[Freeipa-users] Permission Denied
Dean Hunter
deanhunter at comcast.net
Wed Sep 11 13:39:15 UTC 2013
On Wed, 2013-09-11 at 08:27 -0500, Dean Hunter wrote:
> On Wed, 2013-09-11 at 07:10 +0300, Alexander Bokovoy wrote:
>
> > Hi Dean,
> >
> > On Tue, 10 Sep 2013, Dean Hunter wrote:
> > >How do I determine the cause of this problem?
> > >
> > > [dean at ipa2 ~]$ ssh dean at desktop2
> > > Last login: Tue Sep 10 21:10:01 2013 from ipa2.hunter.org
> > > Could not chdir to home directory /home/net/dean: Permission
> > > denied
> > > -bash: /home/net/dean/.bash_profile: Permission denied
> > >
> > > -bash-4.2$ rpm -q freeipa-client
> > > freeipa-client-3.1.5-1.fc18.x86_64
> > > -bash-4.2$
> > >
> > >I can log in as dean on desktop2 using gdm without a problem. But when
> > >I try to log in using ssh then I am denied access to the user's home
> > >directory.
> > Is there any SELinux AVC in the logs? Is /home/net an NFS mount? Does
> > use_nfs_home_dirs SELinux boolean set to on? (getsebool -a|grep home)
> >
>
> 1) Is there any SELinux AVC in the logs?
>
> [dean at desktop2 ~]$ sudo ausearch --message avc
> <no matches>
>
>
> 2) Is /home/net an NFS mount? Yes
>
> 3) Is use_nfs_home_dirs SELinux boolean set to on?
>
> [dean at desktop2 ~]$ getsebool use_nfs_home_dirs
> use_nfs_home_dirs --> on
>
>
> Here is the script I use to configure IPA NFS clients:
>
> # Configure the Network File System client
>
> setsebool -P use_nfs_home_dirs on
>
> cat /usr/lib/systemd/system/nfs-secure.service \
> | sed -e s/WantedBy=nfs.target/WantedBy=multi-user.target/
> \
> > /etc/systemd/system/nfs-secure.service #
> RedHat bug 972363
>
> ipa-client-automount \\
> --location VM \\
> --unattended
>
> sed -i 's/sss files/ files sss/g' /etc/nsswitch.conf #
> FreeIPA bug 3733
> systemctl restart sssd.service #
> FreeIPA bug 3733
> systemctl restart autofs.service #
> FreeIPA bug 3733
>
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
I do NOT believe this:
[dean at ipa2 ~]$ ssh dean at desktop2
Last login: Wed Sep 11 08:32:21 2013 from ipa2.hunter.org
Could not chdir to home directory /home/net/dean: Permission
denied
-bash: /home/net/dean/.bash_profile: Permission denied
-bash-4.2$ logout
-bash: /home/net/dean/.bash_logout: Permission denied
Connection to desktop2 closed.
[dean at ipa2 ~]$ su -
Password:
[root at ipa2 ~]# ssh dean at desktop2
dean at desktop2's password:
Last login: Wed Sep 11 08:34:29 2013 from ipa2.hunter.org
[dean at desktop2 ~]$ logout
Connection to desktop2 closed.
[root at ipa2 ~]# logout
[dean at ipa2 ~]$ ssh dean at desktop2
Last login: Wed Sep 11 08:35:16 2013 from ipa2.hunter.org
[dean at desktop2 ~]$
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130911/635ac7a1/attachment.htm>
More information about the Freeipa-users
mailing list