I use a shutdown-script to backup the files on an instance before it is shutdown.
In this shutdown-script, the gsutil tool is used to send files to a bucket at google cloud storage.
/snap/bin/gsutil -m rsync -d -r /home/ganjin/notebook gs://ganjin-computing/XXXXXXXXXXX/TEST-202104/notebook
It worked well for long days. But recently, there occurs some error as below.
If I run the code manually, it works well. It seems that there is something wrong with jobs management of systemd.
Could anyone give me some hint?
INFO shutdown-script: /snap/bin/gsutil -m rsync -d -r /home/ganjin/notebook gs://ganjin-computing/XXXXXXXXXXX/TEST-202104/notebook
Apr 25 03:00:41 instance-XXXXXXXXXXX systemd[1]: Requested transaction contradicts existing jobs: Transaction for snap.google-cloud-sdk.gsutil.d027e14e-3905-4c96-9e42-c1f5ee9c6b1d.scope/start is destructive (poweroff.target has 'start' job queued, but 'stop' is included in transaction).
Apr 25 03:00:41 instance-XXXXXXXXXXX shutdown-script: INFO shutdown-script: internal error, please report: running "google-cloud-sdk.gsutil" failed: cannot create transient scope: DBus error "org.freedesktop.systemd1.TransactionIsDestructive": [Transaction for snap.google-cloud-sdk.gsutil.d027e14e-3905-4c96-9e42-c1f5ee9c6b1d.scope/start is destructive (poweroff.target has 'start' job queued, but 'stop' is included in transaction).]
Update gsutil with -f option.
update gsutil -f
If the above command doesn’t work then try the command below:
sudo apt-get update && sudo apt-get --only-upgrade install google-cloud-sdk
Update guest environment and try to shutdown the instance. Use the link below as a reference to update the guest environment.
https://cloud.google.com/compute/docs/images/install-guest-environment#update-guest
If still facing issues do forceful shutdown:
sudo poweroff -f
I've recently started using Google's Compute engine for some of my projects the problem is my startup script doesn't seem to work, For some reason my script just doesn't work, the VM has the startup-script metadata and it works fine when I run it manually with:
sudo google_metadata_script_runner --script-type startup
Here is what I am trying to run on startup:
#!/bin/bash
sudo apt-get update
sudo rm -f Eve.jar
sudo rm -f GameServerStatus.jar
wget <URL>/Eve.jar
wget <URL>/GameServerStatus.jar
sudo chmod 7777 Eve.jar
sudo chmod 7777 GameServerStatus.jar
screen -dmS Eve sh Eve.sh
screen -dmS PWISS sh GameServerStatus.sh
There are no errors in the log either, it just seems to stop at the chmod or screen commands, Any ideas?
Thanks!
To add to kangbu's answer:
Checking the logs in container-optimized OS by
sudo journalctl -u google-startup-scripts.service
showed that the script could not find the user. After a long time of debugging I finally added a delay before the sudo and now it works. Seems the user is not registered when the script runs.
#! /bin/bash
sleep 10 # wait...
cut -d: -f1 /etc/passwd > /home/user/users.txt # make sure the user exists
cd /home/user/project # cd does not work after sudo, do it before
sudo -u user bash -c '\
source /home/user/.bashrc && \
<your-task> && \
date > /home/user/startup.log'
I have the same problem #Brina mentioned. I set up metadata key startup-script and value like:
touch a
ls -al > test.txt
When I ran the script above sudo google_metadata_script_runner --script-type startup, it worked perfectly, However if I reset my VM instance the startup script didn't work. So, I checked startup script logs
...
Jul 3 04:30:37 kbot-6 ntpd[1514]: Listen normally on 5 eth0 fe80::4001:aff:fe8c:7 UDP 123
Jul 3 04:30:37 kbot-6 ntpd[1514]: peers refreshed
Jul 3 04:30:37 kbot-6 ntpd[1514]: Listening on routing socket on fd #22 for interface updates
Jul 3 04:30:38 kbot-6 startup-script: INFO Starting startup scripts.
Jul 3 04:30:38 kbot-6 startup-script: INFO Found startup-script in metadata.
Jul 3 04:30:38 kbot-6 startup-script: INFO startup-script: Return code 0.
Jul 3 04:30:38 kbot-6 startup-script: INFO Finished running startup scripts.
