Hide Forgot
Description of problem: I have a ssh server which mounts home directories through nfs. However it doesn't allow to login using publickey authentication. After login the following message appears: Could not chdir to home directory /home/user: Permission denied However, I then cd /home/user and everything is fine, permissions and all. The home is mounted with autofs using the following rule: * -fstype=nfs,rw,hard,intr,rsize=2048,wsize=2048,nosuid,nfsvers=3 server:/home/& I get the following message in /var/log/messages: SELinux is preventing /usr/sbin/sshd from search access on the directory . Shouldn't the selinux policy allow this common setup scenario by default? Cheers How reproducible: always Steps to Reproduce: 1. Configure autofs to mount home remotely 2. Enable ssh server 3. Try to login using publickey authentication
I believe sealert tells you what to do. You need to turn on the use_nfs_home_dirs boolean. # setsebool -P use_nfs_home_dirs 1 We don't want to allow it by default.
Thank you very much, it worked. Any reason why it is not allowed by default? It is a rather common setup, right? Regards
Well not as common as not sharing homedirs with NFS. When you turn this boolean on, all confined domains that have content in the homedir, suddenly get access to all NFS content. Not something we want to allow by default.