Kangry.com [insert cool graphic here]
home | Topics | Logout | Search | Contact | ?? Kangry ?? | Bandwitdh



New user

uploaded files
(misc)-> Why I hate Selinux (Could not chdir to home directory Permission denied) submited by Russell Mon 13 Apr 09
Edited Thu 19 Aug 10
Web kangry.com
so I created a new /home directory via LVM edited fstab so it would mount at boot then moved the old /home contents into the new one.

But then I get this:
$ ssh
russell@'s password: 
Last login: Mon Apr 13 08:43:57 2009 from
Could not chdir to home directory /home/russell: Permission denied
[russell@auxbackup /]$ cd 
[russell@auxbackup ~]$ pwd
To this my first reaction is WTF? I mean how can I not login to the directory, but then change to it without a problem. I googled on the error message for a while, and I found a bunch of stuff telling me that the problem was that somehow the permissions on / were wrong. (how do you even get ls to show you these ?? ) But that wasn't it. I tried deleting and re-creating the user.. didn't work . I tried moving the user directory back to the root partition.. (and updating /etc/passwd) still failed..

After way too much time screwing with this, I remembered that selinux is implemented as a security level ontop of the file permissions. I changed the current selinux enforcing mode to "Permissive" and suddenly it started working. I could login without getting that error.

it turns out that the new home directoy I created had the permitions :
drwxr-xr-x root root system_u:object_r:file_t:s0 home
but should have been:
drwxr-xr-x root root system_u:object_r:home_root_t:s0 home
This problem can be corrected with this command (as root or sudo)
chcon -t home_root_t /home
What is so insidious about this is that because most applications arn't selinux aware (like apparently bash), they give error messages that are exactly the same as the error messages they would give for traditional file permission problems. This gives the error's recipient no clue where to look for the problem.

I really like the *idea* of selinux security. I like the *idea* that you can limit exactly what a program can do based on a set of rules. So, if it goes rouge or is comprimised the scope of possible damage is very limited. But I think the only effective way implement it is to make sure every application that does file access is upgraded so that it can know why the access was limited. ...

Either that, or selinux enforcing systems should ship with all files and directories set to 777 (rwxrwxrwx for all users ) so all the controls are handled *only* at the selinux level.
Aug 2010
Got 500 OOPS: cannot change directory:/home/user from vsftp. Turns out to be a selux problem:
this fix worked.
su -
getsebool -a | grep ftp
setsebool -P ftp_home_dir on
getsebool -a | grep ftp

selinux and samba (smb.conf) (Russell)
disable selinux from the command line (Russell)
Thnx (Ren)
SELinux is of the devil (Dandapani)
(no title provided) (Anonymous)

Add comment or question...:
Submited by: NOT email address. Leave blank for anonymous    (Spam Policy)

Enter Text: (text must match image for posting)

This file (the script that presented the data, not the data itself) , last modified Tuesday 06th of March 2018 11:41:12 PM
your client: CCBot/2.0 (https://commoncrawl.org/faq/)
current time: Monday 27th of May 2024 09:54:27 PM