Cannot login using ssh when UsePAM is disabled and SELinux is on
Issue
- On Red Hat Enterprise Linux 6, ssh login is not possible if 'UsePAM' is set to 'NO' and selinux is on.
- Cannot login using ssh when UsePAM is disabled and selinux is on.
Tracing of sshd shows:
5490 read(4, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1552
5490 close(4) = 0
5490 munmap(0xb75fd000, 4096) = 0
5490 open("/etc/shadow", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
5490 stat64("/bin/bash", {st_mode=S_IFREG|0755, st_size=877480, ...}) = 0
5490 write(6, "\0\0)\217\10", 5 <unfinished ...>
5491 <... read resumed> "\0\0)\217", 4) = 4
/var/log/secure :
Feb 8 12:41:15 example.com sshd[5483]: error: Could not get shadow information for root
Feb 8 12:41:15 example.com sshd[5483]: Failed password for root from 192.168.1.1 port 41423 ssh2
Feb 8 12:41:17 example.com sshd[5483]: Failed password for root from 192.168.1.2 port 41423 ssh2
/var/log/audit/audit.log :
type=AVC msg=audit(1297958384.484:13923): avc: denied { read } for pid=5219 comm="sshd" name="shadow" dev=dm-0 ino=4115 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:shadow_t:s0 tclass=file
Environment
- Red Hat Enterprise linux 6
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
