Ubuntu Server执行软件安装/升级时preinst和postrm脚本权限被拒绝报错
2026-4-21
Ubuntu Server执行软件安装/升级时preinst和postrm脚本权限被拒绝报错
看起来你在升级Perl包的时候遇到了dpkg脚本执行权限被拒绝的问题,这种情况在Ubuntu Server上通常和文件系统权限异常、安全工具限制或者dpkg状态损坏有关。先把你遇到的错误日志贴出来方便参考:
root@XXXXXXXXXX:/home/user# apt install /var/cache/apt/archives/perl_5.36.0-7ubuntu0.23.04.2_amd64.deb Reading package lists... Done Building dependency tree... Done Reading state information... Done Note, selecting 'perl' instead of '/var/cache/apt/archives/perl_5.36.0-7ubuntu0.23.04.2_amd64.deb' The following additional packages will be installed: perl-base Suggested packages: perl-doc libterm-readline-gnu-perl | libterm-readline-perl-perl libtap-harness-archive-perl The following packages will be upgraded: perl perl-base 2 upgraded, 0 newly installed, 0 to remove and 47 not upgraded. 5 not fully installed or removed. Need to get 0 B/2,020 kB of archives. After this operation, 0 B of additional disk space will be used. Do you want to continue? [Y/n] Y (Reading database ... 116068 files and directories currently installed.) Preparing to unpack .../perl_5.36.0-7ubuntu0.23.04.2_amd64.deb ... dpkg (subprocess): unable to execute new perl package pre-installation script (/var/lib/dpkg/tmp.ci/preinst): Permission denied dpkg: error processing archive /var/cache/apt/archives/perl_5.36.0-7ubuntu0.23.04.2_amd64.deb (--unpack): new perl package pre-installation script subprocess returned error exit status 2 dpkg (subprocess): unable to execute new perl package post-removal script (/var/lib/dpkg/tmp.ci/postrm): Permission denied dpkg: error while cleaning up: new perl package post-removal script subprocess returned error exit status 2 Preparing to unpack .../perl-base_5.36.0-7ubuntu0.23.04.2_amd64.deb ... dpkg (subprocess): unable to execute new perl-base package pre-installation script (/var/lib/dpkg/tmp.ci/preinst): Permission denied dpkg: error processing archive /var/cache/apt/archives/perl-base_5.36.0-7ubuntu0.23.04.2_amd64.deb (--unpack): new perl-base package pre-installation script subprocess returned error exit status 2 dpkg (subprocess): unable to execute new perl-base package post-removal script (/var/lib/dpkg/tmp.ci/postrm): Permission denied dpkg: error while cleaning up: new perl-base package post-removal script subprocess returned error exit status 2 Errors were encountered while processing: /var/cache/apt/archives/perl_5.36.0-7ubuntu0.23.04.2_amd64.deb /var/cache/apt/archives/perl-base_5.36.0-7ubuntu0.23.04.2_amd64.deb E: Sub-process /usr/bin/dpkg returned an error code (1)
我之前处理过类似的问题,给你几个分步排查的方案:
1. 检查脚本和临时目录的权限
dpkg会把包的脚本临时解压到/var/lib/dpkg/tmp.ci/目录,首先确认这个目录和里面的脚本权限是否正常:
# 检查临时目录权限 ls -ld /var/lib/dpkg/tmp.ci/ # 检查脚本的权限和属主 ls -l /var/lib/dpkg/tmp.ci/preinst /var/lib/dpkg/tmp.ci/postrm
正常情况下,目录应该是drwx------ root root权限,脚本应该带有可执行权限(-rwxr-xr-x root root)。如果权限不对,手动修复:
# 修复目录权限 chmod 700 /var/lib/dpkg/tmp.ci/ chown root:root /var/lib/dpkg/tmp.ci/ # 给脚本添加执行权限 chmod +x /var/lib/dpkg/tmp.ci/preinst /var/lib/dpkg/tmp.ci/postrm
修复后再尝试重新执行安装/升级命令。
2. 检查安全工具的限制
Ubuntu默认启用AppArmor,可能是它阻止了dpkg执行脚本。你可以先临时关闭AppArmor试试:
systemctl stop apparmor
然后重新运行apt install --fix-broken或者你原来的升级命令。如果成功了,再重新开启AppArmor:
systemctl start apparmor
之后可以检查AppArmor的日志(/var/log/syslog),看看是不是有相关的规则需要调整。
3. 修复dpkg的损坏状态
如果是dpkg本身的状态损坏,可以尝试强制配置未完成的包:
dpkg --configure -a
或者用apt的修复命令自动处理依赖和损坏的安装:
apt-get install --fix-broken
这个命令会自动清理错误的包状态,重新尝试完成安装/升级。
4. 检查文件系统挂载选项
如果你的/var目录是单独挂载的,可能挂载时用了noexec选项(禁止执行文件),这会导致脚本无法运行。用mount命令检查:
mount | grep /var
如果看到noexec字样,重新挂载去掉这个选项:
mount -o remount,rw,exec /var
之后再重试操作。
这些步骤应该能解决大部分这类权限拒绝的问题,你可以按顺序尝试,先从最简单的权限检查开始。
备注:内容来源于stack exchange,提问作者Anji Rapeti
