On Wed, Dec 13, 2017 at 09:40:25PM +0530, Aman Sharma wrote: > Hi Stephen, > > Yes , I am using open env_params for it. But for this, my sftp is not > working and getting the below error message : > > Dec 13 13:00:00 aman authpriv 3 sshd: pam_selinux(sshd:session): Unable to > get valid context for sftpuser > Dec 13 13:00:00 aman authpriv 6 sshd: pam_unix(sshd:session): session > opened for user sftpuser by (uid=0) Not sure if this is actually the issue but: AFAIK the user must have access to "context contains" for env_params See if the context assoc. with the sftpuser process has access to context contains > > Please let me know if you have any idea on this. > > On Wed, Dec 13, 2017 at 8:54 PM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > > > On Tue, 2017-12-12 at 23:47 -0500, Aman Sharma wrote: > > > Hi All, > > > > > > just wanted to know the meaning of line session required > > > pam_selinux.so open env_params added in /etc/pam.d/sshd file. > > > Actually I am facing one issue related to this. When I changed this > > > env_params to restore then my Sftp is not working. > > > > > > Can anybody Please guide me on this. > > > > man pam_selinux describes the options and what they mean. > > Why did you change it to restore? Per the man page, restore is to > > temporarily restore the contexts and would be a separate entry in the > > PAM stack before the module that needs the original contexts, followed > > by a pam_selinux.so open env_params after that module to set them up > > again. But don't use restore unless you actually need it for some > > reason. > > > > > > > > > > > -- > > Thanks > Aman > Cell: +91 9990296404 | Email ID : amansh.sharma5@xxxxxxxxx -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift
Attachment:
signature.asc
Description: PGP signature
