troubleshooting Question

sftp chrooted enviroment

Avatar of nabrantes
nabrantes asked on
LinuxLinux SecuritySSH / Telnet Software
3 Comments1 Solution1507 ViewsLast Modified:
Hi there

I'm goinf nuts with seLinux framework.

I had a properly setup Centos 5.8 with (compiled) OpenSSH 5.9 chrooting users with sftponly no problem.

But I really need to make things easier with system updates and I also needed to have apache >= 2.2.15 so I decided to replicate the enviroment with Centos 6.2

I have the setup/installation process well documented so I did.

Problem is seLinux is behaving differently from 5.8 to 6.2 and I'm not being able to use sftp with a defined user...

Some sebool parameters

setsebool -P ftp_home_dir=on;
setsebool -P allow_ftpd_full_access=on; #I also have vsftp
setsebool -P httpd_can_network_relay=1; #I also have net2ftp web app
setsebool -P ssh_chroot_rw_homedirs on;

Tried to change context for 1 test users and I have an error:

/sbin/restorecon -R -v /sftpjails/nasftp/home/nasftp
/sbin/restorecon reset /sftpjails/nasftp/home/nasftp context unconfined_u:object_r:default_t:s0->unconfined_u:object_r:chroot_user_t:s0
/sbin/restorecon set context /sftpjails/nasftp/home/nasftp->unconfined_u:object_r:chroot_user_t:s0 failed:'Permission denied'

I really need help.. I'm getting quite frustrated.

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 3 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 3 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros