How to configure SELinux allow sftp user to login to a custom user directory ?
Issue
- sftp user cannot login to system with selinux enable , when logging into a custom directory or chrooted environment .
# tail /etc/ssh/sshd_config
#Match Group prime
ChrootDirectory /chrootdir
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp -f AUTH -l INFO
- sftp user cannot login due to SELinux issue . Following audit denial messages are noticed .
type=AVC msg=audit(1368428466.260:59563): avc: denied { getattr } for pid=5844 comm="sshd" path="/EOD" dev=dm-8 ino=2 scontext=unconfined_u:system_r:chroot_user_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=dir
type=AVC msg=audit(1368428474.274:59584): avc: denied { getattr } for pid=6290 comm="sshd" path="/EOD" dev=dm-8 ino=2 scontext=unconfined_u:system_r:chroot_user_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=dir
Environment
- Red Hat Enterprise Linux 6.4
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.