Red Hat Bugzilla – Full Text Bug Listing
|Summary:||user cannot run "/bin/su"|
|Product:||[Fedora] Fedora||Reporter:||Jens Petersen <petersen>|
|Component:||coreutils||Assignee:||Ondrej Vasik <ovasik>|
|Status:||CLOSED DUPLICATE||QA Contact:||Fedora Extras Quality Assurance <extras-qa>|
|Version:||rawhide||CC:||dwalsh, twaugh, wwoods|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2008-07-10 09:39:58 EDT||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description Jens Petersen 2008-07-08 23:37:59 EDT
Description of problem: It is not possible for normal users to run "su" now in rawhide. Is that intentional? Version-Release number of selected component (if applicable): coreutils-6.12-5.fc10 How reproducible: every time Steps to Reproduce: 1. install rawhide 2. login in as regular user 3. run su in shell to become root Actual results: 3. su not found: -bash: su: command not found Expected results: 3. su to run normally
Comment 1 Ondrej Vasik 2008-07-09 02:57:30 EDT
Thanks for report, it reminds me one similar bugzilla which was problem in libuser/gdm(#441511). What does `type su` reports for that normal user(is /bin in PATH)? what does `rpm -V coreutils` print? What runlevel are you using(I mean does it occur even for runlevel 3 or only for 5?)? Does it occur even with SELinux in permissive mode? Is this fresh install of rawhide or some upgrade from F8/F9? Does it work if logged as root? Just trying to find out what went wrong, as it works ok for me.
Comment 2 Jens Petersen 2008-07-09 04:15:54 EDT
(In reply to comment #1) > libuser/gdm(#441511) Yes it looks similar. > What does `type su` reports for that normal user -bash: type: su: not found > (is /bin in PATH)? sure > what does `rpm -V coreutils` print? $ rpm -V coreutils missing /bin/su (Permission denied) # rpm -V coreutils # ls -lZ /bin/su -rwsr-xr-x root root system_u:object_r:su_exec_t:s0 /bin/su > What runlevel are you using (I mean does it occur even for runlevel 3 or only for 5?)? This was default, runlevel 5. Yes with runlevel 3 too. > Does it occur even with SELinux in permissive mode? No that seems to workaround it. :) > Is this fresh install of rawhide or some upgrade from F8/F9? Yes a fresh install of today's (and recent) rawhide-i386. > Does it work if logged as root? Yes
Comment 3 Ondrej Vasik 2008-07-09 16:41:00 EDT
Thanks, seems to be reasonable to add Dan Walsh to cc, as it doesn't occur for permissive. Are there any AVC messages in selinux log?
Comment 4 Jens Petersen 2008-07-10 01:21:10 EDT
I can't see any avc denials.
Comment 5 Daniel Walsh 2008-07-10 09:39:58 EDT
You updated to FC9 and the selinux-policy postinstall did not fire properly. The following commands should fix the problem # semanage user -a -S targeted -P user -R "unconfined_r system_r" -r s0-s0:c0.c1023 unconfined_u # semanage login -m -S targeted -s "unconfined_u" -r s0-s0:c0.c1023 __default__ # semanage login -m -S targeted -s "unconfined_u" -r s0-s0:c0.c1023 root # semanage user -a -S targeted -P user -R guest_r guest_u # semanage user -a -S targeted -P user -R xguest_r xguest_u You will need to log out and log back in.
Comment 6 Will Woods 2008-07-10 09:58:21 EDT
It's not intentional. The root cause of this is a bug installing the policy files (see bug 454435). Future installs of rawhide shouldn't have this problem, but if your system is afflicted, Dan's workaround in Comment #5 will fix it. *** This bug has been marked as a duplicate of 454435 ***