While performing OS admin task, one of the
application guy came to me ,was complaining about permission issue on one of
the Linux server.
Error : "permission denied "to user while login from remote user.
after seeing this
error first thought in mind was may be user account is locked, but here login
method was password less and also i checked whether user account is locked or
not.
#passwd
-S username
user
account wasn't locked
so what's
next..........
After i checked /etc/passwd file and checked whether user is exist or not and found that user is not present in /etc/passwd file ,so thought that this is the issue. But application guy was saying that he was able login using same command few days back. Now i really confused, what is the issue and what denying access to user on Linux server. Again i checked which command user was executing and found that he was executing Perl script with some parameter, which was trying to login on Linux server to application user account. Perl script was trying to login to app user account .
again i thought that let check log in /var/log file ,so checked messages but not found anything, then i turned to /var/log/authlog file and asked app guy to execute that command again and kept authlog file in monitoring mode by executing following command and here i found some hint from error "Failed publickey" that error is in authorized_keys file.
tail -f /var/log/authlog
Entry was like below :
Failed
publickey for "appuser" from "XX.XX.XX.XXX"(IP address).
after reading this messages i decided to check authorized_keys file .
I
executed below sequence of command
#su
- appuser
#cat
/apphome/.ssh/authorized_keys
Now here i get messages that "permission denied". I am not understanding why authorized_keys file in appuser home directory denying permission to owner itself. After that checked permission of authorized_keys file and found that file ownership is not correct ,owner of file is different, somebody had changed ownership to other user.
After
proper change request i done ownership change and asked app team guy to
check again?
Here
finally user able to login on remote server.
from above error message, we conclude that first understand problem, then do proper analysis, like check logs on server and try to extract some indication from that, sometime appteam guy also dont know what is the issue, in this incident app guy was asking me to create new user and here this wasn't correct.
For above type of error please check following point.
1.
Check log files which are related to error like, authlog,messages.
2.
Find indication from that log file.
3.
Check permission and ownership of authorized_keys,this
file permission is always 600 and file is not world writable.
4.
Check permission and ownership of home directory.
5.
Also check required user exist or not.
6. Correct
public key in authorized_keys.
Thanks!!!!!
No comments:
Post a Comment