Constance Morris wrote: > [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of m.roth@xxxxxxxxx > Constance Morris wrote: >> [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Alfred Hovdestad >> On 09/05/13 02:15 PM, Constance Morris wrote: >> >>> If so, I have finished the 506 updates that redhat showed were needed. >>> But then noticed today that 116 showing failed had been placed in the >>> Events history section on the red hat customer portal website for my >>> registered server. Since my problem with clients still not being able >>> to SSH via SFTP in Expression Web still exists after finishing the >>> updates >>> - I wanted to get these 116 done to see if that would fix the problem. >>> But I can't seem to get them to run. <snip> >>> Any suggestions - web links, you can think of to pass on to help me? > > Sure: type which sftp, then rpm -q --whatprovides <the full path to sftp, > like /usr/bin/sftp> <snip> >> To see if any updates are still pending. Next check the package that >> the sftp command belongs to: >> >> which sftp >> rpm -qf /usr/bin/sftp >> rpm -qf /usr/bin/ssh >> >> They should belong to the same package. >> >> Yum update shows me there are no packages marked for update. >> Yes, the locations are the same for sftp and ssh, but not sshd. >> Not sure if that makes a difference with the sshd not being in a >> similar path location as the other two. > > That should be in /usr/sbin/sshd - that's run as root by the system, not > by users. > >> But they all 3 are showing to belong to the same package. <snip> > Oh, two other things: first, is selinux enabled (enter getenforce)? > Second, if you answered this, I've forgotten, but if the three users have > actual directories where they're supposed to be, what is the ownership and > permission of the home directories and those under them? They should be > owned by the user, the group whatever all the other normal users are, and > permissions should *probably* be rwx------, or rwxr-x---, or rwxr-xr-x. > >>Oh, two other things: first, is selinux enabled (enter getenforce)? > > Checked and it is enforced <snip> AAAARRRRGHGHGHGHGHGHGHH!!!!!!!!!!!! Ok, a *whole* new problem, which maybe throws everything else out the window. Look at their home directories again, but this time do ll -Z /var/www/whatever. Betcha they're something like unconfined_t, or default_t, or maybe even not labeled. Check /var/log/messages for sealert messages. And if you *don't* have any, then you need to see if setroubleshoot\* is installed. If not, install them (server and plugins), and make sure auditd is on. Then you'll see complaints. Run what's in messages, which will be of the form "setroubleshoot: SELinux is preventing /usr/bin/updatedb from read access on the directory /public/apps/.gem. For complete SELinux messages. run sealert -l 20085a91-0ea5-4794-a7c8-b6e975c27ed4". Run the sealert, and *maybe* the message will be helpful. It's sometimes only barely, to me, and I've been fighting to shut selinux up in the logs for years now. If you thought *Nix sysadmin was complicated, wait till you begin to look at selinux (which, btw, was written by the NSA, for real). mark -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
