Problem

SUEXEC routes fail even though you are positive they should be working.

The BoKS audit log shows a message similar to the following:

07/03/15 17:11:30 myhost1 - johnd suexec Unsuccessful suexec (pid 12345) from johnd to root, program /path/to/my/program. Authentication failed.

Solution

The issue could be that there is an selinux violation.

Check for BoKS AVC errors in the SELinux audit log on the host having trouble:

# grep -i boks /var/log/audit/audit.log | grep "=AVC"

An AVC entry might look similar to this:

type=AVC msg=audit(1424892567.531:47598): avc: denied { search } for pid=1362351 comm="suexec" name="root" dev=dm-0 ino=912130 scontext=unconfined_u:unconfined_r:boks_suexec_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir

Try resetting the selinux configuration for suexec as follows:

# restorecon -v /opt/boksm/bin/suexec

If you are using BoKS 6.7, be sure you have applied HFBM-0061.


Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: May 25, 2018