CentOS 6 SELinux question: inbound ssh.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



OK, after beating my head against the wall for an hour or so, I finally 
figured out why I could not ssh from a MacMini (running MacOSX 10.11.6) to my 
Linux Desktop (running CentOS 6), using the amandabackup account with public 
key authentification.  SELinux!

It seems the SELinux won't allow this if the target user's "home" directory is 
does not have a <mumble>_home_t security context.

It there some trick/hack to fix this *specifically* for the amandabackup 
account?

Right now the amandabackup $HOME is /var/lib/amanda/
and its security context is system_u:object_r:amanda_var_lib_t:s0

It of course needs to retain this for amanda to work. But I need to do
something non-standard: I am not able to build a *working* version of the
amanda client on the Mac. Despite what it says on the amanda.org website,
Amanda is basically not supported under BSD (MacOSX is basically BSD) and I am
not getting help on the Amanda mailing lists. I need to backup this machine,
so I am going to punt and resurect a script I was using before I started using
Amanda and do an independent backup process, but I want to put the backups on
the same disk that amandabackup is using and the disk is set up to be written
by amandabackup, so I want to use the amandabackup to write the files, using 
ssh from the amanda account on the Mac.

Is there some hack to get SELinux to cooperate with this scheme?  Or do I have 
to do something else?

-- 
Robert Heller             -- 978-544-6933
Deepwoods Software        -- Custom Software Services
http://www.deepsoft.com/  -- Linux Administration Services
heller@xxxxxxxxxxxx       -- Webhosting Services
     
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux