Cannot login using ssh when UsePAM is disabled and SELinux is on
Issue
- On Red Hat Enterprise Linux 6, ssh login is not possible if 'UsePAM' is set to 'NO' and selinux is on.
- Cannot login using ssh when UsePAM is disabled and selinux is on.
Tracing of sshd shows:
5490 read(4, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1552
5490 close(4) = 0
5490 munmap(0xb75fd000, 4096) = 0
5490 open("/etc/shadow", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
5490 stat64("/bin/bash", {st_mode=S_IFREG|0755, st_size=877480, ...}) = 0
5490 write(6, "\0\0)\217\10", 5 <unfinished ...>
5491 <... read resumed> "\0\0)\217", 4) = 4
/var/log/secure :
Feb 8 12:41:15 example.com sshd[5483]: error: Could not get shadow information for root
Feb 8 12:41:15 example.com sshd[5483]: Failed password for root from 192.168.1.1 port 41423 ssh2
Feb 8 12:41:17 example.com sshd[5483]: Failed password for root from 192.168.1.2 port 41423 ssh2
/var/log/audit/audit.log :
type=AVC msg=audit(1297958384.484:13923): avc: denied { read } for pid=5219 comm="sshd" name="shadow" dev=dm-0 ino=4115 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:shadow_t:s0 tclass=file
Environment
- Red Hat Enterprise linux 6
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
