what is of difference of this two directories

catiewong · 12-27-2018, 06:12 AM

I have two directories in same server , ls -ld show different result , one have "." , what is the difference of these two directories ?

Code:

drwxr-xr-x  
drwxr-xr-x.

sgrlscz · 12-27-2018, 06:32 AM

The '.' at the end indicates there is an SELinux context on that directory. If you use 'ls -Zd' on the directory, it'll show the context.

SELinux can be either enabled or disabled. If enabled, it can be either enforcing or permissive. If enforcing, it provides additional access control. If permissive, it doesn't block access that would be denied if enforcing, but it logs messages to audit those accesses that would violate the policy in place.

catiewong · 12-27-2018, 06:46 AM

the SElinux is co-related with sshd_config , or they do not have any relation ?

dc.901 · 12-27-2018, 07:04 AM

Quote:

Originally Posted by catiewong

the SElinux is co-related with sshd_config , or they do not have any relation ?

Don't understand your question...
May be these will help:
https://access.redhat.com/documentat...ide/ch-selinux

https://access.redhat.com/documentat...ide/ch-openssh

sgrlscz · 12-27-2018, 07:17 AM

You're question isn't really clear. SELinux affects file access, so it can affect sshd's functionality. However, it's not specific to sshd, it can affect any file access on the system, so it affects all applications and users. It's an OS feature.

SELinux is a security feature. You can see if it's enabled using sestatus. For example (bold added by me):

Code:

> sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      31

On this system, it's enabled and enforcing. Because of that, file access is affected not only by the permissions on files/directories, but also the SELinux context, which can create issues because permissions may look fine, but access still gets denied.