systemd vncserver inactive (dead) for non-root users; /home/UserXXX/.vnc permission denied
Hello,
I am having trouble with running vncserver on a RHEL 8 machine for all users except for root. I have a NIS set up and /home is mounted from another server (that still runs on RHEL 6). When I enable and start vncservice for a specific user, the service goes inactive. I guess it is somehow related to the different location of /home. Respectively the access is to /home/user/.vnc is denied.
I have already tried
restorecon -R -v /home restorecon -R -v /
as described in solutions/788183 but without any effect.
[root@SPC-SV03 home]# systemctl start vncserver@:81.service [root@SPC-SV03 home]# systemctl status vncserver@:81.service ● vncserver@:81.service - Remote desktop service (VNC) Loaded: loaded (/usr/lib/systemd/system/vncserver@.service; enabled; vendor preset: disabled) Active: inactive (dead) since Thu 2024-05-02 12:19:03 CEST; 8s ago Process: 908497 ExecStart=/usr/libexec/vncsession-start :81 (code=exited, status=0/SUCCESS) Process: 908484 ExecStartPre=/usr/libexec/vncsession-restore :81 (code=exited, status=0/SUCCESS) Main PID: 908504 (code=exited, status=0/SUCCESS) May 02 12:19:03 SPC-SV03 systemd[1]: Starting Remote desktop service (VNC)... May 02 12:19:03 SPC-SV03 systemd[1]: Started Remote desktop service (VNC). May 02 12:19:03 SPC-SV03 systemd[1]: vncserver@:81.service: Succeeded.
journal says following:
I guess most relevant is "Failure creating "/home/UserXXX/.vnc": Permission denied"
[root@SPC-SV03 home]# journalctl -xe | grep vnc -- Subject: Unit vncserver@:81.service has begun start-up -- Unit vncserver@:81.service has begun starting up. May 02 12:19:03 SPC-SV03 vncsession[908504]: pam_unix(tigervnc:session): session opened for user UserXXX by (uid=0) -- Subject: Unit vncserver@:81.service has finished start-up -- Unit vncserver@:81.service has finished starting up. May 02 12:19:03 SPC-SV03 vncsession[908506]: Failure creating "/home/UserXXX/.vnc": Permission denied May 02 12:19:03 SPC-SV03 vncsession[908504]: vncsession: vncserver exited with status=71 May 02 12:19:03 SPC-SV03 vncsession[908504]: pam_unix(tigervnc:session): session closed for user UserXXX May 02 12:19:03 SPC-SV03 systemd[1]: vncserver@:81.service: Succeeded. -- The unit vncserver@:81.service has successfully entered the 'dead' state. May 02 12:19:07 SPC-SV03 setroubleshoot[908516]: SELinux is preventing /usr/sbin/vncsession from search access on the directory /. For complete SELinux messages run: sealert -l efd2e1a7-5004-4363-a912-0e1f0cd6f642 May 02 12:19:07 SPC-SV03 setroubleshoot[908516]: SELinux is preventing /usr/sbin/vncsession from search access on the directory /. If you believe that vncsession should be allowed search access on the directory by default. # ausearch -c 'vncsession' --raw | audit2allow -M my-vncsession # semodule -X 300 -i my-vncsession.pp May 02 12:19:09 SPC-SV03 setroubleshoot[908516]: SELinux is preventing /usr/sbin/vncsession from search access on the directory /. For complete SELinux messages run: sealert -l efd2e1a7-5004-4363-a912-0e1f0cd6f642 May 02 12:19:09 SPC-SV03 setroubleshoot[908516]: SELinux is preventing /usr/sbin/vncsession from search access on the directory /. If you believe that vncsession should be allowed search access on the directory by default. # ausearch -c 'vncsession' --raw | audit2allow -M my-vncsession # semodule -X 300 -i my-vncsession.pp
Thanks a lot for any help.
Responses