Bug 119757
Summary: | SELinux FAQ - adding a new Linux user account | ||
---|---|---|---|
Product: | [Fedora] Fedora Documentation | Reporter: | Karsten Wade <kwade> |
Component: | selinux-faq | Assignee: | Karsten Wade <kwade> |
Status: | CLOSED NEXTRELEASE | QA Contact: | Tammy Fox <tammy.c.fox> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | devel | CC: | digitalcontrol, walters |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://people.redhat.com/kwade/fedora-docs/selinux-faq-en/ | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2004-04-05 14:35:47 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 118757 |
Description
Karsten Wade
2004-04-02 00:21:44 UTC
This candidate FAQ entry was grabbed from the mailing list, the list responder (Colin) is Cc:'d to this bug for a quick review of my treatment below. In particular I want to be sure my command line syntax is a 100% accurate screenshot. ## begin Q:. How can I create a new Linux user account with the user's home directory having the proper context? A:. You can create your new user with the standard useradd command, but first you must become root with a context of sysadm_r. This context switch has been incorporated into the su command: su - root Your default context is root:sysadm_r:sysadm_t. Do you want to choose a different one? [n] n useradd auser ls -Z /home/auser drwxr-xr-x auser auser user_u:user_r:user_home_dir_t /home/auser ## 30 I know that many people have no interest in my opinion, but I'll offer my input anway ;-) A) doing a ls -Z /home/auser would list the contents of /home/auser with contexts not the directory itself. (in this case nothing, because you didn't specify -a to show .dotfiles) B) doing a ls -Z /home would list all of the user home directories with contexts. (correct if you want to see the context of /home/auser) C) the context you have listed does not match the default policies (at least in policy.16), the output that my system generates with no changes in the default policies on a FC2 Test 2 system is: ## begin localhost login: root Password: Your default context is root:sysadm_r:sysadm_t. Do you want to choose a different one? [n] Last login: Mon Apr 5 2004 02:52:01 on tty1 [root@localhost]# useradd auser [root@localhost]# ls -Z /home drwx------ auser auser root:object_r:user_home_dir_t /home/auser [root@localhost]# ## 30 Note: I have never seen a home directory labeled as user_u:user_r:user_home_dir_t but have seen system_u:object_r:user_home_dir_t. I don't know if this helps at all. I'm using: libselinux-1.9-1 policycoreutils-1.9.2-1 policy-1.9.2-9 kernel-2.6.4-1.305 Ric Letson digitalcontrol I didn't have policy.16 loaded when I posted the above comment and I apologize. Having loaded policy.16 and done a 'fixfiles relabel', the /home/auser directory was relabeled as system_u:object_r:user_home_dir_t drwx------ auser auser system_u:object_r:user_home_dir_t auser this is consistent with the rest of the home directories Ric Letson digitalcontrol Karsten - the FAQ entry looks good to me. Karsten - Actually Ric is right, the last line will look like this: drwxr-xr-x auser auser root:object_r:user_home_dir_t /home/auser i.e. with "root" instead of user_u and object_r instead of user_r. (Sometimes you'll get system_u instead of root, but it's irrelevant) Gents, thanks for your keen eyes. These are the details that matter. Fixed in 1.0-4, already posted. |