[Freeipa-users] Permission Denied

Dean Hunter deanhunter at comcast.net
Wed Sep 11 13:39:15 UTC 2013 

On Wed, 2013-09-11 at 08:27 -0500, Dean Hunter wrote:

> On Wed, 2013-09-11 at 07:10 +0300, Alexander Bokovoy wrote: 
> 
> > Hi Dean,
> > 
> > On Tue, 10 Sep 2013, Dean Hunter wrote:
> > >How do I determine the cause of this problem?
> > >
> > >        [dean at ipa2 ~]$ ssh dean at desktop2
> > >        Last login: Tue Sep 10 21:10:01 2013 from ipa2.hunter.org
> > >        Could not chdir to home directory /home/net/dean: Permission
> > >        denied
> > >        -bash: /home/net/dean/.bash_profile: Permission denied
> > >
> > >        -bash-4.2$ rpm -q freeipa-client
> > >        freeipa-client-3.1.5-1.fc18.x86_64
> > >        -bash-4.2$
> > >
> > >I can log in as dean on desktop2 using gdm without a problem.  But when
> > >I try to log in using ssh then I am denied access to the user's home
> > >directory.
> > Is there any SELinux AVC in the logs? Is /home/net an NFS mount? Does
> > use_nfs_home_dirs SELinux boolean set to on? (getsebool -a|grep home)
> > 
> 
> 1) Is there any SELinux AVC in the logs?
> 
>         [dean at desktop2 ~]$ sudo ausearch --message avc
>         <no matches>
> 
> 
> 2) Is /home/net an NFS mount?  Yes
> 
> 3) Is use_nfs_home_dirs SELinux boolean set to on?
> 
>         [dean at desktop2 ~]$ getsebool use_nfs_home_dirs
>         use_nfs_home_dirs --> on
> 
> 
> Here is the script I use to configure IPA NFS clients:
> 
>         # Configure the Network File System client
>         
>           setsebool -P use_nfs_home_dirs on
>         
>           cat /usr/lib/systemd/system/nfs-secure.service \
>             | sed -e s/WantedBy=nfs.target/WantedBy=multi-user.target/
>         \
>             > /etc/systemd/system/nfs-secure.service                 #
>         RedHat bug 972363
>         
>           ipa-client-automount \\
>             --location VM \\
>             --unattended
>         
>           sed -i 's/sss files/ files sss/g' /etc/nsswitch.conf       #
>         FreeIPA bug 3733
>           systemctl restart sssd.service                             #
>         FreeIPA bug 3733
>           systemctl restart autofs.service                           #
>         FreeIPA bug 3733
> 
> 
> 
> 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


I do NOT believe this:

        [dean at ipa2 ~]$ ssh dean at desktop2
        Last login: Wed Sep 11 08:32:21 2013 from ipa2.hunter.org
        Could not chdir to home directory /home/net/dean: Permission
        denied
        -bash: /home/net/dean/.bash_profile: Permission denied
        
        -bash-4.2$ logout
        -bash: /home/net/dean/.bash_logout: Permission denied
        Connection to desktop2 closed.
        
        [dean at ipa2 ~]$ su -
        Password: 
        
        [root at ipa2 ~]# ssh dean at desktop2
        dean at desktop2's password: 
        Last login: Wed Sep 11 08:34:29 2013 from ipa2.hunter.org
        
        [dean at desktop2 ~]$ logout
        Connection to desktop2 closed.
        
        [root at ipa2 ~]# logout
        
        [dean at ipa2 ~]$ ssh dean at desktop2
        Last login: Wed Sep 11 08:35:16 2013 from ipa2.hunter.org
        
        [dean at desktop2 ~]$ 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130911/635ac7a1/attachment.htm>

More information about the Freeipa-users mailing list