to journaled quota to avoid running quotacheck after an unclean shutdown.
quotacheck: Scanning /dev/sda11 [/quotadisk] done
quotacheck: Cannot stat old user quota file: 沒有那個文件或目錄
quotacheck: Cannot stat old group quota file: 沒有那個文件或目錄
quotacheck: Cannot stat old user quota file: 沒有那個文件或目錄
quotacheck: Cannot stat old group quota file: 沒有那個文件或目錄
quotacheck: Checked 2 directories and 2 files
quotacheck: Old file not found.
quotacheck: Old file not found.
[root@centos www.linuxidc.com ~]# ll -Z /quotadisk/
-rw-------. root root unconfined_u:object_r:quota_db_t:s0 aquota.group
-rw-------. root root unconfined_u:object_r:quota_db_t:s0 aquota.user
drwxr-x---. wolf2012 wolf2012 unconfined_u:object_r:usr_t:s0 wold2012
[root@centos www.linuxidc.com ~]# quotaon -avug
[root@centos www.linuxidc.com ~]# edquota -u wolf2012
編輯配額,搞定。
