ssh could not chdir to home directory
Hello all, Im seeking a little help on a weird issue. I have a server with about 20 or so users on it. It is SUSE Enterprise Server 10. It's been in production for about 2 years. All of the sudden, one of my users says he is unable to log in. So I checked it out, I logged in as root and tried sshing and su-ing to this user and this is what I get....
Code:
Could not chdir to home directory /home/user1: Permission denied Thanks |
Quote:
can the other 19 users ssh? does /home/user1 exists? (case sensitive) check the permission on /home to make sure its owned by root 755 check to make user is not in a block list. Code:
/etc/ssh/sshd_config possible quick fix: make a new user and ssh localhost then thru the wan. if all works simply transfer files over to the new user1 home and chown it. hope this helps. |
puzzling
Just to narrow the possibilities:
Is this problem unique to that single user, or do the others (or at least a few others) also have this problem? Is it possible to login at the location of the server into the problematic user account? Is it the same problem for all login alternatives like SSH, FTP, Telnet, etc.? If permissions are correct, then the application that provides access is accessing that home directory with the wrong account information. A file system check is probably also a good idea. |
Hello, yeah, I guess I wasn't specific enough. Yes it is limited to just this one user. Everyone else can log in just fine. Nothing to "my knowledge" has been installed. The problem is for all login methods for this one user, I used ssh to provide me with output. Like I said in my original post, the permissions are fine for /home (everyone else is able to do their work) and this particular users permissions are fine on his particular directory, 0700 and owned by him.
I realize I could just make a new home dir or recreate the user entirely and restore the data to his directory, but I was hoping to try and fix this and figure out why it happens. Thanks for your replies. |
Quote:
Code:
Could not chdir to home directory /home/user1: Permission denied Quote:
check whether the home directory is correct. - /etc/passwd - bashrc and/or any other file your shell sources strace the ssh the fact this is an isolated case (according to your info). I would sus whether this user has been tampering with the files provided the user never had this problem before. check the log both user/root during the time before the error occurred from the user1 machine. hope this helps. |
Hi all...
I found this post because I had the same issue just now. I have a server here at home, I was setting up samba (on my desktop) to auto mount the shared on the server. Server is centos, btw. Desktop is Ubuntu hardy, not that it matters much. On the server, I have disabled root login too. This is the same or similar weird issue... The share is not mounting, another story though, so I went to ssh into the centos box (actually clarkconnect, but Ive jacked it around quite a bit), anyhow it gave me the same error/issue, but it gave me a bash prompt I have not seen before. The whole thing looked like this after an 'ssh me@host'... Code:
[USER]@192.xxx.x.x's password: So, I tried a 'su', and it prompted me for the password and let me log in as root, I probably should look a little further in that actually. Anyhow, It turned out that my permission on my home folder was screwed with. I am quite sure that it was because I used the web admin tool to turn on my /homes in samba. Heres the before and after... Code:
[root@[MYSERVER] home]# ls -la next... Code:
sudo chmod 755 /home/[ME] Code:
[root@[MYSERVER] home]# ls -la Just some info, I look at the .bash_profile and .bashrc right away and nothing was added or taken. I am blaming either samba, or the scripts that was associated with the webmin app. I actually prefer to do this stuff by hand, partly for this reason. |
But /home/[me] should have 700 permissions, and be owned by either [me]:[me] or [me]:[users] in CentOS.
|
was repeat post probably something I did...
|
Dang it...thats one reason I posted this morning. I will change my permissions....hold please...
Well, when I change my home dir to 700, I get the origianl issue. When I chmod it to 755, it acts fine. Now I need to figure this one out... But wait a minute, what I keep finding on the net is that default home permissions for CentOS is 755, If I don't figure this out soon, I will bring it up at the next LUG, one of the CentOS team leaders is a member here. Even still, I want to know more...:) |
Mine are all 700, and frankly, why would you want other users being able to read your home dir?
Your issue is ownership though, as I posted above. Edit. I just added a new user under CentOS, and permissions are 700, ownership username:username |
I agree, and I found more info where CentOS's default home directory permissions are in fact 700. And your right, I don't want others reading my directory either...And, And, I agree also (with you) it is an ownership issue. Somehow it set my ownership to my GID I think... lets fix it and see... (the 1000 did look a little out of place when I was posting earlier)
Ok...and Thank you... I did a chmod 700 to my home and then a chown [ME] [ME] and all is well. Keen eye billymayday, and thanks. This is one reason I love LQ, so I can learn. |
oh yeah, so this means that one of my actions, messing with samba, had changed my ownership though...and I wonder if this was way off from the origianl poster then.
|
Glad to help
|
So there is a reference here, I ran into the same problem with a different solution.
I'm running Fedora 9 x86_64, and had the same issue. All of my file permisssions are good though. I disabled SELinux with sudo setenforce 0 and was able to log in. (this was messing with my ability to FTP, was otherwise just annoying) Other people may want to elaborate on a fix, I'm just going to disable SELinux, since this is a personal machine. . . Just my $0.02 |
If this had been an SELinux issue, it would simply have meant that the contexts for the home directory had gotten messed up, and a simple restorecon would have fixed things up (or at least should).
For your ftp issue, I'll make two points. The first is that setenforce is not persistent, so at very least you will either need to disable it permanently or re-enter seenforce 0 each time you boot. If you run gnome, there is a security setting program, otherwise the seting will be in /etc/selinux somewhere. A better solution (if you like screwdriver solutions over sledgehammers) is to either set your own policies (you need to be reasonably keen here), or you can disable SELinux for sertain actions. Not sure of your directory structure, but here's what I have that looks relevant in /selinux/booleans: Code:
allow_ftpd_anon_write allow_ftpd_use_cifs allow_tftp_anon_write ftpd_is_daemon httpd_enable_ftp_server Not sure which ftp daemon you use or if will necessarily work for your situation. I use vsftpd, and here is what's set for me: Code:
# for i in $(ls /selinux/booleans/*ftp*); do getsebool $i; done |
All times are GMT -5. The time now is 03:39 PM. |