Yes. they found startup-script and ran it. I guessed it had executed as an another user. I changed my script like this:
pwd > /tmp/pwd.txt
whoami > /tmp/whoami.txt
The result is:
myuserid#kbot-6:/tmp$ cat pwd.txt whoami.txt
/
root
Yes. It was executed at the / diectory as root user. Finally, I changed my script to sudo -u myuserid bash -c ... which run it by specified userid.
Go to the VM instances page.
Click on the instance for which you want to add a startup script.
Click the Edit button at the top of the page.
Under Custom metadata, click Add item.
Add your startup script using one of the following keys:
startup-script: Supply the startup script contents directly with this key.
startup-script-URL: Supply a Google Cloud Storage URL to the start script file with this key.
It is working. The documentation for the new instance and existing instance as shown in GCE Start Up Script
Startup script output is written to the following log files:
CentOS and RHEL: /var/log/messages
Debian: /var/log/daemon.log
Ubuntu 14.04, 16.04, and 16.10: /var/log/syslog
On Ubuntu 12.04, SLES 11 and 12, and all images older than v20160606:
sudo /usr/share/google/run-startup-scripts
think that you do not need sudo, as well as the chmod 7777 should be 777
also a cd (or at least a pwd) at the beginning might be useful.
... log to text file, in order to know where the script may fail.
Console says
[root#ip-172-31-18-2 mysql]# service mysqld start
Starting mysqld (via systemctl): Job for mysqld.service failed because the control process exited with an error code. See "systemctl status mysqld.service" and "journalctl -xe" for details.
mysqld.service
[root#ip-172-31-18-2 mysql]# systemctl status mysqld.service
● mysqld.service - SYSV: MySQL database server.
Loaded: loaded (/etc/rc.d/init.d/mysqld)
Active: failed (Result: exit-code) since Sat 2017-02-18 20:59:17 IST; 36s ago
Docs: man:systemd-sysv-generator(8)
Process: 9925 ExecStart=/etc/rc.d/init.d/mysqld start (code=exited, status=1/FAILURE)
Feb 18 20:59:16 ip-172-31-18-2.ap-southeast-1.compute.internal systemd[1]: Starting SYSV: MySQL database server....
Feb 18 20:59:17 ip-172-31-18-2.ap-southeast-1.compute.internal mysqld[9925]: MySQL Daemon failed to start.
Feb 18 20:59:17 ip-172-31-18-2.ap-southeast-1.compute.internal mysqld[9925]: Starting mysqld: [FAILED]
Feb 18 20:59:17 ip-172-31-18-2.ap-southeast-1.compute.internal systemd[1]: mysqld.service: control process exited, code=exited status=1
Feb 18 20:59:17 ip-172-31-18-2.ap-southeast-1.compute.internal systemd[1]: Failed to start SYSV: MySQL database server..
Feb 18 20:59:17 ip-172-31-18-2.ap-southeast-1.compute.internal systemd[1]: Unit mysqld.service entered failed state.
Feb 18 20:59:17 ip-172-31-18-2.ap-southeast-1.compute.internal systemd[1]: mysqld.service failed.
What I have tried until now:
mysqld_safe --defaults-file=/etc/my.cf
chown -R mysql:mysql /var/lib/mysql
/etc/init.d/mysqld start
/etc/init.d/mysqld stop
systemctl restart systemd-logind
rebooted the server
Still no luck.
my.cnf file
# For advice on how to change settings please see
# http://dev.mysql.com/doc/refman/5.7/en/server-configuration-defaults.html
[mysqld]
#
# Remove leading # and set to the amount of RAM for the most important data
# cache in MySQL. Start at 70% of total RAM for a dedicated server, else 10%.
# innodb_buffer_pool_size = 128M
#
# Remove leading # to turn on a very important data integrity option: logging
# changes to the binary log between backups.
# log_bin
#
# Remove leading # to set options mainly useful for reporting servers.
# The server defaults are faster for transactions and fast SELECTs.
# Adjust sizes as needed, experiment to find the optimal values.
# join_buffer_size = 128M
# sort_buffer_size = 2M
# read_rnd_buffer_size = 2M
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
This amazingly worked.
/etc/init.d/mysql stop
service mysql stop
killall -KILL mysql mysqld_safe mysqld
/etc/init.d/mysql start
service mysql start
I had the same error, the problem was because I no longer had disk space.
to check the space run this:
$ df -h
Then delete some files that you didn't need.
