Dear SL developer and user,
I am testing the 28 Jan 2011 SL6 beta release. There is a
problem with ssh. Pls see the terminal output.
[jsjayan@krishna ~]$ ssh labuser@serene
labuser@serene's password:
Permission denied, please try again.
labuser@serene's password:
Could not chdir to home directory /disk1/labuser: Permission
denied
/usr/bin/xauth: timeout in locking authority file /disk1/labuser/.Xauthority
[labuser@serene /]$
Finally it logs on the machine. However no X program can be
executed. A SELinux log is created in the host machine. It is as
follows:
Summary:
SELinux is preventing /usr/sbin/sshd "search" access on labuser.
Detailed Description:
SELinux denied access requested by sshd. It is not expected that
this access is
required by sshd and this access may signal an intrusion attempt.
It is also
possible that the specific version or configuration of the
application is
causing it to require additional access.
Allowing Access:
You can generate a local policy module to allow this access - see
FAQ
(http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please
file a bug
report.
Additional Information:
Source Context
system_u:system_r:sshd_t:s0-s0:c0.c1023
Target Context system_u:object_r:default_t:s0
Target Objects labuser [ dir ]
Source sshd
Source Path /usr/sbin/sshd
Port <Unknown>
Host serene
Source RPM Packages openssh-server-5.3p1-20.el6
Target RPM Packages
Policy RPM selinux-policy-3.7.19-54.el6
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Plugin Name catchall
Host Name serene
Platform Linux serene 2.6.32-71.el6.x86_64
#1 SMP Tue Nov 23 06:49:13 CST 2010
x86_64 x86_64
Alert Count 16
First Seen Wed 09 Feb 2011 03:07:11 PM IST
Last Seen Wed 09 Feb 2011 03:58:39 PM IST
Local ID a34a607e-2e13-4b24-9aaa-207ba8248d04
Line Numbers
Raw Audit Messages
node=serene.rpd.barc.gov.in type=AVC
msg=audit(1297247319.903:173): avc: denied { search } for
pid=4500 comm="sshd" name="labuser" dev=dm-2 ino=1572865
scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023
tcontext=system_u:object_r:default_t:s0 tclass=dir
node=serene.rpd.barc.gov.in type=SYSCALL
msg=audit(1297247319.903:173): arch=c000003e syscall=80 success=no
exit=-13 a0=7f12868d8c20 a1=ffffffff a2=9 a3=0 items=0 ppid=4499
pid=4500 auid=502 uid=502 gid=502 euid=502 suid=502 fsuid=502
egid=502 sgid=502 fsgid=502 tty=pts1 ses=17 comm="sshd"
exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023
key=(null)
Note that this problem happens only if the login directory (home
folder) of the user in not in /home. Say for example it is in
/disk1. This puts restrictions on systems having multiple disks and
large number of users. This problem was not happening with SL5.5
and earlier releases. Pls. take care of this in the release
Best wishes
--
Dr. Jayakumar J. S.
**
**
in a free world without fences, who needs gates?
**
help microsoft stamp out piracy - give linux to a friend today.
**
to mess up a linux box, you need to work at it.
to mess up an ms windows box, you just need to *look* at
it.