Init script has permissions issues, but running with /bin/sh resolves them?

Question

Can someone tell me what's going on here? As far as I knew, these ways of executing an init script are identical.

box:~# whoami
root

box:~# /etc/init.d/nginx restart
nginx: [emerg] open() "/var/run/nginx.pid" failed (13: Permission denied)
nginx: configuration file /etc/nginx/nginx.conf test failed

box:~# service nginx restart
nginx: [emerg] open() "/var/run/nginx.pid" failed (13: Permission denied)
nginx: configuration file /etc/nginx/nginx.conf test failed

box:~# head -1 /etc/init.d/nginx
#!/bin/sh

box:~# /bin/sh /etc/init.d/nginx restart
Stopping nginx:                                            [  OK  ]
Starting nginx:                                            [  OK  ]

I don't understand why this worked and why the permission issue exists in the first place. The init script is running as root and should have access to the pid file.

Update 1: some background

I've tried your standard "permissions issue" troubleshooting, going so far as to make the pid file world-read/writable. Previously, I was getting the same permissions error on the error log, which was in a custom location: on a mount. I tried an unmount/remount with no success. After that I used the "sh" method which worked. After that, it seemed to make the log permissions error go away, though now I'm seeing the same error on the pid file (as you can see).

Update 2: in response to comments

box3:~# ls -alZ /var/run/nginx.pid
-rw-rw-rw-. root root unconfined_u:object_r:var_run_t:s0 /var/run/nginx.pid
box3:~# ls -alZ /etc/init.d/nginx
-rwxr-xr-x. root root system_u:object_r:httpd_initrc_exec_t:s0 /etc/init.d/nginx

Update 3: this is definitely an SELinux problem

Turning off SELinux solves the issue. I need to read up on SELinux Security Contexts.

box:~# setenforce 0
box:~# getenforce
Permissive
box:~# /etc/init.d/nginx restart
Stopping nginx:                                            [  OK  ]
Starting nginx:                                            [  OK  ]
box:~# setenforce 1
box:~# /etc/init.d/nginx restart
nginx: [emerg] open() "/mnt1/logs/nginx-error.log" failed (13: Permission denied)
nginx: configuration file /etc/nginx/nginx.conf test failed

Neither of these is [the proper way to start a service](https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s3-services-running-running.html). — Michael Hampton, Apr 27 '15 at 21:03
The invocation that fails is a direct attempt to execute the script. The second method that works doesn't run the script directly, but sources it as a series of commands. Without the contents of `/etc/init.d/nginx` it's impossible to say why one fails and the other works, but the "Invocation" section of the bash man page is probably apropos in some way. A copy of the man page for bash is here: http://linux.die.net/man/1/sh — Andrew Henle, Apr 27 '15 at 21:08
OK, so what have you tried? You should have already done some investigation into this. Share the results. — Michael Hampton, Apr 27 '15 at 21:09
Aha. You have run afoul of SELinux and now these files have the wrong security contexts. — Michael Hampton, Apr 27 '15 at 21:18
Post the output of `ls -alZ /var/run/nginx.pid` and `ls -alZ /etc/init.d/nginx` — Daniel t., Apr 27 '15 at 21:19
I don't see a problem with the context or permission rights. May be you have to post the contents of the init and config file for nginx. — Daniel t., Apr 27 '15 at 21:47
Hmm it's looking like an SELinux issue. I ran `restorecon -R /var/run` and am now getting a permissions error on the log file again. Reading all I can about SELinux contexts... any help would be appreciated. — laughingbovine, Apr 27 '15 at 21:57
You can easily check if this is SELinux issue or not by temporarily disabling it with `setenforce 0`. To re-enable it use - `setenforce 1` — Daniel t., Apr 27 '15 at 22:02

Init script has permissions issues, but running with /bin/sh resolves them?

0 Answers0