After this commands:
service mysql start
systemctl status mysql.service
mysql -u root -p
After entering with the root password verify that the mysql service was active
I met this problem today, and fix it with bellowed steps.
1, Check the log file /var/log/mysqld.log
tail -f /var/log/mysqld.log
2017-03-14T07:06:53.374603Z 0 [ERROR] /usr/sbin/mysqld: Can't create/write to file '/var/run/mysqld/mysqld.pid' (Errcode: 2 - No such file or directory)
2017-03-14T07:06:53.374614Z 0 [ERROR] Can't start server: can't create PID file: No such file or directory
The log says that there isn't a file or directory /var/run/mysqld/mysqld.pid
2, Create the directory /var/run/mysqld
mkdir -p /var/run/mysqld/
3, Start the mysqld again service mysqld start, but still fail, check the log again /var/log/mysqld.log
2017-03-14T07:14:22.967667Z 0 [ERROR] /usr/sbin/mysqld: Can't create/write to file '/var/run/mysqld/mysqld.pid' (Errcode: 13 - Permission denied)
2017-03-14T07:14:22.967678Z 0 [ERROR] Can't start server: can't create PID file: Permission denied
It saids permission denied.
4, Grant the permission to mysql
chown mysql.mysql /var/run/mysqld/
5, Restart the mysqld
# service mysqld restart
Restarting mysqld (via systemctl): [ OK ]
These are the steps I took to correct this:
Back up your my.cnf file in /etc/mysql and remove or rename it
sudo mv /etc/mysql/my.cnf /etc/mysql/my.cnf.bak
Remove the folder /etc/mysql/mysql.conf.d/ using
sudo rm -r /etc/mysql/mysql.conf.d/
Verify you don't have a my.cnf file stashed somewhere else (I did in my home dir!) or in /etc/alternatives/my.cnf use
sudo find / -name my.cnf
Now reinstall every thing
sudo apt purge mysql-server mysql-server-5.7 mysql-server-core-5.7
sudo apt install mysql-server
In case your syslog shows an error like "mysqld: Can't read dir of '/etc/mysql/conf.d/'" create a symbolic link:
sudo ln -s /etc/mysql/mysql.conf.d /etc/mysql/conf.d
Then the service should be able to start with sudo service mysql start.
I hope it work
In my particular case, the error was appearing due to missing /var/log/mysql with mysql-server package 5.7.21-1 on Debian-based Linux distro. Having ran strace and sudo /usr/sbin/mysqld --daemonize --pid-file=/run/mysqld/mysqld.pid ( which is what the systemd service actually runs), it became apparent that the issue was due to this:
2019-01-01T09:09:22.102568Z 0 [ERROR] Could not open file '/var/log/mysql/error.log' for error logging: No such file or directory
I've recently removed contents of several directories in /var/log so it was no surprise. The solution was to create the directory and make it owned by mysql user as in
$ sudo mkdir /var/log/mysql
$ sudo chown -R mysql:mysql /var/log/mysql
Having done that I've happily logged in via sudo mysql -u root and greeted with the old and familiar mysql> prompt
if your problem not fix, you can try check more problem.
maybe mysql crash , like this :
you can check log in
sudo cat /var/log/mysql/error.log
or you check
sudo ls /var/crash
try
sudo chown mysql:mysql -R /var/lib/mysql
then start your mysql service
systemctl start mysqld
the issue is with the "/etc/mysql/my.cnf". this file must be modified by other libraries that you installed. this is how it originally should look like:
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License, version 2.0,
# as published by the Free Software Foundation.
#
# This program is also distributed with certain software (including
# but not limited to OpenSSL) that is licensed under separate terms,
# as designated in a particular file or component or in included license
# documentation. The authors of MySQL hereby grant you an additional
# permission to link the program and your derivative works with the
# separately licensed software that they have included with MySQL.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License, version 2.0, for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
#
# The MySQL Server configuration file.
#
# For explanations see
# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
# * IMPORTANT: Additional settings that can override those from this file!
# The files must end with '.cnf', otherwise they'll be ignored.
#
!includedir /etc/mysql/conf.d/
!includedir /etc/mysql/mysql.conf.d/
I was also facing same issue .
root#*******:/root >mysql -uroot -password
mysql: [Warning] Using a password on the command line interface can be
insecure. ERROR 2002 (HY000): Can't connect to local MySQL server
through socket '/var/lib/mysql/mysql.sock' (2)
I found ROOT FS was also full and then I killed below lock session .
