systemctl status mysqld
● mysqld.service - MySQL Server Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled; vendor preset: disabled) Active: failed (Result: start-limit) since 二 2023-07-18 20:15:00 CST; 2min 19s ago Docs: man:mysqld(8) http://dev.mysql.com/doc/refman/en/using-systemd.html Process: 4357 ExecStart=/usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid $MYSQLD_OPTS (code=exited, status=1/FAILURE) Process: 4085 ExecStartPre=/usr/bin/mysqld_pre_systemd (code=exited, status=0/SUCCESS) 7月 18 20:14:59 localhost.localdomain systemd[1]: Failed to start MySQL Server. 7月 18 20:14:59 localhost.localdomain systemd[1]: Unit mysqld.service entered failed state. 7月 18 20:14:59 localhost.localdomain systemd[1]: mysqld.service failed. 7月 18 20:15:00 localhost.localdomain systemd[1]: mysqld.service holdoff time over, scheduling restart. 7月 18 20:15:00 localhost.localdomain systemd[1]: Stopped MySQL Server. 7月 18 20:15:00 localhost.localdomain systemd[1]: start request repeated too quickly for mysqld.service 7月 18 20:15:00 localhost.localdomain systemd[1]: Failed to start MySQL Server. 7月 18 20:15:00 localhost.localdomain systemd[1]: Unit mysqld.service entered failed state. 7月 18 20:15:00 localhost.localdomain systemd[1]: mysqld.service failed.
systemctl start mysqld
Job for mysqld.service failed because the control process exited with error code. See “systemctl status mysqld.service” and “journalctl -xe” for details.
chown是一个常用的Linux/Unix命令,用于改变文件或目录的所有者(owner)。它的主要作用是将文件或目录的所有权转移给指定的用户或用户组。
chown命令的语法如下:
chown [选项] 用户名:用户组 文件/目录
其中,常用的选项包括:
-R:递归地改变指定目录及其子目录下的文件和目录的所有权。
-c:只在执行改变所有权操作时显示提示信息。
-v:显示详细的操作信息。
使用chown命令,可以实现以下功能:
转移文件/目录的所有权:可以将文件/目录的所有者更改为其他用户。
chown 用户名 文件/目录
转移用户组所有权:可以将文件/目录的用户组更改为其他用户组。
chown :用户组 文件/目录
同时转移所有者和用户组所有权:可以将文件/目录的所有者和用户组同时更改为其他用户和用户组。
chown 用户名:用户组 文件/目录
递归改变文件/目录的所有权:通过添加 -R 选项,可以递归地改变指定目录及其子目录下的所有文件和目录的所有权。
chown -R 用户名:用户组 目录
chown命令常用于系统管理员或文件的所有者进行文件/目录的权限管理。它可以帮助确保合适的用户或用户组拥有适当的访问权限,并提高系统的安全性和可管理性。
使用chown授予目录里权限
chown mysql:mysql -R /var/lib/mysql
chown mysql -R /var/lib/mysql
systemctl start mysqld
Job for mysqld.service failed because the control process exited with error code. See “systemctl status mysqld.service” and “journalctl -xe” for details.
[root@localhost ~]# journalctl -xe
Then execute:
restorecon -v ‘/cdh/logs/mysqld.log’
Plugin catchall (17.1 confidence) suggests If you believe that mysqld should be allowed append access on the mysqld.log file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'mysqld' --raw | audit2allow -M my-mysqld # semodule -i my-mysqld.pp
7月 18 20:24:15 localhost.localdomain setroubleshoot[11170]: failed to retrieve rpm info for /cdh/logs/mysqld.log
7月 18 20:24:15 localhost.localdomain setroubleshoot[11170]: SELinux is preventing /usr/sbin/mysqld from append access on the file /cdh/logs/mysqld.log. For complete SELinux messages run: sealert -l 4f2a
7月 18 20:24:15 localhost.localdomain python[11170]: SELinux is preventing /usr/sbin/mysqld from append access on the file /cdh/logs/mysqld.log.
***** Plugin catchall_labels (83.8 confidence) suggests ******************* If you want to allow mysqld to have append access on the mysqld.log file Then you need to change the label on /cdh/logs/mysqld.log Do # semanage fcontext -a -t FILE_TYPE '/cdh/logs/mysqld.log' where FILE_TYPE is one of the following: NetworkManager_log_t, NetworkManager_tmp_t, abrt_tmp_t, abrt_upload_watch_tmp_t, abrt_var_cache_t, abrt_var_ Then execute: restorecon -v '/cdh/logs/mysqld.log'
***** Plugin catchall (17.1 confidence) suggests **************************
If you believe that mysqld should be allowed append access on the mysqld.log file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'mysqld' --raw | audit2allow -M my-mysqld # semodule -i my-mysqld.pp
lines 2190-2228/2228 (END)
Then execute:
restorecon -v ‘/cdh/logs/mysqld.log’
***** Plugin catchall (17.1 confidence) suggests ************************** If you believe that mysqld should be allowed append access on the mysqld.log file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'mysqld' --raw | audit2allow -M my-mysqld # semodule -i my-mysqld.pp
7月 18 20:24:15 localhost.localdomain setroubleshoot[11170]: failed to retrieve rpm info for /cdh/logs/mysqld.log
7月 18 20:24:15 localhost.localdomain setroubleshoot[11170]: SELinux is preventing /usr/sbin/mysqld from append access on the file /cdh/logs/mysqld.log. For complete SELinux messages run: sealert -l 4f2a4ed9-4
7月 18 20:24:15 localhost.localdomain python[11170]: SELinux is preventing /usr/sbin/mysqld from append access on the file /cdh/logs/mysqld.log.
