Permission in Selinux

How to give permission in selinux

To check the permission

getsebool -a | grep rsync (Replace rsync with your application name)

postgresql_can_rsync –> off

rsync_anon_write –> off

rsync_client –> off

rsync_export_all_ro –> off

rsync_full_access –> off

Non of the above rsync command have permission

To set the permission

setsebool -P rsync_full_access on

setsebool -P rsync_export_all_ro on

setsebool -P rsync_client on

setsebool -P rsync_anon_write on

Why am I still getting a password prompt with ssh with public key authentication?

Any of below might be the reason

  • Your home directory ~, your ~/.ssh directory and the ~/.ssh/authorized_keys file on the remote machine must be writable only by you: rwx------ and rwxr-xr-x are fine, but rwxrwx--- is no good¹, even if you are the only user in your group (if you prefer numeric modes: 700 or 755, not 775).
    If ~/.ssh or authorized_keys is a symbolic link, the canonical path (with symbolic links expanded) is checked.
  • Your ~/.ssh/authorized_keys file (on the remote machine) must be readable (at least 400), but you’ll need it to be also writable (600) if you will add any more keys to it.
  • Your private key file (on the local machine) must be readable and writable only by you: rw-------, i.e. 600.
  • Also, if SELinux is set to enforcing, you may need to run restorecon -R -v ~/.ssh (see e.g. Ubuntu bug 965663 and Debian bug report #658675; this is patched in CentOS 6).

 

Categories: linux, Selinux

Comments are closed.