Bug 1008922 - 4.4.3. Configuring Servers for Enhanced Entitlements Reporting - Step 4. add restorecon step
4.4.3. Configuring Servers for Enhanced Entitlements Reporting - Step 4. add ...
Product: Red Hat Satellite 5
Classification: Red Hat
Component: Docs Installation Guide (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Dan Macpherson
Dan Macpherson
Depends On:
Blocks: sat560-docs
  Show dependency treegraph
Reported: 2013-09-17 06:51 EDT by Rich Jerrido
Modified: 2013-10-11 06:45 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-10-11 06:45:26 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Rich Jerrido 2013-09-17 06:51:22 EDT
Description of problem:

When following the documentation, in step 4, the user is told to run:

[root@sat56] # useradd swreport
[root@sat56] # mkdir /home/swreport/.ssh

This results in /home/swreport/.ssh having an incorrect SELinux context (which will prevent public key auth from working). See below. 

#ls -lZa /home/swreport/
drwx------. swreport swreport unconfined_u:object_r:user_home_dir_t:s0 ./
drwxr-xr-x. root     root     system_u:object_r:home_root_t:s0 ../
drwxr-xr-x. root     root     unconfined_u:object_r:user_home_t:s0 .ssh/

Expected results:

In step 7, we'd need to add a step to have the user run 'restorecon -R /home/swreport/.ssh'
Comment 2 Clifford Perry 2013-10-11 06:45:26 EDT

Step 7 now reads:

 Set permissions and the SELinux content on the .ssh directory and authorized_keys file for the swreport user.

[root@sat56] # chown -R swreport:swreport /home/swreport/.ssh
[root@sat56] # chmod 700 /home/swreport/.ssh
[root@sat56] # chmod 600 /home/swreport/.ssh/authorized_keys
[root@sat56] # restorecon -R /home/swreport/.ssh

Note You need to log in before you can comment on or make changes to this bug.