troubleshooting Question

sftp chrooted enviroment

Avatar of nabrantes
nabrantes asked on
LinuxLinux SecuritySSH / Telnet Software
3 Comments1 Solution1507 ViewsLast Modified:
Hi there

I'm goinf nuts with seLinux framework.

I had a properly setup Centos 5.8 with (compiled) OpenSSH 5.9 chrooting users with sftponly no problem.

But I really need to make things easier with system updates and I also needed to have apache >= 2.2.15 so I decided to replicate the enviroment with Centos 6.2

I have the setup/installation process well documented so I did.

Problem is seLinux is behaving differently from 5.8 to 6.2 and I'm not being able to use sftp with a defined user...

Some sebool parameters

setsebool -P ftp_home_dir=on;
setsebool -P allow_ftpd_full_access=on; #I also have vsftp
setsebool -P httpd_can_network_relay=1; #I also have net2ftp web app
setsebool -P ssh_chroot_rw_homedirs on;

Tried to change context for 1 test users and I have an error:

/sbin/restorecon -R -v /sftpjails/nasftp/home/nasftp
/sbin/restorecon reset /sftpjails/nasftp/home/nasftp context unconfined_u:object_r:default_t:s0->unconfined_u:object_r:chroot_user_t:s0
/sbin/restorecon set context /sftpjails/nasftp/home/nasftp->unconfined_u:object_r:chroot_user_t:s0 failed:'Permission denied'

I really need help.. I'm getting quite frustrated.
ASKER CERTIFIED SOLUTION
nabrantes

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 3 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 3 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros