We help IT Professionals succeed at work.

sftp chrooted enviroment

1,499 Views
Last Modified: 2012-06-14
Hi there

I'm goinf nuts with seLinux framework.

I had a properly setup Centos 5.8 with (compiled) OpenSSH 5.9 chrooting users with sftponly no problem.

But I really need to make things easier with system updates and I also needed to have apache >= 2.2.15 so I decided to replicate the enviroment with Centos 6.2

I have the setup/installation process well documented so I did.

Problem is seLinux is behaving differently from 5.8 to 6.2 and I'm not being able to use sftp with a defined user...

Some sebool parameters

setsebool -P ftp_home_dir=on;
setsebool -P allow_ftpd_full_access=on; #I also have vsftp
setsebool -P httpd_can_network_relay=1; #I also have net2ftp web app
setsebool -P ssh_chroot_rw_homedirs on;

Tried to change context for 1 test users and I have an error:

/sbin/restorecon -R -v /sftpjails/nasftp/home/nasftp
/sbin/restorecon reset /sftpjails/nasftp/home/nasftp context unconfined_u:object_r:default_t:s0->unconfined_u:object_r:chroot_user_t:s0
/sbin/restorecon set context /sftpjails/nasftp/home/nasftp->unconfined_u:object_r:chroot_user_t:s0 failed:'Permission denied'

I really need help.. I'm getting quite frustrated.
Comment
Watch Question

Fix this:
oot_user_t:s0 failed:'Permission denied'
:p
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Because I manage to resolve it myself.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.