root#**********:/var/lib/mysql >ls -ltr
total 0
-rw------- 1 mysql mysql 0 Sep 9 06:41 mysql.sock.lock
Finally Issue solved .
open my.cnf and copy the log-error path
then check the permission for the copied log file using
$ ls -l /var/log/mysql.log
if any log file permission may changed from mysql:mysql, please change the file permission to
$ chown -R mysql:mysql /var/log/mysql.log
then restart the mysql server
$ service mysql restart || systemctl restart mysqld
note: this kind of errors formed by the permission issues. all the mysql service start commands using the log file for writing the status of mysql. If the permission has been changed, the service can't be write anything into the log files. If it happens it will stopped to run the service
remove any command of "secure_file_priv" in /etc/mysql/my.cnf and restart mysql.
If you want to use a file in mysql, copy those files to the main folder.
The main folder is obtained this way : SHOW VARIABLES LIKE "secure_file_priv";
You can purge all mysql-related packages and reinstall them with the following commands:
PACKAGES="mysql-server mysql-community-server mysql-community-server-core mysql-client mysql-client mysql-community-client mysql-community-client-core mysql-common mysql-community-client-plugins php-mysql"
apt purge $PACKAGES
echo "any remaining installed packages:"
dpkg -l|grep ii|grep mysql
apt install --reinstall mysql-common
apt install $PACKAGES
If there are any remaining packages (apart from mysql-core), add those to your list
Backup your config or data and reinstall mysql
sudo apt remove --purge mysql-server
sudo apt purge mysql-server
sudo apt autoremove
sudo apt autoclean
sudo apt remove dbconfig-mysql
sudo apt-get remove --purge mysql* -y
sudo apt-get autoremove -y
sudo apt-get autoclean
Then install it again.
That works here.
i have got the same "systemctl status mysql.service" and "journalctl -xe" for details. ERROR.
after repeated deinstallation and installation does not work at all.
but this one work well> https://linuxtut.com/en/5a5b0f46620ae1b27b10/
you just need to remove everything from my.cnf file except [mysqld] and start the server. this really work. but you might not have the password for root in that case skip-grant-tables and restart server in safe mode and use mysql and
update mysql.user set authentication_string=null where user='root' and then can alter user 'root'#'localhost' identified by 'your_$$new_99pwd#';
then login to secure mode and then you can create new user.
Also don't forget to check on your docker containers, for me it was my docker has mysql running on the background.
Connect to the server using SSH.
Stop the affected MySQL service and the service plesk-web-socket to prevent it from attempting to start MySQL:
service mysql stop || service mariadb stop && service plesk-web-socket stop
Back up all the MySQL data storage files. By default, they are located in the directory /var/lib/mysql/.
For example:
cp -a /var/lib/mysql /root/mysql_backup
Add the parameter innodb_force_recovery to the section [mysqld] of the MySQL configuration file. This option allows starting MySQL service in the recovery mode and try creating dumps of databases.
For example:
vi /etc/my.cnf
[mysqld]
innodb_force_recovery = 2
Start the MySQL service.
after having tested several solutions without success, the one that finally worked is the following:
you can load the default configuration of your apache server
sudo a2ensite 000-default.conf
sudo a2dissite my.conf
systemctl reload apache2
then reload the configuration for your website
sudo a2ensite my.conf
sudo a2dissite 000-default.conf
systemctl reload apache2
I had the same issue and after hours the solution was for me:
Open this file nano /etc/mysql/my.cnf
#I use mysql service if you use mysqld service, type mysqld instead of mysql
[mysql]
innodb_force_recovery = 1
Had the same problem. Solved as given below.
Use command :
sudo tail -f /var/log/messages|grep -i mysql
to check if SELinux policy is causing the issue. If so, first check if SELinux policy is enabled using command #sestatus. If it shows enabled, then disable it.
To disable:
# vi /etc/sysconfig/selinux
change 'SELINUX=enforcing' to 'SELINUX=disabled'
restart linux
check with sestatus and it should show "disabled"
Uninstall and reinstall mysql. It should be working.
