一个小小案例：root用户滥用的危害

前言

最近，熊大所在部门，正在弄一个本地部署的应用服务器综合产品。在应用服务器中，会嵌入启动SAP SQL Anywhere (又称ASA)的MobiLink Server服务，相当于JNI方式调用。

本来，使用普通的当前用户，去启动整个Java进程，一切都无毛病，结果不知道哪个小白，上去，直接用root用户，一顿骚操作，起是起来了。后来，别的开发人员，发现服务进程停不掉，杀掉以后，再用普通用户，起进程，起不来了。

等于，整个系统搞乱了。

分析

熊大碰到那个起不来的场景，真想好好的说一顿，不知道现在为何还有那么多人容易犯这类低级错误。他看看了系统日志：

{"msg":" [-10282] Unable to create a shared memory file","level":"WARN","written_ts":"1723625706777269074","logger":"com.sap.odata.offline.util.NativeLogger","written_at":"2024-08-14T08:55:06.777Z","thread":"MobiLinkMain","type":"log"}                                   {"msg":" [-10382] The synchronization server has failed to start","level":"WARN","written_ts":"1723625706777544864","logger":"com.sap.odata.offline.util.NativeLogger","written_at":"2024-08-14T08:55:06.777Z","thread":"MobiLinkMain","type":"log"}                                 {"msg":"...after StartML","level":"INFO","written_ts":"1723625706788609791","logger":"com.sap.mobile.platform.server.mobilink.MLServer","written_at":"2024-08-14T08:55:06.788Z","thread":"MobiLinkMain","type":"log"}

里边，非常明显的错误信息：

[-10282] Unable to create a shared memory file

但是，这玩意儿，给的不是很具体。还得去查SAP的相关NOTE。

The MobiLink server was not able to create a shared memory file using the given MobiLink server name. Please check if a MobiLink server with the same name is currently running on the local machine.

SAP的内部文档^[1]：https://me.sap.com/notes/0002475949

提醒：Set Mobilink startup option -zswith a unique name

CauseThe synchronization server was not able to create a shared memory file using the given synchronization server nameAnother Mobilink server is running with the same name (or without -zs option set) on the same machineResolutionSet Mobilink startup option -zswith a unique name

要给一个唯一的名字。这个想必是不会出错的。代码里头每次用的都是自己的名字。那么，到底哪儿出错？

Shared memory is created in a temp directory on *nix. This error is reported, as it indicates, when that file cannot be created. Here is what happens:

• A directory is created, if it does not exist, for the application.
• A file, based on the MobiLink server name, is created in that directory.

The error will be reported if the dir or file cannot be created. Or it there is a problem cleaning up an shared memory file from a previous run. It can also occur if there is an existing server running (the file has exclusive access so if there is already a ML server running with the server name (default or -zs value) it will fail.

Given that a root user can start but a non-root user cannot, I will guess that the non-root user does not have permissions to open a file with read write, create, and/or exclusive access. The directory that is created in  /tmp/.MobiLink  and the shared memory file would be (I believe) like shutdown17 oris the value provided in the -zs option.

I would start by checking if the user can create the directory /tmp/.MobiLink and then a file in that directory.

Note里头提示的蛮详细，最后可能就是/tmp/.MobiLink这个目录在搞鬼，被root用户给篡权了。

解决方法也很简单：

root@sean-ub5:/tmp# rm -rf .MobiLink                                                                         root@sean-ub5:/tmp#

彻底删除该目录即可。然后一切恢复正常。

总结

熊大想要提醒的是，上边这种情形还是相对简单一点的。因为root用户可能修改访问权限的不只这一个目录（资源）。推而广之，在PostgreSQL数据库以及其他数据库使用当中，同样要使用专门的DB用户去启停数据库。PostgreSQL甚至为此，完全禁止root用户启停数据库，这就很好了。上边的应用服务程序，其实也可以加一个预判断，避免此类问题的再次发生。

• 永远要遵循最小权限原则
• 最大程度减少root用户的使用

参考资料

往期导读: 
1. PostgreSQL中配置单双向SSL连接详解
2. 提升PSQL使用技巧：PostgreSQL中PSQL使用技巧汇集(1)
3. 提升PSQL使用技巧：PostgreSQL中PSQL使用技巧汇集(2)
4. PostgreSQL SQL的基础使用及技巧
5. PostgreSQL开发技术基础:过程与函数
6. PostgreSQL中vacuum 物理文件truncate发生的条件
7. PostgreSQL中表的年龄与Vacuum的实验探索：Vacuum有大用
8. PostgreSQL利用分区表来弥补AutoVacuum的不足
9. 也聊聊PostgreSQL中的空间膨胀与AutoVacuum
10. 正确理解SAP BTP中hyperscaler PG中的IOPS (AWS篇)