在 Cents 7 上,在 /home 中创建的文件夹/文件上下文错误
# pwd
/home
# ls
# ls -dZ .
drwxr-xr-x. root root system_u:object_r:home_root_t:s0 .
# mkdir -p test/.ssh
# touch test/.ssh/authorized_keys
# ls -ldZ test test/.ssh
drwxr-xr-x. root root unconfined_u:object_r:home_root_t:s0 test
drwxr-xr-x. root root unconfined_u:object_r:home_root_t:s0 test/.ssh
-rw-r--r--. root root unconfined_u:object_r:home_root_t:s0 test/.ssh/authorized_keys
#
当首次 ssh 登录创建用户的主文件夹时,也会发生同样的问题(由于 selinux 抱怨,用户无法使用 ssh 密钥授权)。
当 root 用户存在时,上下文问题不存在su 用户,然后在正确的上下文中创建主文件夹。
如何学习sshd/ssh会话在适当的上下文中创建新用户的主目录?
否要修复它,用户需要运行恢复控制命令,示例:
# ls -ldZ test/.ssh/authorized_keys test test/.ssh
drwxr-xr-x. root root unconfined_u:object_r:home_root_t:s0 test
drwxr-xr-x. root root unconfined_u:object_r:home_root_t:s0 test/.ssh
-rw-r--r--. root root unconfined_u:object_r:home_root_t:s0 test/.ssh/authorized_keys
# restorecon -vR test
restorecon reset /home/test context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:user_home_dir_t:s0
restorecon reset /home/test/.ssh context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:ssh_home_t:s0
restorecon reset /home/test/.ssh/authorized_keys context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:ssh_home_t:s0
# ls -ldZ test/.ssh/authorized_keys test test/.ssh
drwxr-xr-x. root root unconfined_u:object_r:user_home_dir_t:s0 test
drwxr-xr-x. root root unconfined_u:object_r:ssh_home_t:s0 test/.ssh
-rw-r--r--. root root unconfined_u:object_r:ssh_home_t:s0 test/.ssh/authorized_keys
#