arrow_upward

lockThread Closed 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
VPS 18 - /bin/bash Premission Denied
more_vert
fChk
Senior Member
fChk
Senior Member
****
forum
Posts:381
chat
Threads:19
calendar_today
Joined:Jul 2018
thumb_up
Reputation: 73
layers
Holder OfVPS 9
attach_money
Credits:P$ 4,039.73
data_saver_on
Monthly Posts2
all_inclusive
Quality Credits:0
expand_more
#10
12-08-2019, 05:56 AM
(12-07-2019, 01:34 PM)Hidden Refuge Wrote: (...)

So the internal rescue mode of CentOS is useless, too. Thankfully there was a CentOS 8 ISO available. I mounted it and restarted the VPS. In the CentOS 8 ISO bootloader I could select a option to run a system rescue mode. The rescue mode mounts the installed CentOS into /mnt/sysimage and from there on you can access all files through the rescue sh shell of CentOS 8. I edited /etc/selinux/config (/mnt/sysimage/etc/selinux/config) and set SELINUX to disabled. I saved the file and rebooted the VPS. It started from the installed CentOS 7 and I could login normally in the Linux TTY and also in SSH.

That's about it. SELinux was overly protective and broke pretty much the whole system. To be honest: SELinux is cancer. Not only that NSA was working on it but it's kinda not helpful at all.

Your VPS is working again.

Well done @Hidden_Refuge !.. Although I would have just set SELinux to 'permissive' instead of its default 'enforcing' mode in CentOS.

My course of action would have been: setting SELinux on its permissive mode then reboot to CentOS 7 then troubleshoot the SELinux problem. When I'm sure that the issue is resolved, ie no more throwing of AVC (Access Vector Cache) messages in the logs, only then I would re-enable SELinux.

It's indeed more work but I think It's the advisable way to deal with SELinux headaches; disabling it altogether is throwing away one of the best CentOS/RHEL/Fedora line of defenses against privilege escalation attacks (especially for a 24/7 online system.)

Generally the problem is solved by just re-Labelling system files by their correct SELinux context. It's done (on Fedora) by running:
Code: (Select All)
sudo fixfiles -F onboot
reboot
It should be the same on CentOS; Fedora being the bleeding edge of RedHat systems (RHEL and CentOS.)

If the above doesn't fix the problem, then it's generally because the sysadmin is running a process outside of it's normal/default context/location, in which case he should set the adhoc SELinux context for the process to run properly.

Granted, SELinux for those who aren't familiar with is a PAIN.. but once you get the hang of it, it should be OK. I still remember when Fedora first enabled it by default 10 years ago (or so), it was a mess (just like you described above.) Nothing seems to work any more, and people (including myself) start turning that thing off right off the bat (again, just like you did)... But that was wrong... and still is.


---------
PS: Some quick references for our folks in here:
> Basic SELinux Troubleshooting in CLI
> Troubleshooting SELinux
> SELinux/Troubleshooting Wiki
> Troubleshooting SELinux Docs
VirMach's Buffalo_VPS-9 Holder (Dec. 20 - July 21)
microLXC's Container Holder (july 20 - ?)
VirMach's Phoenix_VPS-9 Holder (Apr. 20 - June 20)
NanoKVM's NAT-VPS Holder (jan. 20 - ?)
lockThread Closed 


Messages In This Thread
RE: VPS 18 - /bin/bash Premission Denied - by fChk - 12-08-2019, 05:56 AM

person_pin_circle Users browsing this thread: 3 Guest(s)
Sponsors: VirMach - Host4Fun - CubeData - Evolution-Host - HostDare - Hyper Expert - Shadow Hosting - Bladenode - Hostlease - RackNerd - ReadyDedis - Limitless Hosting