***** Plugin catchall_labels (83.8 confidence) suggests ******************* If you want to allow mysqld to have append access on the mysqld.log file Then you need to change the label on /cdh/logs/mysqld.log Do # semanage fcontext -a -t FILE_TYPE '/cdh/logs/mysqld.log' where FILE_TYPE is one of the following: NetworkManager_log_t, NetworkManager_tmp_t, abrt_tmp_t, abrt_upload_watch_tmp_t, abrt_var_cache_t, abrt_var_log_t, Then execute: restorecon -v '/cdh/logs/mysqld.log'
***** Plugin catchall (17.1 confidence) suggests **************************
If you believe that mysqld should be allowed append access on the mysqld.log file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'mysqld' --raw | audit2allow -M my-mysqld # semodule -i my-mysqld.pp
~
~
~
lines 2190-2228/2228 (END)
Then execute:
restorecon -v ‘/cdh/logs/mysqld.log’
***** Plugin catchall (17.1 confidence) suggests ************************** If you believe that mysqld should be allowed append access on the mysqld.log file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'mysqld' --raw | audit2allow -M my-mysqld # semodule -i my-mysqld.pp
7月 18 20:24:15 localhost.localdomain setroubleshoot[11170]: failed to retrieve rpm info for /cdh/logs/mysqld.log
7月 18 20:24:15 localhost.localdomain setroubleshoot[11170]: SELinux is preventing /usr/sbin/mysqld from append access on the file /cdh/logs/mysqld.log. For complete SELinux messages run: sealert -l 4f2a
7月 18 20:24:15 localhost.localdomain python[11170]: SELinux is preventing /usr/sbin/mysqld from append access on the file /cdh/logs/mysqld.log.
***** Plugin catchall_labels (83.8 confidence) suggests ******************* If you want to allow mysqld to have append access on the mysqld.log file Then you need to change the label on /cdh/logs/mysqld.log Do # semanage fcontext -a -t FILE_TYPE '/cdh/logs/mysqld.log' where FILE_TYPE is one of the following: NetworkManager_log_t, NetworkManager_tmp_t, abrt_tmp_t, abrt_upload_watch_tmp_t, abrt_var_cache_t, abrt_var_ Then execute: restorecon -v '/cdh/logs/mysqld.log'
***** Plugin catchall (17.1 confidence) suggests **************************
If you believe that mysqld should be allowed append access on the mysqld.log file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'mysqld' --raw | audit2allow -M my-mysqld # semodule -i my-mysqld.pp
重点错误信息:
7月 18 20:24:15 localhost.localdomain setroubleshoot[11170]: SELinux is preventing /usr/sbin/mysqld from append access on the file /cdh/logs/mysqld.log. For complete SELinux messages run: sealert -l 4f2a
SELinux(Security-Enhanced Linux)是一个安全增强的Linux安全模块,它提供了Linux系统级别的强制访问控制(MAC)机制。它的目标是通过附加强制访问控制机制,限制进程的权限,并提供更细粒度的访问控制来增强系统的安全性。
相对于传统的Linux访问控制方式(基于用户和权限的访问控制),SELinux引入了基于角色的访问控制和类型强制访问控制。它通过在内核中实施安全策略和访问规则来限制进程对资源的访问,并控制进程间的相互作用。
getenforce是一个用于查看SELinux当前状态的命令。它通常用于检查SELinux的执行模式,以确定SELinux是启用还是禁用,并获取其当前的执行级别。
getenforce
Enforcing
[root@localhost ~]# setenforce 0 [root@localhost ~]# sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config [root@localhost ~]# getenforce
Permissive
[root@localhost ~]# systemctl start mysqld [root@localhost ~]# systemctl status mysqld
● mysqld.service - MySQL Server
Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled; vendor preset: disabled)
Active: active (running) since 二 2023-07-18 20:26:07 CST; 5s ago
Docs: man:mysqld(8)
http://dev.mysql.com/doc/refman/en/using-systemd.html
Process: 13063 ExecStart=/usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid $MYSQLD_OPTS (code=exited, status=0/SUCCESS)
Process: 13036 ExecStartPre=/usr/bin/mysqld_pre_systemd (code=exited, status=0/SUCCESS)
Main PID: 13066 (mysqld)
Tasks: 30
CGroup: /system.slice/mysqld.service
└─13066 /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
7月 18 20:26:06 localhost.localdomain systemd[1]: Starting MySQL Server…
7月 18 20:26:07 localhost.localdomain systemd[1]: Started MySQL Server.