Bug 117525
Summary: | can't su at all ... | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Bill Nottingham <notting> |
Component: | coreutils | Assignee: | Tim Waugh <twaugh> |
Status: | CLOSED RAWHIDE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | dwalsh, kajtzu, mitr, rvokal |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2004-05-18 09:05:58 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Bill Nottingham
2004-03-04 22:30:22 UTC
Policy needs: allow user_t su_exec_t:file { execute getattr }; Now what? Hmm, not that simple. So far I've needed to add: allow user_t su_exec_t:file { execute execute_no_trans getattr read }; allow user_t user_t:capability { setuid }; Does that sound right? You need to change you user account to a staff account. Then relabel your home directories. Normal user accounts are not allowed to ececute the su command. Dan Okay -- can you point me in the right direction for doing that? What command is it? Thanks. That looks like something that should be mentioned in release notes (bug 114398). That's not really consistent with the minimal policy, though. Whether that's a bug or not, I'm not sure. User accounts can run su now. Closing. |