I was attempting to install an OEM management server on a new host in the lab using runInstaller. Of course the installer is an X-windows app so I need to configure port forwarding to get the display back to MacBook.
I added the new host and its bastion to my ~/.ssh/config file to set up port forwarding:
ProxyCommand ssh -W %h:%p 10.123.45.678
Pretty straight-forward and it’s worked plenty of times before, so I expected no problems.
When I ssh’d to newlaboms I was hit with an xauth error:
xauth: timeout in locking authority file /home/oracle/.Xauthority
Quick solutions include ensuring proper ownership of my home directory (no problem), that I could write a new file there (touch temp.file — ok), and adequate space on the home’s file system (no problem).
My ‘id’ line looked wrong:
uid=54321(oracle) gid=54321(oinstall) groups=54321(oinstall),54322(dba) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
All that “context=” stuff was added by SELinux. This is a new host and SELinux is enabled by default and disabled by my S/A’s as part of the build process. They’d missed it this time – and this is how you check:
Enhanced security is being enforced by SELinux!
So try this:
> sudo /usr/sbin/setenforce 0 ;
Now log out and back in to notice that your .Xauthority file has been created and port forwarding will work!
Run ‘id’ and you’ll see the simple results you expect.
The setenforce command does not require a server reboot but it’s also not going to survive a reboot. To make the change permanent, ask your system admin to edit /etc/selinux/config to set “SELINUX=permissive”
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.