Bug 1595667
Summary: | allow user add for gnome-control-center | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Martin Krajnak <mkrajnak> | ||||
Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> | ||||
Status: | CLOSED ERRATA | QA Contact: | Milos Malik <mmalik> | ||||
Severity: | high | Docs Contact: | |||||
Priority: | high | ||||||
Version: | 7.6 | CC: | lvrabec, mgrepl, mmalik, plautrba, ssekidde, tpelka | ||||
Target Milestone: | rc | ||||||
Target Release: | --- | ||||||
Hardware: | x86_64 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2018-10-30 10:05:54 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
I also tried to add user via terminal: sudo useradd test2 the user is created and it is shown in control center but when I try to delete him, the same error message is shown the reproducer is working in RHEL 7.5 ok I was pointed out by vbenes that it is caused by Selinux SELinux is preventing /usr/sbin/useradd from map access on the file /usr/sbin/useradd. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that useradd should be allowed map access on the useradd file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'useradd' --raw | audit2allow -M my-useradd # semodule -i my-useradd.pp Additional Information: Source Context system_u:system_r:accountsd_t:s0 Target Context system_u:object_r:useradd_exec_t:s0 Target Objects /usr/sbin/useradd [ file ] Source useradd Source Path /usr/sbin/useradd Port <Unknown> Host localhost.localdomain Source RPM Packages shadow-utils-4.1.5.1-25.el7.x86_64 Target RPM Packages shadow-utils-4.1.5.1-25.el7.x86_64 Policy RPM selinux-policy-3.13.1-204.el7.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name localhost.localdomain Platform Linux localhost.localdomain 3.10.0-906.el7.x86_64 #1 SMP Fri Jun 15 18:16:49 EDT 2018 x86_64 x86_64 Alert Count 1 First Seen 2018-06-22 09:31:20 CEST Last Seen 2018-06-22 09:31:20 CEST Local ID ad060923-32ee-471e-bade-5b52acf573fa Raw Audit Messages type=AVC msg=audit(1529652680.321:670): avc: denied { map } for pid=4781 comm="useradd" path="/usr/sbin/useradd" dev="dm-0" ino=2306799 scontext=system_u:system_r:accountsd_t:s0 tcontext=system_u:object_r:useradd_exec_t:s0 tclass=file permissive=0 type=SYSCALL msg=audit(1529652680.321:670): arch=x86_64 syscall=execve success=no exit=EACCES a0=5561572e49ab a1=7fff8daa0290 a2=7fff8daa0728 a3=7fff8da9f8e0 items=0 ppid=713 pid=4781 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm=useradd exe=/usr/sbin/useradd subj=system_u:system_r:accountsd_t:s0 key=(null) Hash: useradd,accountsd_t,useradd_exec_t,file,map Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:3111 |
Created attachment 1454993 [details] error msg screenshot Description of problem: I am not able to simply add new user through control center Version-Release number of selected component (if applicable): control-center-3.28.1-2.el7.x86_64 How reproducible: always Steps to Reproduce: 1.Search for setting in Gnome-shell and open control-center 2.Open Details 3.Open Users 4.Click Unlock in upper corner 5.Click Add User in upper corner 6.Type just username test2 and click Add Actual results: Failed to add account running 'usr/sbin/useradd' failed: Child process killed by signal 9 Expected results: New user should be created and shown in Users section Additional info: I tried running 'control-center --verbose' from terminal but I am not able to to click Unlock button in step 4. it looks like it is disabled somehow