Home

KMG Group is a small company. I, Magnus Lübeck, am currently hired by the Kanton of Luzern.

This website is therefore mainly a forum for me as a technologist to spread the word on how to run an IT Operations on a tight budget. I don’t like wasting money. Spending, yes, but not wasting money.

I normally offer analytic-, and hands on- services in the following fields:

Extreme availability (Unix clustering, Oracle DB availability)
Database Backup/Recovery
Storage architecture
Storage benchmarking

Latest Blog entry:

Could not chdir to home directory

March 9, 2011maglub

- March 9, 2011

I was at a customer’s site the other day, and ran into an issue that I could not really understand.

When logging in on my Linux box, a server I was setting up for a small application, I got the following error message when logging in, as the first thing on my terminal:

1	Could not chdir to home directory /app/prd/kmggroup: Permission denied

The background is that the application I am setting up has it’s home directory in a non-standard location. Let us call the user kmggroup, just for kicks, and that the home directory is /app/prd/kmggroup. Logging into this user directly, using a password should be banned anyways, as it is an anonymous user, owning an application. I will write about my prefered way of logging in as anonymous users (e.g oracle, apache, kmgapp, whatever) in a different post.

At this point, my user “landed” in “/”, but it was still possible to do a “cd /app/prd/kmggroup” to go to that directory. Very annoying, though.

It took me a little while to figure out, as I had just ordered a virtual machine, no preference of flavor. I got a RedHat server, and for me there is not much to say about that.

1 2	kmggroup@server.org:/usr/local/samba/etc $cat /etc/redhat-release Red Hat Enterprise Linux Server release 6.0 (Santiago)

I debugged my .bash_profile, the /etc/passwd file, the /etc/profile, tweaking it a bit (adding “echo bappen” to the startup scripts here and there). I realized that the error message appeared even before the /etc/profile script was ran, so I got a bit curious.

After searching the topic on the world wide information network, also known as the Internet, I slowly realized that this has to do with the SELinux, namely the context settings for the directories.

SELinux is dreaded by the un-initiated, and there are few admins out there who really know how to set it up and live with it properly. (I am one of those, mainly un-initiated).

Enough said about that. Here is my solution to solve the problem, without messing up someone else’s system.

My directories were set up like this:

1
2
3
4

kmggroup@server.org:/app/prd/kmggroup $ls --context -d /app /app/prd /app/prd/kmggroup
drwxr-xr-x. root root unconfined_u:object_r:default_t:s0 /app
drwxr-xr-x. kmggroup kmggroup unconfined_u:object_r:default_t:s0 /app/prd
drwxr-xr-x. kmggroup kmggroup unconfined_u:object_r:default_t:s0 /app/prd/kmggroup

Normally, /home is set to the following context:

1
2
3

kmggroup@server.org:/app/prd/kmggroup $ls --context -d /home /home/*
drwxr-xr-x. root root system_u:object_r:home_root_t:s0 /home
drwx------. apa apa unconfined_u:object_r:user_home_dir_t:s0 /home/apa

My “/app/prd/kmggroup” directory is “special”, as we set it up in a non-default location, where the context was not set yet.

So, a couple of chcon later, the problem was solved:

1
2
3
4
5
6
7
8

sudo chcon -t home_root_t /app
sudo chcon -t home_root_t /app/prd
sudo chcon -t user_home_dir_t /app/prd/kmggroup

kmggroup@server.org:/app/prd/kmggroup $ls --context -d /app /app/prd /app/prd/kmggroup
drwxr-x---. kmggroup kmggroup unconfined_u:object_r:home_root_t:s0 /app
drwxr-x---. kmggroup kmggroup unconfined_u:object_r:home_root_t:s0 /app/prd
drwx------. kmggroup kmggroup unconfined_u:object_r:user_home_dir_t:s0 /app/prd/kmggroup

The error message does not appear, and my user ends up in his homedir. After telling the sysadmin at the site, he told me that they are not using SELinux (for good reasons in their environment), he had just forgotten to turn it off before giving me the box.

We both had a good laugh about it.

Have a nice day!
//magnus

Older entries:

Benchmarking - to impress or not impress; is not even a question - July 23, 2010
Starting all over - where did my contacts go? - June 14, 2010
New beginning - April 29, 2010

Comments

Written by Cico about 2 years ago.

Hörru Mange,
yes perhaps overkilling… a bit. For a one-off, you could have taken
- a PeCee with Windoze
- barf out your contacts from TXT into MS outlook
- pass them on to Nokia PC suite
- or just playing with http://labs.brotherli.ch/vcfconvert/

But that would all have been less fun, and you’d learned nothing on the way.
Written by Jan about 1 year ago.

Hi Magnus,

I know you probably allready know most things, but we really put a lot of effort in making op5 Monitor as easy to use as possible. One very often forgotten part are manuals, so please do check out our newly released (today) online manuals for users and administrators
http://www.op5.com/manuals/

Cheers and thanks for the blog – let us know if you have any ??
/ JJ

IT Operations made simple

Home

Latest Blog entry:

Could not chdir to home directory

Older entries:

Comments

Leave a Comment

- IT Operations

Thought of the week: