未加星标

SELinux blocked my .Xauthority

字体大小 | |
[系统(linux) 所属分类 系统(linux) | 发布者 店小二04 | 时间 2016 | 作者 红领巾 ] 0人收藏点击收藏

I was attempting to install an OEM management server on a new host in the lab using runInstaller. Of course the installer is an X-windows app so I need to configure port forwarding to get the display back to MacBook.

I added the new host and its bastion to my ~/.ssh/config file to set upport forwarding:

Host 10.123.45.678

ConnectTimeout 60

StrictHostKeyChecking ask

ProxyCommand none

UserKnownHostsFile ~/.ssh/known_Hosts

User oracle

Host newlaboms.raysdemo.com

ProxyCommand ssh -W %h:%p 10.123.45.678

StrictHostKeyChecking no

UserKnownHostsFile ~/.ssh/known_Hosts

VisualHostKey no

ForwardX11 yes

ForwardAgent yes

User oracle

Pretty straight-forward and it’s worked plenty of times before, so I expected no problems.

Frustration

When I ssh’d to newlaboms I was hit with an xauth error:

xauth: timeout in locking authority file /home/oracle/.Xauthority

Quick solutions include ensuring proper ownership of my home directory (no problem), that I could write a new file there (touch temp.file ― ok), and adequate space on the home’s file system (no problem).

My ‘id’ line looked wrong:

uid=54321(oracle) gid=54321(oinstall) groups=54321(oinstall),54322(dba) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

All that “context=” stuff was added by SElinux. This is a new host and SELinux is enabled by default and disabled by my S/A’s as part of the build process. They’d missed it this time and this is how you check:

> /usr/sbin/getenforce;

Enforcing

Enhanced security is being enforced by SELinux!

Temporary Fix

So try this:

> sudo /usr/sbin/setenforce 0 ;

> /usr/sbin/getenforce;

Permissive

Now log out and back in to notice that your .Xauthority file has been created and port forwarding will work!

Run ‘id’ and you’ll see the simple results you expect.

Permanent Change

The setenforce command does not require a server reboot but it’s also not going to survive a reboot. To make the change permanent, ask your system admin to edit /etc/selinux/config to set “SELINUX=permissive”

# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=enforcing # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted

本文系统(linux)相关术语:linux系统 鸟哥的linux私房菜 linux命令大全 linux操作系统

主题: LinuxMacBookOEM
分页:12
转载请注明
本文标题:SELinux blocked my .Xauthority
本站链接:http://www.codesec.net/view/482346.html
分享请点击:


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 系统(linux) | 评论(0) | 阅读(18)