Because doing this:-
sudo apt-get remove --purge zoneminder
sudo apt-get remove --purge mysql-server mysql-client mysql-common
sudo rm -rf /var/lib/mysql
sudo apt-get remove --purge apache2*
sudo apt-get clean
sudo apt-get update
sudo apt-get upgrade
sudo rm -r /var/www/*
sudo rm -r /etc/apache2/*
sudo rmdir /var/www
sudo rmdir /etc/apache2
sudo rm -r /opt/zm
sudo rm /etc/apache2/conf.d/zoneminder.conf
sudo dpkg --configure -a
reboot hardware
sudo apt-get install zoneminder
produces this error:-
* Starting web server apache2 apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
[ OK ]
Setting up libapache2-mod-php5 (5.4.6-1ubuntu1.4) ...
Creating config file /etc/php5/apache2/php.ini with new version
* Restarting web server apache2 apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
... waiting apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
[ OK ]
Setting up apache2 (2.2.22-6ubuntu2.3) ...
Setting up zoneminder (1.25.0-1.1ubuntu1) ...
Starting ZoneMinder: Can't open config file '/opt/zm/etc/zm.conf': No such file or directory at /usr/local/share/perl/5.14.2/ZoneMinder/Config.pm line 100
BEGIN failed--compilation aborted at /usr/local/share/perl/5.14.2/ZoneMinder/Config.pm line 100.
Compilation failed in require at /usr/local/share/perl/5.14.2/ZoneMinder.pm line 33.
BEGIN failed--compilation aborted at /usr/local/share/perl/5.14.2/ZoneMinder.pm line 33.
Compilation failed in require at /usr/bin/zmpkg.pl line 37.
BEGIN failed--compilation aborted at /usr/bin/zmpkg.pl line 37.
failure
invoke-rc.d: initscript zoneminder, action "start" failed.
dpkg: error processing zoneminder (--configure):
subprocess installed post-installation script returned error exit status 2
Processing triggers for libc-bin ...
ldconfig deferred processing now taking place
Processing triggers for ureadahead ...
Errors were encountered while processing:
zoneminder
E: Sub-process /usr/bin/dpkg returned an error code (1)
Originally zoneminder installed "first time" Ok on this 32bit "mint 14" machine using just the single apt-get install zoneminder command from here:-
http://www.tuxradar.com/content/build-your-own-surveillance-zoneminder
but when I tried to upgrade a couple of days ago to version 1.26.2 by compiling manually, I messed it up.
How can I remove zoneminder completely so that the original "clean" install works again?
No need to do any of the above, from this link:-
http://pjpramod.blogspot.co.uk/2010/01/starting-zoneminder-cant-open-config.html
So I did this:-
sudo rm -r /usr/local/share/perl/5.14.2/*
and then the install completes OK - but the popups no longer work (don't open at all or open in the same window), so don't do that.
Finally I abandoned re-installing the pre-built package (1.25.0 - or was it 1.25.2?) and downloaded the 1.26.3 tar file and unpacked it and cd'ed into it...
...and ./configure was missing...
...but if you run bootstrap.sh
./bootstrap.sh
then that (and some other things) magically appear.
Then did this:
sudo ./configure --prefix=/opt/zm --with-mysql=/usr --with-ffmpeg=/usr --with-webuser=www-data --with-webgroup=www-data --disable-debug --disable-crashtrace --enable-mmap=yes --with-webdir=/var/www --with-cgidir=/usr/lib/cgi-bin ZM_SSL_LIB=openssl
and it configured OK.
then this
sudo make
followed by this:-
sudo make install
and it installed OK but when I tried to run zoneminder I got database errors so did something like this to delete zm:-
mysql -uroot -pyourPassWord
mysql > drop database zm;
mysql > quit;
and this to recreate it (I know nothing about databases, this is monkey-see, monkey-do from here):-
mysql -u root -pyourPassWord
>create database zm;
>exit
mysql -u root -pyourPassWord zm < db/zm_create.sql
mysql -u root -pyourPassWord zm
>grant select,insert,update,delete on zm.* to 'zmuser'#localhost identified by 'zmpass';
>quit
mysqladmin -u root -pyourPassWord reload
and it then worked OK (I am running zm like this:-)
sudo /etc/init.d/zm start
And while trying to figure out what link between apache and zm did (and how apache works etc) I discovered that you only need to do this:-
localhost/index.php
to bring up zoneminder, working OK, in my browser - Yee Haw! Not bad for two day's effort and one divorce.
