-----Original Message----- From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of m.roth@xxxxxxxxx Sent: Friday, May 10, 2013 1:15 PM To: General Red Hat Linux discussion list Subject: RE: P.S. - RE: [redhat-list] updates pending question Constance Morris wrote: > [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of m.roth@xxxxxxxxx > Constance Morris wrote: >> [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Alfred Hovdestad >> On 09/05/13 02:15 PM, Constance Morris wrote: >> >>> If so, I have finished the 506 updates that redhat showed were needed. >>> But then noticed today that 116 showing failed had been placed in >>> the Events history section on the red hat customer portal website >>> for my registered server. Since my problem with clients still not >>> being able to SSH via SFTP in Expression Web still exists after >>> finishing the updates >>> - I wanted to get these 116 done to see if that would fix the problem. >>> But I can't seem to get them to run. <snip> >>> Any suggestions - web links, you can think of to pass on to help me? > > Sure: type which sftp, then rpm -q --whatprovides <the full path to > sftp, like /usr/bin/sftp> <snip> >> To see if any updates are still pending. Next check the package that >> the sftp command belongs to: >> >> which sftp >> rpm -qf /usr/bin/sftp >> rpm -qf /usr/bin/ssh >> >> They should belong to the same package. >> >> Yum update shows me there are no packages marked for update. >> Yes, the locations are the same for sftp and ssh, but not sshd. >> Not sure if that makes a difference with the sshd not being in a >> similar path location as the other two. > > That should be in /usr/sbin/sshd - that's run as root by the system, > not by users. > >> But they all 3 are showing to belong to the same package. <snip> > Oh, two other things: first, is selinux enabled (enter getenforce)? > Second, if you answered this, I've forgotten, but if the three users > have actual directories where they're supposed to be, what is the > ownership and permission of the home directories and those under them? > They should be owned by the user, the group whatever all the other > normal users are, and permissions should *probably* be rwx------, or rwxr-x---, or rwxr-xr-x. > >>Oh, two other things: first, is selinux enabled (enter getenforce)? > > Checked and it is enforced <snip> AAAARRRRGHGHGHGHGHGHGHH!!!!!!!!!!!! Ok, a *whole* new problem, which maybe throws everything else out the window. Look at their home directories again, but this time do ll -Z /var/www/whatever. Betcha they're something like unconfined_t, or default_t, or maybe even not labeled. Check /var/log/messages for sealert messages. And if you *don't* have any, then you need to see if setroubleshoot\* is installed. If not, install them (server and plugins), and make sure auditd is on. Then you'll see complaints. Run what's in messages, which will be of the form "setroubleshoot: SELinux is preventing /usr/bin/updatedb from read access on the directory /public/apps/.gem. For complete SELinux messages. run sealert -l 20085a91-0ea5-4794-a7c8-b6e975c27ed4". Run the sealert, and *maybe* the message will be helpful. It's sometimes only barely, to me, and I've been fighting to shut selinux up in the logs for years now. If you thought *Nix sysadmin was complicated, wait till you begin to look at selinux (which, btw, was written by the NSA, for real). mark ----------- Mark, It shows the following: user_u:object_r:httpd_sys_content_t:s0 so no unconfined_t or default_t There is no 'sealert' messages inside the message log. 'setroubleshoot' is not installed. It says there are 23 packages to install if I install it....if that okay? I don't want to cause any additional problems on the system right now. Constance -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list