Unable to ssh: /bin/bash: Permission denied

[jwhill2000]

This is a peculiar problem since, 1) my system is a CentOS7 VM running on Azure and 2) there is no console access. Yesterday, a 'yum update' was performed and the system was rebooted. This morning I tried logging in with ssh and got the "/bin/bash: Permission denied" error. The only way I can try and fix the problem is to delete my VM (keeping the disk) and reattaching it to another VM where I can mount it and then investigate. In my google'ing adventures on this problem, the majority of solutions indicates that it might be SELinux related. Since I don't have a live system it's a bit awkward to troubleshoot. I've checked some of the obvious things, like permissions on /bin/bash and what not. Since this cropped up following a YUM update, I'm making assumptions that it is related and wondering if anyone else is having to deal with this.

[TrevorH]

Well since bash hasn't been updated in 3 months, either you're leaving it too long between yum updates or it's something else. You can check what was updated by looking in /var/log/yum.log. You can also look in /var/log/secure to see if anything is logged there (and in messages too).

What is the output from ls -laZ /bin/bash ?

[jwhill2000]

Prior to yesterday, my last yum update was 2/10, is that too long?

# ls -laZ /bin/bash
-rwxr-xr-x root root ? /bin/bash


yum.log

Mar 09 15:28:20 Updated: systemd-libs-219-30.el7_3.7.x86_64
Mar 09 15:28:20 Updated: nspr-4.13.1-1.0.el7_3.x86_64
Mar 09 15:28:21 Updated: nss-util-3.28.2-1.1.el7_3.x86_64
Mar 09 15:28:22 Updated: 1:openssl-libs-1.0.1e-60.el7_3.1.x86_64
Mar 09 15:28:23 Updated: libgudev1-219-30.el7_3.7.x86_64
Mar 09 15:28:23 Updated: audit-libs-2.6.5-3.el7_3.1.x86_64
Mar 09 15:28:31 Updated: systemd-219-30.el7_3.7.x86_64
Mar 09 15:28:32 Updated: 7:device-mapper-1.02.135-1.el7_3.3.x86_64
Mar 09 15:28:33 Updated: 7:device-mapper-libs-1.02.135-1.el7_3.3.x86_64
Mar 09 15:28:33 Updated: 7:device-mapper-event-libs-1.02.135-1.el7_3.3.x86_64
Mar 09 15:28:34 Updated: systemd-sysv-219-30.el7_3.7.x86_64
Mar 09 15:28:34 Updated: 32:bind-license-9.9.4-38.el7_3.2.noarch
Mar 09 15:28:36 Updated: 32:bind-libs-9.9.4-38.el7_3.2.x86_64
Mar 09 15:28:37 Updated: 1:wpa_supplicant-2.0-21.el7_3.x86_64
Mar 09 15:28:38 Updated: 7:device-mapper-event-1.02.135-1.el7_3.3.x86_64
Mar 09 15:28:39 Updated: 7:lvm2-libs-2.02.166-1.el7_3.3.x86_64
Mar 09 15:28:40 Updated: polkit-0.112-11.el7_3.x86_64
Mar 09 15:28:42 Updated: nss-3.28.2-1.6.el7_3.x86_64
Mar 09 15:28:43 Updated: nss-sysinit-3.28.2-1.6.el7_3.x86_64
Mar 09 15:28:43 Updated: 1:NetworkManager-libnm-1.4.0-17.el7_3.x86_64
Mar 09 15:28:47 Updated: 1:NetworkManager-1.4.0-17.el7_3.x86_64
Mar 09 15:28:47 Updated: selinux-policy-3.13.1-102.el7_3.15.noarch
Mar 09 15:28:48 Updated: kernel-tools-libs-3.10.0-514.10.2.el7.x86_64
Mar 09 15:28:48 Updated: 1:emacs-filesystem-24.3-19.el7_3.noarch
Mar 09 15:29:04 Updated: 1:emacs-common-24.3-19.el7_3.x86_64
Mar 09 15:29:04 Updated: firewalld-filesystem-0.4.3.2-8.1.el7_3.2.noarch
Mar 09 15:29:05 Updated: python-firewall-0.4.3.2-8.1.el7_3.2.noarch
Mar 09 15:29:06 Updated: firewalld-0.4.3.2-8.1.el7_3.2.noarch
Mar 09 15:29:09 Updated: 1:emacs-nox-24.3-19.el7_3.x86_64
Mar 09 15:29:11 Updated: kernel-tools-3.10.0-514.10.2.el7.x86_64
Mar 09 15:29:41 Updated: selinux-policy-targeted-3.13.1-102.el7_3.15.noarch
Mar 09 15:29:42 Updated: 1:NetworkManager-tui-1.4.0-17.el7_3.x86_64
Mar 09 15:29:43 Updated: 1:NetworkManager-team-1.4.0-17.el7_3.x86_64
Mar 09 15:29:44 Updated: nss-tools-3.28.2-1.6.el7_3.x86_64
Mar 09 15:29:47 Updated: 7:lvm2-2.02.166-1.el7_3.3.x86_64
Mar 09 15:29:48 Updated: 32:bind-utils-9.9.4-38.el7_3.2.x86_64
Mar 09 15:29:49 Updated: 32:bind-libs-lite-9.9.4-38.el7_3.2.x86_64
Mar 09 15:29:50 Updated: audit-2.6.5-3.el7_3.1.x86_64
Mar 09 15:29:52 Updated: 1:nfs-utils-1.3.0-0.33.el7_3.x86_64
Mar 09 15:29:53 Updated: 2:microcode_ctl-2.1-16.3.el7_3.x86_64
Mar 09 15:29:54 Updated: systemd-python-219-30.el7_3.7.x86_64
Mar 09 15:29:54 Updated: audit-libs-python-2.6.5-3.el7_3.1.x86_64
Mar 09 15:29:55 Updated: 1:openssl-1.0.1e-60.el7_3.1.x86_64
Mar 09 15:29:58 Updated: python-perf-3.10.0-514.10.2.el7.x86_64
Mar 09 15:30:25 Installed: kernel-3.10.0-514.10.2.el7.x86_64
Mar 09 15:30:27 Updated: tzdata-2017a-1.el7.noarch
Mar 09 15:30:28 Updated: tcsh-6.18.01-13.el7_3.1.x86_64

[TrevorH]

Is selinux enabled? The context on /bin/bash should look like

Code: Select all

-rwxr-xr-x. root root system_u:object_r:shell_exec_t:s0 /bin/bash

[jwhill2000]

SELinux is enabled. But, this is not a live system, I have this system drive mounted onto another system where I can access and examine it.

[hunter86_bg]

You can try a relabel.
Touch the file under the root -if you have mounted the disk under /mnt:

Code: Select all

touch /mnt/.autorelabel

and then dismount and attach it to the original VM.

[TrevorH]

You may also need to run the relabel in permissive mode so you might need to edit /etc/sysconfig/selinux and set that to permissive there before you re-attach it to the original.