But I could only get zmpkg.pl to work by doing this:-
sudo /opt/zm/bin/zmpkg.pl
and not this:-
sudo zmpkg.pl
Because, I learn, that that $PATH is defined "globally" for sudo and therefore my adding /opt/zm/bin in my .bashrc file had no effect so then, rather than put zmpkg.pl into /usr/local/sbin (or one of those paths in "global" $PATH) I insert a link instead like this:-
sudo ln -s /opt/zm/bin/zmpkg.pl /usr/local/sbin/zmpkg.pl
and it works! so now e.g.
sudo zmpkg.pl status
works again.
Does anyone know how all this should be done? E.g. so that
localhost/zm
works again?
Update on 20th December 2013: I just upgraded to verion 1.26.5 successfully on this mint 14 system by repeating some of the above instructions i.e.
1) Stop zoneminder.
2) Download version 1.26.5
3) Ran the ./bootstrap.sh script (as mentioned above).
4) Ran the ./configure... script (as mentioned above).
5) Ran the make (as mentioned above - but got errors)...
So I read the README and copied and pasted this from it (line 24):
root#host:~# aptitude install -y apache2 mysql-server php5 php5-mysql build-essential libmysqlclient-dev libssl-dev libbz2-dev libpcre3-dev libdbi-perl libarchive-zip-perl libdate-manip-perl libdevice-serialport-perl libmime-perl libpcre3 libwww-perl libdbd-mysql-perl libsys-mmap-perl yasm subversion automake autoconf libjpeg8-dev libjpeg8 apache2-mpm-prefork libapache2-mod-php5 php5-cli libphp-serialization-perl libgnutls-dev libjpeg8-dev libavcodec-dev libavformat-dev libswscale-dev libavutil-dev libv4l-dev libtool ffmpeg libnetpbm10-dev libavdevice-dev libmime-lite-perl dh-autoreconf dpatch;
and then did a
sudo make clean
and then repeated 4) and 5) above and it compiled OK.
6) Did the "sudo make install" OK (i.e. on top of the old version I guess).
7) Then did all the rest of the "as mentioned above" instructions to delete zm from the database (after trying to zm unsuccessfully) and re-inserted it and then it started OK via the "zmpkg.pl start" script as version 1.26.5
8) As before I then had to manually reset up all cameras and password and users and zones but at least it all worked "first time"
I would suggest that you have to uninstall all the packages which include LAMP(apache, mysql, php) and zoneminder.
use this command to remove these packages.
sudo aptitude purge <pkg-name>
Then you have to go to zoneminder manual installation directory (say /usr/src). and use command
sudo make clean
sudp updatedb
After this you can start normal install procedure.
I need to limit file size when I run "tcpdump -w 1.pcap". I try to do this with the key "-C", but when I add it I get error "permission denied". So:
> sudo tcpdump -w 1.pcap
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
^C821 packets captured
847 packets received by filter
24 packets dropped by kernel
But:
> sudo tcpdump -C 100 -w 1.pcap
tcpdump: 1.pcap: Permission denied
I run the command from my home directory and I tried to remove and create the file before running the command with different permissions, finally I have:
-rwxrwxrwx 1 root root 0 Aug 5 10:30 1.pcap
or
-rwxrwxrwx 1 fd8 users 0 Aug 5 10:30 1.pcap
Could you suggest why in the second case I can't write to the file?
You need to do -Z root. Read the man page:
-Z Drops privileges (if root) and changes user ID to user and the group ID to the primary group of user.
This behavior is enabled by default (-Z tcpdump), and can be disabled by -Z root.
I experienced similar issues on Ubuntu 12.04 LTS and my case was fixed as below procedures.
sudo apt-get install apparmor-utils
The aa-complain command which referred by user2704275 is included in this package.
If your environment is RedHat/CentOS distro, you can same command by yum.
sudo aa-complain /usr/sbin/tcpdump
This will change AppArmor mode of tcpdump from "enforce" to "complain".
You can check AppArmor status in /sys/kernel/security/apparmor/profiles.
Then I can success to get tcpdump with sudo.
After getting tcpdump, for security reason, you might revert apparmor status to previous mode as below command.
sudo aa-enforce /usr/sbin/tcpdump
Regards.
I experienced similar problems when I tried to read from file, like
tcpdump -r example.cap 'icmp[icmptype] = icmp-echo'
For me AppArmor caused the problem I had to switch from 'enforcement' mode to 'complain' mode on 'tcpdump'. Run the following command as root:
aa-complain /usr/sbin/tcpdump